Lifos/fix grant not created#402
Open
lifosmin wants to merge 218 commits into
Open
Conversation
* feat: migrate to gotocompany * feat: migrate to gotocompany * feat: change code owners * fix: change user for docs * fix: remove odpf proto * Update Makefile Co-authored-by: Sushmith <6890568+bsushmith@users.noreply.github.com> * Update README.md Co-authored-by: Sushmith <6890568+bsushmith@users.noreply.github.com> * Update README.md Co-authored-by: Sushmith <6890568+bsushmith@users.noreply.github.com> * Update README.md Co-authored-by: Sushmith <6890568+bsushmith@users.noreply.github.com> * fix: test workflow * fix: gitignore * fix: add proto * fix: add proto * chore: remove code owners * ci: fix lint install private * fix: update .goreleaser.yaml maintainer Co-authored-by: Abduh <mabdh@users.noreply.github.com> * fix: private repo workflow --------- Co-authored-by: Abduh <mabdh@users.noreply.github.com> Co-authored-by: Sushmith <6890568+bsushmith@users.noreply.github.com> * chore: update workflow credentials Co-authored-by: Abduh <mabdh@users.noreply.github.com> * chore: remove private repo workaround Co-authored-by: Abduh <mabdh@users.noreply.github.com> * chore: reenable coveralls Co-authored-by: Abduh <mabdh@users.noreply.github.com> * chore: change credentials for brew commit author Co-authored-by: Abduh <mabdh@users.noreply.github.com> * fix: fix salt version * docs: add notice file * chore: delete NOTICE file --------- Co-authored-by: Haveiss <haveiss@users.noreply.github.com> Co-authored-by: Abduh <mabdh@users.noreply.github.com> Co-authored-by: Sushmith <6890568+bsushmith@users.noreply.github.com>
- convert duration to days if possible for slack approval notification
- add pagination support in ListUserApprovals api - add pagination support in ListApprovals api - update buf version
…eps (#8) - send appeal rejection notification for auto rejected steps, which got auto-rejected at appeal creation time
* feat(bigquery): fetch labels for dataset and table resources * refactor: rename var * fix: prevent user from updating Resource.Details["_metadata"] * test: extend test for FetchResources * refactor: simplify labels metadata assignment in dataset and table resource model * refactor(bigquery): use bqApi to fetch datasets and tables to reduce calls to bigquery * refactor(bigquery): fetch tables concurrently * test(bigquery): add unit tests for GetDatasets and GetTables methods in client * refactor: limit active goroutines when fetching datasets * refactor: rename "_metadata" to "__metadata" and store it in a const * refactor: declare var for an if block only
- fetch resources on provider update
- rename default notification template file - add additional ctx information to notifier logs - log failed grant revocations only when there are failures
- feat(approval): add appeal_statuses filter for list approvals API - test: add test cases Co-authored-by: Rahmat Hidayat <rahmatramahidayat@gmail.com>
- fix: use mutex locks while fetching resources in errgroup. Without the mutex lock, the append resources is not concurrency safe. So use lock while appending to the resources slice
…rigger (#29) * feat(policy): introduce expression in additional appeal requirement trigger * test(appeal): add test for additional appeal creation using expression * test(policy): add more test cases * chore: update proton commit
- check for errors while casting metabase group permission & collection permission into string - fix incorrect log statement
- If the appeal id is empty or invalid in request, server should return 400 bad request instead of 500 internal server error - fix and add test cases
#33) - allow appeal creation to continue on creator details fetch error - `allow_creator_details_failure` is a flag that lets the appeal creation to continue when the request to the identity provider (Policy.IAM) fails. If this is set to true and request to the identity provider fails (4xx or 5xx), the value of `creator` field in the appeal will be nil. Note: any expression that tries to access `$appeal.creator.*` is still evaluated as usual, it might need to have proper nil checking to avoid accessing nil value.
This reverts commit 801c923.
* feat(grant): add expiration_date_reason and requested_expiration_date fields * feat(appeal): initialize requested_expiration_date and expiration_date_reason when transitioning appeal to grant * feat: introduce job for revoking appeals based on user criteria * docs: update config example * refactor(jobs): add "Type" prefix for job types * fix: uncomment revoke logic * chore: enhance logging * fix: fix jobs config read * refactor: improve function readability
* feat: support oidc authentication in iam http client * refactor: rename auth type and credentials field name
- add variables to approver notification message - update examples for job run command
- bump up expr version to v1.12.5
- use accountID filter to fetch pendingAppeals
…account_type (#51) * feat(approval): support search query and filter by resource type and account_type * feat(approval): add indexes for some filterable/searchable columns * chore: update proton commit * feat: include total count in list approvals result * chore: update proton commit * fix: fix gorm query building order * test: add test cases to ensure grouped condition for "q" * chore: add comment to document the issue
* chore: user goreleaser v1.18.2 * chore: fix release pipeline
* refactor(provider): refactor ListLogEntries * feat: grant dormancy check * fix: read raw config * fix: fix some query logs issue * fix: change time range parameter * feat: send notification to the grants owner * chore: apply suggestions from code review Co-authored-by: sushmith <6890568+bsushmith@users.noreply.github.com> * refactor: reuse slices.UniqueStringSlice * refactor: reuse StructToMap * chore: remove unused lines * chore: enhance error log with provider.URN * chore: add validation for activity config * fix: check required private log viewer permission * test: add test cases for client.ListActivities * test: add test case for CorrelateGrantActivities * fix: mark grant.IsPermanent as false when updating the exp date * chore: fix lint warnings * chore: extract sending notifications from goroutine * chore: log activities summary * chore: log provider_urn as key-value in logger --------- Co-authored-by: sushmith <6890568+bsushmith@users.noreply.github.com>
* feat: accept base64 encoded credentials in policy.IAM config * feat: introduce new field for base64 credentials * chore: enhance logging * fix: add json validation for credentials
* feat:add pagination for list appeal and list grant * feat: add listusergrants * chore: Add testing for listappeal and listgrant * feat:add pagination test for list appeal and list grant * chore: Add testing for offset * chore: made test tables for grant_repo and appeal_repo * chore: Update proto commit makefile * chore: proto buf setup --------- Co-authored-by: Lifosmin Simon <lifosmin.simon@Lifosmin-Simon.local>
* feat: Add filter q, account_type for litAppeals and listGrants and added getTotalCount * chore: added testing for total count * chore: fix testing * chore: fix test total * chore: fix test mock appeal and grant * chore: fix test mock user appeal and grant * chore: fix test coverage * chore: fix test coverage 2 * chore: fix test coverage 3 * chore: resolve comments * test: resolve comments * test: fix testing --------- Co-authored-by: Lifosmin Simon <lifosmin.simon@Lifosmin-Simon.local>
* feat: introduce new resource type "service_account" in gcloud_iam provider * feat: grant and revoke access to service account * test: add test cases for service account provider * refactor: use switch case * chore: user goreleaser v1.18.2 * chore: use goreleaser v1.8.3 * chore: fix release pipeline * fix: fix fetching grantable roles next page token * refactor: remove additional checking * chore: use email as service account resource name * test: add more unit tests for GetResources * test: add more unit tests for Grant and Revoke Access
* feat: enable to populate appeal metadata using header * dev * Update service.go * Update service.go * Update service.go
* feat: enable group account type in gitlab provider * chore: add debug logs --------- Co-authored-by: Lifosmin Simon <lifosmin.simon@gojek.com>
* chore:enable gitlab gorup resource creation * chore: enable group sharing * fix * fix * feat --------- Co-authored-by: Lifosmin Simon <lifosmin.simon@gojek.com>
* chore: support add/update approval steps * chore: update proto commit --------- Co-authored-by: Anjali Aggarwal <anjali.aggarwal@gojek.com>
Co-authored-by: Anjali Aggarwal <anjali.aggarwal@gojek.com>
Co-authored-by: Anjali Aggarwal <anjali.aggarwal@gojek.com>
…erGrants (#286) * feat(grant): add exclude_empty_appeal filter to list grants - Add ExcludeEmptyAppeal bool to ListGrantsFilter domain struct - Map ExcludeEmptyAppeal from proto request in ListGrants and ListUserGrants handlers - Add IS NOT NULL condition for appeal_id in grant repository when filter is set - Regenerate proto from proton bearaujus/patch-27 (exclude_empty_appeal proto change) - Update PROTON_COMMIT to 42f0e9df532c6561b05b0f8faeece19628bd6e80 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: update proton commit --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat(grant): add inactive grant policy scoping for ListGrants - Add InactiveGrantPolicy enum mapping in ListGrants handler - Add scoping fields: InactiveGrantGroupId/Type/ResourceId/ProviderType - Add GenerateExcludedGrantIDsForSmartInactiveGrants to service and interface - Refactor: extract smartExcludedGrantIDs private helper - Add mock and tests for new service method - Regenerate pb.go from proton bearaujus/patch-26 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * dev * Delete guardian.pb.validate.go * Update service.go * dev --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat(summary): add summary_labels_v2 faceted search support - Add SummaryLabelsV2 bool to ListAppealsFilter, ListApprovalsFilter, ListGrantsFilter - Add SummaryLabelV2 struct and SummaryLabelsV2/LabelsV2Count fields to SummaryResult - Add generateLabelSummariesV2 function in postgres utils (faceted search per label key) - Wire SummaryLabelsV2 in appeal, approval, and grant repository GenerateSummary - Map SummaryLabelsV2 in ListUserAppeals, ListAppeals, ListUserApprovals, ListApprovals, ListGrants, ListUserGrants handlers - Add mutual exclusion guard: summary_labels and summary_labels_v2 cannot both be true - Update adapter ToSummaryProto to use V2 labels when present (V2 takes priority) - Add TestListGrantsSummaryLabelsValidation tests - Regenerate pb.go from proton bearaujus/patch-25 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * add more docs * dev * Update go.mod * Update grant.go * add unittests * Add unittests * dev --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: onboard optimus provider * fix: do not create replay on grant creation * fix: lint * fix: lint * fix: add backfill request overlap check * fix: code coverage * fix: remove appeal conflict check and add credentials encryption * fix: UUID account type * fix: tests * fix: add end_date in guardian resource spec --------- Co-authored-by: Yash Bhardwaj <yash.bhardwaj@gojek.com>
* feat: add resource details filter to list appeal & grant * Update Makefile
* feat: introduce parallel approvers * feat: parallel approvers * add new field * fix * add approver step --------- Co-authored-by: lifosmin.simon <lifosmin.simon@gojek.com>
* fix: merge additional stages first * fix * fix * fix policy * test fix --------- Co-authored-by: lifosmin.simon <lifosmin.simon@gojek.com>
* feat(shield): create team resource type * test_cases * feat: guardian provider onboard action resource type * fix * feat * feat * feat * fix * check permission * fix * fix * feat(shield): create team resource type * fix: create_team * fix: create_team * fix: create_team * fix: create_team * fix: create_team * Update client.go --------- Co-authored-by: lifosmin.simon <lifosmin.simon@gojek.com>
fix_shield_client Co-authored-by: Lifosmin Simon <lifosmin.simon@gmail.com>
Co-authored-by: Lifosmin Simon <lifosmin.simon@gmail.com>
Co-authored-by: Lifosmin Simon <lifosmin.simon@gmail.com>
* chore: single load each table in case batch load fails * dev --------- Co-authored-by: Anjali Aggarwal <anjali.aggarwal@gojek.com> Co-authored-by: bearaujus <haryo.assyafah@gopay.co.id>
lifosmin
requested review from
AkarshSatija,
bsushmith,
mabdh,
rahmatrhd and
ravisuhag
as code owners
|
Important Review skippedToo many files! This PR contains 294 files, which is 144 over the limit of 150. To get a review, narrow the scope: ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (6)
📒 Files selected for processing (294)
You can disable this status message by setting the Use the checkbox below for a quick retry:
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.