Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed RBAC fetching from workflow state when template is not present #998

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

owaiskazi19
Copy link
Member

Description

In the current implementation of Role Based Access Control, the user is fetched only from Template. After invoking delete API, the template gets deleted but that should not stop from fetching the state of the same workflow or deprovisioning it. This PR fixes it with reading the user from workflow state index rather global context.

Related Issues

Resolves #986

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@github-actions github-actions bot added the backport 2.x backport PRs to 2.x branch label Jan 15, 2025
@owaiskazi19 owaiskazi19 force-pushed the rbac-bug branch 2 times, most recently from 40e82af to 8d43327 Compare January 15, 2025 22:51
Signed-off-by: Owais <owaiskazi19@gmail.com>
Copy link

codecov bot commented Jan 15, 2025

Codecov Report

Attention: Patch coverage is 65.21739% with 8 lines in your changes missing coverage. Please review.

Project coverage is 77.57%. Comparing base (f442c19) to head (6bc58d6).

Files with missing lines Patch % Lines
.../org/opensearch/flowframework/util/ParseUtils.java 25.00% 3 Missing and 3 partials ⚠️
.../transport/DeprovisionWorkflowTransportAction.java 66.66% 2 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##               main     #998      +/-   ##
============================================
+ Coverage     77.51%   77.57%   +0.05%     
  Complexity      993      993              
============================================
  Files            99       99              
  Lines          4714     4722       +8     
  Branches        431      433       +2     
============================================
+ Hits           3654     3663       +9     
+ Misses          881      877       -4     
- Partials        179      182       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Member

@dbwiddis dbwiddis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@amitgalitz
Copy link
Member

What happens if the user for the template and workflow state are different? If one user creates and another provisions, should we maybe get the user from whichever index corresponds to the action (action on template vs state) index. Or are we deciding that if user has access to the state they by default get access to template and vice versa
Also if we do fine grained updates do we change the user?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x backport PRs to 2.x branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[BUG] Can't get or delete workflow state without template if filtering by user
3 participants