Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission deconstruction #800

Merged
merged 4 commits into from
Jul 31, 2024
Merged

Permission deconstruction #800

merged 4 commits into from
Jul 31, 2024

Conversation

zprebosnyak-lm
Copy link
Contributor

@zprebosnyak-lm zprebosnyak-lm commented Jul 25, 2024
edited
Loading

Description

Frontend changes in PR 103

This PR breaks down the current permissions set to align with the CRUD operations that each permission can perform through the API. It retains the original permissions to stay backwards compatible. The original permissions are a top level permission that can perform all the CRUD operations the broken down permissions can.

Updated permission set:

BOM_UPLOAD("Allows the ability to upload CycloneDX Software Bill of Materials (SBOM)"),
VIEW_PORTFOLIO("Provides the ability to view the portfolio of projects, components, and licenses"),
PORTFOLIO_MANAGEMENT("Allows the creation, modification, and deletion of data in the portfolio"),
PORTFOLIO_MANAGEMENT_CREATE("Allows the creation of data in the portfolio"),
PORTFOLIO_MANAGEMENT_READ("Allows the reading of data in the portfolio"),
PORTFOLIO_MANAGEMENT_UPDATE("Allows the updating of data in the portfolio"),
PORTFOLIO_MANAGEMENT_DELETE("Allows the deletion of data in the portfolio"),
VIEW_VULNERABILITY("Provides the ability to view the vulnerabilities projects are affected by"),
VULNERABILITY_ANALYSIS("Provides all abilities to make analysis decisions on vulnerabilities"),
VULNERABILITY_ANALYSIS_CREATE("Provides the ability to upload supported VEX documents to a project"),
VULNERABILITY_ANALYSIS_READ("Provides the ability read the VEX document for a project"),
VULNERABILITY_ANALYSIS_UPDATE("Provides the ability to make analysis decisions on vulnerabilities and upload supported VEX documents for a project"),
VIEW_POLICY_VIOLATION("Provides the ability to view policy violations"),
VULNERABILITY_MANAGEMENT("Allows all management permissions of internally-defined vulnerabilities"),
VULNERABILITY_MANAGEMENT_CREATE("Allows creation of internally-defined vulnerabilities"),
VULNERABILITY_MANAGEMENT_READ("Allows reading internally-defined vulnerabilities"),
VULNERABILITY_MANAGEMENT_UPDATE("Allows updating internally-defined vulnerabilities and vulnerability tags"),
VULNERABILITY_MANAGEMENT_DELETE("Allows management of internally-defined vulnerabilities"),
POLICY_VIOLATION_ANALYSIS("Provides the ability to make analysis decisions on policy violations"),
ACCESS_MANAGEMENT("Allows the management of users, teams, and API keys"),
ACCESS_MANAGEMENT_CREATE("Allows create permissions of users, teams, and API keys"),
ACCESS_MANAGEMENT_READ("Allows read permissions of users, teams, and API keys"),
ACCESS_MANAGEMENT_UPDATE("Allows update permissions of users, teams, and API keys"),
ACCESS_MANAGEMENT_DELETE("Allows delete permissions of users, teams, and API keys"),
SYSTEM_CONFIGURATION("Allows all access to configuration of the system including notifications, repositories, and email settings"),
SYSTEM_CONFIGURATION_CREATE("Allows creating configuration of the system including notifications, repositories, and email settings"),
SYSTEM_CONFIGURATION_READ("Allows reading the configuration of the system including notifications, repositories, and email settings"),
SYSTEM_CONFIGURATION_UPDATE("Allows updating the configuration of the system including notifications, repositories, and email settings"),
SYSTEM_CONFIGURATION_DELETE("Allows deleting the configuration of the system including notifications, repositories, and email settings"),
PROJECT_CREATION_UPLOAD("Provides the ability to optionally create project (if non-existent) on BOM or scan upload"),
POLICY_MANAGEMENT("Allows the creation, modification, and deletion of policy"),
POLICY_MANAGEMENT_CREATE("Allows the creation of a policy"),
POLICY_MANAGEMENT_READ("Allows reading of policies"),
POLICY_MANAGEMENT_UPDATE("Allows the modification of a policy"),
POLICY_MANAGEMENT_DELETE("Allows the deletion of a policy");

Addressed Issue

Fixes Issue 1406

Additional Details

Implemented this change to be leveraged with the ACL as it continues to develop. Allowing more granular permission assignment would let admins assign various roles to users such as an owner, developer, or viewer having different levels of access to the same projects.

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have updated the migration changelog accordingly
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@zprebosnyak-lm zprebosnyak-lm mentioned this pull request Jul 25, 2024
Merged
2 tasks
@nscuro nscuro added the enhancement New feature or request label Jul 26, 2024
@nscuro
Copy link
Member

nscuro commented Jul 26, 2024

Thanks for the PR @zprebosnyak-lm! There are a few test failures:

Error:  Failures: 
Error:    PermissionsTest.testPermissionEnums:41 expected:<12> but was:<35>
Error:    PermissionResourceTest.getAllPermissionsTest:67 expected:<12> but was:<35>

Also, could you please sign-off your commits so the DCO check passes? You can find instructions by clicking on the Details link next to the failing build check.

@zprebosnyak-lm @EphraimEM @cortesnoel-lm
Permission deconstruction (#1)
e98d079 
* feat: add upstream MR creation

* Deleted .gitlab-ci.yml

* fix: build & push api server with kaniko

* fix: address prior stage error

* fix: fix dockerfile path

* fix: run maven build job

* fix: switch to mvn version eclipse 21

* fix: address java cacert path

* fix: switch java jdk 17

* fix: add the settings.xml file

* fix: added additonal script to create jar

* fix: build apiserver docker container

* remove crane job

* create target destination file

* remove target dir

* disable the kaniko before script

* fix: add back before script to copy target file

* commented target from dockerignore

* revise docker build context

* move logback-json to root

* move back logback-json

* switch dockerfile to original proxy cached

* applied suggested changes

* revert to rule to default branch

* test: see if logic works with existing permissions

* test: revert old permissions test, test case with new permissions

* fix: copy pasta'd myself

* feat: add new permissions to API routes

* fix: change api permission to match CRUDops better

* fix: change policy condition resource for update

* test: add api and ci changes

* test: yq command

* test: yq cmd

* test: if its the container

* test: parse version

* test: why is it connecting to proxy

* test: use curl

* fix: cleanup CI

* test: cleanup pt2

* fix: clean pt3

* fix: spelling mistake in description

* fix: revert some files and change values back to original

---------

Co-authored-by: e407773 <[email protected]>
Co-authored-by: Cortes, Noel <[email protected]>
Signed-off-by: Zachary Prebosnyak <[email protected]>
@zprebosnyak-lm
fix: update tests
d4e6475 
Signed-off-by: Zachary Prebosnyak <[email protected]>
@codacy-production Codacy Production
Copy link

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
-0.03% (target: -1.00%) 97.06% (target: 70.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (9313daa) 20708 16960 81.90%
Head commit (d4e6475) 20744 (+36) 16984 (+24) 81.87% (-0.03%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#800) 34 33 97.06%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

🚀 Don’t miss a bit, follow what’s new on Codacy.

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

@zprebosnyak-lm
Copy link
Contributor Author

@nscuro Thanks for pointing that out, both PRs commits are signed, linting, and tests are now passing.

@nscuro
Copy link
Member

nscuro commented Jul 30, 2024

Thanks @zprebosnyak-lm, looks good to me!

Unfortunately we have another pending PR that conflicts with this one: #785

Judging by the PR size alone, I think it makes sense to get that one merged first, and then resolve conflicts in you PR, rather than the other way around. The change in Swagger annotations makes the other PR a tad harder to deal with...

Not a pretty situation, and in worst case we can take care of resolving those conflicts for you. Does that sound alright?

@nscuro nscuro added this to the 5.6.0 milestone Jul 30, 2024
@nscuro nscuro mentioned this pull request Jul 30, 2024
Open
2 tasks
@zprebosnyak-lm
Copy link
Contributor Author

Hey @nscuro, yeah that sounds good. I'll watch for that to be merged, just curious is there a timeline for merging that PR?

@nscuro
Copy link
Member

nscuro commented Jul 30, 2024

It only has a few minor remarks pending, I'm hoping to get it merged tomorrow.

@nscuro
Copy link
Member

nscuro commented Jul 31, 2024
edited
Loading

@zprebosnyak-lm The PR is merged now. Again apologies for the inconvenience.

@zprebosnyak-lm
Copy link
Contributor Author

@nscuro No worries! The conflicts should all be resolved now

@nscuro
Copy link
Member

nscuro commented Jul 31, 2024

Build failure is fixed via #818. If you merge main once more it should build.

@codacy-production Codacy Production
Copy link

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.02% (target: -1.00%) 100.00% (target: 70.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (dacdf5d) 20699 16986 82.06%
Head commit (7caa1c7) 20726 (+27) 17013 (+27) 82.09% (+0.02%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#800) 34 34 100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

🚀 Don’t miss a bit, follow what’s new on Codacy.

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

nscuro
nscuro approved these changes Jul 31, 2024
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! 🙌

@nscuro nscuro merged commit 07368d8 into DependencyTrack:main Jul 31, 2024
9 checks passed
@nscuro nscuro mentioned this pull request Aug 2, 2024
Merged
5 tasks
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nscuro nscuro nscuro approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
5.6.0
Development

Successfully merging this pull request may close these issues.

Permissions Deconstruction
2 participants
@zprebosnyak-lm @nscuro