-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Azure plugin - remove Palette presets, reading permission set files #97
feat: Azure plugin - remove Palette presets, reading permission set files #97
Conversation
@mattwelke is this still WIP? Please update the description and rebase if it's ready for review. |
Signed-off-by: Matt Welke <matt.welke@spectrocloud.com>
Signed-off-by: Matt Welke <matt.welke@spectrocloud.com>
Signed-off-by: Matt Welke <matt.welke@spectrocloud.com>
@TylerGillson I'm going to refine this a bit. Instead of it prompting multiple times for permission set files until it has all the permission sets, I'm going to make a new JSON file format where users can specify all the permission sets at once. This would help in scenarios where they have more than one permission set because they require some permissions at scope x but other permissions only at scope y, and they don't want to over permission. And they'd be able to encode all of that in one file. With the Azure plugin, while we can't make it so users can copy and paste JSON they find online (e.g. the JSON for a role they find on Azure' built-in roles page) until we have the new "role" rule we discussed offline, we can at least make it so that they have as few prompts to go through as possible because as much of the data as possible has been included in this JSON file. |
Codecov ReportAttention: Patch coverage is @@ Coverage Diff @@
## main #97 +/- ##
==========================================
- Coverage 52.28% 50.81% -1.48%
==========================================
Files 45 45
Lines 5009 4719 -290
==========================================
- Hits 2619 2398 -221
+ Misses 1729 1695 -34
+ Partials 661 626 -35
Continue to review full report in Codecov by Sentry.
|
6750ba3
to
c9c0567
Compare
Made that update. Rebased. Ready for review. |
Signed-off-by: Matt Welke <matt.welke@spectrocloud.com>
e6ac592
to
ca67e43
Compare
GitGuardian comment was about fake secrets in test package accidentally accidentally committed. Cleaned up branch. |
Signed-off-by: Matt Welke <matt.welke@spectrocloud.com>
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
Signed-off-by: Matt Welke <matt.welke@spectrocloud.com>
🤖 I have created a release *beep* *boop* --- ## [0.0.6](v0.0.5...v0.0.6) (2024-07-26) ### Features * Azure plugin - remove Palette presets, reading permission set files ([#97](#97)) ([95787db](95787db)) ### Other * bump validator and plugin versions ([#106](#106)) ([a3863aa](a3863aa)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Issue
Resolves #84
Resolves #45
Description
Changes the plugin to not have Palette presets for Azure RBAC rules anymore.
Also changes it to not prompt the user for details for permission sets anymore. Instead, that data is read from a file the user provides. Permission sets are the portion of the RBAC rule consisting of the actions, data actions, and scope. The principal is also part of the rule but the user is prompted for that instead of it being read from a file. Most plugin users won't need more than one rule because while they may have multiple levels of scope to work with, they will likely only be validating one principal. This should be very minimal prompting, with most data coming from the file.
Example:
This is intentional:
validatorctl only supports RBAC rules right now, but more rules are being added to the plugin and they will be added to validatorctl later. Leaving this here as a placeholder.