Merge pull request #6493 from devtron-labs/approval-bypass-v1-oss

feat: Config Approval bypass v1 (for cm, cs and deployment template)

Author: prakash100198

Wire.go

@@ -152,6 +152,7 @@ import (
 	repository7 "github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs/repository"
 	"github.com/devtron-labs/devtron/pkg/notifier"
 	"github.com/devtron-labs/devtron/pkg/pipeline"
+	"github.com/devtron-labs/devtron/pkg/pipeline/draftAwareConfigService"
 	"github.com/devtron-labs/devtron/pkg/pipeline/executors"
 	history3 "github.com/devtron-labs/devtron/pkg/pipeline/history"
 	repository3 "github.com/devtron-labs/devtron/pkg/pipeline/history/repository"
@@ -531,6 +532,9 @@ func InitializeApp() (*App, error) {
 		chartConfig.NewConfigMapRepositoryImpl,
 		wire.Bind(new(chartConfig.ConfigMapRepository), new(*chartConfig.ConfigMapRepositoryImpl)),
 
+		draftAwareConfigService.NewDraftAwareResourceServiceImpl,
+		wire.Bind(new(draftAwareConfigService.DraftAwareConfigService), new(*draftAwareConfigService.DraftAwareConfigServiceImpl)),
+
 		config.WireSet,
 
 		infraConfig.WireSet,

api/restHandler/ConfigMapRestHandler.go

@@ -19,6 +19,7 @@ package restHandler
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/devtron-labs/devtron/pkg/pipeline/draftAwareConfigService"
 	"net/http"
 	"strconv"
 
@@ -63,31 +64,35 @@ type ConfigMapRestHandler interface {
 }
 
 type ConfigMapRestHandlerImpl struct {
-	pipelineBuilder    pipeline.PipelineBuilder
-	Logger             *zap.SugaredLogger
-	chartService       chart.ChartService
-	userAuthService    user.UserService
-	teamService        team.TeamService
-	enforcer           casbin.Enforcer
-	pipelineRepository pipelineConfig.PipelineRepository
-	enforcerUtil       rbac.EnforcerUtil
-	configMapService   pipeline.ConfigMapService
+	pipelineBuilder           pipeline.PipelineBuilder
+	Logger                    *zap.SugaredLogger
+	chartService              chart.ChartService
+	userAuthService           user.UserService
+	teamService               team.TeamService
+	enforcer                  casbin.Enforcer
+	pipelineRepository        pipelineConfig.PipelineRepository
+	enforcerUtil              rbac.EnforcerUtil
+	configMapService          pipeline.ConfigMapService
+	draftAwareResourceService draftAwareConfigService.DraftAwareConfigService
 }
 
 func NewConfigMapRestHandlerImpl(pipelineBuilder pipeline.PipelineBuilder, Logger *zap.SugaredLogger,
 	chartService chart.ChartService, userAuthService user.UserService, teamService team.TeamService,
 	enforcer casbin.Enforcer, pipelineRepository pipelineConfig.PipelineRepository,
-	enforcerUtil rbac.EnforcerUtil, configMapService pipeline.ConfigMapService) *ConfigMapRestHandlerImpl {
+	enforcerUtil rbac.EnforcerUtil, configMapService pipeline.ConfigMapService,
+	draftAwareResourceService draftAwareConfigService.DraftAwareConfigService,
+) *ConfigMapRestHandlerImpl {
 	return &ConfigMapRestHandlerImpl{
-		pipelineBuilder:    pipelineBuilder,
-		Logger:             Logger,
-		chartService:       chartService,
-		userAuthService:    userAuthService,
-		teamService:        teamService,
-		enforcer:           enforcer,
-		pipelineRepository: pipelineRepository,
-		enforcerUtil:       enforcerUtil,
-		configMapService:   configMapService,
+		pipelineBuilder:           pipelineBuilder,
+		Logger:                    Logger,
+		chartService:              chartService,
+		userAuthService:           userAuthService,
+		teamService:               teamService,
+		enforcer:                  enforcer,
+		pipelineRepository:        pipelineRepository,
+		enforcerUtil:              enforcerUtil,
+		configMapService:          configMapService,
+		draftAwareResourceService: draftAwareResourceService,
 	}
 }
 
@@ -118,8 +123,14 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalAddUpdate(w http.ResponseWriter,
 		return
 	}
 	//RBAC END
-
-	res, err := handler.configMapService.CMGlobalAddUpdate(&configMapRequest)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	res, err := handler.draftAwareResourceService.CMGlobalAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, CMGlobalAddUpdate", "err", err, "payload", configMapRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -162,8 +173,14 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentAddUpdate(w http.ResponseWr
 		}
 	}
 	//RBAC END
-
-	res, err := handler.configMapService.CMEnvironmentAddUpdate(&configMapRequest)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	res, err := handler.draftAwareResourceService.CMEnvironmentAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, CMEnvironmentAddUpdate", "err", err, "payload", configMapRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -359,8 +376,14 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalAddUpdate(w http.ResponseWriter,
 		return
 	}
 	//RBAC END
-
-	res, err := handler.configMapService.CSGlobalAddUpdate(&configMapRequest)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	res, err := handler.draftAwareResourceService.CSGlobalAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, CSGlobalAddUpdate", "err", err, "payload", configMapRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -404,8 +427,14 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentAddUpdate(w http.ResponseWr
 		}
 	}
 	//RBAC END
-
-	res, err := handler.configMapService.CSEnvironmentAddUpdate(&configMapRequest)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	res, err := handler.draftAwareResourceService.CSEnvironmentAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, CSEnvironmentAddUpdate", "err", err, "payload", configMapRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -517,8 +546,19 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalDelete(w http.ResponseWriter, r
 		return
 	}
 	//RBAC END
-
-	res, err := handler.configMapService.CMGlobalDelete(name, id, userId)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	deleteReq := &bean.ConfigDataRequest{
+		Id:     id,
+		AppId:  appId,
+		UserId: userId,
+	}
+	res, err := handler.draftAwareResourceService.CMGlobalDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, CMGlobalDelete", "err", err, "appId", appId, "id", id, "name", name)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -572,8 +612,19 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentDelete(w http.ResponseWrite
 		}
 	}
 	//RBAC END
-
-	res, err := handler.configMapService.CMEnvironmentDelete(name, id, userId)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	deleteReq := &bean.ConfigDataRequest{
+		Id:     id,
+		AppId:  appId,
+		UserId: userId,
+	}
+	res, err := handler.draftAwareResourceService.CMEnvironmentDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, CMEnvironmentDelete", "err", err, "appId", appId, "envId", envId, "id", id)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -613,8 +664,19 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalDelete(w http.ResponseWriter, r
 		return
 	}
 	//RBAC END
-
-	res, err := handler.configMapService.CSGlobalDelete(name, id, userId)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	deleteReq := &bean.ConfigDataRequest{
+		Id:     id,
+		AppId:  appId,
+		UserId: userId,
+	}
+	res, err := handler.draftAwareResourceService.CSGlobalDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, CSGlobalDelete", "err", err, "appId", appId, "id", id, "name", name)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -668,8 +730,19 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentDelete(w http.ResponseWrite
 		}
 	}
 	//RBAC END
-
-	res, err := handler.configMapService.CSEnvironmentDelete(name, id, userId)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	deleteReq := &bean.ConfigDataRequest{
+		Id:     id,
+		AppId:  appId,
+		UserId: userId,
+	}
+	res, err := handler.draftAwareResourceService.CSEnvironmentDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, CSEnvironmentDelete", "err", err, "appId", appId, "envId", envId, "id", id)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)

api/restHandler/app/pipeline/configure/DeploymentPipelineRestHandler.go

@@ -176,8 +176,14 @@ func (handler *PipelineConfigRestHandlerImpl) ConfigureDeploymentTemplateForApp(
 			}
 		}(ctx.Done(), cn.CloseNotify())
 	}
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
 
-	createResp, err := handler.chartService.Create(templateRequest, r.Context())
+	createResp, err := handler.draftAwareResourceService.Create(ctx, templateRequest, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, ConfigureDeploymentTemplateForApp", "err", err, "payload", templateRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -619,6 +625,7 @@ func (handler *PipelineConfigRestHandlerImpl) EnvConfigOverrideCreate(w http.Res
 	}
 	envConfigProperties.UserId = userId
 	envConfigProperties.EnvironmentId = environmentId
+	envConfigProperties.AppId = appId
 	handler.Logger.Infow("request payload, EnvConfigOverrideCreate", "payload", envConfigProperties)
 
 	resourceName := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
@@ -655,8 +662,13 @@ func (handler *PipelineConfigRestHandlerImpl) EnvConfigOverrideCreate(w http.Res
 			}
 		}(ctx.Done(), cn.CloseNotify())
 	}
-
-	createResp, err := handler.propertiesConfigService.CreateEnvironmentPropertiesAndBaseIfNeeded(ctx, appId, &envConfigProperties)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	createResp, err := handler.draftAwareResourceService.CreateEnvironmentPropertiesAndBaseIfNeeded(ctx, &envConfigProperties, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, CreateEnvironmentPropertiesAndBaseIfNeeded", "payload", envConfigProperties, "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -695,6 +707,7 @@ func (handler *PipelineConfigRestHandlerImpl) EnvConfigOverrideUpdate(w http.Res
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
 	}
+	envConfigProperties.AppId = envConfigOverride.Chart.AppId
 	appId := envConfigOverride.Chart.AppId
 	envId := envConfigOverride.TargetEnvironment
 	resourceName := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
@@ -720,8 +733,14 @@ func (handler *PipelineConfigRestHandlerImpl) EnvConfigOverrideUpdate(w http.Res
 		common.WriteJsonResp(w, err2, nil, http.StatusBadRequest)
 		return
 	}
-
-	createResp, err := handler.propertiesConfigService.UpdateEnvironmentProperties(appId, &envConfigProperties, userId)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	createResp, err := handler.draftAwareResourceService.UpdateEnvironmentProperties(ctx, &envConfigProperties, token, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, EnvConfigOverrideUpdate", "err", err, "payload", envConfigProperties)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -1317,9 +1336,15 @@ func (handler *PipelineConfigRestHandlerImpl) UpdateAppOverride(w http.ResponseW
 		common.WriteJsonResp(w, err2, nil, http.StatusBadRequest)
 		return
 	}
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
 
 	_, span = otel.Tracer("orchestrator").Start(ctx, "chartService.UpdateAppOverride")
-	createResp, err := handler.chartService.UpdateAppOverride(ctx, &templateRequest)
+	createResp, err := handler.draftAwareResourceService.UpdateAppOverride(ctx, &templateRequest, token, isSuperAdmin, userEmail)
 	span.End()
 	if err != nil {
 		handler.Logger.Errorw("service err, UpdateAppOverride", "err", err, "payload", templateRequest)
@@ -1459,7 +1484,20 @@ func (handler *PipelineConfigRestHandlerImpl) EnvConfigOverrideReset(w http.Resp
 		common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
 		return
 	}
-	isSuccess, err := handler.propertiesConfigService.ResetEnvironmentProperties(id, userId)
+	ctx := r.Context()
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
+	if err != nil {
+		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
+		return
+	}
+	envProperties := &pipelineBean.EnvironmentProperties{
+		Id:            id,
+		EnvironmentId: environmentId,
+		UserId:        userId,
+		AppId:         appId,
+	}
+	isSuccess, err := handler.draftAwareResourceService.ResetEnvironmentProperties(ctx, envProperties, isSuperAdmin, userEmail)
 	if err != nil {
 		handler.Logger.Errorw("service err, EnvConfigOverrideReset", "err", err, "appId", appId, "environmentId", environmentId)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)

api/restHandler/app/pipeline/configure/PipelineConfigRestHandler.go

@@ -31,6 +31,7 @@ import (
 	repository2 "github.com/devtron-labs/devtron/pkg/cluster/environment/repository"
 	"github.com/devtron-labs/devtron/pkg/deployment/manifest/deployedAppMetrics"
 	"github.com/devtron-labs/devtron/pkg/deployment/manifest/deploymentTemplate/chartRef"
+	"github.com/devtron-labs/devtron/pkg/pipeline/draftAwareConfigService"
 	validator2 "github.com/devtron-labs/devtron/pkg/deployment/manifest/deploymentTemplate/validator"
 	security2 "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning"
 	"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/read"
@@ -138,6 +139,7 @@ type PipelineConfigRestHandlerImpl struct {
 	teamReadService                     read3.TeamReadService
 	environmentRepository               repository2.EnvironmentRepository
 	chartReadService                    read5.ChartReadService
+	draftAwareResourceService           draftAwareConfigService.DraftAwareConfigService
 }
 
 func NewPipelineRestHandlerImpl(pipelineBuilder pipeline.PipelineBuilder, Logger *zap.SugaredLogger,
@@ -171,7 +173,9 @@ func NewPipelineRestHandlerImpl(pipelineBuilder pipeline.PipelineBuilder, Logger
 	gitProviderReadService gitProviderRead.GitProviderReadService,
 	teamReadService read3.TeamReadService,
 	EnvironmentRepository repository2.EnvironmentRepository,
-	chartReadService read5.ChartReadService) *PipelineConfigRestHandlerImpl {
+	chartReadService read5.ChartReadService,
+	draftAwareResourceService draftAwareConfigService.DraftAwareConfigService,
+) *PipelineConfigRestHandlerImpl {
 	envConfig := &PipelineRestHandlerEnvConfig{}
 	err := env.Parse(envConfig)
 	if err != nil {
@@ -213,6 +217,7 @@ func NewPipelineRestHandlerImpl(pipelineBuilder pipeline.PipelineBuilder, Logger
 		teamReadService:                     teamReadService,
 		environmentRepository:               EnvironmentRepository,
 		chartReadService:                    chartReadService,
+		draftAwareResourceService:           draftAwareResourceService,
 	}
 }
 

pkg/pipeline/bean/ConfigMapBean.go

@@ -147,6 +147,14 @@ func (r ResourceType) ToString() string {
 	return string(r)
 }
 
+func (r ResourceType) IsCS() bool {
+	return r == CS
+}
+
+func (r ResourceType) IsCM() bool {
+	return r == CM
+}
+
 type ResolvedCmCsRequest struct {
 	Scope resourceQualifiers.Scope
 	AppId int