Skip to content

Custom policy warning #4379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Custom policy warning #4379

wants to merge 3 commits into from
+27 −11

Conversation

drernie
Copy link
Member

@drernie drernie commented Apr 11, 2025

Description

Warn users when adding a custom policy.
Point to (new) docs about ManagedUserRoleExtraPolicies

TODO

  • [ X] Documentation
  • Changelog entry (skip if change is not significant to end users, e.g. docs only)

@drernie drernie requested a review from sir-sigurd April 11, 2025 22:54
greptile-apps[bot]
greptile-apps bot reviewed Apr 11, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

This PR adds a warning message when users create custom policies and enhances documentation for the ManagedUserRoleExtraPolicies parameter.

  • Added a warning in catalog/app/containers/Admin/UsersAndRoles/Policies.tsx that informs users they need to add custom policy ARNs to ManagedUserRoleExtraPolicies
  • Added a documentation link to the technical reference within the warning message
  • Created a dedicated section in docs/technical-reference.md for ManagedUserRoleExtraPolicies parameter
  • Moved existing reference to this parameter from SSE-KMS section to its own section for better visibility

2 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings | Greptile

@codecov Codecov
Copy link

codecov bot commented Apr 11, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.47%. Comparing base (7dbcbbe) to head (6eb5260).

Additional details and impacted files 
@@             Coverage Diff             @@
##           master    #4379       +/-   ##
===========================================
+ Coverage   38.68%   91.47%   +52.78%     
===========================================
  Files         795      108      -687     
  Lines       35186    10007    -25179     
  Branches     5377        0     -5377     
===========================================
- Hits        13613     9154     -4459     
+ Misses      21027      853    -20174     
+ Partials      546        0      -546
Flag Coverage Δ
api-python 91.41% <ø> (ø)
catalog ?
lambda 91.62% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

sir-sigurd
sir-sigurd reviewed Apr 14, 2025
View reviewed changes
Copy link
Member

@sir-sigurd sir-sigurd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mostly LGTM
needs approval from frontend guys

docs/technical-reference.md Outdated
@@ -550,6 +550,19 @@ Note the comma after the object. Your trust relationship should now look somethi

You can now configure a Quilt Role with this role (using the Catalog's admin panel, or `quilt3.admin.create_role`).

### ManagedUserRoleExtraPolicies

The `ManagedUserRoleExtraPolicies` parameter allows you to add additional IAM policies to the managed user role. This is useful for granting additional permissions to users in your Quilt instance, which otherwise would be blocked by the permission boundary.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO it's not quite clear that you need both to modify ManagedUserRoleExtraPolicies and add policy in Quilt Admin

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This applies to more than just User Policies (see KMS below). I will add clarifying text, though.

@drernie drernie requested review from nl0 and fiskus April 15, 2025 00:09
@drernie
Copy link
Member Author

drernie commented Apr 15, 2025

@nl0 @fiskus Can one of you review and approve?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sir-sigurd sir-sigurd sir-sigurd left review comments

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@nl0 nl0 Awaiting requested review from nl0

@fiskus fiskus Awaiting requested review from fiskus

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@drernie @sir-sigurd