Commits on Mar 22, 2022

1. server: VIEWACTIVITY role gates unredacted nodes info …

   Previously, the `Nodes` and `NodesUI` endpoints were gated behind the
   Admin role. For the former endpoint requests would fail if the user
   didn't have the Admin role, and for the latter, we'd show partially
   redacted information that omitted hostnames and IP addresses.
   
   This was deemed problematic for customers who did not want to set the
   Admin role just to grant a user the ability to view detailed node
   information about the cluster.
   
   This PR changes the role gate for the endpoints above to use the
   `VIEWACTIVITY` role option. Users with the option will be able to access
   the `Nodes` endpoint and see unredacted nodes information at the
   `NodesUI` endpoint used by the DB Console.
   
   As a result, the nodes overview page as well as the node reports page
   will now show unredacted information to users with `VIEWACTIVITY`.
   (Existing functionality for Admins us also retained as those users
   implicitly have the `VIEWACTIVITY` role.)
   
   Resolves cockroachdb#77665
   
   Release note (ui change, security update, api change): The
   `_status/nodes` endpoint is avaible to all users with the
   `VIEWACTIVITY` role option, not just Admins. In the DB Console, the
   Nodes Overview and Node Reports pages will now display unredacted
   information containing node hostnames and IP addresses for all users
   with the `VIEWACTIVITY` role option. Previously this was also gated for
   Admins only.

   

   dhartunian committed Mar 22, 2022
   Copy the full SHA

   bda465b View commit details

   Browse the repository at this point in the history