Skip to content

Commit e9ffc88

Browse files
janmatzekjanmatzek
committed
chore(gooddata-pipelines): prevent modification of admin user
1 parent 651c825 commit e9ffc88

File tree

2 files changed

+14
-30
lines changed
  • packages/gooddata-pipelines

2 files changed

+14
-30
lines changed

packages/gooddata-pipelines/TODO.md

Lines changed: 0 additions & 19 deletions
This file was deleted.

packages/gooddata-pipelines/src/gooddata_pipelines/provisioning/entities/users/users.py

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ class UserProvisioner(Provisioning[UserFullLoad, UserIncrementalLoad]):
3131
source_group_incremental: list[UserIncrementalLoad]
3232
source_group_full: list[UserFullLoad]
3333

34-
current_user_id: str
34+
protected_users: list[str]
3535

3636
FULL_LOAD_TYPE: type[UserFullLoad] = UserFullLoad
3737
INCREMENTAL_LOAD_TYPE: type[UserIncrementalLoad] = UserIncrementalLoad
@@ -40,6 +40,9 @@ def __init__(self, host: str, token: str) -> None:
4040
super().__init__(host, token)
4141
self.upstream_user_cache: dict[UserId, UserModel] = {}
4242

43+
# Protect the technical user modification
44+
self.protected_users = ["admin"]
45+
4346
def _get_current_user_id(self) -> str:
4447
"""Gets the current user ID."""
4548

@@ -116,10 +119,10 @@ def _create_or_update_user(
116119
117120
"""
118121

119-
if user.user_id == self.current_user_id:
122+
if user.user_id in self.protected_users:
120123
self.logger.warning(
121-
f"Skipping creation/update of current user: {user.user_id}. "
122-
+ "Current user should not be modified.",
124+
f"Skipping creation/update of protected user: {user.user_id}. "
125+
+ "Protected users should not be modified.",
123126
)
124127
return
125128

@@ -142,10 +145,10 @@ def _create_or_update_user(
142145

143146
def _delete_user(self, user_id: str) -> None:
144147
"""Deletes user from the project."""
145-
if user_id == self.current_user_id:
148+
if user_id in self.protected_users:
146149
self.logger.warning(
147-
f"Skipping deletion of current user: {user_id}."
148-
+ " Current user should not be deleted.",
150+
f"Skipping deletion of protected user: {user_id}."
151+
+ " Protected users should not be deleted.",
149152
)
150153
return
151154

@@ -166,8 +169,8 @@ def _manage_user(self, user: UserIncrementalLoad) -> None:
166169

167170
def _provision_incremental_load(self) -> None:
168171
"""Runs the incremental provisioning logic."""
169-
# Set the current user ID
170-
self.current_user_id = self._get_current_user_id()
172+
# Set protected users
173+
self.protected_users.append(self._get_current_user_id())
171174

172175
for user in self.source_group_incremental:
173176
# Attempt to process each user. On failure, log the error and continue
@@ -181,8 +184,8 @@ def _provision_incremental_load(self) -> None:
181184
def _provision_full_load(self) -> None:
182185
"""Runs the full load provisioning logic."""
183186

184-
# Set the current user ID
185-
self.current_user_id = self._get_current_user_id()
187+
# Set protected users
188+
self.protected_users.append(self._get_current_user_id())
186189

187190
# Get all upstream users
188191
catalog_upstream_users: list[CatalogUser] = self._api.list_users()

0 commit comments

Comments
 (0)