Skip to content

changes for multi-tenancy sat v2#135

Merged
kelleyloder merged 4 commits into
develop-multi-tenantfrom
sat-rbac-capabilities-v2-clean
Jun 30, 2026
Merged

changes for multi-tenancy sat v2#135
kelleyloder merged 4 commits into
develop-multi-tenantfrom
sat-rbac-capabilities-v2-clean

Conversation

@kelleyloder

Copy link
Copy Markdown

Support new SAT v2 token with xconf capabilities.
Authentication ->

  • no partners in SAT -> 403
  • no tenantId header -> 403

Authorization ->

  • tenantId not in SAT partners -> 403
  • no capability for request type -> 403

Use tenantId from header in the rest of the request if SAT v2.

In the case of no SAT v2, check for SAT legacy or Xerxes, in which case skip tenantId check and use default tenantId for the rest of the request.

Copilot AI review requested due to automatic review settings June 25, 2026 21:25

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends xconfadmin’s authentication/authorization to support SAT RBAC v2 with tenant scoping, and updates request handling so SAT v2 uses the tenantId header while legacy SAT/login-token paths continue to use the default tenant.

Changes:

  • Add SAT token parsing enhancements (allowed partners + auth type) and a unified tenant resolution helper (GetTenantId) used across handlers.
  • Implement SAT v2 route→domain classification plus capability + tenant-scope authorization, and wire permission checks into affected endpoints.
  • Add OpenSpec artifacts describing SAT v2 tenant enforcement and update/add related tests/config samples.

Reviewed changes

Copilot reviewed 59 out of 59 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
taggingapi/tag/tag_member_handler.go Adds auth checks and switches tenant resolution to xhttp.GetTenantId.
taggingapi/tag/tag_handler.go Adds auth checks and switches tenant resolution to xhttp.GetTenantId.
openspec/specs/auth/auth-contract.md Updates auth contract to describe SAT v2 tenant-scope enforcement and 403 semantics.
openspec/changes/sat-rbac-v2-tenant-enforcement/tasks.md Adds task plan for SAT v2 tenant enforcement spec/implementation/tests.
openspec/changes/sat-rbac-v2-tenant-enforcement/spec.md Adds detailed SAT v2 tenant enforcement specification.
openspec/changes/sat-rbac-v2-tenant-enforcement/proposal.md Adds proposal rationale and scope for tenant enforcement phase.
openspec/changes/sat-rbac-v2-tenant-enforcement/design.md Adds design/flow documentation for SAT v2 tenant enforcement.
openspec/changes/sat-rbac-v2-tenant-enforcement/.openspec.yaml Adds OpenSpec metadata for the proposed change set.
http/webconfig_server.go Adds allowedPartners/authType to context and logs; SAT v2 vs legacy classification.
http/auth.go Introduces auth type constants, allowedPartners context access, and SAT v2 tenant resolution.
config/sample_xconfadmin.conf Updates sample keyspace configuration values.
adminapi/xcrp/recooking_lockdown_settings_handler.go Switches to auth.CanWrite and uses new tenant resolution.
adminapi/telemetry/telemetry_v2_rule_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/telemetry/telemetry_rule_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/telemetry/telemetry_profile_controller.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/setting/setting_rule_controller.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/setting/setting_profile_service.go Refactors to tenant-aware GetAllForTenant.
adminapi/setting/setting_profile_controller.go Uses tenant-aware profile listing and xhttp.GetTenantId.
adminapi/rfc/feature/feature_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/queries_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/percentfilter_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/percentagebean_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/namedspace_list_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/model_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/log_upload_settings_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/log_file_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/log_controller.go Switches tenant resolution to xhttp.GetTenantId and removes old xconfwebconfig tenant helper import.
adminapi/queries/firmware_rule_template_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/firmware_rule_report_page_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/firmware_rule_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/firmware_config_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/feature_rule_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/feature_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/environment_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/queries/common.go Switches tenant resolution to xhttp.GetTenantId and modernizes tool permission checks.
adminapi/queries/amv_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/lockdown/lockdown_settings_handler.go Updates tool permission checks and switches tenant resolution to xhttp.GetTenantId.
adminapi/firmware/firmware_test_page_controller.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/dcm/vod_settings_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/dcm/logupload_settings_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/dcm/logrepo_settings_service.go Refactors service functions to be tenant-aware.
adminapi/dcm/logrepo_settings_service_test.go Updates tests for tenant-aware log repo settings service.
adminapi/dcm/logrepo_settings_handler.go Switches tenant resolution to xhttp.GetTenantId and uses tenant-aware service functions.
adminapi/dcm/logrepo_settings_handler_test.go Updates handler tests for tenant-aware log repo settings behavior.
adminapi/dcm/device_settings_handler.go Removes default-tenant usage and switches to request tenant resolution.
adminapi/dcm/dcmformula_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/change/telemetry_two_profile_service.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/change/telemetry_two_profile_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/change/telemetry_two_change_service.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/change/telemetry_two_change_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/change/telemetry_profile_handler.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/change/permanent_telemetry_profile_service.go Switches tenant resolution to xhttp.GetTenantId.
adminapi/change/change_service.go Refactors change services to be tenant-aware and uses xhttp.GetTenantId.
adminapi/change/change_service_test.go Updates change service tests for new tenant-aware function signatures.
adminapi/change/change_handler.go Switches tenant resolution to xhttp.GetTenantId for change listing/filtering.
adminapi/canary/canary_settings_handler.go Updates tool permission checks and switches tenant resolution to xhttp.GetTenantId.
adminapi/canary/canary_settings_handler_test.go Updates expected status code to match new permission semantics.
adminapi/auth/permission_service.go Adds SAT v2 domain mapping, capability checks, and tenant-scope enforcement integration.
adminapi/auth/permission_service_test.go Adds tests for SAT v2 tenant-scope enforcement and auth behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread taggingapi/tag/tag_member_handler.go
Comment thread http/webconfig_server.go
Comment thread http/webconfig_server.go
Comment thread adminapi/xcrp/recooking_lockdown_settings_handler.go
Comment thread openspec/changes/sat-rbac-v2-tenant-enforcement/spec.md Outdated
Copilot AI review requested due to automatic review settings June 26, 2026 20:47

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 60 out of 60 changed files in this pull request and generated 3 comments.

Comment thread adminapi/lockdown/lockdown_settings_handler.go
Comment on lines +132 to +137
- Legacy SAT path:
- Legacy SAT authorization semantics remain unchanged.
- Token validation SHALL NOT enforce tenant or partner claims.
- Request processing SHALL continue to support multi-tenancy.
- In this phase, request processing SHALL resolve `tenantId`
to the default tenant.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

Comment on lines 25 to 28
"github.com/rdkcentral/xconfadmin/adminapi/auth"
ccommon "github.com/rdkcentral/xconfadmin/common"
xhttp "github.com/rdkcentral/xconfadmin/http"
xwhttp "github.com/rdkcentral/xconfwebconfig/http"
)

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@pt-nguyen pt-nguyen left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For GetTenantId function, passing both r.Context() and r into the same function signature is redundant so instead of requiring two parameters, the signature for GetTenantId should ideally be refactored to accept only the request:

// Proposed refactored signature
func GetTenantId(r *http.Request) string {
    ctx := r.Context()
    // ... extract tenant ID using ctx and r
}

@kelleyloder kelleyloder merged commit 581a31a into develop-multi-tenant Jun 30, 2026
2 checks passed
@github-actions github-actions Bot locked and limited conversation to collaborators Jun 30, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants