Add RBAC APIs #3083
Add RBAC APIs #3083
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR ports RBAC (Role-Based Access Control) APIs from tentative implementations to the main AuthAdmin and DecoratedDistributedTransactionAdmin classes.
Key changes:
- Adds role management APIs (create, drop, get roles)
- Adds role-to-user and role-to-role assignment operations with admin options
- Adds privilege management APIs for roles at namespace and table levels
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
core/src/main/java/com/scalar/db/api/AuthAdmin.java |
Defines new RBAC API methods with comprehensive documentation and introduces supporting interfaces (Role, RoleDetail, UserRole, RoleHierarchy) |
core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java |
Implements delegation of all new RBAC methods to the underlying distributedTransactionAdmin instance |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Summary of ChangesHello @komamitsu, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a comprehensive set of APIs for Role-Based Access Control (RBAC). This enhancement allows for the creation and management of roles, assigning roles to users, defining role hierarchies, and granting or revoking privileges based on roles at both namespace and table levels, providing a more granular and flexible access control mechanism. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
/gemini review |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a set of new APIs for Role-Based Access Control (RBAC) by extending the AuthAdmin interface with new default methods and interfaces. It also adds the corresponding decorator implementations in DecoratedDistributedTransactionAdmin. The changes are well-structured. My review includes a few suggestions to improve the clarity and documentation of the new APIs, such as renaming a parameter for better consistency, clarifying the purpose of a parameter in a method's Javadoc, and adding a missing Javadoc for a new interface. These changes will help make the new RBAC APIs more intuitive and easier to use.
There was a problem hiding this comment.
Code Review
This PR introduces new RBAC APIs to AuthAdmin and DecoratedDistributedAdmin. The changes involve adding default methods to the AuthAdmin interface for role management and privilege granting/revoking, and implementing these methods in DecoratedDistributedAdmin by delegating to the underlying distributedTransactionAdmin. The review focuses on the correctness of the new APIs and their implementation.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
and rename `memberRole` to `memberRoleName`
and return it from getRolesForUser()
…labs/scalardb into add-auth-role-to-admin-interface
|
This PR will be ready once https://github.com/scalar-labs/scalardb-cluster/pull/1379 is merged |
brfrn169
left a comment
brfrn169
left a comment
There was a problem hiding this comment.
Left a comment. Other than that, LGTM! Thank you!
Co-authored-by: Toshihiro Suzuki <[email protected]>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Toshihiro Suzuki <[email protected]> Co-authored-by: Hiroyuki Yamada <[email protected]>
4 participants
Description
This PR adds APIs for the roll based access control feature.
Related issues and/or PRs
https://github.com/scalar-labs/scalardb-cluster/pull/1342
Changes made
TentativeAuthAdminandTentativeDecoratedDistributedAdminfromscalardb-clusterproject toAuthAdminandDecoratedDistributedAdmin, respectivelyChecklist
Additional notes (optional)
None
Release notes
N/A