Skip to content

add warn to accessReview for null #1964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 1 commit into from
Jul 10, 2019
Merged

add warn to accessReview for null #1964

openshift-merge-robot merged 1 commit into from
Jul 10, 2019

Conversation

@atiratree
Copy link
Member

@atiratree atiratree commented Jul 9, 2019

No description provided.

@openshift-ci-robot openshift-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 9, 2019
@atiratree atiratree mentioned this pull request Jul 9, 2019
Merged
3 tasks
@vojtechszocs
Copy link
Contributor

vojtechszocs commented Jul 9, 2019

/approve

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 9, 2019
@vojtechszocs
Copy link
Contributor

vojtechszocs commented Jul 9, 2019

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 9, 2019
@spadgett
Copy link
Member

spadgett commented Jul 9, 2019

/hold

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 9, 2019
spadgett
spadgett reviewed Jul 9, 2019
View reviewed changes
frontend/public/components/utils/rbac.tsx Outdated
Copy link
Member

@spadgett spadgett Jul 9, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we be returning no access review in this case? Or is the intent to check if you can perform the action on all resources of this kind in the cluster? In what case is this occurring?

Copy link
Member

@spadgett spadgett Jul 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm concerned this is going to mask bugs where we're not passing the object when we mean to. Note that for normal users this will almost always disable the action (and it would be really easy to miss if testing as kubeadmin). If we want to check create, we should have a different utility imo. For namespaced resources, you would want to pass the create namespace as well.

Copy link
Member Author

@atiratree atiratree Jul 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, we need another way for testing the permission.

I would still prefer to use this selector though and use some other way to test for nulls than crashing the UI.

Closing the PR

Copy link
Member

@spadgett spadgett Jul 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can add a null check, but we should be permissive by default if the object is not set. Maybe logging a warning is enough. But really this should never be null if it's a kebab action.

Copy link
Member Author

@atiratree atiratree Jul 9, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, I added the null check.

it can happen quite easily to miss the null check if not used like this: https://github.com/openshift/console/blob/e1df91c790eeb1b2ca3c7efc8511a4ca63058cd9/frontend/packages/metal3-plugin/src/components/host-menu-actions.tsx#L52

some cases similar to these could be easily missed in the future

@spadgett
Copy link
Member

spadgett commented Jul 9, 2019

/approve cancel
/lgtm cancel

@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Jul 9, 2019
@atiratree atiratree closed this Jul 9, 2019
@atiratree
Copy link
Member Author

atiratree commented Jul 9, 2019

reopening and adding the null check

@atiratree atiratree reopened this Jul 9, 2019
@atiratree atiratree changed the title fix accessReview for null objects (e.g. create) add warn to accessReview for null Jul 9, 2019
@openshift-ci-robot openshift-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 9, 2019
spadgett
spadgett reviewed Jul 9, 2019
View reviewed changes
frontend/public/components/utils/rbac.tsx Outdated
Copy link
Member

@spadgett spadgett Jul 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return null if the obj is null

Copy link
Member

@spadgett spadgett Jul 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you don't return null here, it will make an entirely different, unintended access review check. That is my original concern with the change :)

Copy link
Member Author

@atiratree atiratree Jul 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah sorry, my bad. Fixed

@spadgett
Copy link
Member

spadgett commented Jul 9, 2019

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 9, 2019
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jul 9, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: spadgett, suomiy, vojtechszocs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@atiratree
Copy link
Member Author

atiratree commented Jul 9, 2019

fixed console lint

@spadgett
Copy link
Member

spadgett commented Jul 9, 2019

/hold cancel

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 9, 2019
@atiratree
Copy link
Member Author

atiratree commented Jul 10, 2019

/retest

@openshift-merge-robot openshift-merge-robot merged commit e09e39d into openshift:master Jul 10, 2019
@spadgett spadgett added this to the v4.2 milestone Jul 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spadgett spadgett spadgett left review comments

@jcaianirh jcaianirh Awaiting requested review from jcaianirh

@zherman0 zherman0 Awaiting requested review from zherman0

Assignees

@vojtechszocs vojtechszocs

@spadgett spadgett

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

v4.2

Development

Successfully merging this pull request may close these issues.

6 participants

@atiratree @vojtechszocs @spadgett @openshift-ci-robot @openshift-merge-robot @suomiy