Skip to content

feat: dynamic role for operations #252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
someshkoli wants to merge 12 commits into
base: main
Choose a base branch
from
Draft

feat: dynamic role for operations #252

someshkoli wants to merge 12 commits into from

Conversation

@someshkoli
Copy link
Contributor

@someshkoli someshkoli commented Feb 2, 2026
edited
Loading

  • feat: temporary dynamic role selection

  • feat: add role selector to component sandbox and actions workflow on runtimne

  • feat: add ability to pass in role via api and store them into respective run tables

  • add azure credentials to composite plan auth

  • make sure break glass workflow works

ALPHAvibe
ALPHAvibe reviewed Feb 2, 2026
View reviewed changes
pkg/config/sync/components_docker_build.go Outdated

configRequest.EnvVars = obj.EnvVarMap

// Add operation roles if present
Copy link
Contributor

@ALPHAvibe ALPHAvibe Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

theres ton of these unnecessary comments, can we clean these out?

Copy link
Contributor Author

@someshkoli someshkoli Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yepp, left them in for later will clean before merge, mostly claude, got lot of labour work done with it

ALPHAvibe
ALPHAvibe reviewed Feb 2, 2026
View reviewed changes
pkg/plans/types/composite_plan.go Outdated
FetchImageMetadataPlan *FetchImageMetadataPlan `json:"fetch_image_metadata_plan,omitempty"`
SandboxRunPlan *SandboxRunPlan `json:"sandbox_run_plan,omitempty"`

// Auth for cloud providera
Copy link
Contributor

@ALPHAvibe ALPHAvibe Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo

ALPHAvibe
ALPHAvibe reviewed Feb 2, 2026
View reviewed changes
services/ctl-api/internal/app/apps/service/create_app_operation_role_config.go Outdated
)

type OperationRoleRuleRequest struct {
Principal string `json:"principal" validate:"required"` // "nuon::component:name", "nuon::sandbox", "nuon::action:name"
Copy link
Contributor

@ALPHAvibe ALPHAvibe Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what up with these comments? are they needed? we wouldn't want to keep these up to date to different versions.

also, we probably can solve for that making operation and principal typed so the type describes the options.

jonmorehouse
jonmorehouse reviewed Feb 2, 2026
View reviewed changes
services/ctl-api/internal/pkg/operation-roles/selector.go

type EntityOperationRoleMap map[app.OperationType]string

func EntityOperationRoleMapFromHstore(hstore map[string]*string) EntityOperationRoleMap {
Copy link
Contributor

@jonmorehouse jonmorehouse Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recommend using our pkg/db/generics and just working with map[string]string here

@jonmorehouse jonmorehouse marked this pull request as draft February 3, 2026 19:59
@github-actions
Copy link

github-actions bot commented Feb 4, 2026

This PR was marked as stale, and will be closed after 3 more days. Add the #keep-open label to prevent this from being closed.

@github-actions github-actions bot added the stale label Feb 4, 2026
@someshkoli someshkoli force-pushed the sk/ft-dynamic-operation-roles branch from f3f25a0 to 711b7b7 Compare February 6, 2026 11:31
@github-actions github-actions bot removed the stale label Feb 6, 2026
@github-actions
Copy link

github-actions bot commented Feb 6, 2026

This PR was marked as stale, and will be closed after 3 more days. Add the #keep-open label to prevent this from being closed.

@github-actions github-actions bot added the stale label Feb 6, 2026
@someshkoli
feat: temporary dynamic role selection
2a284ea
@someshkoli
feat: add role selector to component sandbox and actions workflow on …
dd67b82 
…runtimne
@someshkoli
feat: add ability to pass in role via api and store them into respect…
b9c1f7b 
…ive run tables
@someshkoli
feat: add roles to pending api endpoints and workflows to be passed i…
8748f69 
…nto signals
@someshkoli
fix: review fixes
3a35d67 
- removes unwanted comments
- fixes missing entity role assignment for composite plans
@someshkoli
fix: remove unwanted log param
52412c9
@someshkoli
fix: use composite plan auth for terraform, sandbox and actions run
928f21c
@someshkoli
fix: temporary commit
a2c4c95
@someshkoli
tests: add tests for getroleforactoins
8e5c12e
@someshkoli
fix: runner actions run now use composite plan auth
7e72a71
@someshkoli
fix: component config creation apis
4f8347f
@someshkoli
fix: composite plan endpoint call
213229b
@someshkoli someshkoli force-pushed the sk/ft-dynamic-operation-roles branch from 711b7b7 to 213229b Compare February 8, 2026 16:22
@github-actions github-actions bot removed the stale label Feb 8, 2026
@github-actions
Copy link

github-actions bot commented Feb 8, 2026

This PR was marked as stale, and will be closed after 3 more days. Add the #keep-open label to prevent this from being closed.

@github-actions github-actions bot added the stale label Feb 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonmorehouse jonmorehouse jonmorehouse left review comments

@ALPHAvibe ALPHAvibe ALPHAvibe left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

api auto-update canary docs integration stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@someshkoli @jonmorehouse @ALPHAvibe