Skip to content

AAP-48412 Unified RBAC display, sync with resource server #1363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Jul 29, 2025
Merged

AAP-48412 Unified RBAC display, sync with resource server #1363

merged 18 commits into from
Jul 29, 2025

Conversation

AlanCoding
Copy link
Member

@AlanCoding AlanCoding commented Jul 19, 2025
edited
Loading

This is the supporting eda-server patch for the core backend change for ASTRAT-1464

See this doc for more background.

requires ansible/django-ansible-base#749

This adds endpoints and enables syncing logic to mirror EDA permissions in the resource server, so that a unified view of all the permissions to objects can be given. A recap of the general component changes, which are being applied to eda-server here:

  • register role definition in the resource registry so it can be synced
  • disable sync of role definitions when creating initial data because sync isn't possible when that runs
  • enable new /service-index/ endpoints from DAB
  • add migration dependencies

The migration dependencies were done slightly different here, because the testing of the "Project Admin" role rename required migrating forward & backwards, and I had no intent of making the DAB migrations reversible. It seems to work fine as it is here.

Testing is mostly with aap-dev.

Requesting review from @ptoscano

@codecov-commenter
Copy link

codecov-commenter commented Jul 22, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.13%. Comparing base (f49a343) to head (eface00).

@@            Coverage Diff             @@
##             main    #1363      +/-   ##
==========================================
- Coverage   94.15%   94.13%   -0.02%     
==========================================
  Files         335      335              
  Lines       19533    19537       +4     
==========================================
  Hits        18391    18391              
- Misses       1142     1146       +4
Flag Coverage Δ
unit-int-tests-3.11 94.07% <100.00%> (-0.02%) ⬇️
unit-int-tests-3.12 94.13% <100.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
src/aap_eda/api/resource_api.py 100.00% <100.00%> (ø)
src/aap_eda/api/urls.py 100.00% <100.00%> (ø)
...da/core/management/commands/create_initial_data.py 97.90% <100.00%> (-1.04%) ⬇️
...p_eda/core/migrations/0064_rename_project_roles.py 100.00% <ø> (ø)
src/aap_eda/settings/defaults.py 100.00% <ø> (ø)
tests/integration/api/test_root.py 100.00% <ø> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@AlanCoding AlanCoding marked this pull request as ready for review July 22, 2025 21:48
@AlanCoding AlanCoding requested a review from a team as a code owner July 22, 2025 21:48
Alex-Izquierdo
Alex-Izquierdo reviewed Jul 23, 2025
View reviewed changes
@AlanCoding
Copy link
Member Author

New results from E2E tests give 8 failures.

=========================== short test summary info ============================
FAILED eda_qa/tests/api/test_role_team_assignments.py::test_create_role_team_assignment_for_activation - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
FAILED eda_qa/tests/api/test_role_team_assignments.py::test_create_user_assignment_for_decision_environment - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
FAILED eda_qa/tests/api/test_role_team_assignments.py::test_create_user_assignment_for_eda_credential - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
FAILED eda_qa/tests/api/test_role_team_assignments.py::test_create_role_user_assignment_for_project - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
FAILED eda_qa/tests/api/test_role_team_assignments.py::test_org_team_roles_propagate_to_team_members - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
FAILED eda_qa/tests/api/test_role_team_assignments.py::test_org_admin_can_be_assigned_to_team - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
FAILED eda_qa/tests/api/test_role_team_assignments.py::test_team_member_cannot_update_de_with_use_permissions_only - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
FAILED eda_qa/tests/api/test_role_user_assignments.py::test_team_roles_should_propagate_to_user_members - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
ERROR eda_qa/tests/api/test_role_definitions.py::test_list_team_assignment - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
ERROR eda_qa/tests/api/test_role_team_assignments.py::test_list_role_team_assignments - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
ERROR eda_qa/tests/api/test_role_team_assignments.py::test_delete_existing_team_assignment - eda_api.exceptions.ApiTypeError: Invalid type for variable 'team_ansible_id'. Required value type is str and passed type was NoneType at ['received_data']['team_ansible_id']
= 8 failed, 297 passed, 3 skipped, 1 xpassed, 13 warnings, 3 errors, 24 rerun in 2065.43s (0:34:25) =

Honestly, this looks related to ansible/django-ansible-base#765 from @PabloHiro and I will put up a new eda-server patch for this.

@AlanCoding
Copy link
Member Author

Created #1366 to flesh that out.

@Alex-Izquierdo
Copy link
Collaborator

@AlanCoding is there a chance that the new version od DAB could require a new generation of the openapi spec? in that case we will need to upgrade the test suite too.
#1367 will tell us

@AlanCoding
Copy link
Member Author

Yep, #1367 shows the same 8 failures so 🟢 here, although there's more work generated from all this...

@AlanCoding
Copy link
Member Author

Oh the tests probably failed because I rebased the DAB branch, making the git ref defunct. So this just needs a poetry update.

hsong-rh
hsong-rh previously approved these changes Jul 25, 2025
View reviewed changes
zkayyali812
zkayyali812 previously approved these changes Jul 25, 2025
View reviewed changes
@AlanCoding AlanCoding dismissed stale reviews from zkayyali812 and hsong-rh via 771ed35 July 25, 2025 20:46
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@AlanCoding AlanCoding merged commit 8539557 into ansible:main Jul 29, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Alex-Izquierdo Alex-Izquierdo Alex-Izquierdo left review comments

@bzwei bzwei bzwei approved these changes

@tvo318 tvo318 tvo318 approved these changes

@Dostonbek1 Dostonbek1 Dostonbek1 approved these changes

@djyasin djyasin djyasin approved these changes

@hsong-rh hsong-rh hsong-rh left review comments

@zkayyali812 zkayyali812 zkayyali812 left review comments

Assignees
No one assigned
Labels
run-e2e
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@AlanCoding @codecov-commenter @Alex-Izquierdo @bzwei @tvo318 @hsong-rh @Dostonbek1 @zkayyali812 @djyasin