Skip to content

feat(query): Create queries for recursive requests of global app token grants #6244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Dec 2, 2025
Merged

feat(query): Create queries for recursive requests of global app token grants #6244

merged 3 commits into from
Dec 2, 2025

Conversation

@dkanney
Copy link
Collaborator

@dkanney dkanney commented Nov 12, 2025
edited
Loading

  • ICU-17909
  • ICU-17910
  • ICU-17916

Description

Retrieves grants for App Tokens that live in the Global scope. Queries will be selected based on the scope(s) the requested Resources can live at:

  • Resources that can live in any scope (e.g. Groups)
  • Resources that can only live in either Global or an Org scope (e.g. Policies, Storage Buckets)
  • Resources that can only live in a Project scope (e.g. Hosts, Targets)

Since these queries correspond to recursive requests, there is no request_scope to query on.

PCI review checklist

  • I have documented a clear reason for, and description of, the change I am making.
  • If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
  • If applicable, I've documented the impact of any changes to security controls.
    Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

@dkanney dkanney self-assigned this Nov 12, 2025
@dkanney dkanney force-pushed the dkanney-recursive-global-token-global-org-project-resource branch from 82c164d to 45c6037 Compare November 12, 2025 21:51
@dkanney dkanney changed the title feat(query): create query for global app token grants feat(query): Create queries for recursive requests of global app token grants Nov 12, 2025
@dkanney dkanney force-pushed the dkanney-recursive-global-token-global-org-project-resource branch from 234cc21 to 04ae7da Compare November 13, 2025 20:49
@dkanney dkanney marked this pull request as ready for review November 24, 2025 19:50
@dkanney dkanney requested a review from a team as a code owner November 24, 2025 19:50
@dkanney dkanney changed the base branch from mikemountain-sql-schema-and-pgtap to llb-app-token November 24, 2025 19:53
@dkanney dkanney changed the base branch from llb-app-token to mikemountain-sql-schema-and-pgtap-tests November 24, 2025 19:56
@dkanney dkanney force-pushed the dkanney-recursive-global-token-global-org-project-resource branch 2 times, most recently from 77c70f1 to 0d80655 Compare November 26, 2025 16:56
mikemountain
mikemountain requested changes Nov 27, 2025
View reviewed changes
Copy link
Collaborator

@mikemountain mikemountain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we get this moved to an apptoken level, instead of iam? thanks!

@dkanney dkanney force-pushed the dkanney-recursive-global-token-global-org-project-resource branch from 0d80655 to d487d7a Compare November 28, 2025 14:56
@dkanney dkanney requested a review from mikemountain November 28, 2025 14:56
@dkanney dkanney changed the base branch from mikemountain-sql-schema-and-pgtap-tests to llb-app-token November 28, 2025 14:56
@dkanney dkanney force-pushed the dkanney-recursive-global-token-global-org-project-resource branch from d487d7a to 155d0af Compare November 28, 2025 15:06
@dkanney dkanney merged commit ed0340b into llb-app-token Dec 2, 2025
53 of 57 checks passed
@dkanney dkanney deleted the dkanney-recursive-global-token-global-org-project-resource branch December 2, 2025 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mikemountain mikemountain mikemountain approved these changes

@bosorawis bosorawis Awaiting requested review from bosorawis

@AprilMay0 AprilMay0 Awaiting requested review from AprilMay0

Assignees

@dkanney dkanney

Labels

core/db core/iam core/sql core

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dkanney @mikemountain