Skip to content

🔒 Restrict agent token endpoint to admin users#16502

Merged
kubestellar-hive[bot] merged 2 commits into
mainfrom
fix/16470
Jun 2, 2026
Merged

🔒 Restrict agent token endpoint to admin users#16502
kubestellar-hive[bot] merged 2 commits into
mainfrom
fix/16470

Conversation

@kubestellar-hive
Copy link
Copy Markdown
Contributor

@kubestellar-hive kubestellar-hive Bot commented Jun 2, 2026

Fixes #16470

Adds admin authorization check to the agent token endpoint to prevent non-admin authenticated users from accessing the shared secret.

@github-actions
🔒 Restrict agent token endpoint to admin users only
135dc26 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 2, 2026 17:37
@kubestellar-hive kubestellar-hive Bot added agent/scanner Filed by the scanner agent hive/hive-v1 Hive instance hive-v1 labels Jun 2, 2026
Copilot AI reviewed Jun 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@kubestellar-prow kubestellar-prow Bot added the dco-signoff: yes Indicates the PR's author has signed the DCO. label Jun 2, 2026
@kubestellar-prow
Copy link
Copy Markdown
Contributor

kubestellar-prow Bot commented Jun 2, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign eeshaansa for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@netlify
Copy link
Copy Markdown

netlify Bot commented Jun 2, 2026
edited
Loading

Deploy Preview for kubestellarconsole canceled.

Name Link
🔨 Latest commit 05ccc41
🔍 Latest deploy log https://app.netlify.com/projects/kubestellarconsole/deploys/6a1f1b8ebc9c2c000865d949

@kubestellar-prow kubestellar-prow Bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jun 2, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 2, 2026

👋 Hey @kubestellar-hive[bot] — thanks for opening this PR!

🤖 This project is developed exclusively using AI coding assistants.

Please do not attempt to code anything for this project manually.
All contributions should be authored using an AI coding tool such as:

This ensures consistency in code style, architecture patterns, test coverage,
and commit quality across the entire codebase.

This is an automated message.

@github-actions github-actions Bot added ai-generated Pull request generated by AI tier/3-restricted labels Jun 2, 2026
@github-actions
🌱 Add unit tests for agent token admin authorization
05ccc41 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@kubestellar-prow kubestellar-prow Bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 2, 2026
@kubestellar-hive kubestellar-hive Bot merged commit 159b852 into main Jun 2, 2026
33 of 34 checks passed
@kubestellar-prow kubestellar-prow Bot deleted the fix/16470 branch June 2, 2026 18:25
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 2, 2026

Thank you for your contribution! Your PR has been merged.

Check out what's new:

Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 2, 2026

Post-merge build verification passed

Both Go and frontend builds compiled successfully against merge commit 159b852f78db5be93638a35067251817ca99c8ea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

agent/scanner Filed by the scanner agent ai-generated Pull request generated by AI dco-signoff: yes Indicates the PR's author has signed the DCO. hive/hive-v1 Hive instance hive-v1 size/M Denotes a PR that changes 30-99 lines, ignoring generated files. tier/3-restricted

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[sec-check] Agent token endpoint exposes shared secret to any authenticated user (CWE-862)

1 participant