New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sql,ui: enable non-admin users to see their own jobs #44345
Conversation
(Will add the missing tests once CI tells me what I need to change.) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't feel to qualified to review on my own, please contact @dt as well
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @knz and @spaskob)
pkg/sql/crdb_internal.go, line 463 at r1 (raw file):
// Beware: we're querying system.jobs as root; we need to be careful to filter // out results that the current user is not able to see.
@dt how does this interplay with you work on cloud keys
pkg/sql/crdb_internal.go, line 486 at r1 (raw file):
// We filter out masked rows before we allocate all the // datums. Needless allocate when not necessary. if !(isAdmin || (payload != nil && payload.Username == currentUser)) {
I find it hard to read and reason that is correct; are you sure it's not ... && ...
I feel like this may need a test as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @dt and @spaskob)
pkg/sql/crdb_internal.go, line 463 at r1 (raw file):
Previously, spaskob (Spas Bojanov) wrote…
@dt how does this interplay with you work on cloud keys
If the user was an admin, they could already read secrets/keys directly from system.jobs, and it if is their own job, then it is their own keys anyway (account-sharing notwithstanding). Overall I don't think this significantly changes anything w.r.t. secrets stored in job payloads.
Additionally, we only show them the payload.Description
which typically hides they secrets, but I'd rather not include that here -- the hiding is only superficial since the secrets are still in and need to be in the job itself, so pretending they're gone clouds some people's thread model, but that's a separate issue.
pkg/sql/crdb_internal.go, line 486 at r1 (raw file):
Previously, spaskob (Spas Bojanov) wrote…
I find it hard to read and reason that is correct; are you sure it's not ... && ...
I feel like this may need a test as well.
even just binding an intermediate bool and moving the extra inversion could help IMO:
if canSeeJob := isAdmin || (paylod!=nil && payload.Username == currentUser); !canSeeJob { continue }
995bfdc
to
8f85bea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the missing test cases. PTAL
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @spaskob)
pkg/sql/crdb_internal.go, line 463 at r1 (raw file):
Previously, dt (David Taylor) wrote…
If the user was an admin, they could already read secrets/keys directly from system.jobs, and it if is their own job, then it is their own keys anyway (account-sharing notwithstanding). Overall I don't think this significantly changes anything w.r.t. secrets stored in job payloads.
Additionally, we only show them the
payload.Description
which typically hides they secrets, but I'd rather not include that here -- the hiding is only superficial since the secrets are still in and need to be in the job itself, so pretending they're gone clouds some people's thread model, but that's a separate issue.
Thanks for checking
pkg/sql/crdb_internal.go, line 486 at r1 (raw file):
Previously, dt (David Taylor) wrote…
even just binding an intermediate bool and moving the extra inversion could help IMO:
if canSeeJob := isAdmin || (paylod!=nil && payload.Username == currentUser); !canSeeJob { continue }
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @knz and @spaskob)
pkg/sql/crdb_internal.go, line 488 at r2 (raw file):
sameUser := payload != nil && payload.Username == currentUser canAccess := isAdmin || sameUser if !canAccess {
nit: if canAccess := isAdmin || sameUser; !canAccess {
Release note (ui change): Non-admin users can now use the "Jobs detail" page and see their own jobs. Release note (sql change): Non-admin users can now query `SHOW JOBS` and `crdb_internal.jobs` and see their own jobs.
8f85bea
to
606db1d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TFYR!
bors r=dt,spaskob
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @spaskob)
pkg/sql/crdb_internal.go, line 488 at r2 (raw file):
Previously, spaskob (Spas Bojanov) wrote…
nit: if canAccess := isAdmin || sameUser; !canAccess {
Done.
44297: roachtest: fix the deco test + re-implement the warning test r=tbg a=knz Fixes #44276. The test to check for a warning on double [rd]ecommission was implemented in roachtest; this was invalid because roachtest is also used on previous versions and the warning is a new thing. This patch moves the test to a TCL interactive test instead. Release note: None 44345: sql,ui: enable non-admin users to see their own jobs r=dt,spaskob a=knz Informs #44335. Release note (ui change): Non-admin users can now use the "Jobs detail" page and see their own jobs. Release note (sql change): Non-admin users can now query `SHOW JOBS` and `crdb_internal.jobs` and see their own jobs. Co-authored-by: Raphael 'kena' Poss <knz@thaumogen.net>
Build succeeded |
Informs #44335.
Release note (ui change): Non-admin users can now use the "Jobs
detail" page and see their own jobs.
Release note (sql change): Non-admin users can now query
SHOW JOBS
and
crdb_internal.jobs
and see their own jobs.