Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ui: remove remote_debugging checks #28209

Closed
wants to merge 1 commit into from
Closed

ui: remove remote_debugging checks #28209

wants to merge 1 commit into from

Conversation

couchand
Copy link
Contributor

@couchand couchand commented Aug 2, 2018

Once #28207 lands, all of these endpoints will be protected by login already,
so we can skip the check for the setting remote_debugging.mode.

Closes: #24992
Release note (admin ui change): The cluster setting remote_debugging.mode no
longer controls access to any web ui API endpoints, since they are already
protected behind user login.

@couchand couchand added the do-not-merge bors won't merge a PR with this label. label Aug 2, 2018
@couchand couchand requested review from bdarnell, BramGruneir, tbg, a-robinson and a team August 2, 2018 17:22
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@couchand couchand requested a review from a team August 2, 2018 17:22
@couchand couchand force-pushed the chore/remove-remote-debugging branch from eeeeabb to 21bfd3a Compare August 2, 2018 17:45
a-robinson
a-robinson suggested changes Aug 2, 2018
View reviewed changes
Copy link
Contributor

@a-robinson a-robinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about on insecure clusters? Is user login used for them too?

Reviewed 4 of 4 files at r1.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained

pkg/server/status.go, line 244 at r1 (raw file):

	}

	ctx = propagateGatewayMetadata(ctx)

I believe you can also get rid of all these propagateGatewayMetadata calls, they were only here to support the remote-allowed checks.

@couchand couchand mentioned this pull request Aug 2, 2018
Closed
@couchand
ui: remove remote_debugging checks
dd300ff 
Once cockroachdb#28207 lands, all of these endpoints will be protected by login already,
so we can skip the check for the setting remote_debugging.mode.

Closes: cockroachdb#24992
Release note (admin ui change): The cluster setting remote_debugging.mode no
longer controls access to any web ui API endpoints, since they are already
protected behind user login.
@couchand couchand force-pushed the chore/remove-remote-debugging branch from 21bfd3a to dd300ff Compare August 2, 2018 18:30
couchand
couchand commented Aug 2, 2018
View reviewed changes
Copy link
Contributor Author

@couchand couchand left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about on insecure clusters?

¯\_(ツ)_/¯ they're insecure anyway? I suppose we could leave this in place for them if we thought it was valuable.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained

pkg/server/status.go, line 244 at r1 (raw file):

Previously, a-robinson (Alex Robinson) wrote…

I believe you can also get rid of all these propagateGatewayMetadata calls, they were only here to support the remote-allowed checks.

Ack, done.

a-robinson
a-robinson reviewed Aug 2, 2018
View reviewed changes
Copy link
Contributor

@a-robinson a-robinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

¯_(ツ)_/¯ they're insecure? I suppose we could leave this in place for them if we thought it was valuable.

Will other sensitive information be exposed in the 2.1 webui when running in insecure mode? If not, then I really don't think we should open this up.

If new sensitive info will be exposed, then I assume a conversation has already been had about that and the same logic would apply here, so I'll defer to that conclusion.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained

@tbg tbg removed their request for review June 19, 2019 14:24
@tbg tbg added the X-noremind Bots won't notify about PRs with X-noremind label Jun 19, 2019
@dhartunian dhartunian removed the request for review from a team June 12, 2020 17:44
@couchand couchand closed this Oct 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@a-robinson a-robinson a-robinson requested changes

@bdarnell bdarnell Awaiting requested review from bdarnell

@BramGruneir BramGruneir Awaiting requested review from BramGruneir

Assignees
No one assigned
Labels
do-not-merge bors won't merge a PR with this label. X-noremind Bots won't notify about PRs with X-noremind
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ui: gracefully handle remote_debugging setting
4 participants
@couchand @cockroach-teamcity @a-robinson @tbg