Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SDK Connections model to consume context and filter by readAccess #2074

Merged
merged 24 commits into from
Feb 12, 2024
Merged

Update SDK Connections model to consume context and filter by readAccess #2074

merged 24 commits into from
Feb 12, 2024

Conversation

mknowlton89
Copy link
Collaborator

@mknowlton89 mknowlton89 commented Jan 29, 2024
edited
Loading

Features and Changes

This PR updates the SDKConnectionModel to ensure we're filtering SDK connections based on the user's readAccess level.

SDK Connections have taken on a few different forms over the years - they've been legacy SDK endpoints, and now, SDK Connections. Given that, when testing, we need to look at both the newer SDK Connections as well as the legacy SDK endpoints, and also SDK Webhooks

Testing

  • Log in as an admin user and navigate to the /sdks page and ensure all SDK Connections for an organization are returned and accessible.
  • Do the same for the legacy SDK Endpoints
  • Do the same for the legacy SDK webhooks
  • Now, log in as a user who's global role is noaccess but the user has experimenter permissions for a single project and ensure that when you land on the /sdks route, only the SDK Connections associated with that project (or SDK Connections that can be used for All Projects) are visible.
  • Do the same for the legacy SDK Endpoints
  • Do the same for the legacy SDK webhooks
  • Now, log in as a user who's global access gives readaccess, but they have a noaccess role for a single project. Ensure that all datasources except those associated with the project the user has the noaccess role are visible. In the event that a datasources is a part of multiple projects, one of which is the project they have noaccess to, they should be able to see the datasource, but the project tags that the user sees should have an Unknown Project tag for the project they have no access to.
  • Do the same for the legacy SDK Endpoints
  • Do the same for the legacy SDK webhooks

@mknowlton89 mknowlton89 changed the base branch from main to mk/no-access-data-source-model January 29, 2024 21:09
Base automatically changed from mk/no-access-data-source-model to main January 31, 2024 11:40
@mknowlton89 mknowlton89 changed the title Mk/no access sdk connections Update SDK Connections model to consume context and filter by readAccess Jan 31, 2024
@mknowlton89 mknowlton89 self-assigned this Jan 31, 2024
mknowlton89
mknowlton89 commented Jan 31, 2024
View reviewed changes
packages/front-end/components/Features/SDKConnections/SDKConnectionsList.tsx
{proj.name}
</span>
);
<td className="d-flex align-items-center">
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated this to utilize the ProjectBadges component to increase continuity.

mknowlton89
mknowlton89 commented Jan 31, 2024
View reviewed changes
packages/back-end/src/routers/organizations/organizations.controller.ts
@@ -1489,14 +1490,17 @@ export async function postApiKeyReveal(
}

export async function getWebhooks(req: AuthRequest, res: Response) {
const { org } = getContextFromReq(req);
const context = getContextFromReq(req);
const webhooks = await WebhookModel.find({
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've created a follow up ticket to refactor the Webhook model so we're not exporting the model.

@mknowlton89 mknowlton89 marked this pull request as ready for review January 31, 2024 14:30
@mknowlton89 mknowlton89 mentioned this pull request Jan 31, 2024
Merged
4 tasks
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 31, 2024
edited
Loading

Your preview environment pr-2074-bttf has been deployed.

Preview environment endpoints are available at:

@mknowlton89 mknowlton89 requested a review from bttf January 31, 2024 20:10
bttf
bttf reviewed Feb 1, 2024
View reviewed changes
packages/back-end/src/jobs/proxyUpdate.ts Outdated
connection: SDKConnectionInterface,
useCloudProxy: boolean = false
) {
if (!connectionSupportsProxyUpdate(connection, useCloudProxy)) return;

const job = agenda.create(PROXY_UPDATE_JOB_NAME, {
context,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to add the context to the message body? I know we avoided this for other jobs we've refactored by passing in the org ID instead, and letting the job create its own context. Just wanted to make sure.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The more I think about this, the less it seems like a good idea. It seems like our context object shouldn't be persisted anywhere nor leave the scope of our express webserver. It can contain sensitive information (users' emails), or be potentially huge (e.g. the upcoming data models collection from Jeremy's PR).

Putting the context inside of a message body sent to distributed services makes our context object more sensitive to changes i.e. we have to be more careful with what we put in there. Right now, I think we just want it to be a toolbox for all things needed within the lifetime of a request within our express server without worrying about concerns like size or security. Our previous approach with embedding the only org ID seems more robust with this in mind.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a great call. I've updated this job so it no longer takes in the context object, and instead just takes in the orgId, and builds a FULL_ACCESS_CONTEXT object on the fly.

@mknowlton89 mknowlton89 requested a review from bttf February 7, 2024 12:20
@mknowlton89 mknowlton89 merged commit 364d801 into main Feb 12, 2024
3 checks passed
@mknowlton89 mknowlton89 deleted the mk/no-access-sdk-connections branch February 12, 2024 19:51
bryce-fitzsimons pushed a commit that referenced this pull request Feb 22, 2024
@mknowlton89 @bryce-fitzsimons
Update SDK Connections model to consume context and filter by readAcc…
dcdab0b 
…ess (#2074)

* Updates SDK Connections model to consume context and add no access filtering
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bttf bttf bttf approved these changes

@jdorn jdorn Awaiting requested review from jdorn

Assignees

@mknowlton89 mknowlton89

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mknowlton89 @jdorn @bttf