From 3ea4817cf96f2683e1f0a66f8df0426f1fc960df Mon Sep 17 00:00:00 2001 From: Shovan Maity Date: Thu, 27 Jun 2024 12:43:58 +0530 Subject: [PATCH 1/8] update allowed origins list and nginx config (#4730) * update allowed origins list Signed-off-by: Shovan Maity * update nginx config Signed-off-by: Shovan Maity * add manifest changes Signed-off-by: Shovan Maity * update local value of allowed origins Signed-off-by: Shovan Maity --------- Signed-off-by: Shovan Maity Signed-off-by: andoriyaprashant --- chaoscenter/authentication/api/main.go | 2 +- chaoscenter/graphql/server/utils/variables.go | 2 +- chaoscenter/manifests/litmus-cluster-scope.yaml | 13 ++++--------- .../manifests/litmus-namespaced-scope.yaml | 15 +++++---------- .../manifests/litmus-without-resources.yaml | 13 ++++--------- chaoscenter/web/nginx/nginx.conf | 9 --------- 6 files changed, 15 insertions(+), 39 deletions(-) diff --git a/chaoscenter/authentication/api/main.go b/chaoscenter/authentication/api/main.go index 0e277ddaa..42fa95122 100644 --- a/chaoscenter/authentication/api/main.go +++ b/chaoscenter/authentication/api/main.go @@ -35,7 +35,7 @@ type Config struct { DbServer string `required:"true" split_words:"true"` DbUser string `required:"true" split_words:"true"` DbPassword string `required:"true" split_words:"true"` - AllowedOrigins []string `split_words:"true" default:"litmuschaos.io?,localhost:([0-9]+)?"` + AllowedOrigins []string `split_words:"true" default:"^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)localhost(:[0-9]+|)"` } var config Config diff --git a/chaoscenter/graphql/server/utils/variables.go b/chaoscenter/graphql/server/utils/variables.go index bae631370..1eba08a4d 100644 --- a/chaoscenter/graphql/server/utils/variables.go +++ b/chaoscenter/graphql/server/utils/variables.go @@ -44,7 +44,7 @@ type Configuration struct { CustomChaosHubPath string `split_words:"true" default:"/tmp/"` DefaultChaosHubPath string `split_words:"true" default:"/tmp/default/"` EnableGQLIntrospection string `split_words:"true" default:"false"` - AllowedOrigins []string `split_words:"true" default:"litmuschaos.io?,localhost:([0-9]+)?"` + AllowedOrigins []string `split_words:"true" default:"^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)localhost(:[0-9]+|)"` } var Config Configuration diff --git a/chaoscenter/manifests/litmus-cluster-scope.yaml b/chaoscenter/manifests/litmus-cluster-scope.yaml index 39da89115..05f97cfa5 100644 --- a/chaoscenter/manifests/litmus-cluster-scope.yaml +++ b/chaoscenter/manifests/litmus-cluster-scope.yaml @@ -138,15 +138,6 @@ data: } location /api/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://litmusportal-server-service:9002/"; - } - - location /ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; @@ -313,6 +304,8 @@ spec: value: "5000000" - name: INFRA_COMPATIBLE_VERSIONS value: '["ci"]' + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? ports: - containerPort: 8080 - containerPort: 8000 @@ -387,6 +380,8 @@ spec: value: "litmusportal-server-service" - name: LITMUS_GQL_GRPC_PORT value: ":8000" + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-auth-server-service(:[0-9]+|)? resources: requests: memory: "250Mi" diff --git a/chaoscenter/manifests/litmus-namespaced-scope.yaml b/chaoscenter/manifests/litmus-namespaced-scope.yaml index e8990e739..a56fbd174 100644 --- a/chaoscenter/manifests/litmus-namespaced-scope.yaml +++ b/chaoscenter/manifests/litmus-namespaced-scope.yaml @@ -117,15 +117,6 @@ data: } location /api/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://litmusportal-server-service:9002/"; - } - - location /ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; @@ -288,7 +279,9 @@ spec: - name: INGRESS_NAME value: "litmus-ingress" - name: INFRA_COMPATIBLE_VERSIONS - value: '["ci"]' + value: '["ci"]' + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? ports: - containerPort: 8080 - containerPort: 8000 @@ -361,6 +354,8 @@ spec: value: "litmusportal-server-service" - name: LITMUS_GQL_GRPC_PORT value: ":8000" + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-auth-server-service(:[0-9]+|)? ports: - containerPort: 3000 - containerPort: 3030 diff --git a/chaoscenter/manifests/litmus-without-resources.yaml b/chaoscenter/manifests/litmus-without-resources.yaml index 74c179ebb..ae0debeff 100644 --- a/chaoscenter/manifests/litmus-without-resources.yaml +++ b/chaoscenter/manifests/litmus-without-resources.yaml @@ -135,15 +135,6 @@ data: } location /api/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://litmusportal-server-service:9002/"; - } - - location /ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; @@ -301,6 +292,8 @@ spec: value: "5000000" - name: INFRA_COMPATIBLE_VERSIONS value: '["ci"]' + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)? ports: - containerPort: 8080 - containerPort: 8000 @@ -366,6 +359,8 @@ spec: value: "litmusportal-server-service" - name: LITMUS_GQL_GRPC_PORT value: ":8000" + - name: ALLOWED_ORIGINS + value: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-auth-server-service(:[0-9]+|)? ports: - containerPort: 3000 - containerPort: 3030 diff --git a/chaoscenter/web/nginx/nginx.conf b/chaoscenter/web/nginx/nginx.conf index 4e2633ff9..4388dcff4 100644 --- a/chaoscenter/web/nginx/nginx.conf +++ b/chaoscenter/web/nginx/nginx.conf @@ -63,15 +63,6 @@ http { } location /api/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://litmusportal-server-service:9002/"; - } - - location /ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; From ad15eb7e92cf311f82fdf9d75409ac69bac0f024 Mon Sep 17 00:00:00 2001 From: Aryan Bhokare <92683836+aryan-bhokare@users.noreply.github.com> Date: Thu, 27 Jun 2024 21:21:24 +0530 Subject: [PATCH 2/8] Added strict validation for username and password in backend. (#4670) * Added strict validation for username and password in backend. Signed-off-by: aryan * fixed silly mistake Signed-off-by: aryan * some requested changes. Signed-off-by: aryan * modified tests Signed-off-by: aryan * small change Signed-off-by: aryan * Update message string in chaoscenter/authentication/api/handlers/doc.go Co-authored-by: Vedant Shrotria Signed-off-by: Aryan Bhokare <92683836+aryan-bhokare@users.noreply.github.com> * Update error message chaoscenter/authentication/pkg/utils/sanitizers.go Co-authored-by: Vedant Shrotria Signed-off-by: Aryan Bhokare <92683836+aryan-bhokare@users.noreply.github.com> * Modified swagger with requested changes. Signed-off-by: aryan * added negative tests for requested functions and fixed some conflicts. Signed-off-by: aryan --------- Signed-off-by: aryan Signed-off-by: Aryan Bhokare <92683836+aryan-bhokare@users.noreply.github.com> Co-authored-by: Vedant Shrotria Co-authored-by: Saranya Jena Signed-off-by: andoriyaprashant --- chaoscenter/authentication/api/docs/docs.go | 21 +++++++- .../authentication/api/docs/swagger.json | 21 +++++++- .../authentication/api/docs/swagger.yaml | 19 ++++++- .../authentication/api/handlers/doc.go | 7 ++- .../api/handlers/rest/user_handlers.go | 18 +++++-- .../api/handlers/rest/user_handlers_test.go | 54 +++++++++++++++---- .../authentication/pkg/utils/errors.go | 5 +- .../authentication/pkg/utils/sanitizers.go | 26 +++++++-- 8 files changed, 148 insertions(+), 23 deletions(-) diff --git a/chaoscenter/authentication/api/docs/docs.go b/chaoscenter/authentication/api/docs/docs.go index 72808deae..0ca1a140a 100644 --- a/chaoscenter/authentication/api/docs/docs.go +++ b/chaoscenter/authentication/api/docs/docs.go @@ -940,6 +940,12 @@ const docTemplate = `{ "$ref": "#/definitions/response.ErrInvalidRequest" } }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/response.ErrStrictUsernamePolicyViolation" + } + }, "500": { "description": "Internal Server Error", "schema": { @@ -1214,7 +1220,20 @@ const docTemplate = `{ }, "message": { "type": "string", - "example": "Please ensure the password is 8 characters long and has 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character" + "example": "Please ensure the password is atleast 8 characters and atmost 16 characters long and has atleast 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character" + } + } + }, + "response.ErrStrictUsernamePolicyViolation": { + "type": "object", + "properties": { + "code": { + "type": "integer", + "example": 401 + }, + "message": { + "type": "string", + "example": "The username should be atleast 3 characters long and atmost 16 characters long." } } }, diff --git a/chaoscenter/authentication/api/docs/swagger.json b/chaoscenter/authentication/api/docs/swagger.json index b7f196716..162d7c7cd 100644 --- a/chaoscenter/authentication/api/docs/swagger.json +++ b/chaoscenter/authentication/api/docs/swagger.json @@ -930,6 +930,12 @@ "$ref": "#/definitions/response.ErrInvalidRequest" } }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/response.ErrStrictUsernamePolicyViolation" + } + }, "500": { "description": "Internal Server Error", "schema": { @@ -1204,7 +1210,20 @@ }, "message": { "type": "string", - "example": "Please ensure the password is 8 characters long and has 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character" + "example": "Please ensure the password is atleast 8 characters and atmost 16 characters long and has atleast 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character" + } + } + }, + "response.ErrStrictUsernamePolicyViolation": { + "type": "object", + "properties": { + "code": { + "type": "integer", + "example": 401 + }, + "message": { + "type": "string", + "example": "The username should be atleast 3 characters long and atmost 16 characters long." } } }, diff --git a/chaoscenter/authentication/api/docs/swagger.yaml b/chaoscenter/authentication/api/docs/swagger.yaml index 57a58954e..9abda9448 100644 --- a/chaoscenter/authentication/api/docs/swagger.yaml +++ b/chaoscenter/authentication/api/docs/swagger.yaml @@ -82,8 +82,19 @@ definitions: example: 401 type: integer message: - example: Please ensure the password is 8 characters long and has 1 digit, - 1 lowercase alphabet, 1 uppercase alphabet and 1 special character + example: Please ensure the password is atleast 8 characters and atmost 16 + characters long and has atleast 1 digit, 1 lowercase alphabet, 1 uppercase + alphabet and 1 special character + type: string + type: object + response.ErrStrictUsernamePolicyViolation: + properties: + code: + example: 401 + type: integer + message: + example: The username should be atleast 3 characters long and atmost 16 characters + long. type: string type: object response.ErrUnauthorized: @@ -762,6 +773,10 @@ paths: description: Bad Request schema: $ref: '#/definitions/response.ErrInvalidRequest' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/response.ErrStrictUsernamePolicyViolation' "500": description: Internal Server Error schema: diff --git a/chaoscenter/authentication/api/handlers/doc.go b/chaoscenter/authentication/api/handlers/doc.go index 716317797..6d6c92752 100644 --- a/chaoscenter/authentication/api/handlers/doc.go +++ b/chaoscenter/authentication/api/handlers/doc.go @@ -97,7 +97,12 @@ type ErrUserDeactivated struct { type ErrStrictPasswordPolicyViolation struct { Code int `json:"code" example:"401"` - Message string `json:"message" example:"Please ensure the password is 8 characters long and has 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character"` + Message string `json:"message" example:"Please ensure the password is atleast 8 characters and atmost 16 characters long and has atleast 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character"` +} + +type ErrStrictUsernamePolicyViolation struct { + Code int `json:"code" example:"401"` + Message string `json:"message" example:"The username should be atleast 3 characters long and atmost 16 characters long."` } type ErrEmptyProjectName struct { diff --git a/chaoscenter/authentication/api/handlers/rest/user_handlers.go b/chaoscenter/authentication/api/handlers/rest/user_handlers.go index c5826c981..48055413d 100644 --- a/chaoscenter/authentication/api/handlers/rest/user_handlers.go +++ b/chaoscenter/authentication/api/handlers/rest/user_handlers.go @@ -28,6 +28,8 @@ const BearerSchema = "Bearer " // @Failure 400 {object} response.ErrInvalidRequest // @Failure 401 {object} response.ErrUnauthorized // @Failure 400 {object} response.ErrInvalidEmail +// @Failure 401 {object} response.ErrStrictPasswordPolicyViolation +// @Failure 401 {object} response.ErrStrictUsernamePolicyViolation // @Failure 401 {object} response.ErrUserExists // @Failure 500 {object} response.ErrServerError // @Success 200 {object} response.UserResponse{} @@ -59,6 +61,12 @@ func CreateUser(service services.ApplicationService) gin.HandlerFunc { c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidRequest], presenter.CreateErrorResponse(utils.ErrInvalidRequest)) return } + //username validation + err = utils.ValidateStrictUsername(userRequest.Username) + if err != nil { + c.JSON(utils.ErrorStatusCodes[utils.ErrStrictUsernamePolicyViolation], presenter.CreateErrorResponse(utils.ErrStrictUsernamePolicyViolation)) + return + } // Assigning UID to user uID := uuid.Must(uuid.NewRandom()).String() @@ -108,6 +116,8 @@ func CreateUser(service services.ApplicationService) gin.HandlerFunc { // @Accept json // @Produce json // @Failure 400 {object} response.ErrInvalidRequest +// @Failure 401 {object} response.ErrStrictPasswordPolicyViolation +// @Failure 401 {object} response.ErrStrictUsernamePolicyViolation // @Failure 500 {object} response.ErrServerError // @Success 200 {object} response.MessageResponse{} // @Router /update/details [post] @@ -414,17 +424,17 @@ func UpdatePassword(service services.ApplicationService) gin.HandlerFunc { } username := c.MustGet("username").(string) userPasswordRequest.Username = username - if utils.StrictPasswordPolicy { + if userPasswordRequest.NewPassword != "" { err := utils.ValidateStrictPassword(userPasswordRequest.NewPassword) if err != nil { c.JSON(utils.ErrorStatusCodes[utils.ErrStrictPasswordPolicyViolation], presenter.CreateErrorResponse(utils.ErrStrictPasswordPolicyViolation)) return } - } - if userPasswordRequest.NewPassword == "" { + } else { c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidRequest], presenter.CreateErrorResponse(utils.ErrInvalidRequest)) return } + err = service.UpdatePassword(&userPasswordRequest, true) if err != nil { log.Info(err) @@ -478,7 +488,7 @@ func ResetPassword(service services.ApplicationService) gin.HandlerFunc { c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrPasswordNotUpdated)) } - if utils.StrictPasswordPolicy { + if userPasswordRequest.NewPassword != "" { err := utils.ValidateStrictPassword(userPasswordRequest.NewPassword) if err != nil { c.JSON(utils.ErrorStatusCodes[utils.ErrStrictPasswordPolicyViolation], presenter.CreateErrorResponse(utils.ErrStrictPasswordPolicyViolation)) diff --git a/chaoscenter/authentication/api/handlers/rest/user_handlers_test.go b/chaoscenter/authentication/api/handlers/rest/user_handlers_test.go index e0f193347..bd9063d5d 100644 --- a/chaoscenter/authentication/api/handlers/rest/user_handlers_test.go +++ b/chaoscenter/authentication/api/handlers/rest/user_handlers_test.go @@ -55,7 +55,7 @@ func TestCreateUser(t *testing.T) { name: "successfully", inputBody: &entities.User{ Username: "newUser", - Password: "validPassword123", + Password: "ValidPassword@1", Email: "newuser@example.com", Name: "John Doe", Role: entities.RoleUser, @@ -68,7 +68,7 @@ func TestCreateUser(t *testing.T) { Email: "newuser@example.com", Name: "John Doe", Role: entities.RoleUser, - }, nil) + }, nil).Once() }, expectedCode: 200, }, @@ -80,8 +80,12 @@ func TestCreateUser(t *testing.T) { c, _ := gin.CreateTestContext(w) c.Set("role", tc.mockRole) if tc.inputBody != nil { - b, _ := json.Marshal(tc.inputBody) + b, err := json.Marshal(tc.inputBody) + if err != nil { + t.Fatalf("could not marshal input body: %v", err) + } c.Request = httptest.NewRequest(http.MethodPost, "/users", bytes.NewBuffer(b)) + c.Request.Header.Set("Content-Type", "application/json") } tc.given() @@ -477,13 +481,22 @@ func TestUpdatePassword(t *testing.T) { }{ { name: "Successfully update password", - givenBody: `{"oldPassword":"oldPass", "newPassword":"newPass"}`, + givenBody: `{"oldPassword":"oldPass@123", "newPassword":"newPass@123"}`, givenUsername: "testUser", givenStrictPassword: false, givenServiceResponse: nil, expectedCode: http.StatusOK, expectedOutput: `{"message":"password has been updated successfully"}`, }, + { + name: "Invalid new password", + givenBody: `{"oldPassword":"oldPass@123", "newPassword":"short"}`, + givenUsername: "testUser", + givenStrictPassword: false, + givenServiceResponse: errors.New("invalid password"), + expectedCode: utils.ErrorStatusCodes[utils.ErrStrictPasswordPolicyViolation], + expectedOutput: `{"error":"password_policy_violation","errorDescription":"Please ensure the password is atleast 8 characters long and atmost 16 characters long and has atleast 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character"}`, + }, } for _, tt := range tests { @@ -498,8 +511,8 @@ func TestUpdatePassword(t *testing.T) { userPassword := entities.UserPassword{ Username: tt.givenUsername, - OldPassword: "oldPass", - NewPassword: "newPass", + OldPassword: "oldPass@123", + NewPassword: "newPass@123", } user := &entities.User{ ID: "testUID", @@ -532,11 +545,11 @@ func TestResetPassword(t *testing.T) { expectedCode int }{ { - name: "Non-admin role", + name: "Admin role", inputBody: &entities.UserPassword{ Username: "testUser", OldPassword: "", - NewPassword: "validPassword123", + NewPassword: "ValidPass@123", }, mockRole: "admin", mockUID: "testUID", @@ -559,7 +572,7 @@ func TestResetPassword(t *testing.T) { inputBody: &entities.UserPassword{ Username: "testUser", OldPassword: "", - NewPassword: "validPassword123", + NewPassword: "validPass@123", }, mockRole: "user", mockUID: "testUID", @@ -581,6 +594,29 @@ func TestResetPassword(t *testing.T) { mockUsername: "adminUser", expectedCode: utils.ErrorStatusCodes[utils.ErrInvalidRequest], }, + { + name: "Admin role wrong password", + inputBody: &entities.UserPassword{ + Username: "testUser", + OldPassword: "", + NewPassword: "short", + }, + mockRole: "admin", + mockUID: "testUID", + mockUsername: "adminUser", + given: func() { + user := &entities.User{ + ID: "testUID", + Username: "testUser", + Email: "test@example.com", + IsInitialLogin: false, + } + service.On("GetUser", "testUID").Return(user, nil) + service.On("IsAdministrator", mock.AnythingOfType("*entities.User")).Return(nil) + service.On("UpdatePassword", mock.AnythingOfType("*entities.UserPassword"), false).Return(nil) + }, + expectedCode: utils.ErrorStatusCodes[utils.ErrStrictPasswordPolicyViolation], + }, } for _, tt := range tests { diff --git a/chaoscenter/authentication/pkg/utils/errors.go b/chaoscenter/authentication/pkg/utils/errors.go index 8ffe1b4c7..4f2eff8d4 100644 --- a/chaoscenter/authentication/pkg/utils/errors.go +++ b/chaoscenter/authentication/pkg/utils/errors.go @@ -10,6 +10,7 @@ var ( ErrServerError AppError = errors.New("server_error") ErrInvalidRequest AppError = errors.New("invalid_request") ErrStrictPasswordPolicyViolation AppError = errors.New("password_policy_violation") + ErrStrictUsernamePolicyViolation AppError = errors.New("username_policy_violation") ErrUnauthorized AppError = errors.New("unauthorized") ErrUserExists AppError = errors.New("user_exists") ErrUserNotFound AppError = errors.New("user does not exist") @@ -32,6 +33,7 @@ var ErrorStatusCodes = map[AppError]int{ ErrUnauthorized: 401, ErrUserExists: 401, ErrStrictPasswordPolicyViolation: 401, + ErrStrictUsernamePolicyViolation: 401, ErrUserNotFound: 400, ErrProjectNotFound: 400, ErrUpdatingAdmin: 400, @@ -50,7 +52,8 @@ var ErrorDescriptions = map[AppError]string{ ErrInvalidRequest: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed", ErrUnauthorized: "The user does not have requested authorization to access this resource", ErrUserExists: "This username is already assigned to another user", - ErrStrictPasswordPolicyViolation: "Please ensure the password is 8 characters long and has 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character", + ErrStrictPasswordPolicyViolation: "Please ensure the password is atleast 8 characters long and atmost 16 characters long and has atleast 1 digit, 1 lowercase alphabet, 1 uppercase alphabet and 1 special character", + ErrStrictUsernamePolicyViolation: "The username should be atleast 3 characters long and atmost 16 characters long.", ErrEmptyProjectName: "Project name can't be empty", ErrInvalidRole: "Role is invalid", ErrProjectNotFound: "This project does not exist", diff --git a/chaoscenter/authentication/pkg/utils/sanitizers.go b/chaoscenter/authentication/pkg/utils/sanitizers.go index 2b5e80d78..c21bfdd9c 100644 --- a/chaoscenter/authentication/pkg/utils/sanitizers.go +++ b/chaoscenter/authentication/pkg/utils/sanitizers.go @@ -13,20 +13,25 @@ func SanitizeString(input string) string { /* ValidateStrictPassword represents and checks for the following patterns: -- Input is at least 8 characters long -- Input contains at least one special character +- Input is at least 8 characters long and at most 16 characters long +- Input contains at least one special character of these @$!%*?_& - Input contains at least one digit - Input contains at least one uppercase alphabet - Input contains at least one lowercase alphabet */ func ValidateStrictPassword(input string) error { if len(input) < 8 { - return fmt.Errorf("password is less than 8 characters") + return fmt.Errorf("password length is less than 8 characters") } + + if len(input) > 16 { + return fmt.Errorf("password length is more than 16 characters") + } + digits := `[0-9]{1}` lowerAlphabets := `[a-z]{1}` capitalAlphabets := `[A-Z]{1}` - specialCharacters := `[!@#~$%^&*()+|_]{1}` + specialCharacters := `[@$!%*?_&]{1}` if b, err := regexp.MatchString(digits, input); !b || err != nil { return fmt.Errorf("password does not contain digits") } @@ -41,3 +46,16 @@ func ValidateStrictPassword(input string) error { } return nil } + +// Username must start with a letter - ^[a-zA-Z] +// Allow letters, digits, underscores, and hyphens - [a-zA-Z0-9_-] +// Ensure the length of the username is between 3 and 16 characters (1 character is already matched above) - {2,15}$ + +func ValidateStrictUsername(username string) error { + // Ensure username doesn't contain special characters (only letters, numbers, and underscores are allowed) + if matched, _ := regexp.MatchString(`^[a-zA-Z][a-zA-Z0-9_-]{2,15}$`, username); !matched { + return fmt.Errorf("username can only contain letters, numbers, and underscores") + } + + return nil +} From 31e5ff7537ad9f6f82aa89d9b4eaa2d6e0e6afac Mon Sep 17 00:00:00 2001 From: andoriyaprashant Date: Fri, 28 Jun 2024 11:37:00 +0530 Subject: [PATCH 3/8] Update Fault Node Status Signed-off-by: andoriyaprashant --- chaoscenter/subscriber/pkg/events/chaosengine.go | 10 ++++++++++ chaoscenter/web/src/models/chaosEngine.ts | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/chaoscenter/subscriber/pkg/events/chaosengine.go b/chaoscenter/subscriber/pkg/events/chaosengine.go index d985ed857..5056776dc 100644 --- a/chaoscenter/subscriber/pkg/events/chaosengine.go +++ b/chaoscenter/subscriber/pkg/events/chaosengine.go @@ -98,6 +98,16 @@ func (ev *subscriberEvents) chaosEventHandler(obj interface{}, eventType string, logrus.WithError(err).Fatal("could not get Chaos ClientSet") } + // Update engineStatus from initialized to running + if workflowObj.Status.EngineStatus == chaosTypes.EngineStatusInitialized { + workflowObj.Status.EngineStatus = chaosTypes.EngineStatusRunning + _, err := chaosClient.ChaosEngines(workflowObj.Namespace).UpdateStatus(context.TODO(), workflowObj, v1.UpdateOptions{}) + if err != nil { + logrus.WithError(err).Fatal("could not update ChaosEngine status to running") + } + logrus.Infof("Updated ChaosEngine status to running: %s/%s", workflowObj.Namespace, workflowObj.Name) + } + nodes := make(map[string]types.Node) logrus.Print("STANDALONE CHAOSENGINE EVENT ", workflowObj.UID, " ", eventType) var cd *types.ChaosData = nil diff --git a/chaoscenter/web/src/models/chaosEngine.ts b/chaoscenter/web/src/models/chaosEngine.ts index 3f8ed4c92..29174d58b 100644 --- a/chaoscenter/web/src/models/chaosEngine.ts +++ b/chaoscenter/web/src/models/chaosEngine.ts @@ -49,7 +49,7 @@ export type FaultStatus = | 'Skipped'; // EngineStatus provides interface for all supported strings in status.EngineStatus -export type EngineStatus = 'initialized' | 'completed' | 'stopped'; +export type EngineStatus = 'initialized' | 'running' | 'completed' | 'stopped'; // CleanUpPolicy defines the garbage collection method used by chaos-operator export type CleanUpPolicy = 'delete' | 'retain'; From e4a06216183207a8556a3e7ee4ca699e8f5253e2 Mon Sep 17 00:00:00 2001 From: Aryan Bhokare <92683836+aryan-bhokare@users.noreply.github.com> Date: Tue, 2 Jul 2024 09:56:16 +0530 Subject: [PATCH 4/8] Executor role implementation. (#4737) * Refactor editor to executer in Authentication service. Signed-off-by: aryan * Refactor editor to executer in GraphQl servers. Signed-off-by: aryan * Changing executor roles. Signed-off-by: aryan * Updation in frontend hooks corresponding to backend refactor. Signed-off-by: aryan * Executer role implementation. Converted editor roles to executer role in frontend files. And Changed rbacs of the new Executer role. Signed-off-by: aryan * modification of api specs for executor Signed-off-by: aryan * removed executor role from userInfraRegistration and fixed import orders. Signed-off-by: aryan * refactor executer to executor Signed-off-by: aryan * Removing exector permission from launch experiment FE Signed-off-by: aryan * minor fix Signed-off-by: aryan --------- Signed-off-by: aryan Co-authored-by: Namkyu Park <53862866+namkyu1999@users.noreply.github.com> Signed-off-by: andoriyaprashant --- .../api/handlers/rest/project_handler.go | 2 +- .../api/handlers/rest/project_handler_test.go | 2 +- .../authentication/pkg/entities/project.go | 6 +- .../authentication/pkg/validations/roles.go | 8 +- .../definitions/shared/project.graphqls | 2 +- .../server/graph/generated/generated.go | 2 +- .../graphql/server/graph/model/models_gen.go | 10 +-- .../graphql/server/pkg/authorization/roles.go | 74 +++++++++---------- .../pkg/database/mongodb/project/schema.go | 6 +- .../auth/hooks/useSendInvitationMutation.ts | 2 +- .../api/auth/schemas/GetInvitationResponse.ts | 2 +- .../web/src/api/auth/schemas/ProjectMember.ts | 2 +- .../ExperimentActionButtons.tsx | 12 +-- .../NewExperimentButton.tsx | 2 +- .../PredefinedExperimentCard.tsx | 2 +- chaoscenter/web/src/models/rbac.ts | 2 +- chaoscenter/web/src/strings/strings.en.yaml | 2 +- chaoscenter/web/src/strings/types.ts | 2 +- .../web/src/utils/getPropsBasedOnStatus.tsx | 2 +- chaoscenter/web/src/utils/usePermissions.ts | 4 +- .../src/views/ChaosHubMenu/ChaosHubMenu.tsx | 6 +- .../web/src/views/ChaosHubs/AddHubModal.tsx | 2 +- .../src/views/ChaosProbe/ChaosProbeHeader.tsx | 2 +- .../src/views/ChaosProbes/AddProbeModal.tsx | 2 +- .../ChaosProbes/ChaosProbesTableMenu.tsx | 4 +- .../views/ChaosStudio/StudioActionButtons.tsx | 4 +- .../EnvironmentList/DeleteEnvironment.tsx | 2 +- .../EnvironmentList/EnvironmentsList.tsx | 2 +- .../EnvironmentList/EnvironmentsTableMenu.tsx | 4 +- .../Tabs/Probes/MenuCell.tsx | 4 +- .../Tabs/Probes/SelectProbesTab/NoProbes.tsx | 2 +- .../ExperimentDashboardV2TableMenu.tsx | 6 +- .../ExperimentYAMLBuilder.tsx | 2 +- chaoscenter/web/src/views/Gitops/Gitops.tsx | 2 +- .../src/views/ImageRegistry/ImageRegistry.tsx | 2 +- .../InviteNewMembers/InviteUsersTable.tsx | 4 +- ...netesChaosInfrastructureConnectionTest.tsx | 2 +- ...rnetesChaosInfrastructureCreationModal.tsx | 2 +- .../KubernetesChaosInfrastructureDetails.tsx | 2 +- .../KubernetesChaosInfrastructureTable.tsx | 4 +- .../PredefinedExperiment.tsx | 4 +- .../ActiveMembersListColumns.tsx | 12 +-- .../ProjectMembers/PendingMembersTable.tsx | 8 +- mkdocs/docs/auth/v3.0.0/auth-api.json | 8 +- 44 files changed, 119 insertions(+), 119 deletions(-) diff --git a/chaoscenter/authentication/api/handlers/rest/project_handler.go b/chaoscenter/authentication/api/handlers/rest/project_handler.go index 9d98b2a16..33dc02c95 100644 --- a/chaoscenter/authentication/api/handlers/rest/project_handler.go +++ b/chaoscenter/authentication/api/handlers/rest/project_handler.go @@ -413,7 +413,7 @@ func SendInvitation(service services.ApplicationService) gin.HandlerFunc { } // Validating member role - if member.Role == nil || (*member.Role != entities.RoleEditor && *member.Role != entities.RoleViewer) { + if member.Role == nil || (*member.Role != entities.RoleExecutor && *member.Role != entities.RoleViewer) { c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidRole], presenter.CreateErrorResponse(utils.ErrInvalidRole)) return } diff --git a/chaoscenter/authentication/api/handlers/rest/project_handler_test.go b/chaoscenter/authentication/api/handlers/rest/project_handler_test.go index dea26203f..e801241ff 100644 --- a/chaoscenter/authentication/api/handlers/rest/project_handler_test.go +++ b/chaoscenter/authentication/api/handlers/rest/project_handler_test.go @@ -203,7 +203,7 @@ func TestGetProject(t *testing.T) { Value: primitive.D{ primitive.E{ Key: "$in", - Value: []string{"Owner", "Viewer", "Editor"}, + Value: []string{"Owner", "Viewer", "Executor"}, }, }, }, diff --git a/chaoscenter/authentication/pkg/entities/project.go b/chaoscenter/authentication/pkg/entities/project.go index 3dda69124..6aa35fe07 100644 --- a/chaoscenter/authentication/pkg/entities/project.go +++ b/chaoscenter/authentication/pkg/entities/project.go @@ -108,9 +108,9 @@ func (member *Member) GetMemberOutput() *Member { type MemberRole string const ( - RoleOwner MemberRole = "Owner" - RoleEditor MemberRole = "Editor" - RoleViewer MemberRole = "Viewer" + RoleOwner MemberRole = "Owner" + RoleExecutor MemberRole = "Executor" + RoleViewer MemberRole = "Viewer" ) // Invitation defines the type of the invitation that is sent by the Owner of the project to other users diff --git a/chaoscenter/authentication/pkg/validations/roles.go b/chaoscenter/authentication/pkg/validations/roles.go index eb5c84715..17319ef1f 100644 --- a/chaoscenter/authentication/pkg/validations/roles.go +++ b/chaoscenter/authentication/pkg/validations/roles.go @@ -4,11 +4,11 @@ import "github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/entities" var MutationRbacRules = map[string][]string{ "sendInvitation": {string(entities.RoleOwner)}, - "acceptInvitation": {string(entities.RoleViewer), string(entities.RoleEditor)}, + "acceptInvitation": {string(entities.RoleViewer), string(entities.RoleExecutor)}, "declineInvitation": {string(entities.RoleViewer), - string(entities.RoleEditor)}, + string(entities.RoleExecutor)}, "removeInvitation": {string(entities.RoleOwner)}, - "leaveProject": {string(entities.RoleViewer), string(entities.RoleEditor)}, + "leaveProject": {string(entities.RoleViewer), string(entities.RoleExecutor)}, "updateProjectName": {string(entities.RoleOwner)}, - "getProject": {string(entities.RoleOwner), string(entities.RoleViewer), string(entities.RoleEditor)}, + "getProject": {string(entities.RoleOwner), string(entities.RoleViewer), string(entities.RoleExecutor)}, } diff --git a/chaoscenter/graphql/definitions/shared/project.graphqls b/chaoscenter/graphql/definitions/shared/project.graphqls index b2475aeb6..46ada7318 100644 --- a/chaoscenter/graphql/definitions/shared/project.graphqls +++ b/chaoscenter/graphql/definitions/shared/project.graphqls @@ -5,6 +5,6 @@ enum Invitation { enum MemberRole { Owner - Editor + Executor Viewer } diff --git a/chaoscenter/graphql/server/graph/generated/generated.go b/chaoscenter/graphql/server/graph/generated/generated.go index 9f5bc41c2..932e018a6 100644 --- a/chaoscenter/graphql/server/graph/generated/generated.go +++ b/chaoscenter/graphql/server/graph/generated/generated.go @@ -8173,7 +8173,7 @@ extend type Mutation { enum MemberRole { Owner - Editor + Executor Viewer } `, BuiltIn: false}, diff --git a/chaoscenter/graphql/server/graph/model/models_gen.go b/chaoscenter/graphql/server/graph/model/models_gen.go index d2e2240be..b4173ea00 100644 --- a/chaoscenter/graphql/server/graph/model/models_gen.go +++ b/chaoscenter/graphql/server/graph/model/models_gen.go @@ -2525,20 +2525,20 @@ func (e Invitation) MarshalGQL(w io.Writer) { type MemberRole string const ( - MemberRoleOwner MemberRole = "Owner" - MemberRoleEditor MemberRole = "Editor" - MemberRoleViewer MemberRole = "Viewer" + MemberRoleOwner MemberRole = "Owner" + MemberRoleExecutor MemberRole = "Executor" + MemberRoleViewer MemberRole = "Viewer" ) var AllMemberRole = []MemberRole{ MemberRoleOwner, - MemberRoleEditor, + MemberRoleExecutor, MemberRoleViewer, } func (e MemberRole) IsValid() bool { switch e { - case MemberRoleOwner, MemberRoleEditor, MemberRoleViewer: + case MemberRoleOwner, MemberRoleExecutor, MemberRoleViewer: return true } return false diff --git a/chaoscenter/graphql/server/pkg/authorization/roles.go b/chaoscenter/graphql/server/pkg/authorization/roles.go index ab19e1467..5ec29f654 100644 --- a/chaoscenter/graphql/server/pkg/authorization/roles.go +++ b/chaoscenter/graphql/server/pkg/authorization/roles.go @@ -56,53 +56,53 @@ const ( ListEnvironments RoleQuery = "ListEnvironments" // Probe - AddProbe RoleQuery = "AddProbe" - DeleteProbe RoleQuery = "DeleteProbe" - UpdateProbe RoleQuery = "UpdateProbe" - GetProbe RoleQuery = "GetProbe" - ListProbes RoleQuery = "ListProbes" - MemberRoleOwnerString = string(model.MemberRoleOwner) - MemberRoleEditorString = string(model.MemberRoleEditor) - MemberRoleViewerString = string(model.MemberRoleViewer) + AddProbe RoleQuery = "AddProbe" + DeleteProbe RoleQuery = "DeleteProbe" + UpdateProbe RoleQuery = "UpdateProbe" + GetProbe RoleQuery = "GetProbe" + ListProbes RoleQuery = "ListProbes" + MemberRoleOwnerString = string(model.MemberRoleOwner) + MemberRoleExecutorString = string(model.MemberRoleExecutor) + MemberRoleViewerString = string(model.MemberRoleViewer) ) var MutationRbacRules = map[RoleQuery][]string{ - UserInfrastructureReg: {MemberRoleOwnerString, MemberRoleEditorString}, - CreateChaosExperiment: {MemberRoleOwnerString, MemberRoleEditorString}, - ReRunChaosExperiment: {MemberRoleOwnerString, MemberRoleEditorString}, - DeleteChaosExperiment: {MemberRoleOwnerString, MemberRoleEditorString}, - StopChaosExperiment: {MemberRoleOwnerString, MemberRoleEditorString}, - AddChaosHub: {MemberRoleOwnerString, MemberRoleEditorString}, - UpdateChaosExperiment: {MemberRoleOwnerString, MemberRoleEditorString}, - DeleteInfrastructures: {MemberRoleOwnerString, MemberRoleEditorString}, - UpdateChaosHub: {MemberRoleOwnerString, MemberRoleEditorString}, - DeleteChaosHub: {MemberRoleOwnerString, MemberRoleEditorString}, + UserInfrastructureReg: {MemberRoleOwnerString}, + CreateChaosExperiment: {MemberRoleOwnerString}, + ReRunChaosExperiment: {MemberRoleOwnerString, MemberRoleExecutorString}, + DeleteChaosExperiment: {MemberRoleOwnerString}, + StopChaosExperiment: {MemberRoleOwnerString, MemberRoleExecutorString}, + AddChaosHub: {MemberRoleOwnerString}, + UpdateChaosExperiment: {MemberRoleOwnerString}, + DeleteInfrastructures: {MemberRoleOwnerString}, + UpdateChaosHub: {MemberRoleOwnerString}, + DeleteChaosHub: {MemberRoleOwnerString}, EnableGitOps: {MemberRoleOwnerString}, DisableGitOps: {MemberRoleOwnerString}, UpdateGitOps: {MemberRoleOwnerString}, - ListWorkflowRuns: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - GetWorkflowRun: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - ListInfrastructures: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - GetInfrastructure: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - GetManifest: {MemberRoleOwnerString, MemberRoleEditorString}, - GetInfraDetails: {MemberRoleOwnerString, MemberRoleEditorString}, - ListCharts: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - ListExperiment: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - SaveChaosHub: {MemberRoleOwnerString, MemberRoleEditorString}, + ListWorkflowRuns: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + GetWorkflowRun: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + ListInfrastructures: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + GetInfrastructure: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + GetManifest: {MemberRoleOwnerString, MemberRoleExecutorString}, + GetInfraDetails: {MemberRoleOwnerString, MemberRoleExecutorString}, + ListCharts: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + ListExperiment: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + SaveChaosHub: {MemberRoleOwnerString}, CreateImageRegistry: {MemberRoleOwnerString}, UpdateImageRegistry: {MemberRoleOwnerString}, DeleteImageRegistry: {MemberRoleOwnerString}, GetGitOpsDetails: {MemberRoleOwnerString}, ListImageRegistry: {MemberRoleOwnerString}, GetImageRegistry: {MemberRoleOwnerString}, - CreateEnvironment: {MemberRoleOwnerString, MemberRoleEditorString}, - UpdateEnvironment: {MemberRoleOwnerString, MemberRoleEditorString}, - DeleteEnvironment: {MemberRoleOwnerString, MemberRoleEditorString}, - GetEnvironment: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - ListEnvironments: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - AddProbe: {MemberRoleOwnerString, MemberRoleEditorString}, - UpdateProbe: {MemberRoleOwnerString, MemberRoleEditorString}, - GetProbe: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - ListProbes: {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString}, - DeleteProbe: {MemberRoleOwnerString, MemberRoleEditorString}, + CreateEnvironment: {MemberRoleOwnerString}, + UpdateEnvironment: {MemberRoleOwnerString}, + DeleteEnvironment: {MemberRoleOwnerString}, + GetEnvironment: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + ListEnvironments: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + AddProbe: {MemberRoleOwnerString}, + UpdateProbe: {MemberRoleOwnerString}, + GetProbe: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + ListProbes: {MemberRoleOwnerString, MemberRoleExecutorString, MemberRoleViewerString}, + DeleteProbe: {MemberRoleOwnerString}, } diff --git a/chaoscenter/graphql/server/pkg/database/mongodb/project/schema.go b/chaoscenter/graphql/server/pkg/database/mongodb/project/schema.go index d0882f2d2..9ae6c0652 100644 --- a/chaoscenter/graphql/server/pkg/database/mongodb/project/schema.go +++ b/chaoscenter/graphql/server/pkg/database/mongodb/project/schema.go @@ -23,9 +23,9 @@ type Member struct { type MemberRole string const ( - RoleOwner MemberRole = "Owner" - RoleEditor MemberRole = "Editor" - RoleViewer MemberRole = "Viewer" + RoleOwner MemberRole = "Owner" + RoleExecutor MemberRole = "Executor" + RoleViewer MemberRole = "Viewer" ) // Invitation defines the type of the invitation that is sent by the Owner of the project to other users diff --git a/chaoscenter/web/src/api/auth/hooks/useSendInvitationMutation.ts b/chaoscenter/web/src/api/auth/hooks/useSendInvitationMutation.ts index 6957bf81f..b61645a84 100644 --- a/chaoscenter/web/src/api/auth/hooks/useSendInvitationMutation.ts +++ b/chaoscenter/web/src/api/auth/hooks/useSendInvitationMutation.ts @@ -8,7 +8,7 @@ import { fetcher, FetcherOptions } from 'services/fetcher'; export type SendInvitationRequestBody = { projectID: string; - role: 'Editor' | 'Owner' | 'Viewer'; + role: 'Executor' | 'Owner' | 'Viewer'; userID: string; }; diff --git a/chaoscenter/web/src/api/auth/schemas/GetInvitationResponse.ts b/chaoscenter/web/src/api/auth/schemas/GetInvitationResponse.ts index 47d86c051..8c87d2993 100644 --- a/chaoscenter/web/src/api/auth/schemas/GetInvitationResponse.ts +++ b/chaoscenter/web/src/api/auth/schemas/GetInvitationResponse.ts @@ -4,7 +4,7 @@ import type { ProjectMember } from '../schemas/ProjectMember'; export interface GetInvitationResponse { - invitationRole: 'Editor' | 'Owner' | 'Viewer'; + invitationRole: 'Executor' | 'Owner' | 'Viewer'; projectID: string; projectName: string; projectOwner: ProjectMember; diff --git a/chaoscenter/web/src/api/auth/schemas/ProjectMember.ts b/chaoscenter/web/src/api/auth/schemas/ProjectMember.ts index 25d32ff50..54385b7d3 100644 --- a/chaoscenter/web/src/api/auth/schemas/ProjectMember.ts +++ b/chaoscenter/web/src/api/auth/schemas/ProjectMember.ts @@ -7,7 +7,7 @@ export interface ProjectMember { invitation: 'Accepted' | 'Declined' | 'Exited' | 'Pending'; joinedAt?: string; name?: string; - role: 'Editor' | 'Owner' | 'Viewer'; + role: 'Executor' | 'Owner' | 'Viewer'; userID: string; username: string; } diff --git a/chaoscenter/web/src/components/ExperimentActionButtons/ExperimentActionButtons.tsx b/chaoscenter/web/src/components/ExperimentActionButtons/ExperimentActionButtons.tsx index 29fdd9fda..e97e63bc0 100644 --- a/chaoscenter/web/src/components/ExperimentActionButtons/ExperimentActionButtons.tsx +++ b/chaoscenter/web/src/components/ExperimentActionButtons/ExperimentActionButtons.tsx @@ -89,7 +89,7 @@ export const RunExperimentButton = ({ icon={'play'} withoutCurrentColor variation={ButtonVariation.ICON} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.Executor} onClick={() => { runChaosExperimentMutation({ variables: { projectID: scope.projectID, experimentID: experimentID } @@ -161,7 +161,7 @@ export const StopExperimentButton = ({ isDark: true, ...tooltipProps }} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.Executor} variation={ButtonVariation.ICON} icon={'stop'} onClick={openStopExperimentDialog} @@ -240,7 +240,7 @@ export const StopExperimentRunButton = ({ }} variation={ButtonVariation.ICON} icon={'stop'} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.Executor} onClick={openStopExperimentRunDialog} /> @@ -271,7 +271,7 @@ export const EditExperimentButton = ({ experimentID, tooltipProps }: ActionButto search: `tab=${StudioTabs.BUILDER}` }); }} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.OWNER} /> ); @@ -297,7 +297,7 @@ export const CloneExperimentButton = ({ experimentID, tooltipProps }: ActionButt pathname: paths.toCloneExperiment({ experimentKey: experimentID }) }); }} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.Executor} /> ); @@ -425,7 +425,7 @@ export const EnableDisableCronButton = ({ variation={ButtonVariation.ICON} icon={'time'} onClick={openCronEnableDisableDialog} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.Executor} /> {cronEnableDisableDialog} diff --git a/chaoscenter/web/src/components/NewExperimentButton/NewExperimentButton.tsx b/chaoscenter/web/src/components/NewExperimentButton/NewExperimentButton.tsx index b8537938a..cba6ae7c0 100644 --- a/chaoscenter/web/src/components/NewExperimentButton/NewExperimentButton.tsx +++ b/chaoscenter/web/src/components/NewExperimentButton/NewExperimentButton.tsx @@ -18,7 +18,7 @@ export default function NewExperimentButton({ disabled }: { disabled?: boolean } { e.stopPropagation(); // Prevents the card from being clicked launchExperiment(); diff --git a/chaoscenter/web/src/models/rbac.ts b/chaoscenter/web/src/models/rbac.ts index 46ffce9fe..02ffbbb18 100644 --- a/chaoscenter/web/src/models/rbac.ts +++ b/chaoscenter/web/src/models/rbac.ts @@ -1,6 +1,6 @@ export enum PermissionGroup { OWNER = 'Owner', - EDITOR = 'Editor', + Executor = 'Executor', VIEWER = 'Viewer' } diff --git a/chaoscenter/web/src/strings/strings.en.yaml b/chaoscenter/web/src/strings/strings.en.yaml index 80fff0b50..e90616658 100644 --- a/chaoscenter/web/src/strings/strings.en.yaml +++ b/chaoscenter/web/src/strings/strings.en.yaml @@ -1,4 +1,5 @@ 404Error: Oops, we could not find this page. +Executor: Executor FRI: FRI MON: MON NASlash: N/A @@ -306,7 +307,6 @@ editSameExperimentDescription: >- editSameExperimentTitle: Edit on the existing Experiment editYaml: Edit Yaml editingChaosHub: Editing ChaosHub -editor: Editor effect: Effect email: Email emailIsRequired: Email is a required field diff --git a/chaoscenter/web/src/strings/types.ts b/chaoscenter/web/src/strings/types.ts index 9db3a837a..ce63116c0 100644 --- a/chaoscenter/web/src/strings/types.ts +++ b/chaoscenter/web/src/strings/types.ts @@ -6,6 +6,7 @@ export type PrimitiveObject = Record = ({ hubID.current = chaosHub.id; syncChaosHubMutation({ variables: { projectID: scope.projectID, id: chaosHub.id } }); }} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.Executor} /> )} @@ -125,7 +125,7 @@ export const ChaosHubMenuView: React.FC = ({ setSelectedHubDetails(chaosHub); setEditHubModal(true); }} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.OWNER} /> )} @@ -139,7 +139,7 @@ export const ChaosHubMenuView: React.FC = ({ onClick={() => { deleteChaosHubMutation({ variables: { projectID: scope.projectID, hubID: chaosHub.id } }); }} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.OWNER} /> )} diff --git a/chaoscenter/web/src/views/ChaosHubs/AddHubModal.tsx b/chaoscenter/web/src/views/ChaosHubs/AddHubModal.tsx index eaddafcf5..940a81cc9 100644 --- a/chaoscenter/web/src/views/ChaosHubs/AddHubModal.tsx +++ b/chaoscenter/web/src/views/ChaosHubs/AddHubModal.tsx @@ -28,7 +28,7 @@ function AddHubModal({ listChaosHubRefetch, disabled }: AddHubModalProviderProps icon="plus" onClick={() => open()} disabled={disabled} - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.OWNER} /> {isOpen && ( close()} className={css.modalWithHelpPanel}> diff --git a/chaoscenter/web/src/views/ChaosProbe/ChaosProbeHeader.tsx b/chaoscenter/web/src/views/ChaosProbe/ChaosProbeHeader.tsx index 18f644d79..3c126126e 100644 --- a/chaoscenter/web/src/views/ChaosProbe/ChaosProbeHeader.tsx +++ b/chaoscenter/web/src/views/ChaosProbe/ChaosProbeHeader.tsx @@ -101,7 +101,7 @@ export default function ChaosProbeHeader({ text={getString('editProbe')} variation={ButtonVariation.SECONDARY} icon="Edit" - permission={PermissionGroup.EDITOR} + permission={PermissionGroup.OWNER} onClick={setEditProbeOpen} /> diff --git a/chaoscenter/web/src/views/ChaosProbes/AddProbeModal.tsx b/chaoscenter/web/src/views/ChaosProbes/AddProbeModal.tsx index efc49df30..db4c7c5da 100644 --- a/chaoscenter/web/src/views/ChaosProbes/AddProbeModal.tsx +++ b/chaoscenter/web/src/views/ChaosProbes/AddProbeModal.tsx @@ -87,7 +87,7 @@ export const AddProbeModal = ({ refetchProbes }: RefetchProbes): React.ReactElem { diff --git a/chaoscenter/web/src/views/ChaosProbes/ChaosProbesTableMenu.tsx b/chaoscenter/web/src/views/ChaosProbes/ChaosProbesTableMenu.tsx index 99f21af29..e1021660f 100644 --- a/chaoscenter/web/src/views/ChaosProbes/ChaosProbesTableMenu.tsx +++ b/chaoscenter/web/src/views/ChaosProbes/ChaosProbesTableMenu.tsx @@ -79,7 +79,7 @@ export const MenuCell = ({ icon="Edit" text={getString('editProbe')} onClick={() => setEditProbe({ name: data.name, infrastructureType: data.infrastructureType })} - permission={PermissionGroup.EDITOR || PermissionGroup.OWNER} + permission={PermissionGroup.OWNER} /> {/* */} @@ -88,7 +88,7 @@ export const MenuCell = ({ icon="main-trash" text={getString('deleteProbe')} onClick={openDeleteProbeDialog} - permission={PermissionGroup.EDITOR || PermissionGroup.OWNER} + permission={PermissionGroup.OWNER} /> diff --git a/chaoscenter/web/src/views/ChaosStudio/StudioActionButtons.tsx b/chaoscenter/web/src/views/ChaosStudio/StudioActionButtons.tsx index d0ece4cfd..e605b41ba 100644 --- a/chaoscenter/web/src/views/ChaosStudio/StudioActionButtons.tsx +++ b/chaoscenter/web/src/views/ChaosStudio/StudioActionButtons.tsx @@ -36,7 +36,7 @@ export default function StudioActionButtons({ )}