Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scraping service: harden security restrictions on instance files #558

Merged
merged 4 commits into from
Apr 26, 2021
Merged

Scraping service: harden security restrictions on instance files #558

merged 4 commits into from
Apr 26, 2021

Conversation

rfratto
Copy link
Member

@rfratto rfratto commented Apr 23, 2021

No description provided.

56quarters
56quarters reviewed Apr 23, 2021
View reviewed changes
Copy link
Contributor

@56quarters 56quarters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing, I like this approach a lot more than just adding the warning in the docs. I'd love to see tests for this but this approach is 💯

@rfratto rfratto changed the title Add security warning for scraping service API Scraping service: harden security restrictions on instance files Apr 23, 2021
@rfratto rfratto requested a review from mattdurham April 23, 2021 15:46
56quarters
56quarters approved these changes Apr 23, 2021
View reviewed changes
Copy link
Contributor

@56quarters 56quarters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

simonswine
simonswine reviewed Apr 23, 2021
View reviewed changes
pkg/prom/cluster/validation.go
return nil
}

func validateDiscoveryNoFiles(disc discovery.Config) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would consider using reflection, to avoid breakage when new discovery mechanisms are added

@rfratto rfratto merged commit 44bc96d into grafana:main Apr 26, 2021
@rfratto rfratto deleted the security-warning-scraping-service-api branch April 26, 2021 20:16
@mattdurham mattdurham mentioned this pull request Sep 7, 2021
Closed
3 tasks
mattdurham pushed a commit that referenced this pull request Nov 11, 2021
@rfratto
Scraping service: harden security restrictions on instance files (#558)
22c2c3f 
* add security warning for scraping service API

* implement dangerous_allow_reading_files for scraping service

* add breaking changes to migration guide

* tests
@github-actions github-actions bot added the frozen-due-to-age Locked due to a period of inactivity. Please open new issues or PRs if more discussion is needed. label Apr 13, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@simonswine simonswine simonswine left review comments

@56quarters 56quarters 56quarters approved these changes

@mattdurham mattdurham mattdurham approved these changes

Assignees
No one assigned
Labels
frozen-due-to-age Locked due to a period of inactivity. Please open new issues or PRs if more discussion is needed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rfratto @simonswine @56quarters @mattdurham