Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow an Admin API key for a 'parent' group to create new groups. #7724

Merged
merged 3 commits into from
Oct 11, 2024
Merged

Allow an Admin API key for a 'parent' group to create new groups. #7724

merged 3 commits into from
Oct 11, 2024

Conversation

vadimberezniker
Copy link
Member

The new groups will inherit the SAML IDP Metadata URL of the original group.

Related issues: N/A

tylerwilliams
tylerwilliams approved these changes Oct 10, 2024
View reviewed changes
Copy link
Member

@tylerwilliams tylerwilliams left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm w/ 2 minor nits

server/buildbuddy_server/buildbuddy_server.go Show resolved Hide resolved
server/buildbuddy_server/buildbuddy_server.go Show resolved Hide resolved
Base automatically changed from scim_child_groups to master October 10, 2024 22:40
@vadimberezniker
Allow an Admin API key for a 'parent' group to create new groups.
583e207 
The new groups will inherit the SAML IDP Metadata URL of the original
group.
@vadimberezniker
Add some comments.
b361eb6
bduffany
bduffany approved these changes Oct 11, 2024
View reviewed changes
server/buildbuddy_server/buildbuddy_server.go
// For groups created using an API Key allow the SAML IDP Metadata URL
// to be inherited if the API Key group is marked as a 'parent' group.
// This allows the new group to be managed using a parent group API key.
if u.HasCapability(akpb.ApiKey_ORG_ADMIN_CAPABILITY) && u.GetUserID() == "" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: the UserID == "" check doesn't seem necessary here? (it might make sense to eventually support ORG_ADMIN for personal API keys)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This API is also by the web frontend where u.GetUserID() != "" and I don't want this behavior to occur if someone creates a group via the UI. Once the customer is done testing, the plan is to promote the relevant APIs to the public API where we wouldn't need to do this check anymore.

@vadimberezniker vadimberezniker merged commit c3f3c88 into master Oct 11, 2024
6 of 15 checks passed
@vadimberezniker vadimberezniker deleted the scim_create_groups branch October 11, 2024 17:25
vadimberezniker added a commit that referenced this pull request Oct 15, 2024
@vadimberezniker
Allow an Admin API key for a 'parent' group to create new groups. (#7724
5f4039b 
)

The new groups will inherit the SAML IDP Metadata URL of the original
group.

<!-- Optional: Provide additional context (beyond the PR title). -->

<!-- Optional: link a GitHub issue.
Example: "Fixes #123" will auto-close #123 when the PR is merged. -->

**Related issues**: N/A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tylerwilliams tylerwilliams tylerwilliams approved these changes

@bduffany bduffany bduffany approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vadimberezniker @tylerwilliams @bduffany