dataall icon indicating copy to clipboard operation
dataall copied to clipboard
verified publisher icon data-dot-all

feature(GH-1613)- New policy management types

Open TejasRGitHub opened this issue 11 months ago • 0 comments

Feature or Bugfix

  • Feature

Detail

  • Introduces the new policy management options as described in this GH issue ( https://github.com/data-dot-all/dataall/issues/1613 )

Relates

  • https://github.com/data-dot-all/dataall/issues/1613

Testing

  1. Adding consumption role with Fully, Partially and Externally Managed management types ✅
  2. Created a share with each type ✅
  3. For partially managed, removed share policy and ran share verifier and got unhealthy message complaining policy not attached. Ran reapplier and check that the policy was not attached ( as should be the case for partially managed role ) ✅
  4. For fully managed, did exactly as test 3 and checked that the policy is attached ✅
  5. For Externally managed, the policy was not attached when the share was created :check and after running share verifier the verifier didn't mark the share as unhealhy ✅
  6. On the Environment Consumption Roles page, updated the Policy Management of the consumption roles ✅ . When changing consumption role from externally / partially managed to fully managed, checked that the share policy is attached. ✅

Security

Please answer the questions below briefly where applicable, or write N/A. Based on OWASP 10.

  • Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? Yes
    • Is the input sanitized? Yes
    • What precautions are you taking before deserializing the data you consume? Using gql wrapper defined in data.all
    • Is injection prevented by parametrizing queries? yes
    • Have you ensured no eval or similar functions are used? Yes
  • Does this PR introduce any functionality or component that requires authorization? N/A
    • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
    • Are you logging failed auth attempts?
  • Are you using or adding any cryptographic features? N/A
    • Do you use a standard proven implementations?
    • Are the used keys controlled by the customer? Where are they stored?
  • Are you introducing any new policies/roles/users? No
    • Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

TejasRGitHub avatar Feb 12 '25 20:02 TejasRGitHub