Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DLS in Salesforce #2022

Merged
merged 3 commits into from
Jan 10, 2024
Merged

Add DLS in Salesforce #2022

merged 3 commits into from
Jan 10, 2024

Conversation

moxarth-rathod
Copy link
Contributor

Part of #1859

This PR adds the support of Document Level Security for the Salesforce connector.

Refer the discovery document for more details: drive link

Checklists

Pre-Review Checklist

  • this PR has a meaningful title
  • this PR links to all relevant github issues that it fixes or partially addresses
  • if there is no GH issue, please create it. Each PR should have a link to an issue
  • this PR has a thorough description
  • Covered the changes with automated tests
  • Tested the changes locally
  • Added a label for each target release version (example: v7.13.2, v7.14.0, v8.0.0)

@moxarth-rathod moxarth-rathod marked this pull request as ready for review December 30, 2023 16:44
@moxarth-rathod moxarth-rathod requested a review from a team December 30, 2023 16:44
@navarone-feekery
Copy link
Contributor

@moxarth-elastic can you provide instructions on how to manually test DLS?

navarone-feekery
navarone-feekery reviewed Jan 4, 2024
View reviewed changes
connectors/sources/salesforce.py Outdated
Comment on lines 1392 to 1402
"""Get access control documents for active Atlassian users.

This method fetches access control documents for active Atlassian users when document level security (DLS)
is enabled. It starts by checking if DLS is enabled, and if not, it logs a warning message and skips further processing.
If DLS is enabled, the method fetches all users from the Salesforce API, filters out active Atlassian users,
and fetches additional information for each active user using the _fetch_user method. After gathering the user information,
it generates an access control document for each user using the user_access_control_doc method and yields the results.

Yields:
dict: An access control document for each active Atlassian user.
"""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do Atlassian users have to do with Salesforce DLS?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, my bad! Updated now ✅

connectors/sources/salesforce.py Outdated
return

self._logger.debug(
f"Fetching users who has Read access for Salesforce object: {sobject}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
f"Fetching users who has Read access for Salesforce object: {sobject}"
f"Fetching users who have read access for Salesforce object: {sobject}"

connectors/sources/salesforce.py Outdated
yield doc

async def _fetch_users_with_read_access(self, sobject):
if not self._dls_enabled():
self._logger.warning("DLS is not enabled. Skipping")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be a warning? I feel that it could get quite noisy. This isn't called during ACL syncs as far as I can see, so debug might be more appropriate.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no issue in it, i've made it a debug logger

connectors/sources/salesforce.py Outdated
self._logger.warning("DLS is not enabled. Skipping")
return

self._logger.info("Fetching Salesforce users")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
self._logger.info("Fetching Salesforce users")
self._logger.debug("Fetching Salesforce users")

navarone-feekery
navarone-feekery approved these changes Jan 5, 2024
View reviewed changes
Copy link
Contributor

@navarone-feekery navarone-feekery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@moxarth-rathod moxarth-rathod merged commit 225592b into main Jan 10, 2024
@moxarth-rathod moxarth-rathod deleted the salesforce-dls branch January 10, 2024 09:45
@github-actions GitHub Actions
Copy link

💔 Failed to create backport PR(s)

The backport operation could not be completed due to the following error:
There are no branches to backport to. Aborting.

The backport PRs will be merged automatically after passing CI.

To backport manually run:
backport --pr 2022 --autoMerge --autoMergeMethod squash

@seanstory seanstory mentioned this pull request May 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@navarone-feekery navarone-feekery navarone-feekery approved these changes

Assignees
No one assigned
Labels
auto-backport salesforce team:external v8.13.0 v8.13.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@moxarth-rathod @navarone-feekery