Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(accounts): bug grants filter children accounts #5431

Merged
merged 2 commits into from
Jan 22, 2025
Merged

fix(accounts): bug grants filter children accounts #5431

merged 2 commits into from
Jan 22, 2025

Conversation

bosorawis
Copy link
Collaborator

@bosorawis bosorawis commented Jan 11, 2025
edited
Loading

fix children grants filtering out results because parentScopeId isn't passed into the permissions engine during the output filtering

@bosorawis bosorawis requested a review from a team as a code owner January 11, 2025 01:22
@bosorawis bosorawis changed the base branch from main to bosorawis-bug-fix-list-resource-filtering-out-children-scope January 11, 2025 01:22
@bosorawis bosorawis changed the title bosorawis bug grants filter children accounts fix(accounts): bug grants filter children accounts Jan 21, 2025
@bosorawis bosorawis merged commit 1ab61b7 into bosorawis-bug-fix-list-resource-filtering-out-children-scope Jan 22, 2025
55 of 56 checks passed
@bosorawis bosorawis deleted the bosorawis-bug-grants-filter-children-accounts branch January 22, 2025 18:03
@bosorawis bosorawis mentioned this pull request Jan 23, 2025
Merged
bosorawis added a commit that referenced this pull request Jan 23, 2025
@bosorawis
fix(accounts): bug grants filter children accounts (#5431)
8b75c1e 
* handlers/accounts: fix children grants filtering out results unexpectedly

* make gen
bosorawis added a commit that referenced this pull request Jan 24, 2025
@bosorawis @elimt @johanbrandhorst
Bug: fix groups in children scopes being filtered out by grants (#5418)
7c4451d 
* add utility functions for grants tests

* use passed in scopeID to create user

* add test for groups list

* groups: set ParentScopeId before FetchActionSetForId

* add comment to TestRoleGrantsForToken

* lint and ran make gen

* fix import groups

* add an additional test case

* remove print

* changelog

* fix(alias): set parent scope id for alias resource (#5434)

set the `ParentScopeId` before fetching authorized actions for alias

* fix(worker): set parent scope id for worker resource (#5435)

set the `ParentScopeId` before fetching authorized actions for worker

* fix(user): children scopes being filtered out by grants for user (#5436)

* fix(user): children scopes being filtered out by grants for user

Resources are being filtered out due to missing ParentScopeId when constructing Resource to pass into authResults.FetchActionSetForId.

* fix(scope): set parent scope id for worker resource (#5439)

set the `ParentScopeId` before fetching authorized actions for worker

* fix(target): set parent scope id for target resource (#5447)

set the `ParentScopeId` before fetching authorized actions for target

* fix(roles): set parent scope id for roles resource (#5452)

* fix(roles): set parent scope id for roles resource

set the `ParentScopeId` before fetching authorized actions for role resource

* test(managed-group): add grants test coverage (#5453)

* fix(managed-group): set parent scope id for managed-group resource

set the ParentScopeId before fetching authorized actions for managed resource

* fix(host): set parent scope id for host resource (#5455)

set the `ParentScopeId` before fetching authorized actions for host resource

* fix(host-set): set parent scope id for host-set resource (#5456)

set the ParentScopeId before fetching authorized actions for host-set resource

* fix(host-catalog): set parent scope id for host-catalog resource (#5457)

set the ParentScopeId before fetching authorized actions for host-catalog resource

* fix(credential-store): set parent scope id for credential-store resource (#5458)

set the ParentScopeId before fetching authorized actions for credential-store resource

* fix(authmethods): set parent scope ID for auth methods resource (#5448)

* handlers/authmethods: fix children permission

* documentation

* formatting

* fix(credential): set parent scope id for credential resource (#5459)

set the `ParentScopeId` before fetching authorized actions for credential resource

* fix(accounts): bug grants filter children accounts (#5431)

* handlers/accounts: fix children grants filtering out results unexpectedly

* make gen

* fix(authtokens): set parent scope ID for auth token resource (#5451)

* fix authtokens not passing children scope ID

* make gen

* fix(credential-libraries): set parent scope ID (#5463)

* fix(common) set parent ID before fetching action setsparent ID before fetching action sets (#5467)

* fix(common) set parent ID before fetching action sets

* make gen

* additional test

* rename test

* more tests

* remove duplicate test

* make gen

* Update CHANGELOG.md

Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>

---------

Co-authored-by: Elim Tsiagbey <elim.tsiagbey@hashicorp.com>
Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johanbrandhorst johanbrandhorst johanbrandhorst approved these changes

Assignees
No one assigned
Labels
core/daemon core/iam core
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bosorawis @johanbrandhorst