sql,ui: enable non-admin users to see their own jobs #44345
Conversation
|
This change is |
|
(Will add the missing tests once CI tells me what I need to change.) |
There was a problem hiding this comment.
I don't feel to qualified to review on my own, please contact @dt as well
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @knz and @spaskob)
pkg/sql/crdb_internal.go, line 463 at r1 (raw file):
// Beware: we're querying system.jobs as root; we need to be careful to filter // out results that the current user is not able to see.
@dt how does this interplay with you work on cloud keys
pkg/sql/crdb_internal.go, line 486 at r1 (raw file):
// We filter out masked rows before we allocate all the // datums. Needless allocate when not necessary. if !(isAdmin || (payload != nil && payload.Username == currentUser)) {
I find it hard to read and reason that is correct; are you sure it's not ... && ...
I feel like this may need a test as well.
There was a problem hiding this comment.
Reviewable status:
pkg/sql/crdb_internal.go, line 463 at r1 (raw file):
Previously, spaskob (Spas Bojanov) wrote…
@dt how does this interplay with you work on cloud keys
If the user was an admin, they could already read secrets/keys directly from system.jobs, and it if is their own job, then it is their own keys anyway (account-sharing notwithstanding). Overall I don't think this significantly changes anything w.r.t. secrets stored in job payloads.
Additionally, we only show them the payload.Description which typically hides they secrets, but I'd rather not include that here -- the hiding is only superficial since the secrets are still in and need to be in the job itself, so pretending they're gone clouds some people's thread model, but that's a separate issue.
pkg/sql/crdb_internal.go, line 486 at r1 (raw file):
Previously, spaskob (Spas Bojanov) wrote…
I find it hard to read and reason that is correct; are you sure it's not ... && ...
I feel like this may need a test as well.
even just binding an intermediate bool and moving the extra inversion could help IMO:
if canSeeJob := isAdmin || (paylod!=nil && payload.Username == currentUser); !canSeeJob { continue }
knz
force-pushed
the
20200124-non-admin-jobs
branch
from
995bfdc
to
8f85bea
Compare
There was a problem hiding this comment.
Added the missing test cases. PTAL
Reviewable status:
pkg/sql/crdb_internal.go, line 463 at r1 (raw file):
Previously, dt (David Taylor) wrote…
If the user was an admin, they could already read secrets/keys directly from system.jobs, and it if is their own job, then it is their own keys anyway (account-sharing notwithstanding). Overall I don't think this significantly changes anything w.r.t. secrets stored in job payloads.
Additionally, we only show them the
payload.Descriptionwhich typically hides they secrets, but I'd rather not include that here -- the hiding is only superficial since the secrets are still in and need to be in the job itself, so pretending they're gone clouds some people's thread model, but that's a separate issue.
Thanks for checking
pkg/sql/crdb_internal.go, line 486 at r1 (raw file):
Previously, dt (David Taylor) wrote…
even just binding an intermediate bool and moving the extra inversion could help IMO:
if canSeeJob := isAdmin || (paylod!=nil && payload.Username == currentUser); !canSeeJob { continue }
Done.
There was a problem hiding this comment.
Reviewable status:
pkg/sql/crdb_internal.go, line 488 at r2 (raw file):
sameUser := payload != nil && payload.Username == currentUser canAccess := isAdmin || sameUser if !canAccess {
nit: if canAccess := isAdmin || sameUser; !canAccess {
Release note (ui change): Non-admin users can now use the "Jobs detail" page and see their own jobs. Release note (sql change): Non-admin users can now query `SHOW JOBS` and `crdb_internal.jobs` and see their own jobs.
knz
force-pushed
the
20200124-non-admin-jobs
branch
from
8f85bea
to
606db1d
Compare
There was a problem hiding this comment.
TFYR!
bors r=dt,spaskob
Reviewable status:
pkg/sql/crdb_internal.go, line 488 at r2 (raw file):
Previously, spaskob (Spas Bojanov) wrote…
nit: if canAccess := isAdmin || sameUser; !canAccess {
Done.
44297: roachtest: fix the deco test + re-implement the warning test r=tbg a=knz Fixes #44276. The test to check for a warning on double [rd]ecommission was implemented in roachtest; this was invalid because roachtest is also used on previous versions and the warning is a new thing. This patch moves the test to a TCL interactive test instead. Release note: None 44345: sql,ui: enable non-admin users to see their own jobs r=dt,spaskob a=knz Informs #44335. Release note (ui change): Non-admin users can now use the "Jobs detail" page and see their own jobs. Release note (sql change): Non-admin users can now query `SHOW JOBS` and `crdb_internal.jobs` and see their own jobs. Co-authored-by: Raphael 'kena' Poss <knz@thaumogen.net>
Build succeeded |
Informs #44335.
Release note (ui change): Non-admin users can now use the "Jobs
detail" page and see their own jobs.
Release note (sql change): Non-admin users can now query
SHOW JOBSand
crdb_internal.jobsand see their own jobs.