RHCLOUD-36017 Custom roles cannot be created or updated using existin… #1286
Conversation
…g display_name for any system roles
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
I wonder if we should prefix all custom roles names automatically? Or try to differentiate them some different way? (an icon in the gui? or some "role type" column that designates a role as system or custom?) Checking for system role names when a custom role is created doesn't necessarily prevent collisions from happening – for example a customer could name a role "Workspace Auditor" and then we later create a system role with the same name. Maybe that's fine and we're okay with that? But at least for V2 Roles and GUI, I wonder if we should think about this differently? Curious what you think @coderbydesign ? |
|
I suggest we take a step back and discuss what is expected here ... our goal is to prevent the creation of a new role with the same name as an existing custom role within the same tenant or system role ... however it should be still possible to create custom role with same name if this role belongs to different tenant .. we also need to consider the role’s name and display_name fields and how these may affect our approach ensuring we are handling both fields correctly |
…ystem role or another custom role for a tenant return error
…th the same display_name
…g display_name for any system roles
Link(s) to Jira
https://issues.redhat.com/browse/RHCLOUD-36017
Description of Intent of Change(s)
When trying to create or update a role through the API you cannot use the same 'display_name' or 'name' as any system role or custom role that exists for the tenant already.
Local Testing
How can the feature be exercised?
How can the bug be exploited and fix confirmed?
Is any special local setup required?
Checklist
Secure Coding Practices Checklist Link
Secure Coding Practices Checklist