Skip to content

fix: enable rbac for index streams #3905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hengfeiyang merged 2 commits into from
Jul 10, 2024
Merged

fix: enable rbac for index streams #3905

hengfeiyang merged 2 commits into from
Jul 10, 2024

Conversation

@Subhra264
Copy link
Contributor

@Subhra264 Subhra264 commented Jul 4, 2024
edited by coderabbitai bot
Loading

Fixes #3904

Summary by CodeRabbit

  • New Features

    • Added support for "index" resource in role management, allowing users to manage index-related streams.

  • Refactor

    • Simplified the handling of stream_type across various functions, improving code readability and maintainability.

@github-actions github-actions bot added the ☢️ Bug Something isn't working label Jul 4, 2024
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 4, 2024
edited
Loading

Warning

Rate limit exceeded

@Subhra264 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 25 minutes and 21 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between 98f0b03 and 845c315.

Walkthrough

The changes primarily address the handling of StreamType::Index across various modules to ensure it is correctly transformed to StreamType::Logs where necessary. This modification aims to resolve RBAC users' issues accessing index streams by aligning the handling of index streams with that of log streams. Additionally, support for a new resource named "index" has been integrated into the Vue component for role editing.

Changes

File Path Change Summary
src/common/utils/auth.rs Removed conditional branch handling StreamType::Index in AuthExtractor.
src/handler/http/request/stream/mod.rs Simplified list function by removing conditional check and assignment related to StreamType::Index.
src/handler/http/request/search/mod.rs Modified search function to conditionally update stream_type from Index to Logs.
src/handler/http/request/search/multi_streams.rs Added logic in search_multi function to conditionally update stream_type based on StreamType::Index.
src/service/stream.rs Updated get_streams function to reassign s_type to StreamType::Logs if it equals StreamType::Index.
web/src/components/iam/roles/EditRole.vue Added support for a new resource named "index" and introduced getIndexStreams function.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Frontend
    participant Backend
    participant Auth
    participant StreamService
    
    User ->> Frontend: Request to list index streams
    Frontend ->> Backend: API call to list streams
    Backend ->> Auth: Verify user permissions
    Auth ->> Backend: Checked permissions (logs/index)
    Backend ->> StreamService: Fetch streams (transform Index to Logs)
    StreamService ->> Backend: Return transformed streams
    Backend ->> Frontend: Return stream list
    Frontend ->> User: Display stream list
Loading

Assessment against linked issues

Objective Addressed Explanation
RBAC users not able to access index stream even if logs permission is given. (#3904)
SSO users get 403 forbidden error when querying index streams. (#3904)

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Jul 4, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 93949df and 0c7376f.

Files selected for processing (3)
  • src/handler/http/request/search/mod.rs (1 hunks)
  • src/handler/http/request/search/multi_streams.rs (1 hunks)
  • src/service/stream.rs (1 hunks)
Additional context used
Path-based instructions (3)
src/service/stream.rs (1)

Pattern **/*.rs: You are a smart rustlang pull request reviewer.
You are going to review all the rustlang files.
Be concise, and add a brief explanation to your suggestions

Make sure the responses are not too verbose and keep the suggestions to the point i.e. actionable.

src/handler/http/request/search/multi_streams.rs (1)

Pattern **/*.rs: You are a smart rustlang pull request reviewer.
You are going to review all the rustlang files.
Be concise, and add a brief explanation to your suggestions

Make sure the responses are not too verbose and keep the suggestions to the point i.e. actionable.

src/handler/http/request/search/mod.rs (1)

Pattern **/*.rs: You are a smart rustlang pull request reviewer.
You are going to review all the rustlang files.
Be concise, and add a brief explanation to your suggestions

Make sure the responses are not too verbose and keep the suggestions to the point i.e. actionable.

Additional comments not posted (3)
src/service/stream.rs (1)

82-86: LGTM!

The reassignment of s_type to StreamType::Logs if it equals StreamType::Index is correct and addresses the issue where RBAC users are unable to access the index stream.

src/handler/http/request/search/multi_streams.rs (1)

197-201: LGTM!

The reassignment of stream_type to StreamType::Logs if it equals StreamType::Index is correct and addresses the issue where RBAC users are unable to access the index stream.

src/handler/http/request/search/mod.rs (1)

217-221: LGTM! But verify the function usage in the codebase.

The code changes are approved.

However, ensure that all function calls to search correctly handle the updated stream_type logic.

hengfeiyang
hengfeiyang requested changes Jul 5, 2024
View reviewed changes
@Subhra264 Subhra264 marked this pull request as draft July 5, 2024 06:03
@Subhra264 Subhra264 force-pushed the index_search_rbac branch from 0c7376f to dd9248c Compare July 9, 2024 08:08
@Subhra264 Subhra264 marked this pull request as ready for review July 10, 2024 09:47
@Subhra264 Subhra264 force-pushed the index_search_rbac branch from dd9248c to 98f0b03 Compare July 10, 2024 09:48
@Subhra264 Subhra264 changed the title fix: use logs stream type for index stream in case of rbac fix: enable rbac for index streams Jul 10, 2024
@Subhra264 Subhra264 force-pushed the index_search_rbac branch from 98f0b03 to 845c315 Compare July 10, 2024 09:50
coderabbitai[bot]
coderabbitai bot reviewed Jul 10, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0c7376f and 98f0b03.

Files selected for processing (3)
  • src/common/utils/auth.rs (1 hunks)
  • src/handler/http/request/stream/mod.rs (1 hunks)
  • web/src/components/iam/roles/EditRole.vue (10 hunks)
Files skipped from review due to trivial changes (1)
  • src/handler/http/request/stream/mod.rs
Additional context used
Path-based instructions (1)
src/common/utils/auth.rs (1)

Pattern **/*.rs: You are a smart rustlang pull request reviewer.
You are going to review all the rustlang files.
Be concise, and add a brief explanation to your suggestions

Make sure the responses are not too verbose and keep the suggestions to the point i.e. actionable.

Additional comments not posted (3)
src/common/utils/auth.rs (1)

Line range hint 102-102:
Verify removal of StreamType::Index handling.

Ensure that the removal of StreamType::Index handling does not affect other parts of the application that might still rely on it.

web/src/components/iam/roles/EditRole.vue (2)

1459-1467: Verify the new getIndexStreams function.

Ensure that the getIndexStreams function correctly fetches and updates index streams. Compare its logic with other similar functions like getLogs, getMetrics, and getTraces.

Verification successful

Verification successful for the new getIndexStreams function.

The getIndexStreams function is correctly implemented and consistent with similar functions (getLogs, getMetrics, getTraces). It appropriately fetches and updates index streams as intended.

  • getStreams function is defined in web/src/composables/useStreams.ts.
  • updateEntityEntities function is defined and used within EditRole.vue.
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the correctness of the `getIndexStreams` function.

# Test: Search for the `getIndexStreams` function and compare its logic with other similar functions.
rg --type vue 'getIndexStreams'

Length of output: 59

Script:

#!/bin/bash
# Description: Verify the correctness of the `getIndexStreams` function and compare its logic with other similar functions.

# Search for the `getIndexStreams` function within `.vue` files.
rg 'getIndexStreams' --glob '*.vue' -A 5

# Search for similar functions: `getLogs`, `getMetrics`, and `getTraces` within `.vue` files.
rg 'getLogs' --glob '*.vue' -A 5
rg 'getMetrics' --glob '*.vue' -A 5
rg 'getTraces' --glob '*.vue' -A 5

Length of output: 5897

Script:

#!/bin/bash
# Description: Verify the correctness of `getStreams` and `updateEntityEntities` functions.

# Search for the definition of `getStreams`.
rg 'function getStreams' -A 10

# Search for the definition of `updateEntityEntities`.
rg 'function updateEntityEntities' -A 10

Length of output: 75

Script:

#!/bin/bash
# Description: Broaden the search for the definitions or imports of `getStreams` and `updateEntityEntities`.

# Search for the definition or import of `getStreams`.
rg 'getStreams' -A 10

# Search for the definition or import of `updateEntityEntities`.
rg 'updateEntityEntities' -A 10

Length of output: 48297

716-717: Verify handling for "index" resource.

Ensure that the logic for handling the "index" resource is correct and aligns with the handling of other resources like "logs", "metrics", and "traces".

Verification successful

Verified handling for "index" resource.

The logic for handling the "index" resource in the updateRolePermissions function is consistent with the handling of other resources like "logs", "metrics", and "traces". The implementation appears correct.

  • The "index" resource is included in the conditional block that handles similar resources.
  • The handling involves finding the corresponding entity in the "stream" resource and calling getResourceEntities on it.
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the correctness of the "index" resource handling in `updateRolePermissions`.

# Test: Search for the `updateRolePermissions` function and ensure "index" is handled similarly to other resources.
rg --type vue 'updateRolePermissions'

Length of output: 65

Script:

#!/bin/bash
# Description: Verify the correctness of the "index" resource handling in `updateRolePermissions`.

# Test: Search for the `updateRolePermissions` function and ensure "index" is handled similarly to other resources.
rg 'updateRolePermissions' -g '*.vue' -A 10

Length of output: 2395

Script:

#!/bin/bash
# Description: Extract the full implementation of the `updateRolePermissions` function from EditRole.vue for verification.

# Test: Extract the full function definition of `updateRolePermissions`.
ast-grep --lang typescript --pattern 'async function updateRolePermissions($_) { $$$ }' web/src/components/iam/roles/EditRole.vue

Length of output: 131

Script:

#!/bin/bash
# Description: Extract the full implementation of the `updateRolePermissions` function from EditRole.vue for verification.

# Test: Search for the `updateRolePermissions` function and include 50 lines of context to capture the full implementation.
rg 'async function updateRolePermissions' web/src/components/iam/roles/EditRole.vue -A 50

Length of output: 91

Script:

#!/bin/bash
# Description: Extract the full implementation of the `updateRolePermissions` function from EditRole.vue for verification.

# Test: Search for the `updateRolePermissions` function and include 100 lines of context to ensure capturing the full implementation.
rg 'const updateRolePermissions = async' web/src/components/iam/roles/EditRole.vue -A 100

Length of output: 3064

@Subhra264 Subhra264 requested a review from hengfeiyang July 10, 2024 10:07
@hengfeiyang hengfeiyang merged commit d0d213e into main Jul 10, 2024
@hengfeiyang hengfeiyang deleted the index_search_rbac branch July 10, 2024 10:16
taimingl pushed a commit that referenced this pull request Jul 12, 2024
@Subhra264 @taimingl
fix: enable rbac for index streams (#3905)
de0a803
@coderabbitai coderabbitai bot mentioned this pull request Nov 4, 2024
Merged
@coderabbitai coderabbitai bot mentioned this pull request Jan 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hengfeiyang hengfeiyang hengfeiyang approved these changes

@haohuaijin haohuaijin haohuaijin approved these changes

+1 more reviewer

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

☢️ Bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

RBAC: rbac users not able to access index stream

3 participants

@Subhra264 @hengfeiyang @haohuaijin