IAM User: add custom_props field for admin usage

[gmelikov]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @gmelikov, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the platform by introducing a flexible mechanism for storing custom administrative data within IAM user profiles, improving extensibility. Concurrently, it extends the Load Balancer service with support for configuring proxy protocol sources on virtual hosts and provides comprehensive documentation for its API, making it more robust and user-friendly.

Highlights

• IAM User Custom Properties: A new custom_props field has been added to the IAM User model, allowing for flexible storage of administrative-specific JSONB data to extend user profiles.
• API Permissions for Custom Properties: Permissions for the custom_props field are now explicitly defined within the UserController, controlling read, filter, create, update, and delete operations through specific IAM rules.
• Load Balancer Vhost Proxy Protocol Support: The Load Balancer Vhost model now includes a proxy_protocol_from field, enabling the configuration of proxy protocol sources for TCP-based protocols.
• New Load Balancer API Documentation: Comprehensive documentation for the Load Balancer as a Service API has been added, detailing its core components, API structure, validation rules, and providing example manifests.
• Database Migrations: Two new database migrations have been introduced to add the custom_props JSONB column to the iam_users table and the proxy_protocol_from column to the net_lb_vhosts table.

Changelog

• docs/network/load_balancer.md
  • Added comprehensive documentation for the Load Balancer as a Service API, including components, API structure, validation, and examples.
• genesis_core/network/lb/dm/models.py
  • Included the new proxy_protocol_from field in the Vhost model's simple view for API responses.
• genesis_core/user_api/iam/api/controllers.py
  • Refactored UserController to utilize FieldsIamPermissions for managing field visibility and permissions.
  • Defined specific IAM rules for custom_props field access across various API operations (GET, FILTER, CREATE, UPDATE, DELETE).
• genesis_core/user_api/iam/dm/models.py
  • Introduced IamUserCustomProps class to define the structure for custom user properties.
  • Added a custom_props field to the User model, allowing it to store structured custom data.
• genesis_core/user_api/network/dm/models.py
  • Added proxy_protocol_from property to the Vhost model to specify allowed proxy protocol sources.
  • Implemented validation to prevent proxy_protocol_from from being used with UDP protocols.
• migrations/0049-lb-add-proxy-protocol-from-ef8f58.py
  • Created a new migration to add the proxy_protocol_from column (VARCHAR(18)) to the net_lb_vhosts table.
• migrations/0050-iam-user-custom-props-bc80b5.py
  • Created a new migration to add the custom_props JSONB column to the iam_users table, with a default of NULL.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request contains a medium-severity information leak where the custom_props field is exposed via the /me endpoint. There are also typos in the load balancer documentation and an issue with camelCase property names in models.py that violate PEP 8. Additionally, a critical database migration issue was found where the proxy_protocol_from column size is insufficient for IPv6 CIDRs, which could lead to data truncation.