feat: GitOps platform-user management (bootstrap superuser SA + reconcile CLI)#1720
Conversation
…cile CLI + hardening)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Coverage Report for CI Build 28517939074Warning No base build found for commit Coverage: 44.629%Details
Uncovered Changes
Coverage RegressionsRequires a base build to compare against. How to fix this → Coverage Stats
💛 - Coveralls |
There was a problem hiding this comment.
Actionable comments posted: 7
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: ff2769d7-96b1-4439-9af0-8d1c887c9807
📒 Files selected for processing (20)
cmd/reconcile.gocmd/root.gocmd/serve.goconfig/sample.config.yamlinternal/api/v1beta1connect/platform.gointernal/api/v1beta1connect/platform_test.gointernal/api/v1beta1connect/serviceuser.gointernal/api/v1beta1connect/serviceuser_test.gointernal/bootstrap/bootstrapuser.gointernal/bootstrap/bootstrapuser_test.gointernal/bootstrap/schema/schema.gointernal/bootstrap/service.gointernal/reconcile/platformuser.gointernal/reconcile/platformuser_reconciler.gointernal/reconcile/platformuser_reconciler_test.gointernal/reconcile/platformuser_test.gointernal/reconcile/reconcile.gointernal/store/postgres/serviceuser_repository.gotest/e2e/testbench/helper.gotest/e2e/testbench/testbench.go
…eject partial config, guard sentinel ref, add-before-remove, testbench cleanup)
…a Op.principalIDs
…log the reason instead of leaking it
…ion' (relation != RBAC role)
whoAbhishekSah
left a comment
There was a problem hiding this comment.
Three small notes, none blocking.
whoAbhishekSah
left a comment
There was a problem hiding this comment.
Added some comments. Approving.
…econcile applied count, tidy config + comment
…into feat/gitops-platform-users
…into feat/gitops-platform-users
What
This PR moves platform-superuser management to a file-based (GitOps) flow. Config seeds one protected bootstrap service account instead of a list of human superusers. From then on, you manage access by editing a file and running the new
frontier reconcilecommand. This is the second of a 2-PR split of #1709, and it builds on #1719.Changes
app.admin.bootstrap.{client_id, client_secret}) — created and promoted to superuser at boot, with a fixed id. You rotate the secret by changing the config.client_idmust be a UUID.frontier reconcilecommand — reads a file that lists who should have access and makes the platform match it. Anyone listed is added; anyone not listed is removed. It lives ininternal/reconcileand can support more kinds later; PlatformUser is the first.app.admin.usersandMakeSuperUsers.org_namecan now be null, so the platform service account (which has no org) can be stored.Testing
Unit tests pass (
-race -count 2). Vet, lint, and format are clean. Full e2e tests pass (the test bench seeds data using the bootstrap service account). I also ran a live security check: no one can remove or delete the service account, or create credentials for it, even when the per-object permission check is made to pass.Related