Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AAP-38623: Internal RH user check. #1494

Merged
merged 1 commit into from
Jan 15, 2025
Merged

AAP-38623: Internal RH user check. #1494

merged 1 commit into from
Jan 15, 2025

Conversation

romartin
Copy link
Contributor

@romartin romartin commented Jan 14, 2025
edited
Loading

Jira Issue: https://issues.redhat.com/browse/AAP-38623

Description

Replace the actual RH employee check by the RH internal user check.

Testing

  1. Pull down the PR
  2. Run the service
  3. Login as a RH internal user
  4. Verify chatbot link and page are accessible

Scenarios tested

Tested locally against my RH user.

Production deployment

  • This code change is ready for production on its own
  • This code change requires the following considerations before going to production:

@romartin romartin requested review from goneri and jameswnl January 14, 2025 21:45
@romartin
Copy link
Contributor Author

About the pip-audit check failed, no idea, I did no changes on the dependency tree in this PR.... :/

@romartin romartin force-pushed the AAP-38623-rh-internal-user-check branch from f8630a5 to abbc7eb Compare January 15, 2025 15:52
@romartin romartin marked this pull request as ready for review January 15, 2025 16:13
@romartin
Copy link
Contributor Author

romartin commented Jan 15, 2025
edited
Loading

@jameswnl @goneri PR ready for review! Finally also did:

  • Refactor rh_employee field on database by rh_internal
  • Rename exception code permission_denied__user_not_rh_employee

Thanks!

@romartin
Copy link
Contributor Author

romartin commented Jan 15, 2025
edited
Loading

Can we report a separate issue for the pip-audit check failed? It looks it is something not related to this PR....
https://github.com/ansible/ansible-ai-connect-service/actions/runs/12792436907/job/35662888198?pr=1494

Name | Version | ID | Fix Versions | Description
--- | --- | --- | --- | ---
django | 4.2.17 | PYSEC-2025-1 | 4.2.18,5.0.11,5.1.5 | An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)

Name | Skip Reason
--- | ---
ansible-ai-connect | Dependency not found on PyPI and could not be audited: ansible-ai-connect (0.1.0)
certifi | Dependency not found on PyPI and could not be audited: certifi (2038.12.31)

@romartin
AAP-38623: Internal RH user check.
b214ae1 
Signed-off-by: romartin <[email protected]>

fix boolean return type.

Signed-off-by: romartin <[email protected]>

Refactoring User's rh_employee field by rh_internal, on database.

Signed-off-by: romartin <[email protected]>

Rename IsRHInternalUser permission code.

Signed-off-by: romartin <[email protected]>
@romartin romartin force-pushed the AAP-38623-rh-internal-user-check branch from 34ef71e to b214ae1 Compare January 15, 2025 18:21
@romartin
Copy link
Contributor Author

signed commits, sorry

@romartin
Copy link
Contributor Author

Created https://issues.redhat.com/browse/AAP-38703 for the pip-audit check issue.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
1.5% Duplication on New Code

See analysis details on SonarQube Cloud

@romartin romartin merged commit e3828b7 into main Jan 15, 2025
10 of 11 checks passed
@romartin romartin deleted the AAP-38623-rh-internal-user-check branch January 15, 2025 18:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goneri goneri goneri approved these changes

@jameswnl jameswnl jameswnl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@romartin @goneri @jameswnl