[DDO-3870] Azure account provisioning via propagation #minor

[jack-r-warren]

Ports broadinstitute/terra-privileged-user-sync into Sherlock.

The cronjob is responsible for basically four steps. In Sherlock each one is a separate propagation engine.

1. Create the account in the non-B2C tenant -- new AzureAccountEngine
2. Add the account to a permission group in the non-B2C tenant -- existing AzureGroupEngine
   • We've already replaced this by rolling out the break-glass capability
3. Invite the account to the B2C tenant -- new AzureInvitedAccountEngine
   • Rather than having an account per-tenant, this is how we accomplish account per-environment
4. Give the account an admin role in the B2C tenant -- new AzureDirectoryRoleEngine
   • Permission groups won't work in B2C so we have to grant the role directly

Splitting this across engines creates a few differences in behavior:

• The existing cronjob has some logic to handle propagation delay on Azure's end between the steps. Sherlock will run them sequentially to be optimistic (see role_propagation's Init) but it doesn't explicitly handle cloud provider delay. This is okay because each engine instance does independent drift correction, so the state will be eventually consistent even in cases of extreme delay on Azure's end.
• The existing cronjob uses Google Workspace as the source of truth. Sherlock uses itself.
• The existing cronjob handles account suspension but not changes to other account fields like display name. Sherlock will manipulate these fields based on itself.

Despite using propagation engines, accounts will not be deleted when a Sherlock RoleAssignment is removed. Instead, the necessary engines will merely suspend the user and tolerate that going forward (so it won't keep trying to remove the same users over and over again).

Propagation also now supports per-propagator-instance dry-run, where mutation operations on the engine will be logged rather than called. This will help us roll out this capability while acceptably matching the existing cronjob's behavior.

Testing

Tests added where possible, but for propagation engines the actual behavior of the client libraries is something we only truly validate when running against the cloud. See below.

Risk

The risk in this PR comes from two places:

1. The Azure client library's behavior has some unknowns around it. It's possible that propagation could fail (with no impact to other engines, but still)
2. The behavior changes in Sherlock's implementation could cause some shift in accounts -- since Sherlock will be commandeering something managed by another tool, there may be a noticeable diff

Point 2 is heavily mitigated by the dry-run feature, but point 1 is complicated by the fact that we don't have a destructible set of Azure tenants to let this feature loose on.

If we enable this feature in dev Sherlock pointed just at dev Azure... Sherlock's own source of truth in dev is miles away from what the cronjob is used to using. The diff will be large and unrealistic. It will want to ban a bunch of actual accounts that people use on a day-to-day basis (just because no one uses Sherlock dev). We can dry-run, but there's a last mile that I think we may choose not to enable from Sherlock dev.

I think this may be an instance where it makes sense to rely on Sherlock's error recovery and engine segmentation to just... turn this on in prod. More specifically, my proposal:

1. Sherlock dev dry-run against Azure dev
2. Sherlock prod dry-run against Azure dev
3. Sherlock prod run against Azure dev
4. Sherlock prod dry-run against Azure prod
5. Sherlock prod run against Azure prod

In other words, there's a AzureAccountEngine.Remove(user) method that I think we may not want to actually run from Sherlock dev -- because Sherlock dev will want to do it in an unrealistic and destructive way (because it, by nature, doesn't have prod's knowledge of DSPers). I think it's low risk for the first execution of that to be in prod, because even if it fails, none of the rest of Sherlock would be impacted.

[github-actions]

What's Changed

---

GET /api/roles/v3

Parameters:

Added: grantsDevAzureAccount in query

Added: grantsDevAzureDirectoryRoles in query

Added: grantsProdAzureAccount in query

Added: grantsProdAzureDirectoryRoles in query

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Added property grantsDevAzureAccount (boolean)

  • Added property grantsDevAzureDirectoryRoles (boolean)

  • Added property grantsProdAzureAccount (boolean)

  • Added property grantsProdAzureDirectoryRoles (boolean)

POST /api/roles/v3

Request:

Changed content type : application/json

• Added property grantsDevAzureAccount (boolean)

• Added property grantsDevAzureDirectoryRoles (boolean)

• Added property grantsProdAzureAccount (boolean)

• Added property grantsProdAzureDirectoryRoles (boolean)

Return Type:

Changed response : 201 Created

Created

• Changed content type : application/json

  • Added property grantsDevAzureAccount (boolean)

  • Added property grantsDevAzureDirectoryRoles (boolean)

  • Added property grantsProdAzureAccount (boolean)

  • Added property grantsProdAzureDirectoryRoles (boolean)

GET /api/roles/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Added property grantsDevAzureAccount (boolean)

  • Added property grantsDevAzureDirectoryRoles (boolean)

  • Added property grantsProdAzureAccount (boolean)

  • Added property grantsProdAzureDirectoryRoles (boolean)

DELETE /api/roles/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Added property grantsDevAzureAccount (boolean)

  • Added property grantsDevAzureDirectoryRoles (boolean)

  • Added property grantsProdAzureAccount (boolean)

  • Added property grantsProdAzureDirectoryRoles (boolean)

PATCH /api/roles/v3/{selector}

Request:

Changed content type : application/json

• Added property grantsDevAzureAccount (boolean)

• Added property grantsDevAzureDirectoryRoles (boolean)

• Added property grantsProdAzureAccount (boolean)

• Added property grantsProdAzureDirectoryRoles (boolean)

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Added property grantsDevAzureAccount (boolean)

  • Added property grantsDevAzureDirectoryRoles (boolean)

  • Added property grantsProdAzureAccount (boolean)

  • Added property grantsProdAzureDirectoryRoles (boolean)

GET /api/users/v3

Parameters:

Deleted: nameInferredFromGithub in query

Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
Will be set to true if the user account has no name and a GitHub account is linked.

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Deleted property nameInferredFromGithub (boolean)

    Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
    Will be set to true if the user account has no name and a GitHub account is linked.

PUT /api/users/v3

Request:

Changed content type : application/json

• Deleted property nameInferredFromGithub (boolean)

  Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
  Will be set to true if the user account has no name and a GitHub account is linked.

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Deleted property nameInferredFromGithub (boolean)

    Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
    Will be set to true if the user account has no name and a GitHub account is linked.

Changed response : 201 Created

Created

• Changed content type : application/json

  • Deleted property nameInferredFromGithub (boolean)

    Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
    Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/users/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Deleted property nameInferredFromGithub (boolean)

    Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
    Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/app-versions/v3

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property authoredByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

PUT /api/app-versions/v3

Return Type:

Changed response : 201 Created

Created

• Changed content type : application/json

  • Changed property authoredByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/app-versions/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property authoredByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

PATCH /api/app-versions/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property authoredByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/chart-versions/v3

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property authoredByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

PUT /api/chart-versions/v3

Return Type:

Changed response : 201 Created

Created

• Changed content type : application/json

  • Changed property authoredByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/chart-versions/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property authoredByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

PATCH /api/chart-versions/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property authoredByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/clusters/v3

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

POST /api/clusters/v3

Return Type:

Changed response : 201 Created

Created

• Changed content type : application/json

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

GET /api/clusters/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

DELETE /api/clusters/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

PATCH /api/clusters/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

GET /api/environments/v3

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property ownerInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

POST /api/environments/v3

Return Type:

Changed response : 201 Created

Created

• Changed content type : application/json

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property ownerInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/environments/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property ownerInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

DELETE /api/environments/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property ownerInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

PATCH /api/environments/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property requiredRoleInfo (object)

    • Added property grantsDevAzureAccount (boolean)

    • Added property grantsDevAzureDirectoryRoles (boolean)

    • Added property grantsProdAzureAccount (boolean)

    • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property ownerInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/app-versions/procedures/v3/changelog

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property changelog (array)

    Changed items (object):

    • Changed property authoredByInfo (object)

      • Deleted property nameInferredFromGithub (boolean)

        Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
        Will be set to true if the user account has no name and a GitHub account is linked.

POST /api/changesets/procedures/v3/apply

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property appliedByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

GET /api/changesets/procedures/v3/chart-release-history/{chart-release}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property appliedByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

POST /api/changesets/procedures/v3/plan

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property appliedByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

Changed response : 201 Created

Created

• Changed content type : application/json

  Changed items (object):

  • Changed property appliedByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

POST /api/changesets/procedures/v3/plan-and-apply

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property appliedByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

Changed response : 201 Created

Created

• Changed content type : application/json

  Changed items (object):

  • Changed property appliedByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

GET /api/changesets/procedures/v3/version-history/{version-type}/{chart}/{version}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property appliedByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

GET /api/changesets/v3

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property appliedByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

GET /api/changesets/v3/{id}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property appliedByInfo (object)

    • Deleted property nameInferredFromGithub (boolean)

      Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
      Will be set to true if the user account has no name and a GitHub account is linked.

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

GET /api/chart-releases/v3

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property clusterInfo (object)

    • Changed property requiredRoleInfo (object)

      • Added property grantsDevAzureAccount (boolean)

      • Added property grantsDevAzureDirectoryRoles (boolean)

      • Added property grantsProdAzureAccount (boolean)

      • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property appVersionInfo (object)

    • Changed property authoredByInfo (object)

      • Deleted property nameInferredFromGithub (boolean)

        Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
        Will be set to true if the user account has no name and a GitHub account is linked.

POST /api/chart-releases/v3

Return Type:

Changed response : 201 Created

Created

• Changed content type : application/json

  • Changed property clusterInfo (object)

    • Changed property requiredRoleInfo (object)

      • Added property grantsDevAzureAccount (boolean)

      • Added property grantsDevAzureDirectoryRoles (boolean)

      • Added property grantsProdAzureAccount (boolean)

      • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property appVersionInfo (object)

    • Changed property authoredByInfo (object)

      • Deleted property nameInferredFromGithub (boolean)

        Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
        Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/chart-releases/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property clusterInfo (object)

    • Changed property requiredRoleInfo (object)

      • Added property grantsDevAzureAccount (boolean)

      • Added property grantsDevAzureDirectoryRoles (boolean)

      • Added property grantsProdAzureAccount (boolean)

      • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property appVersionInfo (object)

    • Changed property authoredByInfo (object)

      • Deleted property nameInferredFromGithub (boolean)

        Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
        Will be set to true if the user account has no name and a GitHub account is linked.

DELETE /api/chart-releases/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property clusterInfo (object)

    • Changed property requiredRoleInfo (object)

      • Added property grantsDevAzureAccount (boolean)

      • Added property grantsDevAzureDirectoryRoles (boolean)

      • Added property grantsProdAzureAccount (boolean)

      • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property appVersionInfo (object)

    • Changed property authoredByInfo (object)

      • Deleted property nameInferredFromGithub (boolean)

        Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
        Will be set to true if the user account has no name and a GitHub account is linked.

PATCH /api/chart-releases/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property clusterInfo (object)

    • Changed property requiredRoleInfo (object)

      • Added property grantsDevAzureAccount (boolean)

      • Added property grantsDevAzureDirectoryRoles (boolean)

      • Added property grantsProdAzureAccount (boolean)

      • Added property grantsProdAzureDirectoryRoles (boolean)

  • Changed property appVersionInfo (object)

    • Changed property authoredByInfo (object)

      • Deleted property nameInferredFromGithub (boolean)

        Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
        Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/chart-versions/procedures/v3/changelog

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property changelog (array)

    Changed items (object):

    • Changed property authoredByInfo (object)

      • Deleted property nameInferredFromGithub (boolean)

        Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
        Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/database-instances/v3

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  Changed items (object):

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

    • Changed property appVersionInfo (object)

      • Changed property authoredByInfo (object)

        • Deleted property nameInferredFromGithub (boolean)

          Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
          Will be set to true if the user account has no name and a GitHub account is linked.

PUT /api/database-instances/v3

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

    • Changed property appVersionInfo (object)

      • Changed property authoredByInfo (object)

        • Deleted property nameInferredFromGithub (boolean)

          Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
          Will be set to true if the user account has no name and a GitHub account is linked.

Changed response : 201 Created

Created

• Changed content type : application/json

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

    • Changed property appVersionInfo (object)

      • Changed property authoredByInfo (object)

        • Deleted property nameInferredFromGithub (boolean)

          Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
          Will be set to true if the user account has no name and a GitHub account is linked.

POST /api/database-instances/v3

Return Type:

Changed response : 201 Created

Created

• Changed content type : application/json

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

    • Changed property appVersionInfo (object)

      • Changed property authoredByInfo (object)

        • Deleted property nameInferredFromGithub (boolean)

          Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
          Will be set to true if the user account has no name and a GitHub account is linked.

GET /api/database-instances/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

    • Changed property appVersionInfo (object)

      • Changed property authoredByInfo (object)

        • Deleted property nameInferredFromGithub (boolean)

          Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
          Will be set to true if the user account has no name and a GitHub account is linked.

DELETE /api/database-instances/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

    • Changed property appVersionInfo (object)

      • Changed property authoredByInfo (object)

        • Deleted property nameInferredFromGithub (boolean)

          Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
          Will be set to true if the user account has no name and a GitHub account is linked.

PATCH /api/database-instances/v3/{selector}

Return Type:

Changed response : 200 OK

OK

• Changed content type : application/json

  • Changed property chartReleaseInfo (object)

    • Changed property clusterInfo (object)

      • Changed property requiredRoleInfo (object)

        • Added property grantsDevAzureAccount (boolean)

        • Added property grantsDevAzureDirectoryRoles (boolean)

        • Added property grantsProdAzureAccount (boolean)

        • Added property grantsProdAzureDirectoryRoles (boolean)

    • Changed property appVersionInfo (object)

      • Changed property authoredByInfo (object)

        • Deleted property nameInferredFromGithub (boolean)

          Controls whether Sherlock should automatically update the user's name based on a connected GitHub identity.
          Will be set to true if the user account has no name and a GitHub account is linked.

[github-actions]

Published image from 42d9e00 (merge 3c87c00):

us-central1-docker.pkg.dev/dsp-artifact-registry/sherlock/sherlock:v1.5.54-3c87c00
us-central1-docker.pkg.dev/dsp-devops-super-prod/sherlock/sherlock:v1.5.54-3c87c00

[codecov]

Codecov Report

Attention: Patch coverage is 30.74324% with 410 lines in your changes missing coverage. Please review.

Project coverage is 67.72%. Comparing base (07afe85) to head (42d9e00).
Report is 19 commits behind head on main.

Files with missing lines	Patch %	Lines
...ation/propagation_engines/azure_invited_account.go	26.55%	130 Missing ⚠️
...e_propagation/propagation_engines/azure_account.go	24.28%	106 Missing ⚠️
...gation/propagation_engines/azure_directory_role.go	22.33%	80 Missing ⚠️
..._mocks/mock_may_be_present_while_removed_fields.go	34.69%	30 Missing and 2 partials ⚠️
...ole_propagation/propagation_engines/azure_group.go	0.00%	21 Missing ⚠️
...on/propagation_engines/google_cloud_folder_role.go	28.57%	20 Missing ⚠️
sherlock/internal/role_propagation/boot.go	0.00%	11 Missing ⚠️
...rlock/internal/role_propagation/propagator_init.go	75.00%	2 Missing and 1 partial ⚠️
.../internal/role_propagation/propagator_propagate.go	77.77%	1 Missing and 1 partial ⚠️
...suitability_synchronization/load_from_firecloud.go	33.33%	2 Missing ⚠️
... and 3 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #661      +/-   ##
==========================================
- Coverage   69.05%   67.72%   -1.33%     
==========================================
  Files         287      290       +3     
  Lines       13021    13498     +477     
==========================================
+ Hits         8992     9142     +150     
- Misses       3129     3454     +325     
- Partials      900      902       +2     

Files with missing lines	Coverage Δ
sherlock/internal/api/sherlock/roles_v3.go	95.55% <100.00%> (+0.43%)	⬆️
sherlock/internal/api/sherlock/users_v3.go	100.00% <ø> (+13.72%)	⬆️
sherlock/internal/api/sherlock/users_v3_upsert.go	89.89% <ø> (-0.49%)	⬇️
sherlock/internal/models/role.go	63.46% <ø> (ø)
sherlock/internal/models/test_data.go	98.21% <100.00%> (+<0.01%)	⬆️
sherlock/internal/role_propagation/propagator.go	100.00% <ø> (+100.00%)	⬆️
...ation/propagator_calculate_alignment_operations.go	100.00% <100.00%> (ø)
...ernal/role_propagation/parallelizing_propagator.go	92.85% <0.00%> (ø)
sherlock/internal/role_propagation/propagate.go	32.85% <0.00%> (ø)
...ternal/suitability_synchronization/load_into_db.go	0.00% <0.00%> (ø)
... and 10 more

... and 2 files with indirect coverage changes

[jyang-broad]

:stamp:

[sonarcloud]

Quality Gate passed

Issues
32 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
16.4% Duplication on New Code

See analysis details on SonarCloud