Skip to content

feat: RBAC using rover group#47

Merged
flacatus merged 1 commit into
konflux-ci:mainfrom
msu8:rbac_clean
Mar 4, 2026
Merged

feat: RBAC using rover group#47
flacatus merged 1 commit into
konflux-ci:mainfrom
msu8:rbac_clean

Conversation

@msu8

@msu8 msu8 commented Feb 17, 2026

Copy link
Copy Markdown
Contributor
  • Add mcp-admin and mcp-viewer role, limiting execute_query for the latter one
  • Assign admin role based on devlakemcpadmin rover group
  • Search LDAP directory based on username from token for the devlakemcpadmin rover group

@snyk-io

snyk-io Bot commented Feb 17, 2026

Copy link
Copy Markdown
Contributor

Snyk checks have failed. 1 issues have been found so far.

Status Scanner Critical High Medium Low Total (1)
Open Source Security 0 1 0 0 1 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@codecov-commenter

codecov-commenter commented Feb 17, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 25.00000% with 129 lines in your changes missing coverage. Please review.
✅ Project coverage is 50.41%. Comparing base (bef5536) to head (9c456ae).
⚠️ Report is 46 commits behind head on main.

Files with missing lines Patch % Lines
utils/ldap_service.py 29.41% 48 Missing ⚠️
utils/rbac.py 22.41% 45 Missing ⚠️
server/handlers/tool_handler.py 26.66% 22 Missing ⚠️
server/core/mcp_server.py 11.11% 8 Missing ⚠️
server/middleware/auth_middleware.py 14.28% 6 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main      #47      +/-   ##
==========================================
+ Coverage   47.54%   50.41%   +2.87%     
==========================================
  Files          27       40      +13     
  Lines        1424     3003    +1579     
  Branches      178      408     +230     
==========================================
+ Hits          677     1514     +837     
- Misses        724     1428     +704     
- Partials       23       61      +38     
Flag Coverage Δ
unit-tests 50.41% <25.00%> (+2.87%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

- Add mcp-admin and mcp-viewer role, limiting execute_query for the latter one
- Assign admin role based on devlakemcpadmin rover group
- Search LDAP directory based on username from token for the devlakemcpadmin rover group
@msu8

msu8 commented Feb 23, 2026

Copy link
Copy Markdown
Contributor Author

@flacatus I got access to the Snyk and there was a vulnerability in an old version of pyasn1

Introduced through
pyasn1@0.5.1
Fixed in
pyasn1@0.6.2

I explicitly wrote the version and it's still throwing out the alert, even though it supposedly re-run. It makes no sense, I think we can just ignore it.

@flacatus

flacatus commented Mar 3, 2026

Copy link
Copy Markdown
Member

/ok-to-test

@flacatus flacatus merged commit de791a7 into konflux-ci:main Mar 4, 2026
9 of 10 checks passed
msu8 added a commit to msu8/infra-common-deployments that referenced this pull request Mar 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants