Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BugFix: Fixed query auth #1048

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

BugFix: Fixed query auth #1048

wants to merge 2 commits into from

Conversation

parmesant
Copy link
Contributor

Auth flow for query and permission assignment for ListStream changed

Fixes #XXXX.

Description

This PR fixes a flaw in the auth flow for the query API
It also changes the Permission for the action ListStream from Unit to Stream which will limit the response of the API to only the streams that the user is allowed to see

This PR has:

  • been tested to ensure log ingestion and log query works.
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added documentation for new or modified features or behaviors.

@parmesant
BugFix: Fixed query auth
d18a8d9 
Auth flow for query and permission assignment for `ListStream` changed
@parmesant parmesant requested review from de-sh and nikhilsinhaparseable and removed request for de-sh December 22, 2024 08:56
@coveralls
Copy link

coveralls commented Dec 22, 2024
edited
Loading

Pull Request Test Coverage Report for Build 12512483828

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 0 of 46 (0.0%) changed or added relevant lines in 4 files are covered.
  • 411 unchanged lines in 8 files lost coverage.
  • Overall coverage increased (+0.3%) to 11.831%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/handlers/airplane.rs 0 2 0.0%
src/cli.rs 0 3 0.0%
src/handlers/http/logstream.rs 0 12 0.0%
src/handlers/http/query.rs 0 29 0.0%
Files with Coverage Reduction New Missed Lines %
src/handlers/http/modal/utils/logstream_utils.rs 2 0.0%
src/utils/json/mod.rs 7 33.96%
src/alerts/mod.rs 13 0.0%
src/utils/json/flatten.rs 30 85.35%
src/metadata.rs 43 1.31%
src/option.rs 71 0.0%
src/handlers/http/logstream.rs 120 1.53%
src/storage/object_storage.rs 125 0.0%
Totals Coverage Status
Change from base Build 12441566914: 0.3%
Covered Lines: 2152
Relevant Lines: 18190
💛 - Coveralls

nitisht pushed a commit to parseablehq/console that referenced this pull request Dec 26, 2024
@praveen5959
fix: loading state when stats was error (#396)
9e00783 
Depends on parseablehq/parseable#1048
nikhilsinhaparseable
nikhilsinhaparseable reviewed Dec 27, 2024
View reviewed changes
Copy link
Contributor

@nikhilsinhaparseable nikhilsinhaparseable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fix is validated, @de-sh please review the code once

de-sh
de-sh suggested changes Dec 27, 2024
View reviewed changes
src/handlers/http/logstream.rs
//list all streams from storage
pub async fn list(req: HttpRequest) -> Result<impl Responder, StreamError> {
let key = extract_session_key_from_req(&req)
.map_err(|err| StreamError::Anyhow(anyhow::Error::msg(err.to_string())))?;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
.map_err(|err| StreamError::Anyhow(anyhow::Error::msg(err.to_string())))?;
.map_err(|err| anyhow::Error::msg(err.to_string()))?;

src/handlers/http/logstream.rs
let res = CONFIG
.storage()
.get_object_store()
.list_streams()
.await
.unwrap();
.unwrap()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
.unwrap()
.unwrap()

??

src/handlers/http/query.rs
authorized = true;
if let Some(tag) = tag {
tags.push(tag)
for table_name in tables.iter() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest reverting changes here and moving it to the call site

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e.g:

       for stream_name in streams {
            authorize_and_set_filter_tags(&mut query, &permissions, &stream_name).map_err(
                |_| Status::permission_denied("User Does not have permission to access this"),
            )?;
        }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikhilsinhaparseable nikhilsinhaparseable nikhilsinhaparseable left review comments

@de-sh de-sh de-sh requested changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@parmesant @coveralls @de-sh @nikhilsinhaparseable @nitisht