Skip to content
GitLab
Explore
Projects
Groups
Topics
Snippets
Projects
Groups
Topics
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Register
Sign in
Toggle navigation
Menu
UPSMF
uphrh-sb-devops
Commits
2cef227f
Unverified
Commit
2cef227f
authored
2 years ago
by
G33tha
Committed by
GitHub
2 years ago
Browse files
Options
Download
Plain Diff
Merge pull request #3346 from keshavprasadms/release-4.9.0
fix: Merge 4.9.0 to 4.10.0
parents
f5014441
15ecc840
master
login-changes
loginRegisterBtn
prasath-release-5.1.0
release-5.1.0
release-5.1.0-api
release-5.1.0-apiuat
release-5.1.0-bulk-enrol-unenrol
release-5.1.0-uat
release-5.1.0-uatLatest
release-5.1.0-uatapi
release-5.1.0-upsmf-prod
release-uat-nginx
revert-5-login-changes
upstream/release-5.1.0-vdn
release-5.2.0-inquiry_RC1
release-5.1.0_RC3
release-5.1.0_RC2
release-5.1.0_RC1
release-5.0.2
release-5.0.2_RC1
release-5.0.1
release-5.0.1_RC1
release-5.0.0
release-5.0.0_RC5
release-5.0.0_RC4
release-5.0.0_RC3
release-5.0.0_RC2
release-5.0.0_RC1
release-4.10.2_RC1
release-4.10.1
release-4.10.1_RC2
release-4.10.1_RC1
release-4.10.0
release-4.10.0_RC1
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
ansible/roles/stack-sunbird/templates/assessment-service_application.conf
+11
-1
...ack-sunbird/templates/assessment-service_application.conf
kubernetes/opa/learner/policies.rego
+57
-4
kubernetes/opa/learner/policies.rego
kubernetes/opa/learner/policies_test.rego
+103
-0
kubernetes/opa/learner/policies_test.rego
with
171 additions
and
5 deletions
+171
-5
ansible/roles/stack-sunbird/templates/assessment-service_application.conf
+
11
−
1
View file @
2cef227f
...
...
@@ -415,4 +415,14 @@ import {
master
.
category
.
validation
.
enabled
=
"{{ master_category_validation_enabled }}"
question
.
cache
.
enable
=
true
questionset
.
cache
.
enable
=
true
\ No newline at end of file
questionset
.
cache
.
enable
=
true
assessment
.
copy
.
origin_data
=[
"name"
,
"author"
,
"license"
,
"organisation"
]
assessment
.
copy
.
props_to_remove
=[
"downloadUrl"
,
"artifactUrl"
,
"variants"
,
"createdOn"
,
"collections"
,
"children"
,
"lastUpdatedOn"
,
"SYS_INTERNAL_LAST_UPDATED_ON"
,
"versionKey"
,
"s3Key"
,
"status"
,
"pkgVersion"
,
"toc_url"
,
"mimeTypesCount"
,
"contentTypesCount"
,
"leafNodesCount"
,
"childNodes"
,
"prevState"
,
"lastPublishedOn"
,
"flagReasons"
,
"compatibilityLevel"
,
"size"
,
"publishChecklist"
,
"publishComment"
,
"LastPublishedBy"
,
"rejectReasons"
,
"rejectComment"
,
"gradeLevel"
,
"subject"
,
"medium"
,
"board"
,
"topic"
,
"purpose"
,
"subtopic"
,
"contentCredits"
,
"owner"
,
"collaborators"
,
"creators"
,
"contributors"
,
"badgeAssertions"
,
"dialcodes"
,
"concepts"
,
"keywords"
,
"reservedDialcodes"
,
"dialcodeRequired"
,
"leafNodes"
,
"sYS_INTERNAL_LAST_UPDATED_ON"
,
"prevStatus"
,
"lastPublishedBy"
,
"streamingUrl"
]
\ No newline at end of file
This diff is collapsed.
Click to expand it.
kubernetes/opa/learner/policies.rego
+
57
−
4
View file @
2cef227f
...
...
@@ -30,32 +30,85 @@ urls_to_action_mapping := {
"/v2/org/preferences/update"
:
"updateTenantPreferences"
}
# Tnc API policy updates to handle different scenarios as explained below
# When some or all payloads are missing:
# 1. Missing userid and tnc type
# 2. Missing tnc type
# 3. Missing userid and tnc type not as orgAdminTnc / reportViewerTnc
# 4. Missing userid but tnc type as orgAdminTnc / reportViewerTnc
# When all payloads are present:
# 5. Both userid, tnc type present and tnc type not as orgAdminTnc / reportViewerTnc
# 6. Both userid, tnc type present and tnc type as orgAdminTnc / reportViewerTnc
# Issue identified as part of -
# - https://project-sunbird.atlassian.net/browse/SB-29723
# - https://project-sunbird.atlassian.net/browse/SB-29996
# Point #1
acceptTermsAndCondition
{
super
.
public_role_check
not
input
.
parsed_body
.
request
.
userId
not
input
.
parsed_body
.
request
.
tncType
}
# Point #2
acceptTermsAndCondition
{
super
.
public_role_check
input
.
parsed_body
.
request
.
userId
==
super
.
userid
not
input
.
parsed_body
.
request
.
tncType
}
# Point #3
acceptTermsAndCondition
{
super
.
public_role_check
not
input
.
parsed_body
.
request
.
userId
not
input
.
parsed_body
.
request
.
tncType
in
[
"orgAdminTnc"
,
"reportViewerTnc"
]
}
# Point #4 - As orgAdminTnc
acceptTermsAndCondition
{
acls
:=
[
"acceptTnc"
]
roles
:=
[
"ORG_ADMIN"
]
super
.
acls_check
(
acls
)
super
.
role_check
(
roles
)
not
input
.
parsed_body
.
request
.
userId
"orgAdminTnc"
==
input
.
parsed_body
.
request
.
tncType
}
# Point #4 - As reportViewerTnc
acceptTermsAndCondition
{
acls
:=
[
"acceptTnc"
]
roles
:=
[
"REPORT_VIEWER"
,
"REPORT_ADMIN"
]
super
.
acls_check
(
acls
)
super
.
role_check
(
roles
)
not
input
.
parsed_body
.
request
.
userId
"reportViewerTnc"
==
input
.
parsed_body
.
request
.
tncType
}
# Point #5
acceptTermsAndCondition
{
super
.
public_role_check
input
.
parsed_body
.
request
.
userId
==
super
.
userid
not
input
.
parsed_body
.
request
.
tncType
in
[
"orgAdminTnc"
,
"reportViewerTnc"
]
}
#
Optional request.userId - https://project-sunbird.atlassian.net/browse/SB-29723
#
Point #6 - As orgAdminTnc
acceptTermsAndCondition
{
super
.
public_role_check
not
input
.
parsed_body
.
request
.
tncType
not
input
.
parsed_body
.
request
.
userId
acls
:=
[
"acceptTnc"
]
roles
:=
[
"ORG_ADMIN"
]
super
.
acls_check
(
acls
)
super
.
role_check
(
roles
)
input
.
parsed_body
.
request
.
userId
==
super
.
userid
"orgAdminTnc"
==
input
.
parsed_body
.
request
.
tncType
}
# Point #6 - As reportViewerTnc
acceptTermsAndCondition
{
acls
:=
[
"acceptTnc"
]
roles
:=
[
"REPORT_VIEWER"
,
"REPORT_ADMIN"
]
super
.
acls_check
(
acls
)
super
.
role_check
(
roles
)
input
.
parsed_body
.
request
.
userId
==
super
.
userid
"reportViewerTnc"
==
input
.
parsed_body
.
request
.
tncType
}
updateUser
{
...
...
This diff is collapsed.
Click to expand it.
kubernetes/opa/learner/policies_test.rego
+
103
−
0
View file @
2cef227f
...
...
@@ -32,6 +32,32 @@ test_accept_terms_and_conditions_as_org_admin {
}
}
test_accept_terms_and_conditions_as_org_admin_with_userid
{
data
.
main
.
allow
.
allowed
with
data
.
common
.
current_time
as
current_time
with
data
.
common
.
iss
as
iss
with
input
as
{
"attributes"
:
{
"request"
:
{
"http"
:
{
"headers"
:
{
"x-authenticated-user-token"
:
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiQk9PS19DUkVBVE9SIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPTlRFTlRfQ1JFQVRPUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJDT05URU5UX1JFVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPVVJTRV9NRU5UT1IiLCJzY29wZSI6W3sib3JnYW5pc2F0aW9uSWQiOiIwMTM2OTg3ODc5NzUwMzY5MjgxMCJ9XX0seyJyb2xlIjoiUFJPR1JBTV9ERVNJR05FUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJSRVBPUlRfVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6Ik9SR19BRE1JTiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn0seyJvcmdhbmlzYXRpb25JZCI6IjAxNDcxOTIzNTY3ODEyMzQ1Njc4In1dfSx7InJvbGUiOiJQVUJMSUMiLCJzY29wZSI6W119XSwiaXNzIjoiaHR0cHM6Ly9zdW5iaXJkZWQub3JnL2F1dGgvcmVhbG1zL3N1bmJpcmQiLCJuYW1lIjoiZGVtbyIsInR5cCI6IkJlYXJlciIsImV4cCI6MTY0MDIzNjEwMiwiaWF0IjoxNjQwMTQ5NzA1fQ.B3-TSdYSOlawPHjFdiRjXwvRbYQ_eH_HTiLKlH7vGS0rCOJ6HQbYyWOhZ7vbZPb3virkuyfhykFcYCEHBCkHY-fwGAeU58Pmhi0dnNJkR59Fa9y_75W98JXZW68HROp62ntEAKCA1oot_U4tYi-8UNoR17Gszj9iYzFEBc6TZA4Lrom_9gqhBOYzL0ISFWSS6oG94EaaKDYHyWzCSjU2nYRB_fn-tODmnVJ12GRJAc1oM9y54o8neNYsl4T_xPyD34v-CinUJM8jzDjFqK5_O3HnAbcmXvkZjFRgfk4mF1V4s5hlsTJGyhi2JOPh90C5N-HbAY8QsPBnzgYFQU_sww"
},
"path"
:
"/v1/user/tnc/accept"
}
}
},
"parsed_body"
:
{
"request"
:
{
"userId"
:
"28b0d08f-c2ea-40d1-bcd0-8ae00fca66be"
,
"tncType"
:
"orgAdminTnc"
,
"version"
:
"4.7.0"
}
}
}
}
test_accept_terms_and_conditions_as_report_viewer
{
data
.
main
.
allow
.
allowed
with
data
.
common
.
current_time
as
current_time
...
...
@@ -57,6 +83,32 @@ test_accept_terms_and_conditions_as_report_viewer {
}
}
test_accept_terms_and_conditions_as_report_viewer_with_userid
{
data
.
main
.
allow
.
allowed
with
data
.
common
.
current_time
as
current_time
with
data
.
common
.
iss
as
iss
with
input
as
{
"attributes"
:
{
"request"
:
{
"http"
:
{
"headers"
:
{
"x-authenticated-user-token"
:
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiQk9PS19DUkVBVE9SIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPTlRFTlRfQ1JFQVRPUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJDT05URU5UX1JFVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPVVJTRV9NRU5UT1IiLCJzY29wZSI6W3sib3JnYW5pc2F0aW9uSWQiOiIwMTM2OTg3ODc5NzUwMzY5MjgxMCJ9XX0seyJyb2xlIjoiUFJPR1JBTV9ERVNJR05FUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJSRVBPUlRfVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6Ik9SR19BRE1JTiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn0seyJvcmdhbmlzYXRpb25JZCI6IjAxNDcxOTIzNTY3ODEyMzQ1Njc4In1dfSx7InJvbGUiOiJQVUJMSUMiLCJzY29wZSI6W119XSwiaXNzIjoiaHR0cHM6Ly9zdW5iaXJkZWQub3JnL2F1dGgvcmVhbG1zL3N1bmJpcmQiLCJuYW1lIjoiZGVtbyIsInR5cCI6IkJlYXJlciIsImV4cCI6MTY0MDIzNjEwMiwiaWF0IjoxNjQwMTQ5NzA1fQ.B3-TSdYSOlawPHjFdiRjXwvRbYQ_eH_HTiLKlH7vGS0rCOJ6HQbYyWOhZ7vbZPb3virkuyfhykFcYCEHBCkHY-fwGAeU58Pmhi0dnNJkR59Fa9y_75W98JXZW68HROp62ntEAKCA1oot_U4tYi-8UNoR17Gszj9iYzFEBc6TZA4Lrom_9gqhBOYzL0ISFWSS6oG94EaaKDYHyWzCSjU2nYRB_fn-tODmnVJ12GRJAc1oM9y54o8neNYsl4T_xPyD34v-CinUJM8jzDjFqK5_O3HnAbcmXvkZjFRgfk4mF1V4s5hlsTJGyhi2JOPh90C5N-HbAY8QsPBnzgYFQU_sww"
},
"path"
:
"/v1/user/tnc/accept"
}
}
},
"parsed_body"
:
{
"request"
:
{
"userId"
:
"28b0d08f-c2ea-40d1-bcd0-8ae00fca66be"
,
"tncType"
:
"reportViewerTnc"
,
"version"
:
"4.7.0"
}
}
}
}
test_accept_terms_and_conditions_as_public_user
{
data
.
main
.
allow
.
allowed
with
data
.
common
.
current_time
as
current_time
...
...
@@ -106,6 +158,57 @@ test_accept_terms_and_conditions_as_public_user_without_userid {
}
}
test_accept_terms_and_conditions_as_public_user_without_userid_other_tnc_types
{
data
.
main
.
allow
.
allowed
with
data
.
common
.
current_time
as
current_time
with
data
.
common
.
iss
as
iss
with
input
as
{
"attributes"
:
{
"request"
:
{
"http"
:
{
"headers"
:
{
"x-authenticated-user-token"
:
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiUFVCTElDIiwic2NvcGUiOltdfV0sImlzcyI6Imh0dHBzOi8vc3VuYmlyZGVkLm9yZy9hdXRoL3JlYWxtcy9zdW5iaXJkIiwibmFtZSI6ImRlbW8iLCJ0eXAiOiJCZWFyZXIiLCJleHAiOjE2NDAyMzYxMDIsImlhdCI6MTY0MDE0OTcwNX0.iyFqdJG_9xF07S94bkfVDiWHmDWAmhCEmapu37Mto78s5OkOJQy-agXFjtQtgV5rFudHiVRukNpKXqlJ8GhasmW7fSEPL-fDKMilMIi4JCZi7d19AkFeq8mX0rI31m3zjCv-TcMPPWWNM4udR7kSj-tUOB-vupGZ1iRAtQU2lqrUCl1A84UYDqnJTokz6RVlr_Z4lRCzFn__aGsDZXO8h7juM4mAepVMy3wVhmbKR2R5WF5xQIvVjzEveRYj8P26VUg73wo_RtyRI5mQjbxyBaIX287pWe3kCu1KKwYQkBlRLx9da39g9TKZWXxD5ArCYMC83EmEeFI0LJicYDTXFg"
},
"path"
:
"/v1/user/tnc/accept"
}
}
},
"parsed_body"
:
{
"request"
:
{
"version"
:
"v8"
,
"tncType"
:
"groupsTnc"
}
}
}
}
test_accept_terms_and_conditions_as_public_user_with_userid_other_tnc_types
{
data
.
main
.
allow
.
allowed
with
data
.
common
.
current_time
as
current_time
with
data
.
common
.
iss
as
iss
with
input
as
{
"attributes"
:
{
"request"
:
{
"http"
:
{
"headers"
:
{
"x-authenticated-user-token"
:
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiUFVCTElDIiwic2NvcGUiOltdfV0sImlzcyI6Imh0dHBzOi8vc3VuYmlyZGVkLm9yZy9hdXRoL3JlYWxtcy9zdW5iaXJkIiwibmFtZSI6ImRlbW8iLCJ0eXAiOiJCZWFyZXIiLCJleHAiOjE2NDAyMzYxMDIsImlhdCI6MTY0MDE0OTcwNX0.iyFqdJG_9xF07S94bkfVDiWHmDWAmhCEmapu37Mto78s5OkOJQy-agXFjtQtgV5rFudHiVRukNpKXqlJ8GhasmW7fSEPL-fDKMilMIi4JCZi7d19AkFeq8mX0rI31m3zjCv-TcMPPWWNM4udR7kSj-tUOB-vupGZ1iRAtQU2lqrUCl1A84UYDqnJTokz6RVlr_Z4lRCzFn__aGsDZXO8h7juM4mAepVMy3wVhmbKR2R5WF5xQIvVjzEveRYj8P26VUg73wo_RtyRI5mQjbxyBaIX287pWe3kCu1KKwYQkBlRLx9da39g9TKZWXxD5ArCYMC83EmEeFI0LJicYDTXFg"
},
"path"
:
"/v1/user/tnc/accept"
}
}
},
"parsed_body"
:
{
"request"
:
{
"userId"
:
"28b0d08f-c2ea-40d1-bcd0-8ae00fca66be"
,
"version"
:
"v8"
,
"tncType"
:
"groupsTnc"
}
}
}
}
test_update_user
{
data
.
main
.
allow
.
allowed
with
data
.
common
.
current_time
as
current_time
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
Menu
Explore
Projects
Groups
Topics
Snippets
