b/277206647 Allow user to specify activation timeout #69
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Treat configured timeout as upper bound * Add slider to UI to custimize timeout * Validate and apply custom timeout in API
anakovt
pushed a commit
to extenda/hiiretail-platform-jit-access
that referenced
this pull request
Jun 5, 2023
* b/245024166 Migrate from gRPC to REST (GoogleCloudPlatform#13) * Replace gRPC libraries with REST libraries * Update tests * Fix inconsistent indentation (GoogleCloudPlatform#14) Reapply formatting rules to fix inconsistent indentation * b/258677442 Prepare backend for multi-party approval (GoogleCloudPlatform#15) * Introduce new constraint for MPA * Split ElevationService class and add logic to find qualified peers * Add IamCredentialsAdapter to sign/verify approval tokens * Add NotificationService Note that none of the functionality is exposed in the API or UI yet * b/260523497 Project-based discovery, activation (GoogleCloudPlatform#16) * Change logic so that users first select a project, and then select a role to activate. This makes the Policy Analyzer API calls more efficient and allows us to consider inherited IAM role bindings as well. * Introduce new GUI that uses a material stepper to find and activate roles * b/260523060 Add referrer policy (GoogleCloudPlatform#17) Don't send referrer header for any links * b/260903622 Disable Quarkus banner (GoogleCloudPlatform#19) Disable banner during startup to reduce noise in Cloud Logging * b/260523843 Update dependencies (GoogleCloudPlatform#18) Update quarkus, google-auth-library to latest versions * b/260921498 Disable browser caching (GoogleCloudPlatform#20) Disable caching for all content to avoid presenting stale data, and to prevent issues after applying a version update. Note that most long-lived content (jquery, etc) is served from a CDN anyway. * b/260928316 Allow keyboard-based form submission (GoogleCloudPlatform#21) * b/260937326 Update favicon (GoogleCloudPlatform#22) * b/260937549 Add screenshots for README (GoogleCloudPlatform#23) * Include cache-busting link in error message (GoogleCloudPlatform#25) When an old version of the frontend is used, show an error message with a cache-busting link * b/260937549 Update README (GoogleCloudPlatform#24) * Update to cover 1.1 * Add more screenshots * Add Error Prone, fix code analysis nits (GoogleCloudPlatform#26) * Add errorprone * Fix code analysis nits * Add IntelliJ project files (GoogleCloudPlatform#27) * Rephrase headlines in README (GoogleCloudPlatform#28) * Cleanup, fix code analysis nits (GoogleCloudPlatform#29) * b/258677442 Expose APIs and UI for multi-party approval (GoogleCloudPlatform#30) * Prompt users to select one or more peers when requesting to activate an MPA role * Notify peers about the activation requests * Allow peers to view and approve activation requests * Notify requestor and peers about approvals Multi-party approval is an optional feature that requires additional configuration. When not configured, the app "degrades" to support JIT roles only. * b/264200963 Consolidate instructions for setting up a development environment (GoogleCloudPlatform#31) * b/261757888 Show tooltips with UTC dates (GoogleCloudPlatform#32) When hovering over a date, show a tooltip with the equivalent UTC date. * b/261503522 Show signed-in user in footer (GoogleCloudPlatform#33) Extend footer to show email of signed-in user, link to switch users * b/261343777 Move documentation to Wiki (GoogleCloudPlatform#34) * Clean up labels, date display in request form (GoogleCloudPlatform#35) * Rephrase labels * Show expiry in minutes for both start and end time * b/264210103 Reload form when clicking title, menu (GoogleCloudPlatform#36) * Change menu link to reload page * Make title a link to reload page * Fix format of notification emails (GoogleCloudPlatform#37) * Use code-formatting for project ID, role * Update button style to match UI * Use smaller font for explanation text * b/264199453 Fix list layout in Safari (GoogleCloudPlatform#38) * b/264571241 Show error message on double-approval (GoogleCloudPlatform#39) Detect double-approval and show a more specific error message to the approver. * b/265050744 Strip query string in Home link (GoogleCloudPlatform#40) Fix Home link when viewing an approval request by stripping the token from the link URL. * Update README to cover multi-party approval (GoogleCloudPlatform#41) * b/265232062 Consolidate duplicate role bindings (GoogleCloudPlatform#42) * When a role is both JIT- and MPA-eligible, only consider the JIT-eligible role role binding * When a role has been granted twice (with the same constraint), ignore the duplicate This fixes an issue where activating a role fails because of a duplicate in the list of eligible roles. * Handle IAM constraint expressions that are null * feat: cloud run support * feat: dockerfile * adjustments * backend service id rename * minor fixes * adjust comment * Simplify directory structure in container image (GoogleCloudPlatform#45) * Bump version number to 1.3 (GoogleCloudPlatform#46) * Add Cloud Run as deployment target * Fix broken tests (GoogleCloudPlatform#53) * Change testIamPermission test to not rely on undocumented behavior * Add missing mock configuration for IAP header tests * b/273390621 Add configuration option for max number of reviewers (GoogleCloudPlatform#54) * List default limit of 10 reviewers for an activation request * Add configuration option ACTIVATION_REQUEST_MAX_REVIEWERS * Validate number of peers in RoleActivationService * Check number of reviewers in API resource to ensure that a proper error is shown to users * b/274349470 Update Maven dependencies (GoogleCloudPlatform#57) Update dependencies: * Quarkus * Client libraries * Mockito * b/274349663 Read SMTP password from Secret Manager (GoogleCloudPlatform#58) * Add Secret Manager adapter * Add SMTP_SECRET configuration option * Lookup SMTP credentials using SecretsManager if SMTP_SECRET is configured * b/275265215 Extract notification formatting into separate class (GoogleCloudPlatform#61) Extract formatting logic from `Notification` class into separate classes * `Notification` objects have a template ID * Notification service implementations can use this template ID to construct a `NotificationTemplate` * The `NotificationTemplate` turns the `Notification` object into a piece of formatted text, for example HTML This should make it easier to implement alternative notification targets such as Slack. * Only emit SMTP warning when configuration is incomplete (GoogleCloudPlatform#65) Fix condition under which the warning is written to the log * b/277050090 Select all roles/peers (GoogleCloudPlatform#64) Allow users to... * select all available roles * select all available peers when requesting a role activation. * b/277186177 Configure minimum number of reviewers (GoogleCloudPlatform#67) * Add ACTIVATION_REQUEST_MIN_REVIEWERS option * Enforce minimum in ApiController, RoleActivationService * Fix error message for parameter validation (GoogleCloudPlatform#68) * b/277206647 Allow user to specify activation timeout (GoogleCloudPlatform#69) * Treat configured timeout as upper bound * Add slider to UI to custimize timeout * Validate and apply custom timeout in API * b/275265215 Permit approval when role activated (GoogleCloudPlatform#70) Fix an issue where approval failed if the reviewer previously activated the same role * b/278473217 Exclude disabled items from selection (GoogleCloudPlatform#71) Fix "select all" checkbox to ignore disabled items * b/278807834 Force links in email to use HTTPS when deployed on Cloud Run (GoogleCloudPlatform#72) The incoming URL may be HTTP when deployed on Cloud Run. Force the scheme to HTTPS when generating URLs. * Migrated to Google distroless to reduce security attack surface and docker image size (GoogleCloudPlatform#75) * b/285050870 Log error when IAP assertion missing or invalid (GoogleCloudPlatform#80) --------- Co-authored-by: Johannes Passing <jpassing@hotmail.com> Co-authored-by: Emil Stolarsky <emil.stolarsky@wave.com> Co-authored-by: Adrian Trzeciak <adrian@strise.ai> Co-authored-by: Adrian Trzeciak <48787209+adriantr@users.noreply.github.com> Co-authored-by: Abdulla Abdurakhmanov <me@abdolence.dev>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ref #52