Tags: wetterj/fiat
Tags
chore(dependencies): Reverting Spring Boot 2.2 upgrade (spinnaker#535) Revert "chore(dependencies): Upgrade Spring Boot to 2.2.1 (spinnaker#510)" This reverts commit d798ec0
fix(redis): only remove a key if it wouldn't be overwritten (spinnake… …r#529) Fixes a potential race condition persisting user permissions where previously we would remove the entire set of permissions for a resource, then write the current set. This changes to only remove the permissions if the updated UserPermission is empty for that resource type, and to write a new value and swap over the old value if there are Permissions so that an API request to load that UserPermission that overlaps with a refresh of the UserPermission in redis doesn't get less data than it should
fix(metrics-logs): Record permissionsCache caffeine metrics with Caff… …eineStatsCounter and add debug log when access denied to accounts (spinnaker#528) Debugging an intermittent access denied error to accounts. CaffeineStatsCounter pushes cache metrics to the registry and the debug log might give us a bit more insight
chore(dependencies): Upgrade Spring Boot to 2.2.1 (spinnaker#510) See spinnaker/spinnaker#5134 Dependent on spinnaker/kork#419 for a Spring Boot dependency upgrade
refactor(fallback): Add FallbackPermissionsResolver and default imple… …mentation (spinnaker#521)
fix(permissionSource): Set order (lowest precedence) on default permi… …ssion sources (spinnaker#519) Additionally, rename Front50ApplicationResourcePermissionSource to ApplicationResourcePermissionSource and adjust config accordingly
fix(serviceAccount): Filter non-valid roles when converting to UserPe… …rmission (spinnaker#513) (spinnaker#514) Roles can't be empty. This leads to unexpected behaviour. However, we were allowing creating empty roles like "" or " " on the pipeline triggersi (via API), which made service users to contain invalid roles and thus failing on every sync request that tries to map roles to accounts. This rendered FIAT unusable to get permissions and subsequently not allowing any authorization operation. This patch sanitizes the input on ServiceAccounts so we make sure that the roles considered are valid.
fix(roles): file-based roles fail when the user is not provided in th… …e file (spinnaker#508) (spinnaker#509) * handle case of null for file-based roles * add unit tests
PreviousNext