Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UI - use authorization check to determine launch provider access #2804

Merged
merged 1 commit into from
Dec 3, 2024
Merged

UI - use authorization check to determine launch provider access #2804

merged 1 commit into from
Dec 3, 2024

Conversation

ArtjomsPorss
Copy link
Contributor

Description

UI - use access api to determine if the service provider is enabled or not to support access enabled via Terraform.

Contribution Checklist:

  • The pull request does not introduce any breaking changes
  • I have read the contribution guidelines.
  • Create an issue and link to the pull request.

ArtjomsPorss
ArtjomsPorss commented Nov 21, 2024
View reviewed changes
ui/src/server/handlers/api.js
Comment on lines 1097 to 1107
new Promise((resolve, reject) => {
req.clients.zms.getPolicy(param, (err, data) => {
req.clients.zms.getAccessExt(param, (err, data) => {
res.provider[provider.id] = 'not';
if (err) {
if (err.status !== 404) {
reject(err);
}
}
if (
data &&
data.assertions &&
data.assertions.some(
(a) =>
a.resource &&
a.resource === service &&
a.action &&
a.action === 'launch'
)
) {
if (data && data.granted) {
res.provider[provider.id] = 'allow';
}
Copy link
Contributor Author

@ArtjomsPorss ArtjomsPorss Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

data is returned in form of { granted:true|false }

ArtjomsPorss
ArtjomsPorss commented Nov 21, 2024
View reviewed changes
ui/src/server/handlers/api.js
Comment on lines 1127 to 1133
},
});

Fetchr.registerService({
name: 'provider',
create(req, resource, params, body, config, callback) {
req.clients.zms.putDomainTemplate(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'provider' create is now a separately registered fetchr API - previously both create and read were registered together. read is now registered as 'access' endpoint (above)

@ArtjomsPorss ArtjomsPorss marked this pull request as ready for review November 21, 2024 15:23
@ArtjomsPorss ArtjomsPorss force-pushed the launch-provider-check branch 2 times, most recently from 25e95f2 to d1eba4a Compare November 21, 2024 17:40
@ArtjomsPorss ArtjomsPorss marked this pull request as draft November 26, 2024 17:09
@ArtjomsPorss ArtjomsPorss force-pushed the launch-provider-check branch 2 times, most recently from a8b2d83 to 139fa6f Compare November 27, 2024 12:11
@ArtjomsPorss ArtjomsPorss marked this pull request as ready for review November 27, 2024 14:55
@havetisyan havetisyan merged commit 72153b5 into AthenZ:master Dec 3, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MartinTrojans MartinTrojans MartinTrojans approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ArtjomsPorss @MartinTrojans @havetisyan