Skip to content

New Feature: Enable/Disable Roles#9549

Merged
JoaoJandre merged 4 commits into
apache:mainfrom
shapeblue:420-disable-roles-option
Aug 27, 2024
Merged

New Feature: Enable/Disable Roles#9549
JoaoJandre merged 4 commits into
apache:mainfrom
shapeblue:420-disable-roles-option

Conversation

@nvazquez

@nvazquez nvazquez commented Aug 20, 2024

Copy link
Copy Markdown
Contributor

Description

This PR allows enabling/disabling roles. By default all the existing roles are set as 'enabled'.

New APIs created:

  • enableRole
  • disableRole

The listRoles API is extended to support a new parameter: state.

Fixes: #8460

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • build/CI
  • test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

Screenshot 2024-08-20 at 00 22 58

How Has This Been Tested?

Create a role, verify role is enabled
Disable role
Add account, verify the disabled role is not listed

How did you try to break this feature and the system with this change?

@codecov

codecov Bot commented Aug 20, 2024

Copy link
Copy Markdown

Codecov Report

Attention: Patch coverage is 16.51376% with 91 lines in your changes missing coverage. Please review.

Project coverage is 15.54%. Comparing base (296a44e) to head (32281e5).
Report is 19 commits behind head on main.

Files Patch % Lines
...ava/org/apache/cloudstack/acl/RoleManagerImpl.java 20.68% 23 Missing ⚠️
...oudstack/api/command/admin/acl/DisableRoleCmd.java 0.00% 17 Missing ⚠️
...loudstack/api/command/admin/acl/EnableRoleCmd.java 0.00% 17 Missing ⚠️
...cloudstack/api/command/admin/acl/ListRolesCmd.java 0.00% 14 Missing ⚠️
...ava/org/apache/cloudstack/acl/dao/RoleDaoImpl.java 0.00% 14 Missing ⚠️
...rc/main/java/org/apache/cloudstack/acl/RoleVO.java 14.28% 6 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##               main    #9549      +/-   ##
============================================
- Coverage     15.54%   15.54%   -0.01%     
- Complexity    12001    12003       +2     
============================================
  Files          5499     5502       +3     
  Lines        481744   481844     +100     
  Branches      60074    59309     -765     
============================================
+ Hits          74897    74910      +13     
- Misses       398560   398646      +86     
- Partials       8287     8288       +1     
Flag Coverage Δ
uitests 4.17% <ø> (-0.01%) ⬇️
unittests 16.32% <16.51%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@nvazquez nvazquez changed the title [WIP] Improvement: Enable/Disable Roles Improvement: Enable/Disable Roles Aug 20, 2024
@nvazquez nvazquez marked this pull request as ready for review August 20, 2024 03:23
@nvazquez nvazquez requested a review from DaanHoogland August 20, 2024 03:23
@nvazquez

Copy link
Copy Markdown
Contributor Author

@blueorangutan package

@blueorangutan

Copy link
Copy Markdown

@nvazquez a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@nvazquez nvazquez changed the title Improvement: Enable/Disable Roles New Feature: Enable/Disable Roles Aug 20, 2024
@blueorangutan

Copy link
Copy Markdown

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 10701

@nvazquez

Copy link
Copy Markdown
Contributor Author

@blueorangutan package

@blueorangutan

Copy link
Copy Markdown

@nvazquez a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan

Copy link
Copy Markdown

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 10708

@nvazquez

Copy link
Copy Markdown
Contributor Author

@blueorangutan package

@blueorangutan

Copy link
Copy Markdown

@nvazquez a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan

Copy link
Copy Markdown

Packaging result [SF]: ✔️ el8 ✔️ el9 ✖️ debian ✔️ suse15. SL-JID 10711

@nvazquez

Copy link
Copy Markdown
Contributor Author

@blueorangutan test

@blueorangutan

Copy link
Copy Markdown

@nvazquez a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

@JoaoJandre

Copy link
Copy Markdown
Contributor

Both APIs basically do the same thing, they just toggle the same attribute. We should have a single API for this feature, we could call it setRoleState for example.

@nvazquez

Copy link
Copy Markdown
Contributor Author

@JoaoJandre thanks you are right, I even thought on including it as part of the updateRole API but kept it separate following the same pattern for accounts and users, but I'm fine with the unified approach as well

@blueorangutan

Copy link
Copy Markdown

[SF] Trillian test result (tid-11119)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 52527 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9549-t11119-kvm-ol8.zip
Smoke tests completed. 137 look OK, 2 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File
test_DeployVmAffinityGroup Error 1.41 test_affinity_groups.py
test_01_non_strict_host_anti_affinity Error 3.63 test_nonstrict_affinity_group.py
test_02_non_strict_host_affinity Error 3.60 test_nonstrict_affinity_group.py

@kiranchavala kiranchavala left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Before fix


(cmk) > list roles -h
listRoles: Lists dynamic roles in CloudStack
API Params               Type     Description
==========               ====     ===========
id                       uuid     List role by role ID.
keyword                  string   List by keyword
name                     string   List role by role name.
page                     integer
pagesize                 integer
type                     string   List role by role type, valid options are
                                  : Admin, ResourceAdmin, DomainAdmin, Use
                                  r.

After fix

(cmk)  > list roles -h
listRoles: Lists dynamic roles in CloudStack
API Params               Type     Description
==========               ====     ===========
id                       uuid     List role by role ID.
keyword                  string   List by keyword
name                     string   List role by role name.
page                     integer
pagesize                 integer
state                    string   List role by role type status, valid opti
                                  ons are: enabled, disabled
type                     string   List role by role type, valid options are
                                  : Admin, ResourceAdmin, DomainAdmin, Use
                                  r.

(cmk) 🐱 > list roles name=test
{
  "count": 1,
  "role": [
    {
      "id": "176ecc6f-6627-4369-b752-f6d9f2d6bc56",
      "isdefault": false,
      "ispublic": true,
      "name": "test",
      "state": "disabled",
      "type": "User"
    }
  ]
}
(cmk) 🐱 > list roles name=test
{
  "count": 1,
  "role": [
    {
      "id": "176ecc6f-6627-4369-b752-f6d9f2d6bc56",
      "isdefault": false,
      "ispublic": true,
      "name": "test",
      "state": "enabled",
      "type": "User"
    }
  ]
}

Screenshot 2024-08-21 at 3 22 41 PM

Screenshot 2024-08-21 at 3 31 16 PM

@nvazquez nvazquez added this to the 4.20.0.0 milestone Aug 22, 2024

@DaanHoogland DaanHoogland left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm, one silly question (that might point to a code smell but is by no means serious)


public RoleVO() {
this.uuid = UUID.randomUUID().toString();
this.state = State.ENABLED;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no constructor needed with the actual state (from the DB or UI)?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DaanHoogland if I understand your question correctly, this is needed as the state DB column needs a non-null value, so each time a new role is created it is enabled by default.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well, I'd expect the DAO to instantiate a unmarshalled Role with state disabled if it was so when saved. But maybe accessors are enough for that.

@nvazquez

Copy link
Copy Markdown
Contributor Author

@JoaoJandre can we address the unification of the enable/disable APIs for roles along with accounts and users in a separate PR? Possibly there could be other resources following the same pattern that we could investigate and unify

@JoaoJandre

Copy link
Copy Markdown
Contributor

@JoaoJandre can we address the unification of the enable/disable APIs for roles along with accounts and users in a separate PR? Possibly there could be other resources following the same pattern that we could investigate and unify

@nvazquez I'm ok with the idea. However, we still do not have a proper mechanism for deprecating/changing API's names (see #8970). The discussion has died out a bit, but I think it's still worth it to try to create a consensus on how to do this, vote it and establish as a practice on the project.

Going back to your idea, currently, as we do not have a clear way of changing API names or removing APIs, I would prefer if we introduced these APIs as one consolidated API from the beginning.

@DaanHoogland

Copy link
Copy Markdown
Contributor

@JoaoJandre can we address the unification of the enable/disable APIs for roles along with accounts and users in a separate PR? Possibly there could be other resources following the same pattern that we could investigate and unify

@nvazquez I'm ok with the idea. However, we still do not have a proper mechanism for deprecating/changing API's names (see #8970). The discussion has died out a bit, but I think it's still worth it to try to create a consensus on how to do this, vote it and establish as a practice on the project.

Going back to your idea, currently, as we do not have a clear way of changing API names or removing APIs, I would prefer if we introduced these APIs as one consolidated API from the beginning.

@JoaoJandre I would prefer we do not introduce a new pattern for related entities unless we are sure we will address all of them. I think it is best to leave this PR as is, as it adheres better to related code/interfaces. I don't want to be strict in this perspect but @nvazquez ' argument makes sense to me.

@JoaoJandre JoaoJandre merged commit d32ace6 into apache:main Aug 27, 2024
@DaanHoogland DaanHoogland deleted the 420-disable-roles-option branch August 27, 2024 18:51
dhslove pushed a commit to ablecloud-team/ablestack-cloud that referenced this pull request Aug 30, 2024
* New feature: Enable/Disable Roles

* Fixes

* Fix unit tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Provide option of disabling the roles

5 participants