Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[server] FGA checks for all admin*Workspace methods #18569

Merged
merged 2 commits into from
Aug 24, 2023
Merged

[server] FGA checks for all admin*Workspace methods #18569

merged 2 commits into from
Aug 24, 2023

Conversation

geropl
Copy link
Member

@geropl geropl commented Aug 22, 2023
edited by github-actions bot
Loading

Description

Adds basic FGA checks for:

  • adminGetWorkspaces
  • adminGetWorkspace
  • adminGetWorkspaceInstances
  • adminForceStopWorkspace
  • adminRestoreSoftDeletedWorkspace

To implement some of these, I added a permission workspace#admin_control to the schema (ref).

Summary generated by Copilot

🤖 Generated by Copilot at e87346d

This pull request adds a new admin_control permission for workspaces, which allows installation admins to perform administrative tasks on workspaces, such as restoring soft-deleted workspaces. The permission is implemented in the Spicedb schema, the WorkspacePermission type, and the gitpod-server-impl.ts methods.

Related Issue(s)

Fixes #

How to test

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

Build Options

Build
  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer
  • analytics=segment
  • with-dedicated-emulation
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
  • with-monitoring

/hold

@geropl geropl marked this pull request as ready for review August 22, 2023 09:50
@geropl geropl requested a review from a team as a code owner August 22, 2023 09:50
Base automatically changed from gpl/fga-get-ws to main August 24, 2023 06:32
@roboquat roboquat added size/L and removed size/M labels Aug 24, 2023
@roboquat roboquat added size/M and removed size/L labels Aug 24, 2023
@geropl
Copy link
Member Author

geropl commented Aug 24, 2023

/unhold

@roboquat roboquat merged commit 0c3eb9f into main Aug 24, 2023
15 checks passed
@roboquat roboquat deleted the gpl/fga-admin-ws branch August 24, 2023 07:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@svenefftinge svenefftinge svenefftinge approved these changes

Assignees
No one assigned
Labels
size/M team: team-experience
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@geropl @svenefftinge @roboquat