-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACL integration into the CLI #207
Comments
Assigning this to you @tegefaulkes since this should give you a full domain to work into the GUI as well after you get it running in the CLI. |
Please help spec out the tasks above. @tegefaulkes |
Expanded spec and updated tasks. For the commands, do we want them inside the vaults and identities domains or keep them all inside its own trust domain? |
In the GG we now have:
I believe these 6 functions should be exposed directly to GRPC. So in the client service there should be 6 calls one for one here. As for trust/untrust. Let's think about this. First there's the current 2 actions:
So I think to be flexible here, we need both a high level subcommand called We decided before not to have gestalts subcommand in the CLI, and gestalts subcommands are instead under the identities subcommand. Therefore one can imagine:
So then for the specific action setting and unsetting:
|
From the vaults point of view, there's not high level trust/untrust. But there is a high level share/unshare concept. So
And the low level commands for ACL manipulation can be the same as before:
Please indicate what:
|
@tegefaulkes also see (with respect to vault permission actions):
|
Do we want the ability to set and unset multiple permissions at a time? Thoughts? @CMCDragonkai |
Let's stick with simple first, and see how it works out then we can add
extensions subsequently.
…On 7/11/21 5:10 PM, Brian Botha wrote:
Do we want the ability to set and unset multiple permissions at a time?
It should be a simple change since the last argument can be variadic.
eg |pk identities trust <nodeId> notify scan|
Thoughts? @CMCDragonkai <https://github.com/CMCDragonkai>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#207 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE4OHJIVY5FSVWGQB7YI73TXE7XPANCNFSM5ACD5W7Q>.
|
There is an oddity with types when using the 'as' keyword. type GestaltAction = 'notify' | 'scan';
function doThingWithAction(action: GestaltAction) {
//Do things...
}
doThingWithAction('invalidString'); //Argument of type '"invalidString"' is not assignable to parameter of type 'GestaltAction'.
doThingWithAction('invalidString' as GestaltAction); //no complaint. Is there a good way to deal with this? update: Thoughts? @CMCDragonkai |
This is fine. We only use `as` when using it as a smart constructor or
when we need to get around the type checker.
…On 7/12/21 4:20 PM, Brian Botha wrote:
There is an oddity with types when using the 'as' keyword.
The 'as' keyword doesn't provide any checking, so if we cast a string
to an union type of strings, it will not check if the string is valid.
For example...
type GestaltAction = 'notify' | 'scan';
function doThingWithAction(action:GestaltAction) {
//Do things...
}
doThingWithAction('invalidString'); //Argument of type '"invalidString"' is not assignable to parameter of
type 'GestaltAction'.
doThingWithAction('invalidString' as GestaltAction); //no complaint.
Is there a good way to deal with this?
After a quick google search I can't find a quick and easy way to check
if a string is valid for such a type.
Right now I can check it with something like |if (!["notify",
"scan"].includes(action)) throw new
ErrorGestaltsInvalidAction(|Invalid action: ${action}|);| but this is
a horrible solution.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#207 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE4OHKOCDTHV7NUIQRPCWLTXKCSBANCNFSM5ACD5W7Q>.
|
Added the identities trust and allow command with the following format.
This gives us a simple way of setting and unsetting via Node or Identity with one command. |
Updated checklist for vault permissions. |
GRPC functions for
Already exist as
No tests for them exist yet. |
Added tests for the GRPC calls
CLI commands and tests already existed for
|
I updated the gestalts list command to show permissions per gestalt. Created a test for it too. |
For @scottmmorris to review as well. |
Changes:For all commands that took identitiy as an input: split up
split up
split up
|
Things to left to do:
Probably by Monday ready to merge. |
Are we on track for Monday EOD merge? |
We can leave the nodes related work to be merged after @joshuakarp merges his gestalts work. Node related identities work/acl/gestalts is going to the Nodes CLI MR. |
Changes here have been merged in with identities-cli. |
Specification
pk identities
for gestalts andpk vaults
for vaultsActions
The actions we may want to take are:
Command domain.
We can add the commands to the vaults and identities domains. the commands in this case will take the form of.
PK gestalts trust set <ID> <permission>
orPK gestalts trust --action set --ID <ID> --permmission <permission>
.However we can make a new command domain just for trust and have a subcommand for each action.
PK trust setGestalt --ID <ID> --permission <permission>
PK trust listGestalt --ID <ID> --permission <permission>
Tasks
notes:
The text was updated successfully, but these errors were encountered: