SAP contribution: fix unsafe navigation from non existing space to org #2396
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…an update Signed-off-by: Philipp Thun <philipp.thun@sap.com>
… patch test Implements the following comments on PR #2325: #2325 (review)
Bumps [sequel](https://github.com/jeremyevans/sequel) from 5.44.0 to 5.45.0. - [Release notes](https://github.com/jeremyevans/sequel/releases) - [Changelog](https://github.com/jeremyevans/sequel/blob/master/CHANGELOG) - [Commits](jeremyevans/sequel@5.44.0...5.45.0) --- updated-dependencies: - dependency-name: sequel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Test list, get package endpoints for all roles
* Decided to have some fields in v3/droplets/:guid be redacted (in a similar fashion to every role except admin roles and space developers) * Updated documentation * Refactored some of the droplets request specs to use it_behaves_like [#2220] Co-authored-by: Weyman Fung <weymanf@vmware.com> Co-authored-by: Carson Long <lcarson@vmware.com>
Bundler prefers "with_unbundled_env" over the old "with_clean_env" Co-authored-by: Matthew Kocher <mkocher@pivotal.io> Co-authored-by: Mona Mohebbi <mmohebbi@pivotal.io>
Bumps [middleman](https://github.com/middleman/middleman) from 4.3.11 to 4.4.0. - [Release notes](https://github.com/middleman/middleman/releases) - [Changelog](https://github.com/middleman/middleman/blob/v4.4.0/CHANGELOG.md) - [Commits](middleman/middleman@v4.3.11...v4.4.0) --- updated-dependencies: - dependency-name: middleman dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.16.1 to 1.17.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.16.1...v1.17.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [solargraph](https://github.com/castwide/solargraph) from 0.41.1 to 0.42.3. - [Release notes](https://github.com/castwide/solargraph/releases) - [Changelog](https://github.com/castwide/solargraph/blob/master/CHANGELOG.md) - [Commits](castwide/solargraph@v0.41.1...v0.42.3) --- updated-dependencies: - dependency-name: solargraph dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
We noticed a noticed a disparity in the documented behavior vs our code. It seems like this story (https://www.pivotaltracker.com/story/show/162360247) implies that the code was correct in only allowing the space developer and admin to use PATCH /v3/droplets/guid. Co-authored-by: Galen Hammond <galenh@vmware.com> Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
This method was introduced in 2016 to allow empty arrays in a request body. However, the controllers that still use this method no longer involve arrays in the request body, so this commit removes the method to decrease cruft.
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.17.0 to 1.18.1. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.17.0...v1.18.1) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [honeycomb-beeline](https://github.com/honeycombio/beeline-ruby) from 2.4.1 to 2.4.2. - [Release notes](https://github.com/honeycombio/beeline-ruby/releases) - [Changelog](https://github.com/honeycombio/beeline-ruby/blob/main/CHANGELOG.md) - [Commits](honeycombio/beeline-ruby@v2.4.1...v2.4.2) --- updated-dependencies: - dependency-name: honeycomb-beeline dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* Log caller for SQL queries Logs the calling function (of cloud_controller_ng code) for each DB query if SQL logging is enabled. This should help track down which functions are calling expensive queries and where excessive queries are being made. Running some perf tests against this, it appears to have little to no impact on the performance of CC since I suspect all this information is readily available in the callstack and the regex isn't too complex * Add extension to log SQL query length We've seen some queries get extremely long (>1MB) which causes CC to run slow whilst building the query. To help monitor this and fix endpoints generating large queries, log the character length of the query in the SQL query logging string Co-authored-by: johha <45264872+johha@users.noreply.github.com> Co-authored-by: andy-paine <andy.paine@engineerbetter.com>
* Space application supporter can get and list app revisions This implements this user story: #2232
* space application supporter can access specific "process" GET endpoints. - add some information about redacted info in the docs * Space supporter can update processes #2211 Co-authored-by: Weyman Fung <weymanf@vmware.com> Co-authored-by: Merric de Launey <mdelauney@pivotal.io> Co-authored-by: Galen Hammond <galenh@vmware.com> Co-authored-by: Belinda Liu <bliu@pivotal.io> Co-authored-by: Mona Mohebbi <mmohebbi@pivotal.io>
Allowed access: GET /v3/space_quotas GET /v3/space_quotas/:guid Closes [#2233] Co-authored-by: Matthew Kocher <mkocher@vmware.com>
* Allow space application supporter to create, update, get, list, and cancel deployments Co-authored-by: Philipp Thun <philipp.thun@sap.com> Co-authored-by: Sven Krieger <37476281+svkrieger@users.noreply.github.com> Co-authored-by Aftab Alam <81828613+iaftab-alam@users.noreply.github.com>
Bumps [rake](https://github.com/ruby/rake) from 13.0.3 to 13.0.4. - [Release notes](https://github.com/ruby/rake/releases) - [Changelog](https://github.com/ruby/rake/blob/master/History.rdoc) - [Commits](ruby/rake@v13.0.3...v13.0.4) --- updated-dependencies: - dependency-name: rake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.18.1 to 1.18.3. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.18.1...v1.18.3) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 2.3.0 to 2.3.2. - [Release notes](https://github.com/rubyzip/rubyzip/releases) - [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md) - [Commits](rubyzip/rubyzip@v2.3.0...v2.3.2) --- updated-dependencies: - dependency-name: rubyzip dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [newrelic_rpm](https://github.com/newrelic/newrelic-ruby-agent) from 7.1.0 to 7.2.0. - [Release notes](https://github.com/newrelic/newrelic-ruby-agent/releases) - [Changelog](https://github.com/newrelic/newrelic-ruby-agent/blob/dev/CHANGELOG.md) - [Commits](newrelic/newrelic-ruby-agent@7.1.0...7.2.0) --- updated-dependencies: - dependency-name: newrelic_rpm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0. - [Release notes](https://github.com/sporkmonger/addressable/releases) - [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md) - [Commits](sporkmonger/addressable@addressable-2.7.0...addressable-2.8.0) --- updated-dependencies: - dependency-name: addressable dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
- includes updating docs - does not include updating DB migrations/model-level references [#178561261](https://www.pivotaltracker.com/story/show/178561261) Co-authored-by: Merric de Launey <mdelauney@vmware.com>
Bumps [sequel](https://github.com/jeremyevans/sequel) from 5.45.0 to 5.46.0. - [Release notes](https://github.com/jeremyevans/sequel/releases) - [Changelog](https://github.com/jeremyevans/sequel/blob/master/CHANGELOG) - [Commits](jeremyevans/sequel@5.45.0...5.46.0) --- updated-dependencies: - dependency-name: sequel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [fog-aws](https://github.com/fog/fog-aws) from 2.0.1 to 3.10.0. - [Release notes](https://github.com/fog/fog-aws/releases) - [Changelog](https://github.com/fog/fog-aws/blob/master/CHANGELOG.md) - [Commits](fog/fog-aws@v2.0.1...v3.10.0) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rake](https://github.com/ruby/rake) from 13.0.3 to 13.0.6. - [Release notes](https://github.com/ruby/rake/releases) - [Changelog](https://github.com/ruby/rake/blob/master/History.rdoc) - [Commits](ruby/rake@v13.0.3...v13.0.6) --- updated-dependencies: - dependency-name: rake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rake](https://github.com/ruby/rake) from 13.0.4 to 13.0.6. - [Release notes](https://github.com/ruby/rake/releases) - [Changelog](https://github.com/ruby/rake/blob/master/History.rdoc) - [Commits](ruby/rake@v13.0.4...v13.0.6) --- updated-dependencies: - dependency-name: rake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Controller specs are deprecated by adr #3. Adding a notice so the ADR is more discoverable. Skipped the base specs as thoses files are meta enough to perhaps justify controller specs.
#2343) * Allow space application supporter to access specific sidecar endpoints allows access to: GET /v3/sidecars/:guid GET /v3/processes/:process_guid/sidecars GET /v3/apps/:app_guid/sidecars * Refactor tests to match previous patterns. - We used a more generic term rather than space dev so as not to imply that this behavior was specific to the space dev. Finishes #2231 Co-authored-by: Maria Shaldybin <mariash@vmware.com> Co-authored-by: Galen Hammond <galenh@vmware.com> Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
This reverts commit 9643cdc. We started seeing lots of deprecation warnings and errors which are not quick fixes. Going to revert this bump until we can set aside dedicated time to address it Errors and warnings: ``` [fog][DEPRECATION] Fog::Storage::AWS is deprecated, please use Fog::AWS::Storage. [WARNING] Unrecognized arguments: aws_access_key_id, aws_secret_access_key ```
…s_spec.rb We renamed the role after the PR for the space supporter sidecar endpoints was made, this commit fixes the naming discrepancy. Original PR: #2343 Authored-by: Sarah Weinstein <sweinstein@pivotal.io>
…-non-existing-space-to-org
5 tasks
sweinstein22
changed the title
sweinstein22
deleted the
sap-contributions-fix-unsafe-navigation-from-non-existing-space-to-org
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixing merge conflict from PR originally made here: #2336