Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a command line tool for linting ACLs #997

Open
wants to merge 1 commit into
base: development
Choose a base branch
from

Conversation

arteymix
Copy link
Member

@arteymix arteymix commented Jan 22, 2024

TODO

  • ensure that a securable entity has an object identity
  • ensure that parent objects are attached to existing entities
  •  look for objects with missing ACEs:
    • an object should have at least one entry or inherit at least one entry from its parent
    • an object should have at least one entry that grants all permission to GROUP_ADMIN
  • look for dangling ACLs that can be removed
  • propose corrective actions for common issues

This is useful for identifying issues such as those reported in #994.

@arteymix arteymix changed the base branch from development to release-1.31.0 January 22, 2024 22:55
@arteymix arteymix added this to the 1.32.0 milestone Jan 22, 2024
Relocate H2 init SQL scripts since it's not possible to refer to them
unambiguously in gemma-cli.
@arteymix arteymix changed the base branch from release-1.31.0 to development January 23, 2024 18:13
@arteymix arteymix modified the milestones: 1.32.0, 1.31.1 Jan 23, 2024
@arteymix
Copy link
Member Author

arteymix commented Feb 1, 2024

We don't assign ACEs on entities that inherit permissions from their parent, so we can add that check to the linter.

@arteymix arteymix modified the milestones: 1.31.1, 1.31.2 Feb 9, 2024
@arteymix arteymix modified the milestones: 1.31.2, 1.31.4 Apr 3, 2024
@arteymix arteymix removed this from the 1.31.4 milestone Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant