Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add Permissions.delete(*permissions) method #339

Merged
merged 17 commits into from
Dec 3, 2024

Conversation

schloerke
Copy link
Collaborator

@schloerke schloerke commented Nov 15, 2024

Fixes: #338
Related: https://github.com/rstudio/connect/issues/28826

Other changes

  • Permission.delete() deprecated for Permission.destroy()

@schloerke schloerke added enhancement New feature or request sdk Used for automation labels Nov 15, 2024
@schloerke schloerke self-assigned this Nov 15, 2024
Copy link

github-actions bot commented Nov 15, 2024

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines Covered Coverage Threshold Status
1770 1631 92% 0% 🟢

New Files

No new covered files...

Modified Files

File Coverage Status
src/posit/connect/permissions.py 97% 🟢
TOTAL 97% 🟢

updated for commit: 11e4730 by action🐍

@schloerke schloerke marked this pull request as ready for review November 15, 2024 21:04
@schloerke schloerke requested a review from tdstein as a code owner November 15, 2024 21:04
Copy link
Collaborator

@jonkeane jonkeane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this, a few comments for you.

Would you mind adding more detail (can be only in the comments of the PR) about why we need to deprecate delete and transition to destroy for this? I am not necessarily opposed, but from the code itself it doesn't seem to be required and it would be good to have a papertrail of why we did that.

Comment on lines 36 to 37
# aron, bill, cole, and me (and existing user)
assert self.client.users.count() == 3 + self.existing_users
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you say more about why 3 + self.existing_users is preferred to the hard code?

It feels a little off that this blends something from setup with a test here: if count() were to not work at all, that would make the setup always fail. And if we wanted to test that client.users.count(); client.users.create(); client.users.count() increments like we expect, that should be in a test block, right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the test file above (integration/tests/posit/connect/test_content_item_permissions.py), I want to use a couple users to test the permissions. So I added them there to have it be self contained. (We could move the users to an earlier location, but enforcing that the users exist for any subset of testing seemed like a big hassle.)

In slack, Aron stated that users can not be deleted from within Connect. So if another user is added in a different test, then the total number of users in this test will be larger than 4 (aron, bill, cole, and me).

It feels a little off that this blends something from setup with a test here

Agreed. But each of the other tests require the three user objects to already exist.

We could move the .create() test to another test class and retrieve the users in this class to avoid crossing setup / testing. Using a subset of tests won't work well if trying to just test this situation but that's ok.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In slack, Aron stated that users can not be deleted from within Connect. So if another user is added in a different test, then the total number of users in this test will be larger than 4 (aron, bill, cole, and me).

nods right right, that's true, but also true if we have 4 there or if we do 3 + self.existing_users, right? We would need to do 4 + self.existing_users or 5 + self.existing_users if we add more users. Or am I missing something?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this test we only add 3x users: aron, bill, and cole. So only if we add more users within this test will we need to change 3 to a new value.

src/posit/connect/_deprecated.py Outdated Show resolved Hide resolved
tests/posit/connect/api.py Show resolved Hide resolved
src/posit/connect/permissions.py Outdated Show resolved Hide resolved
src/posit/connect/permissions.py Outdated Show resolved Hide resolved
src/posit/connect/permissions.py Outdated Show resolved Hide resolved
src/posit/connect/permissions.py Show resolved Hide resolved
src/posit/connect/permissions.py Outdated Show resolved Hide resolved
@schloerke schloerke requested a review from jonkeane November 26, 2024 21:15
Copy link
Collaborator

@jonkeane jonkeane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for cleaning this up, I like where this is. A few minor comments, mostly style / docs.

src/posit/connect/permissions.py Outdated Show resolved Hide resolved
src/posit/connect/permissions.py Outdated Show resolved Hide resolved
Comment on lines +207 to +208
if isinstance(arg, str):
principal_guid = arg
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have other facilities for checking if a string is the right shape to be a GUID? That might be nice to check here since someone might try passing client.content.get(content_guid).permissions.destroy("my group name") or the like?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. We do not have the functionality.

I believe the thought process is to have the server return an error and we display the error.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nods that makes sense. What does the server return as the error in that case? Is it something we expect SDK authors to know how to recover from?

Doing something more than ^^^ is probably scope creep, but I am curious what the ergonomics would be

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we instead change the approach of this method to always submit the delete API calls to the server? (rather than only the permissions we know exist.)

Then the server will always display an error. And we wouldn't need to do any validation on our end.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AAAH right on line 223 it will silently be ignore if it's anything other than a matching GUID. HMMM I don't have a strong intuition which direction would be better here, pre-checking or always sending and failing. There certainly are complications with either.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we instead change the approach of this method to always submit the delete API calls to the server? (rather than only the permissions we know exist.)

For posterity, did you end up implementing this or does it still (silently) ignore non-GUIDs (or really anything that doesn't match a GUID already present if it's a string)?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It still silently ignores non existent permissions

src/posit/connect/permissions.py Outdated Show resolved Hide resolved
tests/posit/connect/test_permissions.py Outdated Show resolved Hide resolved
@schloerke schloerke merged commit fed8325 into main Dec 3, 2024
34 checks passed
@schloerke schloerke deleted the schloerke/338-revoke-content-item-permissions branch December 3, 2024 16:05
schloerke added a commit that referenced this pull request Dec 3, 2024
* main:
  feat: Add `Permissions.delete(*permissions)` method (#339)
  ci: Add in recent docker integration version (#347)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request sdk Used for automation
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add Revoking Access from Group
3 participants