fix: use _workspace when given for gateway validate#1783
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1783 +/- ##
==========================================
- Coverage 32.71% 32.70% -0.02%
==========================================
Files 73 73
Lines 8112 8116 +4
==========================================
Hits 2654 2654
- Misses 5292 5296 +4
Partials 166 166 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| expectedState: utils.KongRawState{ | ||
| Upstreams: upstream, | ||
| Targets: target, | ||
| Targets: targetPost312, |
There was a problem hiding this comment.
This is deployed to dev in konnect - https://github.com/Kong/platform-api/pull/1868#discussion_r2425248307, so needs the change.
| errorString: "workspace doesn't exist: nonexistent", | ||
| }, | ||
| { | ||
| name: "validate with non-default _workspace and default_lookup_tags", |
There was a problem hiding this comment.
This test would fail without the changes in gateway_validate.go
|
For #1753 - before (tries loading entity schema from default workspace and fails) and after (this fails while loading workspace - and does not proceed to loading entity schema) |
harshadixit12
deleted the
fix/gateway-validate-succeeds-with-invalid-workspace
branch
3 participants
Fixes:
Root cause for both:
gateway validatedid not respect_workspaceset in the state file. The validation ran againstdefaultworkspace, and therefore was incorrect as it did not load the referenced entities and schemas correctly.This led to unauthorised access of default workspace when user had permissions scoped to a different workspace as seen in #1753.
With this fix, the online validation runs against the workspace specified in state file (unless overridden using
-w or --workspace.