Skip to content

Commit

Permalink
chore: remove all dangerous deleteAll and removeAll mutations
Browse files Browse the repository at this point in the history
  • Loading branch information
shreddedbacon committed Jul 4, 2024
1 parent 32725db commit 7ca2988
Show file tree
Hide file tree
Showing 20 changed files with 70 additions and 489 deletions.
5 changes: 0 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,6 @@ PUBLISH_PLATFORM_ARCH := linux/amd64,linux/arm64
# Skip image scanning by default to make building images substantially faster
SCAN_IMAGES := false

# Clear all data from the API on a retest run, usually to clear up after a failure. Set false to preserve
CLEAR_API_DATA ?= true

# Init the file that is used to hold the image tag cross-reference table
$(shell >build.txt)
$(shell >scan.txt)
Expand Down Expand Up @@ -528,7 +525,6 @@ k3d/test: k3d/setup
USE_CALICO_CNI=false \
LAGOON_SSH_PORTAL_LOADBALANCER=$(LAGOON_SSH_PORTAL_LOADBALANCER) \
LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD=enabled \
CLEAR_API_DATA=$(CLEAR_API_DATA) \
&& docker run --rm --network host --name ct-$(CI_BUILD_TAG) \
--volume "$$(pwd)/test-suite-run.ct.yaml:/etc/ct/ct.yaml" \
--volume "$$(pwd):/workdir" \
Expand Down Expand Up @@ -731,7 +727,6 @@ k3d/retest:
USE_CALICO_CNI=false \
LAGOON_SSH_PORTAL_LOADBALANCER=$(LAGOON_SSH_PORTAL_LOADBALANCER) \
LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD=enabled \
CLEAR_API_DATA=$(CLEAR_API_DATA) \
&& docker run --rm --network host --name ct-$(CI_BUILD_TAG) \
--volume "$$(pwd)/test-suite-run.ct.yaml:/etc/ct/ct.yaml" \
--volume "$$(pwd):/workdir" \
Expand Down
11 changes: 0 additions & 11 deletions docs/interacting/rbac.md
Original file line number Diff line number Diff line change
Expand Up @@ -392,7 +392,6 @@ Here is a table that lists the roles and the access they have:
| addKubernetes | kubernetes | add | |
| updateKubernetes | kubernetes | update | |
| deleteKubernetes | kubernetes | delete | |
| deleteAllKubernetes| kubernetes | deleteAll | |
| getAllOpenshifts | openshift | viewAll | |
| getAllProjects | project | viewAll | |
| addSshKey | ssh\_key | add | userID |
Expand Down Expand Up @@ -522,27 +521,17 @@ Here is a table that lists the roles and the access they have:

| **Name** | **Resource** | **Scope** | **Attributes** |
| :--- | :--- | :--- | :--- |
| deleteAllBackups | backup | deleteAll | |
| deleteAllEnvironments | environment | deleteAll | |
| getEnvironmentStorageMonthBy<br />EnvironmentId | environment | storage | |
| getEnvironmentHoursMonthBy<br />EnvironmentId | environment | storage | |
| getEnvironmentHitsMonthBy<br />EnvironmentId | environment | storage | |
| deleteAllGroups | group | deleteAll | |
| deleteAllNotificationSlacks | notification | deleteAll | |
| removeAllNotificationsFrom<br />AllProjects | notification | removeAll | |
| getAllOpenshifts | openshift | viewAll | |
| deleteAllProjects | project | deleteAll | |
| deleteAllSshKeys | ssh\_key | deleteAll | |
| removeAllSshKeysFromAllUsers | ssh\_key | removeAll | |
| deleteAllUsers | user | deleteAll | |
| addOrUpdateEnvironment<br />Storage | environment | storage | |
| addNotificationSlack | notification | add | |
| updateNotificationSlack | notification | update | |
| deleteNotificationSlack | notification | delete | |
| addKubernetes | kubernetes | add | |
| updateKubernetes | kubernetes | update | |
| deleteKubernetes | kubernetes | delete | |
| deleteAllKubernetes| kubernetes | deleteAll | |
| getAllProjects | project | viewAll | |
| addSshKey | ssh\_key | add | userID |
| updateSshKey | ssh\_key | update | userID |
Expand Down
11 changes: 0 additions & 11 deletions docs/ja/interacting/rbac.md
Original file line number Diff line number Diff line change
Expand Up @@ -389,7 +389,6 @@ Lagoon バージョン 1.0 では、プロジェクトへのアクセス方法
| addKubernetes | kubernetes | add | |
| updateKubernetes | kubernetes | update | |
| deleteKubernetes | kubernetes | delete | |
| deleteAllKubernetes| kubernetes | deleteAll | |
| getAllOpenshifts | openshift | viewAll | |
| getAllProjects | project | viewAll | |
| addSshKey | ssh\_key | add | userID |
Expand Down Expand Up @@ -519,27 +518,17 @@ Lagoon バージョン 1.0 では、プロジェクトへのアクセス方法

| **名前** | **リソース** | **スコープ** | **属性** |
| :--- | :--- | :--- | :--- |
| deleteAllBackups | backup | deleteAll | |
| deleteAllEnvironments | environment | deleteAll | |
| getEnvironmentStorageMonthBy<br />EnvironmentId | environment | storage | |
| getEnvironmentHoursMonthBy<br />EnvironmentId | environment | storage | |
| getEnvironmentHitsMonthBy<br />EnvironmentId | environment | storage | |
| deleteAllGroups | group | deleteAll | |
| deleteAllNotificationSlacks | notification | deleteAll | |
| removeAllNotificationsFrom<br />AllProjects | notification | removeAll | |
| getAllOpenshifts | openshift | viewAll | |
| deleteAllProjects | project | deleteAll | |
| deleteAllSshKeys | ssh\_key | deleteAll | |
| removeAllSshKeysFromAllUsers | ssh\_key | removeAll | |
| deleteAllUsers | user | deleteAll | |
| addOrUpdateEnvironment<br />Storage | environment | storage | |
| addNotificationSlack | notification | add | |
| updateNotificationSlack | notification | update | |
| deleteNotificationSlack | notification | delete | |
| addKubernetes | kubernetes | add | |
| updateKubernetes | kubernetes | update | |
| deleteKubernetes | kubernetes | delete | |
| deleteAllKubernetes| kubernetes | deleteAll | |
| getAllProjects | project | viewAll | |
| addSshKey | ssh\_key | add | userID |
| updateSshKey | ssh\_key | update | userID |
Expand Down
18 changes: 0 additions & 18 deletions local-dev/api-data-watcher-pusher/api-data/00-clear-api-data.gql

This file was deleted.

7 changes: 0 additions & 7 deletions local-dev/api-data-watcher-pusher/data-init-push.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
# inject variables from environment into the GQL template
envsubst '$GIT_HOST $GIT_PORT $INGRESS_IP $CONSOLE_URL $TOKEN' < /home/api-data/03-populate-api-data-ci-local-control-k8s.gql | sponge /home/api-data/03-populate-api-data-ci-local-control-k8s.gql

clear_gql_file_path="/home/api-data/00-clear-api-data.gql"
populate_demo_lagoon_gql_file_path="/home/api-data/01-populate-api-data-lagoon-demo.gql"
populate_demo_lagoon_org_gql_file_path="/home/api-data/02-populate-api-data-lagoon-demo-org.gql"
populate_ci_local_control_k8s_gql_file_path="/home/api-data/03-populate-api-data-ci-local-control-k8s.gql"
Expand Down Expand Up @@ -55,12 +54,6 @@ send_task_data() {
# Waiting for the API to be ready
wait_for_services

# Optionally clear *some* API data prior to reloading - not really necessary any more
if expr "$CLEAR_API_DATA" : '[Tt][Rr][Uu][Ee]' > /dev/null; then
echo "Clearing Lagoon data first"
send_graphql_query $clear_gql_file_path
fi

# Create the lagoon-demo project and associated users, groups, deployments, tasks etc
send_graphql_query $populate_demo_lagoon_gql_file_path

Expand Down
13 changes: 0 additions & 13 deletions services/api/src/mocks.js
Original file line number Diff line number Diff line change
Expand Up @@ -643,52 +643,40 @@ mocks.Mutation = () => ({
addOrUpdateEnvironment: () => mocks.Environment(),
updateEnvironment: () => mocks.Environment(),
deleteEnvironment: () => faker.random.arrayElement(['success', `Error: unknown deploy type ${mocks.DeployType()}`]),
deleteAllEnvironments: () => 'success',
addOrUpdateEnvironmentStorage: () => mocks.EnvironmentStorage(),
addNotificationSlack: () => mocks.NotificationSlack(),
updateNotificationSlack: () => mocks.NotificationSlack(),
deleteNotificationSlack: () => faker.random.arrayElement(['success', "Can't delete notification linked to projects"]),
deleteAllNotificationSlacks: () => 'success',
addNotificationRocketChat: () => mocks.NotificationRocketChat(),
updateNotificationRocketChat: () => mocks.NotificationRocketChat(),
deleteNotificationRocketChat: () => faker.random.arrayElement(['success', "Can't delete notification linked to projects"]),
deleteAllNotificationRocketChats: () => 'success',
addNotificationMicrosoftTeams: () => mocks.NotificationMicrosoftTeams(),
updateNotificationMicrosoftTeams: () => mocks.NotificationMicrosoftTeams(),
deleteNotificationMicrosoftTeams: () => faker.random.arrayElement(['success', "Can't delete notification linked to projects"]),
deleteAllNotificationMicrosoftTeams: () => 'success',
addNotificationEmail: () => mocks.NotificationEmail(),
updateNotificationEmail: () => mocks.NotificationEmail(),
deleteNotificationEmail: () => faker.random.arrayElement(['success', "Can't delete notification linked to projects"]),
deleteAllNotificationEmails: () => 'success',
addNotificationToProject: () => mocks.Project(),
removeNotificationFromProject: () => mocks.Project(),
removeAllNotificationsFromAllProjects: () => 'success',
addOpenshift: () => mocks.Openshift(),
updateOpenshift: () => mocks.Openshift(),
deleteOpenshift: () => 'success',
deleteAllOpenshifts: () => 'success',
addProject: () => mocks.Project(),
updateProject: () => mocks.Project(),
deleteProject: () => 'success',
deleteAllProjects: () => 'success',
addSshKey: () => mocks.SshKey(),
updateSshKey: () => mocks.SshKey(),
deleteSshKey: () => 'success',
deleteSshKeyById: () => 'success',
deleteAllSshKeys: () => 'success',
removeAllSshKeysFromAllUsers: () => 'success',
addUser: () => mocks.User(),
updateUser: () => mocks.User(),
deleteUser: () => 'success',
deleteAllUsers: () => 'success',
addDeployment: () => mocks.Deployment(),
deleteDeployment: () => 'success',
updateDeployment: () => mocks.Deployment(),
cancelDeployment: () => faker.random.arrayElement(['success', 'Deployment not cancelled, reason: Too slow.']),
addBackup: () => mocks.Backup(),
deleteBackup: () => 'success',
deleteAllBackups: () => 'success',
addRestore: () => mocks.Restore(),
updateRestore: () => mocks.Restore(),
addEnvVariable: () => mocks.EnvKeyValue(),
Expand All @@ -714,7 +702,6 @@ mocks.Mutation = () => ({
addGroup: () => mocks.Group(),
updateGroup: () => mocks.Group(),
deleteGroup: () => 'success',
deleteAllGroups: () => 'success',
addUserToGroup: () => mocks.Group(),
removeUserFromGroup: () => mocks.Group(),
addGroupsToProject: () => mocks.Project(),
Expand Down
2 changes: 1 addition & 1 deletion services/api/src/models/group.ts
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@ export const Group = (clients: {
// briefRepresentation pulls all the group information from keycloak including the attributes
// this means we don't need to iterate over all the groups one by one anymore to get the full group information
const fullGroups = await keycloakAdminClient.groups.find({briefRepresentation: false});
// no need to transform, just return the full response, only the `allGroups` and `deleteAllGroups` resolvers use this
// no need to transform, just return the full response, only the `allGroups` resolvers use this
// and the `sync-groups-opendistro-security` consumption of this helper sync script is going to
// go away in the future when we move to the `lagoon-opensearch-sync` supporting service
return fullGroups;
Expand Down
29 changes: 0 additions & 29 deletions services/api/src/resolvers.js
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,6 @@ const {
getEnvironmentsByProjectId,
updateEnvironment,
getAllEnvironments,
deleteAllEnvironments,
userCanSshToEnvironment,
getEnvironmentUrl,
getEnvironmentsByKubernetes,
Expand Down Expand Up @@ -158,12 +157,6 @@ const {
addNotificationEmail,
updateNotificationEmail,
deleteNotificationEmail,
deleteAllNotificationEmails,
deleteAllNotificationSlacks,
deleteAllNotificationMicrosoftTeams,
deleteAllNotificationRocketChats,
deleteAllNotificationWebhook,
removeAllNotificationsFromAllProjects,
} = require('./resources/notification/resolvers');

const {
Expand All @@ -175,7 +168,6 @@ const {
getOpenshiftByEnvironmentId,
getProjectUser,
updateOpenshift,
deleteAllOpenshifts,
getToken,
getConsoleUrl,
getMonitoringConfig,
Expand All @@ -191,7 +183,6 @@ const {
getProjectsByMetadata,
getAllProjects,
updateProject,
deleteAllProjects,
getProjectUrl,
updateProjectMetadata,
removeProjectMetadataByKey,
Expand All @@ -205,8 +196,6 @@ const {
updateSshKey,
deleteSshKey,
deleteSshKeyById,
deleteAllSshKeys,
removeAllSshKeysFromAllUsers
} = require('./resources/sshKey/resolvers');

const {
Expand All @@ -219,7 +208,6 @@ const {
removeUserFromOrganization,
resetUserPassword,
deleteUser,
deleteAllUsers,
getAllUsers,
getUserByEmail,
} = require('./resources/user/resolvers');
Expand All @@ -234,7 +222,6 @@ const {
getAllProjectsByGroupId,
updateGroup,
deleteGroup,
deleteAllGroups,
addUserToGroup,
removeUserFromGroup,
addGroupsToProject,
Expand Down Expand Up @@ -279,7 +266,6 @@ const {
addBackup,
getBackupsByEnvironmentId,
deleteBackup,
deleteAllBackups,
addRestore,
getRestoreByBackupId,
updateRestore,
Expand Down Expand Up @@ -610,7 +596,6 @@ const resolvers = {
addOrUpdateEnvironment,
updateEnvironment,
deleteEnvironment,
deleteAllEnvironments,
addOrUpdateEnvironmentStorage,
addOrUpdateStorageOnEnvironment: addOrUpdateEnvironmentStorage,
addNotificationSlack,
Expand All @@ -619,35 +604,26 @@ const resolvers = {
addNotificationWebhook,
updateNotificationWebhook,
deleteNotificationWebhook,
deleteAllNotificationSlacks,
deleteAllNotificationWebhook,
addNotificationRocketChat,
updateNotificationRocketChat,
deleteNotificationRocketChat,
deleteAllNotificationRocketChats,
addNotificationMicrosoftTeams,
updateNotificationMicrosoftTeams,
deleteNotificationMicrosoftTeams,
deleteAllNotificationMicrosoftTeams,
addNotificationEmail,
updateNotificationEmail,
deleteNotificationEmail,
deleteAllNotificationEmails,
addNotificationToProject,
removeNotificationFromProject,
removeAllNotificationsFromAllProjects,
addOpenshift,
updateOpenshift,
deleteOpenshift,
deleteAllOpenshifts,
addKubernetes: addOpenshift,
updateKubernetes: updateOpenshift,
deleteKubernetes: deleteOpenshift,
deleteAllKubernetes: deleteAllOpenshifts,
addProject,
updateProject,
deleteProject,
deleteAllProjects,
updateProjectMetadata,
removeProjectMetadataByKey,
addSshKey,
Expand All @@ -657,23 +633,19 @@ const resolvers = {
addUserSSHPublicKey: addSshKey,
updateUserSSHPublicKey: updateSshKey,
deleteUserSSHPublicKey: deleteSshKeyById,
deleteAllSshKeys,
removeAllSshKeysFromAllUsers,
addUser,
updateUser,
addUserToOrganization,
removeUserFromOrganization,
resetUserPassword,
deleteUser,
deleteAllUsers,
addDeployment,
deleteDeployment,
updateDeployment,
cancelDeployment,
bulkDeployEnvironmentLatest,
addBackup,
deleteBackup,
deleteAllBackups,
addRestore,
updateRestore,
addEnvVariable,
Expand Down Expand Up @@ -706,7 +678,6 @@ const resolvers = {
addGroup,
updateGroup,
deleteGroup,
deleteAllGroups,
addUserToGroup,
removeUserFromGroup,
addGroupsToProject,
Expand Down
15 changes: 0 additions & 15 deletions services/api/src/resources/backup/resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -228,21 +228,6 @@ export const deleteBackup: ResolverFn = async (
return 'success';
};

export const deleteAllBackups: ResolverFn = async (
root,
args,
{ sqlClientPool, hasPermission, userActivityLogger }
) => {
await hasPermission('backup', 'deleteAll');

await query(sqlClientPool, Sql.truncateBackup());

userActivityLogger(`User deleted all backups`);

// TODO: Check rows for success
return 'success';
};

export const addRestore: ResolverFn = async (
root,
{ input: { id, backupId, status, restoreLocation, created, execute } },
Expand Down
Loading

0 comments on commit 7ca2988

Please sign in to comment.