Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RBAC: /v1/security/roles/{role}/members #17153

Merged
merged 4 commits into from
Mar 20, 2024

Conversation

oleiman
Copy link
Member

@oleiman oleiman commented Mar 18, 2024

This PR implements the members Admin endpoint for roles.

  • GET /v1/security/roles/{role}/members
    • operationID: list_role_members
  • POST /v1/security/roles/{role}/members
    • operationID: update_role_members

Closes https://github.com/redpanda-data/core-internal/issues/1108
Closes https://github.com/redpanda-data/core-internal/issues/1109

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v23.3.x
  • v23.2.x

Release Notes

Features

  • Introduces /v1/security/roles/{role}/members Admin API endpoint for reading and updating RBAC role members.

@oleiman oleiman self-assigned this Mar 18, 2024
@oleiman
Copy link
Member Author

oleiman commented Mar 18, 2024

/dt

@oleiman oleiman force-pushed the rbac/members-admin branch from 8a1cbd6 to 36cf534 Compare March 18, 2024 04:11
@vbotbuildovich
Copy link
Collaborator

vbotbuildovich commented Mar 18, 2024

new failures in https://buildkite.com/redpanda/redpanda/builds/46341#018e4f8c-398c-4f3d-9e67-e129de0ce4f2:

"rptest.tests.rbac_test.RBACTest.test_regular_user_access"

new failures in https://buildkite.com/redpanda/redpanda/builds/46341#018e4f9e-7a49-42d2-9f55-32d1ff22a9dd:

"rptest.tests.rbac_test.RBACTest.test_regular_user_access"

new failures in https://buildkite.com/redpanda/redpanda/builds/46441#018e5879-fb17-4484-962c-ccdfb80b4f06:

"rptest.tests.offset_for_leader_epoch_archival_test.OffsetForLeaderEpochArchivalTest.test_querying_remote_partitions.remote_reads=.False.True"

@oleiman oleiman force-pushed the rbac/members-admin branch 4 times, most recently from ffd6623 to 8b4ec12 Compare March 18, 2024 20:57
@oleiman oleiman marked this pull request as ready for review March 18, 2024 20:59
@oleiman oleiman force-pushed the rbac/members-admin branch from 8b4ec12 to e1bd29d Compare March 18, 2024 23:14
@oleiman
Copy link
Member Author

oleiman commented Mar 18, 2024

force push to uncoroutineify route handler lambda

@oleiman oleiman force-pushed the rbac/members-admin branch from e1bd29d to 20fecc0 Compare March 18, 2024 23:56
@oleiman
Copy link
Member Author

oleiman commented Mar 18, 2024

force push missing error codes in member list parse helper and added tests for various malformed requests

@oleiman oleiman force-pushed the rbac/members-admin branch from 20fecc0 to d73149a Compare March 19, 2024 01:59
@oleiman
Copy link
Member Author

oleiman commented Mar 19, 2024

force push to fix stale unit test case (s/user/User/)

@vbotbuildovich
Copy link
Collaborator

Copy link
Contributor

@pgellert pgellert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise lgtm

src/v/redpanda/admin/security.cc Outdated Show resolved Hide resolved
src/v/redpanda/admin/security.cc Outdated Show resolved Hide resolved
- s/user/User/ for principal_type enum
  - Adjust `operator<<(..., role_member_type)` in kind
- Add missing `create` flag to update_role_members spec

Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
@oleiman oleiman force-pushed the rbac/members-admin branch from d73149a to 55090bd Compare March 19, 2024 16:45
@oleiman
Copy link
Member Author

oleiman commented Mar 19, 2024

force push rebase dev for merge conflict

@oleiman oleiman force-pushed the rbac/members-admin branch from 55090bd to 8003644 Compare March 19, 2024 16:50
@oleiman
Copy link
Member Author

oleiman commented Mar 19, 2024

force push review comments

pgellert
pgellert previously approved these changes Mar 19, 2024
- GET /v1/security/roles/{role}/members
  - operationID: list_role_members
- POST /v1/security/roles/{role}/members
  - operationID: update_role_members

Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
oleiman added 2 commits March 19, 2024 15:09
Introduce:
- RoleMember
- RoleMemberList
- RoleMemberUpdateResponse

And integrate into Admin.update_role_members.

Includes a minor refactor to Admin._request query param passing.

Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
@oleiman
Copy link
Member Author

oleiman commented Mar 19, 2024

force push missed a s/url_decode/path_decode/

Copy link
Contributor

@michael-redpanda michael-redpanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@oleiman oleiman merged commit 9529f7f into redpanda-data:dev Mar 20, 2024
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants