Skip to content

Commit

Permalink
Fix permissions for safekeeper failpoints (#7669)
Browse files Browse the repository at this point in the history
We didn't check permission in `"/v1/failpoints"` endpoint, it means that
everyone with per-tenant token could modify the failpoints. This commit
fixes that.
  • Loading branch information
petuhovskiy authored May 10, 2024
1 parent 873b222 commit 0b02043
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions safekeeper/src/http/routes.rs
Original file line number Diff line number Diff line change
Expand Up @@ -519,6 +519,7 @@ pub fn make_router(conf: SafeKeeperConf) -> RouterBuilder<hyper::Body, ApiError>
.get("/v1/status", |r| request_span(r, status_handler))
.put("/v1/failpoints", |r| {
request_span(r, move |r| async {
check_permission(&r, None)?;
let cancel = CancellationToken::new();
failpoints_handler(r, cancel).await
})
Expand Down

1 comment on commit 0b02043

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3105 tests run: 2960 passed, 0 failed, 145 skipped (full report)


Flaky tests (2)

Postgres 16

  • test_download_remote_layers_api: release

Postgres 15

  • test_synthetic_size_while_deleting: debug

Code coverage* (full report)

  • functions: 31.4% (6323 of 20136 functions)
  • lines: 47.3% (47656 of 100778 lines)

* collected from Rust tests only


The comment gets automatically updated with the latest test results
0b02043 at 2024-05-10T14:01:52.653Z :recycle:

Please sign in to comment.