Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NEOS-1675: add granular permission for viewing connection credentials #3268

Merged
merged 55 commits into from
Feb 20, 2025
Merged

NEOS-1675: add granular permission for viewing connection credentials #3268

merged 55 commits into from
Feb 20, 2025

Conversation

nickzelei
Copy link
Member

@nickzelei nickzelei commented Feb 16, 2025
edited
Loading

  • Adds separate permission for viewing sensitive connection credentials
  • Separates View/Edit Connections into separate workflows
  • FE now no longer returns sensitive connection data by default. User must opt in to viewing credentials behind the password input, which makes remote request to retrieve data if they have permissions.
  • Backend now has new request option in Getconnection GetConnections rpc to not return sensitive data. For backwards compat, it still does by default to not break existing APIs.
  • Adds new permission check rpcs
  • Puts clone/edit/delete connection permissions behind rbac call

@linear Linear
Copy link

linear bot commented Feb 16, 2025

NEOS-1675 Add granular permission for viewing connection credentials

@vercel Vercel
Copy link

vercel bot commented Feb 16, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
neosync-docs ⬜️ Ignored (Inspect) Visit Preview Feb 20, 2025 6:45pm

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 16, 2025
edited
Loading

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed✅ passedFeb 20, 2025, 6:45 PM

@nickzelei nickzelei added the enhancement New feature or request label Feb 16, 2025
@nickzelei nickzelei changed the title Nick/neos 1675 add granular permission for viewing connection credentials NEOS-1675: add granular permission for viewing connection credentials Feb 16, 2025
@codecov Codecov
Copy link

codecov bot commented Feb 16, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 8.89571% with 297 lines in your changes missing coverage. Please review.

Project coverage is 24.25%. Comparing base (b612c8b) to head (d16fa3e).
Report is 10 commits behind head on main.

Files with missing lines Patch % Lines
backend/sql/postgresql/models/models.go 0.00% 118 Missing ⚠️
...rvices/mgmt/v1alpha1/user-account-service/users.go 0.00% 114 Missing ⚠️
backend/internal/userdata/entity_enforcer.go 0.00% 24 Missing ⚠️
...ces/mgmt/v1alpha1/connection-service/connection.go 0.00% 19 Missing ⚠️
backend/pkg/dbconnect-config/mssql.go 36.36% 6 Missing and 1 partial ⚠️
backend/pkg/dbconnect-config/mysql.go 75.00% 6 Missing and 1 partial ⚠️
backend/pkg/dbconnect-config/postgres.go 36.36% 6 Missing and 1 partial ⚠️
backend/internal/dtomaps/connections.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3268      +/-   ##
==========================================
+ Coverage   22.73%   24.25%   +1.52%     
==========================================
  Files         390      390              
  Lines       44893    45123     +230     
==========================================
+ Hits        10205    10946     +741     
+ Misses      33666    33078     -588     
- Partials     1022     1099      +77

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 16, 2025
edited
Loading

Benchstat Geomean Results

0.66% sec/op, -0.02% B/op, 0.00% allocs/op

Benchstat results 
                                   │ main-benchmark.txt │        branch-benchmark.txt        │
                                   │       sec/op       │    sec/op     vs base              │
CleanPostgresType-4                         42.63n ± 4%   42.12n ± 95%       ~ (p=0.461 n=6)
Runner_Single-4                             7.713µ ± 5%   7.747µ ±  2%       ~ (p=0.937 n=6)
GenerateBool-4                              11.45n ± 1%   11.34n ±  1%       ~ (p=0.061 n=6)
GenerateBusinessName-4                      285.4n ± 0%   299.2n ± 13%  +4.84% (p=0.002 n=6)
GenerateCardNumber-4                        28.41n ± 1%   28.48n ±  0%       ~ (p=0.180 n=6)
GenerateCategorical-4                       104.1n ± 2%   102.5n ±  1%  -1.54% (p=0.002 n=6)
GenerateCity-4                              173.7n ± 0%   176.1n ±  1%  +1.38% (p=0.002 n=6)
GenerateCountry-4                           105.2n ± 1%   110.0n ±  1%  +4.61% (p=0.002 n=6)
GenerateEmail-4                             1.346µ ± 0%   1.363µ ±  0%  +1.26% (p=0.002 n=6)
GenerateFirstName-4                         203.9n ± 0%   202.2n ±  0%  -0.81% (p=0.002 n=6)
GenerateFloat64-4                           28.73n ± 1%   28.73n ±  1%       ~ (p=0.794 n=6)
GenerateFullAddress-4                       1.429µ ± 3%   1.458µ ±  0%       ~ (p=0.061 n=6)
GenerateFullName-4                          1.222µ ± 1%   1.253µ ±  2%  +2.58% (p=0.002 n=6)
GenerateGender-4                            41.42n ± 0%   41.86n ±  0%  +1.05% (p=0.002 n=6)
GenerateInt64-4                             28.41n ± 2%   27.96n ±  1%  -1.57% (p=0.015 n=6)
GenerateInt64PhoneNumber-4                  51.46n ± 2%   51.70n ±  1%       ~ (p=0.258 n=6)
GenerateInternationalPhoneNumber-4          175.8n ± 1%   177.6n ±  0%  +1.02% (p=0.002 n=6)
GenerateIpAddress-4                         569.3n ± 0%   564.6n ±  1%  -0.83% (p=0.002 n=6)
GenerateLastName-4                          187.4n ± 1%   192.0n ±  1%  +2.40% (p=0.002 n=6)
GenerateRandomString-4                      985.6n ± 1%   981.7n ±  0%       ~ (p=0.132 n=6)
GenerateSHA256Hash-4                        1.016µ ± 0%   1.020µ ±  0%  +0.34% (p=0.019 n=6)
GenerateSSN-4                               305.8n ± 1%   307.9n ±  0%  +0.67% (p=0.022 n=6)
GenerateState-4                             105.2n ± 2%   104.6n ±  1%  -0.52% (p=0.043 n=6)
GenerateStreetAddress-4                     204.0n ± 1%   206.0n ±  0%  +1.01% (p=0.002 n=6)
GenerateStringPhoneNumber-4                 179.3n ± 0%   175.7n ±  3%       ~ (p=0.065 n=6)
GenerateUnixTimestamp-4                     77.13n ± 1%   78.14n ±  2%       ~ (p=0.065 n=6)
GenerateUsername-4                          351.5n ± 0%   364.4n ±  3%  +3.68% (p=0.002 n=6)
GenerateUTCTimestamp-4                      104.2n ± 1%   104.1n ±  1%       ~ (p=0.457 n=6)
GenerateUUID-4                              734.0n ± 0%   758.5n ±  1%  +3.34% (p=0.002 n=6)
GenerateZipcode-4                           105.2n ± 2%   106.0n ±  1%       ~ (p=0.087 n=6)
TransformCharacterScramble-4                171.8n ± 1%   174.5n ±  0%  +1.60% (p=0.002 n=6)
TransformE164PhoneNumber-4                  180.2n ± 3%   180.7n ±  5%       ~ (p=0.589 n=6)
TransformEmail-4                            1.798µ ± 2%   1.825µ ±  1%  +1.50% (p=0.037 n=6)
TransformFirstName-4                        233.9n ± 0%   238.2n ±  1%  +1.86% (p=0.002 n=6)
TransformFloat64-4                          110.8n ± 4%   110.8n ±  0%       ~ (p=1.000 n=6)
TransformFullName-4                         1.235µ ± 2%   1.252µ ±  4%  +1.38% (p=0.041 n=6)
TransformInt64-4                            33.74n ± 1%   33.27n ±  1%  -1.38% (p=0.006 n=6)
TransformInt64PhoneNumber-4                 57.84n ± 2%   58.15n ±  0%       ~ (p=0.065 n=6)
TransformLastName-4                         191.6n ± 0%   193.3n ±  1%  +0.89% (p=0.002 n=6)
TransformString-4                           1.022µ ± 0%   1.027µ ±  1%  +0.39% (p=0.030 n=6)
TransformStringPhoneNumber-4                211.0n ± 2%   206.4n ±  0%  -2.16% (p=0.002 n=6)
TransformUuid-4                             36.54n ± 1%   36.52n ±  2%       ~ (p=0.346 n=6)
geomean                                     194.0n        195.3n        +0.66%

                                   │ main-benchmark.txt │         branch-benchmark.txt         │
                                   │        B/op        │     B/op      vs base                │
CleanPostgresType-4                        0.000 ± 0%       0.000 ± 0%       ~ (p=1.000 n=6) ¹
Runner_Single-4                          2.312Ki ± 1%     2.297Ki ± 4%       ~ (p=0.310 n=6)
GenerateBool-4                             0.000 ± 0%       0.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateBusinessName-4                     304.0 ± 0%       304.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateCardNumber-4                       8.000 ± 0%       8.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateCategorical-4                      64.00 ± 0%       64.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateCity-4                             160.0 ± 0%       160.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateCountry-4                          24.00 ± 0%       24.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateEmail-4                            385.0 ± 0%       385.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateFirstName-4                        208.0 ± 0%       208.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateFloat64-4                          8.000 ± 0%       8.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateFullAddress-4                      512.0 ± 0%       512.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateFullName-4                         418.0 ± 0%       418.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateGender-4                           16.00 ± 0%       16.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateInt64-4                            7.000 ± 0%       7.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateInt64PhoneNumber-4                 8.000 ± 0%       8.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateInternationalPhoneNumber-4         40.00 ± 0%       40.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateIpAddress-4                        31.00 ± 0%       31.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateLastName-4                         176.0 ± 0%       176.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateRandomString-4                     186.0 ± 0%       186.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateSHA256Hash-4                       288.0 ± 0%       288.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateSSN-4                              46.00 ± 0%       46.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateState-4                            24.00 ± 0%       24.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateStreetAddress-4                    240.0 ± 0%       240.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateStringPhoneNumber-4                40.00 ± 0%       40.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateUnixTimestamp-4                    8.000 ± 0%       8.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateUsername-4                         205.0 ± 0%       205.0 ± 0%       ~ (p=1.000 n=6) ¹
GenerateUTCTimestamp-4                     24.00 ± 0%       24.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateUUID-4                             80.00 ± 0%       80.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateZipcode-4                          24.00 ± 0%       24.00 ± 0%       ~ (p=1.000 n=6) ¹
TransformCharacterScramble-4               40.00 ± 3%       40.00 ± 3%       ~ (p=1.000 n=6)
TransformE164PhoneNumber-4                 40.00 ± 0%       40.00 ± 0%       ~ (p=1.000 n=6) ¹
TransformEmail-4                           489.0 ± 0%       489.0 ± 0%       ~ (p=1.000 n=6) ¹
TransformFirstName-4                       224.0 ± 0%       224.0 ± 0%       ~ (p=1.000 n=6) ¹
TransformFloat64-4                         88.00 ± 0%       88.00 ± 0%       ~ (p=1.000 n=6) ¹
TransformFullName-4                        418.0 ± 0%       418.0 ± 0%       ~ (p=1.000 n=6) ¹
TransformInt64-4                           8.000 ± 0%       8.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformInt64PhoneNumber-4                8.000 ± 0%       8.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformLastName-4                        176.0 ± 0%       176.0 ± 0%       ~ (p=1.000 n=6) ¹
TransformString-4                          202.0 ± 0%       202.0 ± 0%       ~ (p=1.000 n=6) ¹
TransformStringPhoneNumber-4               56.00 ± 0%       56.00 ± 0%       ~ (p=1.000 n=6) ¹
TransformUuid-4                            16.00 ± 0%       16.00 ± 0%       ~ (p=1.000 n=6) ¹
geomean                                               ²                 -0.02%               ²
¹ all samples are equal
² summaries must be >0 to compute geomean

                                   │ main-benchmark.txt │        branch-benchmark.txt        │
                                   │     allocs/op      │ allocs/op   vs base                │
CleanPostgresType-4                        0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
Runner_Single-4                            24.00 ± 0%     24.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateBool-4                             0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateBusinessName-4                     2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateCardNumber-4                       1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateCategorical-4                      2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateCity-4                             2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateCountry-4                          2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateEmail-4                            8.000 ± 0%     8.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateFirstName-4                        2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateFloat64-4                          1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateFullAddress-4                      10.00 ± 0%     10.00 ± 0%       ~ (p=1.000 n=6) ¹
GenerateFullName-4                         6.000 ± 0%     6.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateGender-4                           1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateInt64-4                            0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateInt64PhoneNumber-4                 1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateInternationalPhoneNumber-4         3.000 ± 0%     3.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateIpAddress-4                        2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateLastName-4                         2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateRandomString-4                     3.000 ± 0%     3.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateSHA256Hash-4                       7.000 ± 0%     7.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateSSN-4                              3.000 ± 0%     3.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateState-4                            2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateStreetAddress-4                    2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateStringPhoneNumber-4                3.000 ± 0%     3.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateUnixTimestamp-4                    1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateUsername-4                         6.000 ± 0%     6.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateUTCTimestamp-4                     1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateUUID-4                             3.000 ± 0%     3.000 ± 0%       ~ (p=1.000 n=6) ¹
GenerateZipcode-4                          2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformCharacterScramble-4               2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformE164PhoneNumber-4                 3.000 ± 0%     3.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformEmail-4                           14.00 ± 0%     14.00 ± 0%       ~ (p=1.000 n=6) ¹
TransformFirstName-4                       3.000 ± 0%     3.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformFloat64-4                         3.000 ± 0%     3.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformFullName-4                        6.000 ± 0%     6.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformInt64-4                           1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformInt64PhoneNumber-4                1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformLastName-4                        2.000 ± 0%     2.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformString-4                          4.000 ± 0%     4.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformStringPhoneNumber-4               4.000 ± 0%     4.000 ± 0%       ~ (p=1.000 n=6) ¹
TransformUuid-4                            1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
geomean                                               ²               +0.00%               ²
¹ all samples are equal
² summaries must be >0 to compute geomean

@nickzelei nickzelei force-pushed the nick/neos-1675-add-granular-permission-for-viewing-connection-credentials branch from dc04bf2 to d803ce4 Compare February 16, 2025 22:32
@nickzelei
Wires up gcp form
0762109
@nickzelei
Component cleanup
d3186bc
@nickzelei
wiring up clone generically
c9b9cb1
@nickzelei
Fixes clone
4ff5111
@nickzelei
simplifies struct
125dc42
@nickzelei
Tweaks
2757fad
@nickzelei
makes aws creds accordion
a39aaeb
@nickzelei
Adds permission guarded view actions button
c4251f2
@nickzelei
fills out has permissions, wraps buttos in perm check
e34fe7d
@nickzelei
removes unused guard
a3227ef
@nickzelei
removes todo
01fda2b
@nickzelei
Fixes active tabs
65a38dd
@nickzelei
Fixes get permission
3a89876
@nickzelei
updates sql dbs to sanitize url
4b3c58c
@nickzelei
Adds check for mongo sensitive
c4d3617
@nickzelei
wires up password component for urls
37f3307
@nickzelei
Adds some happy path integration tests
04d945f
@nickzelei
fixes knip
f9ea2fc
@nickzelei
pulls out submit handles into shared hook
a8270d3
@nickzelei
adds active tab to state
96dbc39
@nickzelei
fixes connections
27bc9b6
@nickzelei
Adds required label
45bae0d
@nickzelei
Fixes connection permissions page
81673d1
@nickzelei
updates to include condition
d16fa3e
@nickzelei nickzelei marked this pull request as ready for review February 20, 2025 18:50
@nickzelei nickzelei merged commit 04899f8 into main Feb 20, 2025
25 of 26 checks passed
@nickzelei nickzelei deleted the nick/neos-1675-add-granular-permission-for-viewing-connection-credentials branch February 20, 2025 19:43
@BrewTestBot BrewTestBot mentioned this pull request Feb 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alishakawaguchi alishakawaguchi alishakawaguchi approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nickzelei @alishakawaguchi