Skip to content

Draft: Partition ddp change

harshit aggarwal requested to merge partition-ddp-change into azure/m16-master

Modified the partition-service core-package to configure permission check for CRUD operations explicitly. A new overridden method is added for implementation to fulfill the requirements. The default flow for non-azure implementations remains the same logic wise.

There is a new configuration variable {enable.crud.based.authorization} added to enable the check before accepting any rest API call within preauthorize annotation.

If the above flag is enabled by ISP, the Create/Patch/Delete calls will be forbidden on security-token generated using all the non-customer apps. Only the tokens with customer appid's are allowed to perform CRUD operations.

Testing for partition changes

Before Changes:

Using non MSI token: GET allowed: image.png LIST allowed: image.png CREATE allowed: image.png DELETE allowed: image.png PATCH allowed: image.png

After Changes:

  1. For Non MSI Token:

GET allowed: image.png LIST allowed: image.png CREATE not allowed: image.png PATCH not allowed: image.png DELETE not allowed image.png

  1. For MSI Token:

GET allowed. image.png CREATE allowed. image.png LIST allowed. image.png DELETE allowed. image.png PATCH allowed. image.png

Integration Tests:image.png

Edited by Himanshu Kumrawat

Merge request reports