Skip to content

misc: Approval bypass v2 oss #6510

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 30 commits into from
May 5, 2025
Merged

misc: Approval bypass v2 oss #6510

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
a9502af
approval deployment flow
prakash100198 Apr 4, 2025
a3fff41
Merge branch 'approval-bypass-v1-oss' into approval-bypass-v2-oss
prakash100198 Apr 7, 2025
6fc04d7
Merge branch 'approval-bypass-v1-oss' into approval-bypass-v2-oss
prakash100198 Apr 7, 2025
15d0fc8
Merge branch 'approval-bypass-v1-oss' into approval-bypass-v2-oss
prakash100198 Apr 7, 2025
06d5ad8
Merge branch 'develop' into approval-bypass-v2-oss
prakash100198 Apr 7, 2025
1b440ad
Merge branch 'develop' into approval-bypass-v2-oss
prakash100198 Apr 9, 2025
bd1a417
add image_state in cwr
prakash100198 Apr 9, 2025
8e7a80b
make image_state as ImageStateWhileDeployment data type
prakash100198 Apr 9, 2025
2ff9f11
Merge branch 'develop' into approval-bypass-v2-oss
prakash100198 Apr 10, 2025
538321e
update notification_templates set template payload for CD trigger ses
prakash100198 Apr 10, 2025
3be33af
code review fixes: 1st level kartik
prakash100198 Apr 11, 2025
d0a7cbc
code review fixes: 1st level kartik
prakash100198 Apr 14, 2025
d1aff8e
code review fixes: 1st level nishant
prakash100198 Apr 14, 2025
353cac8
oss sync with ent
prakash100198 Apr 14, 2025
7a2493a
resource_version in global policy table
prakash100198 Apr 14, 2025
5dff7b9
varchar 50 to 20
prakash100198 Apr 15, 2025
26b26c8
update col name to policy_revision
prakash100198 Apr 15, 2025
9962cbd
varchar to text policy revision
prakash100198 Apr 15, 2025
067e9b8
GetCmAndSecretBulkUpdateResponseForOneApp new adaptor func
prakash100198 Apr 16, 2025
fa50887
script fix
prakash100198 Apr 16, 2025
6036c8b
GetDeploymentTemplateBulkUpdateResponseForOneApp
prakash100198 Apr 16, 2025
03693a4
code review corporation :- level 2
prakash100198 Apr 25, 2025
d5ff588
revert ArtifactStateWhileDeployment to ImageStateWhileDeployment
prakash100198 Apr 25, 2025
7f42451
Merge branch 'develop' into approval-bypass-v2-oss
prakash100198 Apr 25, 2025
32e5b07
merge develop
prakash100198 Apr 25, 2025
88edb03
correct migration script number
prakash100198 Apr 25, 2025
8ebba97
Merge branch 'develop' into approval-bypass-v2-oss
prakash100198 Apr 28, 2025
83372b7
Merge branch 'develop' into approval-bypass-v2-oss
prakash100198 May 5, 2025
4afc071
change script number
prakash100198 May 5, 2025
2e8051b
Merge remote-tracking branch 'origin/approval-bypass-v2-oss' into app…
prakash100198 May 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 41 additions & 6 deletions api/restHandler/BulkUpdateRestHandler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,13 @@ package restHandler
import (
"encoding/json"
"fmt"
bean4 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
"github.com/devtron-labs/devtron/pkg/build/git/gitMaterial/repository"
"github.com/devtron-labs/devtron/pkg/build/git/gitProvider"
"github.com/devtron-labs/devtron/pkg/bulkAction/bean"
"github.com/devtron-labs/devtron/pkg/bulkAction/service"
"github.com/devtron-labs/devtron/pkg/cluster/environment"
"github.com/devtron-labs/devtron/util"
"net/http"
"strconv"
"strings"
Expand Down Expand Up @@ -212,9 +214,14 @@ func (handler BulkUpdateRestHandlerImpl) CheckAuthForBulkUpdate(AppId int, EnvId

}
func (handler BulkUpdateRestHandlerImpl) BulkUpdate(w http.ResponseWriter, r *http.Request) {
userId, err := handler.userAuthService.GetLoggedInUser(r)
if userId == 0 || err != nil {
common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
return
}
decoder := json.NewDecoder(r.Body)
var script bean.BulkUpdateScript
err := decoder.Decode(&script)
err = decoder.Decode(&script)
if err != nil {
common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
return
Expand Down Expand Up @@ -250,8 +257,14 @@ func (handler BulkUpdateRestHandlerImpl) BulkUpdate(w http.ResponseWriter, r *ht
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
}
}

response := handler.bulkUpdateService.BulkUpdate(script.Spec)
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail := util.GetEmailFromContext(r.Context())
userMetadata := &bean4.UserMetadata{
UserEmailId: userEmail,
IsUserSuperAdmin: isSuperAdmin,
UserId: userId,
}
response := handler.bulkUpdateService.BulkUpdate(script.Spec, userMetadata)
common.WriteJsonResp(w, nil, response, http.StatusOK)
}

Expand All @@ -261,7 +274,15 @@ func (handler BulkUpdateRestHandlerImpl) BulkHibernate(w http.ResponseWriter, r
return // response already written by the helper on error.
}
token := r.Header.Get("token")
response, err := handler.bulkUpdateService.BulkHibernate(request, r.Context(), w, token, handler.checkAuthForBulkHibernateAndUnhibernate)
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail := util.GetEmailFromContext(r.Context())
userMetadata := &bean4.UserMetadata{
UserEmailId: userEmail,
IsUserSuperAdmin: isSuperAdmin,
UserId: request.UserId,
}

response, err := handler.bulkUpdateService.BulkHibernate(r.Context(), request, handler.checkAuthForBulkHibernateAndUnhibernate, userMetadata)
if err != nil {
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
return
Expand Down Expand Up @@ -298,7 +319,14 @@ func (handler BulkUpdateRestHandlerImpl) BulkUnHibernate(w http.ResponseWriter,
return // response already written by the helper on error.
}
token := r.Header.Get("token")
response, err := handler.bulkUpdateService.BulkUnHibernate(request, r.Context(), w, token, handler.checkAuthForBulkHibernateAndUnhibernate)
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail := util.GetEmailFromContext(r.Context())
userMetadata := &bean4.UserMetadata{
UserEmailId: userEmail,
IsUserSuperAdmin: isSuperAdmin,
UserId: request.UserId,
}
response, err := handler.bulkUpdateService.BulkUnHibernate(r.Context(), request, handler.checkAuthForBulkHibernateAndUnhibernate, userMetadata)
if err != nil {
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
return
Expand Down Expand Up @@ -326,7 +354,14 @@ func (handler BulkUpdateRestHandlerImpl) BulkDeploy(w http.ResponseWriter, r *ht
common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
return
}
response, err := handler.bulkUpdateService.BulkDeploy(&request, token, handler.checkAuthBatch)
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail := util.GetEmailFromContext(r.Context())
userMetadata := &bean4.UserMetadata{
UserEmailId: userEmail,
IsUserSuperAdmin: isSuperAdmin,
UserId: userId,
}
response, err := handler.bulkUpdateService.BulkDeploy(&request, token, handler.checkAuthBatch, userMetadata)
if err != nil {
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
return
Expand Down
65 changes: 17 additions & 48 deletions api/restHandler/ConfigMapRestHandler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package restHandler
import (
"encoding/json"
"fmt"
"github.com/devtron-labs/devtron/pkg/auth/user/util"
"github.com/devtron-labs/devtron/pkg/pipeline/draftAwareConfigService"
"net/http"
"strconv"
Expand Down Expand Up @@ -125,12 +126,8 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalAddUpdate(w http.ResponseWriter,
//RBAC END
ctx := r.Context()
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
if err != nil {
common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
return
}
res, err := handler.draftAwareResourceService.CMGlobalAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
res, err := handler.draftAwareResourceService.CMGlobalAddUpdate(ctx, &configMapRequest, userMetadata)
if err != nil {
handler.Logger.Errorw("service err, CMGlobalAddUpdate", "err", err, "payload", configMapRequest)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
Expand Down Expand Up @@ -175,12 +172,8 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentAddUpdate(w http.ResponseWr
//RBAC END
ctx := r.Context()
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
if err != nil {
common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
return
}
res, err := handler.draftAwareResourceService.CMEnvironmentAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
res, err := handler.draftAwareResourceService.CMEnvironmentAddUpdate(ctx, &configMapRequest, userMetadata)
if err != nil {
handler.Logger.Errorw("service err, CMEnvironmentAddUpdate", "err", err, "payload", configMapRequest)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
Expand Down Expand Up @@ -378,12 +371,8 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalAddUpdate(w http.ResponseWriter,
//RBAC END
ctx := r.Context()
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
if err != nil {
common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
return
}
res, err := handler.draftAwareResourceService.CSGlobalAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
res, err := handler.draftAwareResourceService.CSGlobalAddUpdate(ctx, &configMapRequest, userMetadata)
if err != nil {
handler.Logger.Errorw("service err, CSGlobalAddUpdate", "err", err, "payload", configMapRequest)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
Expand Down Expand Up @@ -429,12 +418,8 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentAddUpdate(w http.ResponseWr
//RBAC END
ctx := r.Context()
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
if err != nil {
common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
return
}
res, err := handler.draftAwareResourceService.CSEnvironmentAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
res, err := handler.draftAwareResourceService.CSEnvironmentAddUpdate(ctx, &configMapRequest, userMetadata)
if err != nil {
handler.Logger.Errorw("service err, CSEnvironmentAddUpdate", "err", err, "payload", configMapRequest)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
Expand Down Expand Up @@ -548,17 +533,13 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalDelete(w http.ResponseWriter, r
//RBAC END
ctx := r.Context()
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
if err != nil {
common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
return
}
userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
deleteReq := &bean.ConfigDataRequest{
Id: id,
AppId: appId,
UserId: userId,
}
res, err := handler.draftAwareResourceService.CMGlobalDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
res, err := handler.draftAwareResourceService.CMGlobalDelete(ctx, name, deleteReq, userMetadata)
if err != nil {
handler.Logger.Errorw("service err, CMGlobalDelete", "err", err, "appId", appId, "id", id, "name", name)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
Expand Down Expand Up @@ -614,17 +595,13 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentDelete(w http.ResponseWrite
//RBAC END
ctx := r.Context()
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
if err != nil {
common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
return
}
userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
deleteReq := &bean.ConfigDataRequest{
Id: id,
AppId: appId,
UserId: userId,
}
res, err := handler.draftAwareResourceService.CMEnvironmentDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
res, err := handler.draftAwareResourceService.CMEnvironmentDelete(ctx, name, deleteReq, userMetadata)
if err != nil {
handler.Logger.Errorw("service err, CMEnvironmentDelete", "err", err, "appId", appId, "envId", envId, "id", id)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
Expand Down Expand Up @@ -666,17 +643,13 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalDelete(w http.ResponseWriter, r
//RBAC END
ctx := r.Context()
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
if err != nil {
common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
return
}
userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
deleteReq := &bean.ConfigDataRequest{
Id: id,
AppId: appId,
UserId: userId,
}
res, err := handler.draftAwareResourceService.CSGlobalDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
res, err := handler.draftAwareResourceService.CSGlobalDelete(ctx, name, deleteReq, userMetadata)
if err != nil {
handler.Logger.Errorw("service err, CSGlobalDelete", "err", err, "appId", appId, "id", id, "name", name)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
Expand Down Expand Up @@ -732,17 +705,13 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentDelete(w http.ResponseWrite
//RBAC END
ctx := r.Context()
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
if err != nil {
common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
return
}
userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
deleteReq := &bean.ConfigDataRequest{
Id: id,
AppId: appId,
UserId: userId,
}
res, err := handler.draftAwareResourceService.CSEnvironmentDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
res, err := handler.draftAwareResourceService.CSEnvironmentDelete(ctx, name, deleteReq, userMetadata)
if err != nil {
handler.Logger.Errorw("service err, CSEnvironmentDelete", "err", err, "appId", appId, "envId", envId, "id", id)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
Expand Down
16 changes: 15 additions & 1 deletion api/restHandler/app/appList/AppListingRestHandler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ import (
util4 "github.com/devtron-labs/devtron/pkg/appStore/util"
"github.com/devtron-labs/devtron/pkg/auth/authorisation/casbin"
"github.com/devtron-labs/devtron/pkg/auth/user"
"github.com/devtron-labs/devtron/pkg/auth/user/bean"
bean5 "github.com/devtron-labs/devtron/pkg/cluster/bean"
bean2 "github.com/devtron-labs/devtron/pkg/cluster/environment/bean"
common2 "github.com/devtron-labs/devtron/pkg/deployment/common"
Expand All @@ -49,6 +50,7 @@ import (
k8sApplication "github.com/devtron-labs/devtron/pkg/k8s/application"
"github.com/devtron-labs/devtron/pkg/pipeline"
bean6 "github.com/devtron-labs/devtron/pkg/team/bean"
util2 "github.com/devtron-labs/devtron/util"
"github.com/devtron-labs/devtron/util/rbac"
"github.com/go-pg/pg"
"github.com/gorilla/mux"
Expand Down Expand Up @@ -469,6 +471,11 @@ func (handler AppListingRestHandlerImpl) FetchOverviewAppsByEnvironment(w http.R
}

func (handler AppListingRestHandlerImpl) FetchAppDetailsV2(w http.ResponseWriter, r *http.Request) {
userId, err := handler.userService.GetLoggedInUser(r)
if userId == 0 || err != nil {
common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
return
}
vars := mux.Vars(r)
token := r.Header.Get("token")
appId, err := strconv.Atoi(vars["app-id"])
Expand All @@ -486,14 +493,21 @@ func (handler AppListingRestHandlerImpl) FetchAppDetailsV2(w http.ResponseWriter
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
return
}
isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
userEmail := util2.GetEmailFromContext(r.Context())
userMetadata := &bean.UserMetadata{
UserEmailId: userEmail,
IsUserSuperAdmin: isSuperAdmin,
UserId: userId,
}
appDetail, err := handler.appListingService.FetchAppDetails(r.Context(), appId, envId)
if err != nil {
handler.logger.Errorw("service err, FetchAppDetailsV2", "err", err, "appId", appId, "envId", envId)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
return
}

appDetail, err = handler.updateApprovalConfigDataInAppDetailResp(appDetail, appId, envId)
appDetail, err = handler.updateApprovalConfigDataInAppDetailResp(r.Context(), appDetail, appId, envId, userMetadata)
if err != nil {
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
return
Expand Down
4 changes: 3 additions & 1 deletion api/restHandler/app/appList/AppListingRestHandler_ent.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package appList

import (
"context"
"github.com/devtron-labs/devtron/api/bean/AppView"
userBean "github.com/devtron-labs/devtron/pkg/auth/user/bean"
"net/http"
)

Expand All @@ -14,6 +16,6 @@ func (handler AppListingRestHandlerImpl) FetchAutocompleteJobCiPipelines(w http.
func (handler AppListingRestHandlerImpl) GetAllAppEnvsFromResourceNames(w http.ResponseWriter, r *http.Request) {
}

func (handler AppListingRestHandlerImpl) updateApprovalConfigDataInAppDetailResp(appDetail AppView.AppDetailContainer, appId, envId int) (AppView.AppDetailContainer, error) {
func (handler AppListingRestHandlerImpl) updateApprovalConfigDataInAppDetailResp(ctx context.Context, appDetail AppView.AppDetailContainer, appId, envId int, userMetadata *userBean.UserMetadata) (AppView.AppDetailContainer, error) {
return appDetail, nil
}
Loading
Loading