server: replace admin checks with VIEWCLUSTERMETADATA and REPAIRCLUSTERMETADATA #110609
Conversation
|
It looks like your PR touches production code but doesn't add or edit any test code. Did you consider adding tests to your PR? 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf. |
|
This change is |
rafiss
force-pushed
the
finer-grained-debug-repair-priv-2
branch
2 times, most recently
from
71d9091 to
b789e35
Compare
rafiss
changed the title
rafiss
force-pushed
the
finer-grained-debug-repair-priv-2
branch
6 times, most recently
from
697babe to
fc347fb
Compare
rafiss
force-pushed
the
finer-grained-debug-repair-priv-2
branch
from
fc347fb to
44e9f69
Compare
rafiss
requested review from
rhu713,
ericharmeling,
ecwall and
a team
and removed request for
a team,
rhu713 and
ericharmeling
rafiss
requested review from
a team,
Santamaura and
dhartunian
and removed request for
a team
There was a problem hiding this comment.
Reviewed 8 of 8 files at r1, 1 of 8 files at r2.
Reviewable status:complete! 1 of 0 LGTMs obtained (waiting on @ecwall, @rafiss, and @Santamaura)
-- commits line 10 at r2:
does this need to have a release note noting the security change that allows the new fine-grained permissions?
pkg/server/status.go line 3637 at r1 (raw file):
// if !isAdmin { // return nil, privchecker.ErrRequiresAdmin // }
nit: remove this?
There was a problem hiding this comment.
Reviewable status:
Previously, dhartunian (David Hartunian) wrote…
does this need to have a release note noting the security change that allows the new fine-grained permissions?
i think the release note would be redundant with the one above and the one i added in #110084 so i opted to put no note here. i can put that in the commit message though.
pkg/server/status.go line 3637 at r1 (raw file):
Previously, dhartunian (David Hartunian) wrote…
nit: remove this?
thanks for the catch!
…ERMETADATA Release note (security update): Endpoints in the admin and status server that previously required the admin role now can be used by users with the VIEWCLUSTERMETADATA or REPAIRCLUSTERMETADATA system privilege, depending on whether the endpoint is read-only or can modify state.
This commit covers a few cases that were missed by an earlier commit: cockroachdb#110084. No release note is included since it would be redundant with the release note from that PR. Release note: None
rafiss
force-pushed
the
finer-grained-debug-repair-priv-2
branch
from
44e9f69 to
2325016
Compare
|
TFTR! bors r+ |
|
Build succeeded: |
|
Encountered an error creating backports. Some common things that can go wrong:
You might need to create your backport manually using the backport tool. error creating merge commit from 499bbe0 to blathers/backport-release-23.1-110609: POST https://api.github.com/repos/cockroachdb/cockroach/merges: 409 Merge conflict [] you may need to manually resolve merge conflicts with the backport tool. Backport to branch 23.1.x failed. See errors above. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf. |
Release note (security update): Endpoints in the admin and status server
that previously required the admin role now can be used by users with
the VIEWCLUSTERMETADATA or REPAIRCLUSTERMETADATA system privilege,
depending on whether the endpoint is read-only or can modify state.
fixes #79571
fixes #109814
Release note: None