Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alerting: fix bug where user is able to access rules from namespaces user is not part of #41403

Merged
merged 11 commits into from
Nov 8, 2021
Merged

Alerting: fix bug where user is able to access rules from namespaces user is not part of #41403

merged 11 commits into from
Nov 8, 2021

Conversation

gotjosh
Copy link
Contributor

@gotjosh gotjosh commented Nov 8, 2021
edited by armandgrillet
Loading

What this PR does / why we need it:

This PR fixes a bug where a user is able to access rules from namespaces that the user is not part of.

@gotjosh gotjosh requested review from a team as code owners November 8, 2021 11:20
@gotjosh gotjosh requested review from davidmparrott, santihernandezc, grobinson-grafana, kminehart and dsotirakis and removed request for a team November 8, 2021 11:20
@gotjosh gotjosh marked this pull request as draft November 8, 2021 11:21
@armandgrillet armandgrillet added the old backport v8.2.x Mark PR for automatic backport to v8.2.x label Nov 8, 2021
grobinson-grafana
grobinson-grafana requested changes Nov 8, 2021
View reviewed changes
Copy link
Contributor

@grobinson-grafana grobinson-grafana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see comment about adding NamespaceUIDs on Line 115 of api_prometheus.go.

@grobinson-grafana
Copy link
Contributor

Looks good to me, just need to rebase and fix the commit message!

@armandgrillet armandgrillet marked this pull request as ready for review November 8, 2021 13:22
@armandgrillet armandgrillet changed the title WIP Alerting: fix bug where user is able to access rules from namespaces he is not part of Nov 8, 2021
@armandgrillet armandgrillet changed the title Alerting: fix bug where user is able to access rules from namespaces he is not part of Alerting: fix bug where user is able to access rules from namespaces user is not part of Nov 8, 2021
@armandgrillet armandgrillet merged commit 6220872 into main Nov 8, 2021
@armandgrillet armandgrillet deleted the fix-no-access branch November 8, 2021 13:26
@grafanabot grafanabot mentioned this pull request Nov 8, 2021
Merged
grafanabot pushed a commit that referenced this pull request Nov 8, 2021
@gotjosh @grafanabot
Alerting: fix bug where user is able to access rules from namespaces …
bce6ef6 
…user is not part of (#41403)

* Add fix
* Add tests
Co-authored-by: Yuriy Tseretyan <[email protected]>
Co-authored-by: Armand Grillet <[email protected]>
Co-authored-by: Jean-Philippe Quéméner <[email protected]>
Co-authored-by: George Robinson <[email protected]>

(cherry picked from commit 6220872)
@armandgrillet armandgrillet mentioned this pull request Nov 8, 2021
Closed
leventebalogh added a commit that referenced this pull request Nov 8, 2021
@leventebalogh
Merge branch 'main' into jackw/fix-catalog-version-readme
1192574 
* main: (47 commits)
  Chore: Prevent loading error from showing too early (#41347)
  Chore: add context to login (#41316)
  Update dependency memoize-one to v6 (#41349)
  Docs: Added note that only string type is supported for query variables. (#41359)
  Alerting: fix bug where user is able to access rules from namespaces user is not part of (#41403)
  prometheus: enable new monaco-based query field (#41357)
  Chore: Go mod tidy (#41374)
  PanelEdit: Show when field options have override rules or data config that overrides the default  (#40250)
  NodeGraph: Fix subTitle and secondaryStat being truncated in some cases (#40244)
  MarketTrend: add devenv dashboard (#41334)
  MarketTrend: add new alpha panel (#40909)
  StateTimeline: Share cursor with rest of the panels (#41038)
  Chore: cleanup ES query_builder test (#41360)
  Prometheus: Fix showing of errors (#41356)
  Update dependency lru-cache to v6 (#41327)
  api/ds/query: simplify data sources lookup for queries and expressions (#41172)
  A11y/UserAdminPage: Improves tab navigation and focus management (#41321)
  influxdb: improved explanation texts (#41351)
  prometheus: monaco: fix a corner-case with quotes (#41345)
  process app plugins first (#41346)
  ...
armandgrillet pushed a commit that referenced this pull request Nov 8, 2021
@gotjosh @armandgrillet
Alerting: fix bug where user is able to access rules from namespaces …
92ba060 
…user is not part of (#41403)

* Add fix
* Add tests
Co-authored-by: Yuriy Tseretyan <[email protected]>
Co-authored-by: Armand Grillet <[email protected]>
Co-authored-by: Jean-Philippe Quéméner <[email protected]>
Co-authored-by: George Robinson <[email protected]>

(cherry picked from commit 6220872)
armandgrillet added a commit that referenced this pull request Nov 8, 2021
@grafanabot @yuri-tceretian
@armandgrillet @JohnnyQQQQ @grobinson-grafana @gotjosh
Alerting: fix bug where user is able to access rules from namespaces …
3b8be57 
…user is not part of (#41403) (#41406)

* Add fix
* Add tests
(cherry picked from commit 6220872)

Co-authored-by: Yuriy Tseretyan <[email protected]>
Co-authored-by: Armand Grillet <[email protected]>
Co-authored-by: Jean-Philippe Quéméner <[email protected]>
Co-authored-by: George Robinson <[email protected]>
Co-authored-by: gotjosh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grobinson-grafana grobinson-grafana grobinson-grafana approved these changes

@davidmparrott davidmparrott Awaiting requested review from davidmparrott davidmparrott was automatically assigned from grafana/alerting-squad

@santihernandezc santihernandezc Awaiting requested review from santihernandezc santihernandezc was automatically assigned from grafana/alerting-squad

@kminehart kminehart Awaiting requested review from kminehart kminehart was automatically assigned from grafana/backend-platform

@dsotirakis dsotirakis Awaiting requested review from dsotirakis dsotirakis was automatically assigned from grafana/backend-platform

@JohnnyQQQQ JohnnyQQQQ Awaiting requested review from JohnnyQQQQ

Assignees
No one assigned
Labels
add to changelog area/backend old backport v8.2.x Mark PR for automatic backport to v8.2.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gotjosh @grobinson-grafana @armandgrillet @grafanabot @yuri-tceretian