Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate subject subject in lookup resources request #127

Merged
merged 1 commit into from
Jul 31, 2024
Merged

Validate subject subject in lookup resources request #127

merged 1 commit into from
Jul 31, 2024

Conversation

lennysgarage
Copy link
Contributor

PR Template:

Describe your changes

  • Noticed that passing empty objects to a LookupResourcesRequest subject body caused panics. Temporary fixture by validating the inner subject subject body.
  • Added a test case to test erroring for empty objects being passed.

Example cmd:
grpcurl -plaintext -d '{"resource_type": {}, "subject": {"subject": {}}, "relation": "view"}' localhost:9000 kessel.relations.v1beta1.KesselLookupService.LookupResources
Before:

ERROR:
  Code: Internal
  Message: unknown request error
  Details:
  1)	{
    	  "@type": "type.googleapis.com/google.rpc.ErrorInfo",
    	  "reason": "UNKNOWN"
    	}

After:

ERROR:
  Code: InvalidArgument
  Message: invalid ObjectReference.Type: value is required; invalid ObjectReference.Id: value length must be at least 1 runes
  Details:
  1)	{
    	  "@type": "type.googleapis.com/google.rpc.ErrorInfo",
    	  "reason": "Invalid request"
    	}

Ticket reference (if applicable)

Related to https://issues.redhat.com/browse/RHCLOUD-33724

Checklist

  • Are the agreed upon acceptance criteria fulfilled?

  • Was the 4-eye-principle applied? (async PR review, pairing, ensembling)

  • Do your changes have passing automated tests and sufficient observability?

  • Are the work steps you introduced repeatable by others, either through automation or documentation?

    • If automation is possible but not done due to other constraints, a ticket to the tech debt sprint is added
    • An SOP (Standard Operating Procedure) was created

  • The Changes were automatically built, tested, and - if needed, behind a feature flag - deployed to our production environment. (Please check this when the new deployment is done and you could verify it.)

  • Are the agreed upon coding/architectural practices applied?

  • Are security needs fullfilled? (e.g. no internal URL)

  • Is the corresponding Ticket in the right state? (should be on "review" now, put to done when this change made it to production)

  • For changes to the public API / code dependencies: Was the whole team (or a sufficient amount of ppl) able to review?

@app-sre-bot
Copy link
Collaborator

Can one of the admins verify this patch?

merlante
merlante approved these changes Jul 31, 2024
View reviewed changes
Copy link
Contributor

@merlante merlante left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lennysgarage lennysgarage merged commit d2bf35f into main Jul 31, 2024
7 checks passed
@lennysgarage lennysgarage deleted the lookup-resources-validate-subject-subject branch July 31, 2024 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merlante merlante merlante approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lennysgarage @app-sre-bot @merlante