Tags: jzhou2019/fiat
Tags
fix(permissionSource): Set order (lowest precedence) on default permi… …ssion sources (spinnaker#519) Additionally, rename Front50ApplicationResourcePermissionSource to ApplicationResourcePermissionSource and adjust config accordingly
fix(serviceAccount): Filter non-valid roles when converting to UserPe… …rmission (spinnaker#513) (spinnaker#514) Roles can't be empty. This leads to unexpected behaviour. However, we were allowing creating empty roles like "" or " " on the pipeline triggersi (via API), which made service users to contain invalid roles and thus failing on every sync request that tries to map roles to accounts. This rendered FIAT unusable to get permissions and subsequently not allowing any authorization operation. This patch sanitizes the input on ServiceAccounts so we make sure that the roles considered are valid.
fix(roles): file-based roles fail when the user is not provided in th… …e file (spinnaker#508) (spinnaker#509) * handle case of null for file-based roles * add unit tests
fix(authorization): canCreate should not return void (spinnaker#502) (s… …pinnaker#504) Fixes Retrofit client for canCreate. Modifies create check endpoint for consistency.
fix(authorization): canCreate should not return void (spinnaker#502) Fixes Retrofit client for canCreate. Modifies create check endpoint for consistency.
fix(unrestricted): load permissions for unrestricted roles (spinnaker… …#500) The unrestricted user can have associated roles via `UserRolesProvider.loadUnrestrictedRoles`, however this would always short-circuit evaluation of permissions for those roles. This resulted in the case where on the first authorization (`POST /roles/:userId`) the user would not have access to any resources that were granted solely via the unrestricted role. However in a subsequent authentication - the users permissions would get merged with an existing user entry and the unrestricted roles would show up as if they were directly granted to the user (due to thge way the `UserPermissions.merge` happens in the `RedisPermissionRepository`) and eventually the resources protected by unrestricted roles would show up.
feat(build): enable autobump PRs for fiat-api consumers (spinnaker#495)
PreviousNext