close
Skip to content

RenderMailTemplate: change endpoint permission#878

Merged
majewsky merged 4 commits into
masterfrom
mail_template_render
May 4, 2026
Merged

RenderMailTemplate: change endpoint permission#878
majewsky merged 4 commits into
masterfrom
mail_template_render

Conversation

@VoigtS
Copy link
Copy Markdown
Member

@VoigtS VoigtS commented Apr 27, 2026

the smoke-test user that is used in the pipeline only has show_basic permissions, which conflicts with this endpoint. Instead of granting the user more permissions, the endpoint permission gets changed instead.

@VoigtS VoigtS requested a review from a team as a code owner April 27, 2026 15:10
@VoigtS VoigtS force-pushed the mail_template_render branch from 85f7c77 to 4371ce0 Compare April 27, 2026 15:17
wagnerd3
wagnerd3 requested changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@wagnerd3 wagnerd3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just realized that cluster:show_basic is used in the old world to give simple project members access to cluster level access and not just to cloud_ roles.

A nicer way would be to pick up the permission scheme for the v2 API and introduce a policy for v2:cluster:admin and define this to match also the limes-validation user we have for this smoke testing. Let's discuss offline.

@VoigtS
Copy link
Copy Markdown
Member Author

VoigtS commented Apr 28, 2026

the policy now uses the v2:cluster:validation from the proposal: sapcc/helm-charts#11513

wagnerd3
wagnerd3 previously approved these changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@wagnerd3 wagnerd3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to wait for the chart PR before merging.

majewsky
majewsky requested changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@majewsky majewsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please adjust docs/example-policy.json to document this policy

@VoigtS VoigtS requested a review from majewsky May 4, 2026 11:38
VoigtS added 3 commits May 4, 2026 14:43
@VoigtS
RenderMailTemplate: change endpoint permission
a2abacd 
the smoke-test user only has show_basic permissions, which conflicts with this endpoint.
Instead of granting the user more permissions, the endpoint permission gets changed instead.
@VoigtS
change policy to v2 cluster validation rule
9fb1d3d
@VoigtS
add cluster validation rule to example-policy.json
26af7bb
@VoigtS VoigtS force-pushed the mail_template_render branch 2 times, most recently from cb178e8 to 26af7bb Compare May 4, 2026 12:57
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

Merging this branch will not change overall coverage

Impacted Packages Coverage Δ 🤖
github.com/sapcc/limes/internal/api 78.47% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/sapcc/limes/internal/api/mail.go 89.19% (ø) 259 231 28

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Changed unit test files

  • github.com/sapcc/limes/internal/api/mail_test.go

majewsky
majewsky approved these changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@majewsky majewsky left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@majewsky majewsky merged commit e550804 into master May 4, 2026
6 checks passed
@majewsky majewsky deleted the mail_template_render branch May 4, 2026 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@majewsky majewsky majewsky approved these changes

@wagnerd3 wagnerd3 wagnerd3 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@VoigtS @majewsky @wagnerd3