3
0
Commit Graph

3693 Commits

Author SHA1 Message Date
Tomaž Jerman
cbc92dcc63 Fix module field update logic when records exist
The logic will need to be adjusted for DAL model issues, but the
current functionality is preserved with this.
2022-07-27 16:53:04 +02:00
Tomaž Jerman
b890f50098 Improve record value setter to utilize module when possible 2022-07-27 16:53:04 +02:00
Tomaž Jerman
9d44fa8679 Fix RDBMS filter construction for applications and flags
* Add a new byFlag resource filter feature to support filtering
  using flags.
  False by default since only system applications use it.
* Add filter definitions to flag pkg resource.
* Add support for using []string inside byValue filters.
2022-07-27 16:53:04 +02:00
Tomaž Jerman
702196dafa Improve native type support for JSON rdbms columns
Allow driver.Value types to be used as is.
This avoids cases where valid values would be encoded into
strange, invalid JSON strings (such as passing `{"k": "v"}`).
2022-07-27 16:53:04 +02:00
Tomaž Jerman
cce11cf19d Skip tests which can not yet be fixed due to envoy/reporter 2022-07-27 16:53:04 +02:00
Tomaž Jerman
fe27e4bf90 Temporarily remove envoy and reporter tests until they are reworked 2022-07-27 16:53:04 +02:00
Tomaž Jerman
3fbf5c3eb8 Bring back the make test.all command 2022-07-27 16:53:04 +02:00
Denis Arh
c6f8862681 Properly handle empty label name exception list in RDBMS store 2022-07-27 11:45:50 +02:00
Denis Arh
9a0e37a6d9 Fix multivalue attribute init and encoding 2022-07-27 11:24:23 +02:00
Vivek Patel
b41504dbe3 Improve KV related expr types, add r/w locking
Also extended filter for compose record values
2022-07-27 14:00:18 +05:30
Vivek Patel
fad8725a63 Fix sensitive level check for data privacy modules
A module have one or more module field with have a sensitivity level then it will consider as private module.
2022-07-26 09:30:59 +05:30
Tomaž Jerman
eb917eed6e Refactor data-privacy/sensitive-data to data-privacy/records 2022-07-25 16:56:15 +02:00
Denis Arh
5e8fae37af Fix store layer usage (must be store.<fn>(ctx, svc.store, ...) 2022-07-24 12:34:16 +02:00
Denis Arh
74d0dfd6de Add resource load&check on access-control 2022-07-24 11:50:56 +02:00
Denis Arh
805b160ec0 Add missing and standarize load<resource> functions 2022-07-24 11:49:30 +02:00
Denis Arh
bab140a3f9 Skip contextual roles when doing RBAC trace on wildcard resource 2022-07-24 11:45:29 +02:00
Thibaut
2b70f43560 call proc function after loading module fields 2022-07-22 10:40:00 +02:00
Denis Arh
fbdb284943 Fix chart translations 2022-07-21 11:11:40 +02:00
Denis Arh
294d502786 Ensure default connection use finding DAL models 2022-07-21 08:37:52 +02:00
Denis Arh
fbde6a559f Cleanup Activate() fn on system servies 2022-07-21 08:37:41 +02:00
Denis Arh
377a804633 Allow dal.ValueGetter implementation to return nil from CountValues() 2022-07-21 08:37:38 +02:00
Denis Arh
c2202f2739 Properly encode value with (rdbms drivers) TypeJSON 2022-07-21 08:37:34 +02:00
Denis Arh
c99095eba6 Print panic stacktrace directly if LOG_DEBUG is enabled 2022-07-21 08:37:31 +02:00
Vivek Patel
74191e32eb Remove ownership from data privacy module response 2022-07-19 18:09:34 +05:30
Vivek Patel
f160d391f5 Add filters to permissions for role route
It allows filtering for specific rules and also the rules which are applied to the resource, and not to a specific resource.

Introduces generic methods for RuleSet and FindRules method to access_control generation template.
2022-07-19 17:30:26 +05:30
Tomaž Jerman
149d75578a Fix/improve DAL integration tests 2022-07-18 18:53:11 +02:00
Tomaž Jerman
1d5232fc75 Make DAL model management more consistent, deprecate most dalutils 2022-07-18 18:53:11 +02:00
Tomaž Jerman
c8179f74d4 Fix boolean field Backward compatibility for alias store codec
The JSON record value codec properly encoded T/F as "1"/"" but
the plain codec did not.
2022-07-18 18:40:34 +02:00
Tomaž Jerman
aaa536441b Prevent boot levels from panicking if default language not set 2022-07-18 18:03:18 +02:00
Vivek Patel
56a7bfa821 Add route for listing sensitive modules
It will list out all the privacy related modules, that have one or more private fields.
2022-07-18 17:24:37 +05:30
Vivek Patel
07a8fdbbd5 Fix test notification cli command
Also, addresses issue with SMTP_* env vars value, which were ignored on server startup.
2022-07-18 17:12:12 +05:30
Tomaž Jerman
88a75784ce Tweak rv sanitizer->value expression interaction
When record value expression returns null the value gets omitted.
Tweak value sanitizer logic for more consistency.
2022-07-18 10:01:22 +02:00
Tomaž Jerman
58082d90ca Add missing store tests for privacy resources 2022-07-18 10:01:14 +02:00
Jože Fortun
163f04bc6e Make sensitivity level property undefined by default 2022-07-15 15:28:48 +02:00
Tomaž Jerman
85bb86c5cd Refactor sensitivity levels to be consistent with connections 2022-07-15 11:02:14 +02:00
Tomaž Jerman
af8aa9893d Make the connection sensitivity level not required 2022-07-15 09:30:05 +02:00
Denis Arh
44213462a2 Fix RBAC resorce type case for dal resources 2022-07-15 07:17:04 +02:00
Denis Arh
5168310aa4 Refactored credential handling 2022-07-14 21:09:21 +02:00
Peter Grlica
06315c55b8 Forbid password reuse 2022-07-14 21:02:32 +02:00
Denis Arh
87c65c2591 Fix RBAC tracing issue - handling wildcarded resources 2022-07-14 19:06:29 +02:00
Denis Arh
cd865edb2b Fix RBAC tracing issue - always append auth roles
Whenever a RBAC check request is sent for a specific user
all user's roles are loaded. This fix appends authenticated
roles to that user as well.
2022-07-14 18:01:09 +02:00
Tomaž Jerman
f41b7872f4 Add content-type header for generated config.js 2022-07-14 13:52:14 +02:00
Denis Arh
72ae80aaf9 Change snapshot builder image to golang:1.18-buster (from 1.17) 2022-07-14 12:04:53 +02:00
Denis Arh
d1d00d7771 Handle new auth options for signature algo & key 2022-07-14 11:09:26 +02:00
Denis Arh
e5a50a7191 Move auth initialization steps to a dedicated initAuth boot fn 2022-07-14 11:09:26 +02:00
Denis Arh
4a27786f27 Cleanup token issuer (auth) code 2022-07-14 11:09:26 +02:00
Denis Arh
e0f6b349da Merge branch '2022.9.x-fix-rbac-check-tracing' into 2022.9.x 2022-07-14 11:07:31 +02:00
Denis Arh
defdc41ec3 Improve RBAC resource handling 2022-07-14 11:07:10 +02:00
Denis Arh
af077b0edd Add slice.UInt64s, helper type
Type properly encodes slice of uint64s as JSON array of strings
2022-07-14 11:07:10 +02:00
Denis Arh
39046c52d0 Harden RBAC and refactor check tracking
- stricter rule checking when multiple roles have permissions on same
   resource
 - tracking (prev: evaluation) is refactored to stand out less than
   previous solution
 - performance optimization on certain situations (earlier fn return)
2022-07-14 11:07:10 +02:00