-
Notifications
You must be signed in to change notification settings - Fork 1.3k
decouple gp env from theia #3569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
8a02196
to
ade6376
Compare
fa9cace
to
16a56e0
Compare
@@ -176,11 +218,14 @@ export namespace ScopedResourceGuard { | |||
|
|||
export const SNAPSHOT_WORKSPACE_SUBJECT_ID_PREFIX = 'ws-' | |||
|
|||
export interface ResourceScope { | |||
kind: GuardedResourceKind; | |||
export interface ResourceScope<K extends GuardedResourceKind = GuardedResourceKind> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❤️
const envvar: UserEnvVar = { | ||
...variable, | ||
id: variable.id || uuidv4(), | ||
userId: user.id, | ||
}; | ||
await this.guardAccess({ kind: 'envVar', subject: envvar }, typeof variable.id === 'string' ? 'update' : 'create'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see below
await this.userDB.setEnvVar(envvar); | ||
} | ||
|
||
async deleteEnvVar(variable: UserEnvVarValue): Promise<void> { | ||
// Note: this operation is per-user only, hence needs no resource guard | ||
const user = this.checkUser("deleteEnvVar"); | ||
|
||
if (!variable.id && variable.name && variable.repositoryPattern) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be the same/a similar check as above. Would it make sense to extract those into one method isUpdate
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer to keep code like that, since I'm not sure about client expectation when id
is provided for delete.
Ideally I would remove id
completely and use (name, repositoryPattern)
as a primary key.
/werft run 👍 started the job as gitpod-build-akosyakov-gp-support-gp-env-by-3162.22 will test now... |
Tested, and works as advertised. Not approving yet due to the ongoing discussions above. ☝️ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
16a56e0
to
09b2dcd
Compare
@@ -35,6 +36,13 @@ var gitTokenValidator = &cobra.Command{ | |||
Args: cobra.ExactArgs(0), | |||
Hidden: true, | |||
Run: func(cmd *cobra.Command, args []string) { | |||
log.SetOutput(io.Discard) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JanKoehnlein Does it make sense to you? Otherwise I am not sure where everything get logged?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it makes sense. I am just not sure whether we should use another file. The credential helper could still have the same file open for appending, as it starts the token validator in background and then releases the file on exit. Anyway, this shouldn't be a problem on Linux.
/werft run 👍 started the job as gitpod-build-akosyakov-gp-support-gp-env-by-3162.24 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In VS Code
$ gp env BAR=BAR
cannot set BAR: jsonrpc2: code 403 message: operation not permitted: missing create permission on envVar
09b2dcd
to
3089e19
Compare
When I try to unset a variable with a wildcard scope using cannot unset foo: jsonrpc2: code 404 message: Missing ID field Apart from that it works fin now, in Theia and VS Code. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
3089e19
to
3ba02c2
Compare
3ba02c2
to
2adaa06
Compare
/werft run 👍 started the job as gitpod-build-akosyakov-gp-support-gp-env-by-3162.29 |
What it does
gp env
by talking to server directly #3162: decouple gp env from theiaHow to test