PMM-13715: allow viewers/editors access limited PMM settings #3518
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## v3 #3518 +/- ##
=======================================
Coverage 43.62% 43.63%
=======================================
Files 366 366
Lines 44328 44352 +24
=======================================
+ Hits 19338 19352 +14
- Misses 23310 23318 +8
- Partials 1680 1682 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
idoqo
changed the title
idoqo
requested review from
ademidoff and
JiriCtvrtka
and removed request for
a team
ademidoff
reviewed
Jan 29, 2025
| "details": { | ||
| "type": "array", | ||
| "items": { | ||
| "description": "`Any` contains an arbitrary serialized protocol buffer message along with a\nURL that describes the type of the serialized message.\n\nProtobuf library provides support to pack/unpack Any values in the form\nof utility functions or additional generated methods of the Any type.\n\nExample 1: Pack and unpack a message in C++.\n\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(\u0026foo)) {\n ...\n }\n\nExample 2: Pack and unpack a message in Java.\n\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n // or ...\n if (any.isSameTypeAs(Foo.getDefaultInstance())) {\n foo = any.unpack(Foo.getDefaultInstance());\n }\n\n Example 3: Pack and unpack a message in Python.\n\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n\n Example 4: Pack and unpack a message in Go\n\n foo := \u0026pb.Foo{...}\n any, err := anypb.New(foo)\n if err != nil {\n ...\n }\n ...\n foo := \u0026pb.Foo{}\n if err := any.UnmarshalTo(foo); err != nil {\n ...\n }\n\nThe pack methods provided by protobuf library will by default use\n'type.googleapis.com/full.type.name' as the type URL and the unpack\nmethods only use the fully qualified type name after the last '/'\nin the type URL, for example \"foo.bar.com/x/y.z\" will yield type\nname \"y.z\".\n\nJSON\n====\nThe JSON representation of an `Any` value uses the regular\nrepresentation of the deserialized, embedded message, with an\nadditional field `@type` which contains the type URL. Example:\n\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": \u003cstring\u003e,\n \"lastName\": \u003cstring\u003e\n }\n\nIf the embedded message type is well-known and has a custom JSON\nrepresentation, that representation will be embedded adding a field\n`value` which holds the custom JSON in addition to the `@type`\nfield. Example (for message [google.protobuf.Duration][]):\n\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }", |
There was a problem hiding this comment.
I wonder, where does this come from? Does it have to be that lengthy?
There was a problem hiding this comment.
Looks like it's generated for all v1/server endpoints
ademidoff
approved these changes
Jan 29, 2025
api/server/v1/server.proto
Outdated
| @@ -181,12 +181,42 @@ message Settings { | |||
| uint32 default_role_id = 18; | |||
| } | |||
|
|
|||
| // Settings represents a stripped-down version of PMM Server settings that can be accessed by users of all roles. | |||
There was a problem hiding this comment.
Suggested change
| // Settings represents a stripped-down version of PMM Server settings that can be accessed by users of all roles. | |
| // ReadOnlySettings represents a stripped-down version of PMM Server settings that can be accessed by users of all roles. |
| @@ -63,6 +63,7 @@ var rules = map[string]role{ | |||
| "/v1/alerting": viewer, | |||
| "/v1/advisors": editor, | |||
| "/v1/advisors/checks:": editor, | |||
| "/v1/advisors/failedServices": editor, | |||
managed/services/server/server.go
Outdated
| @@ -494,6 +494,35 @@ func (s *Server) convertSettings(settings *models.Settings, connectedToPlatform | |||
| return res | |||
| } | |||
|
|
|||
| // convertReadOnlySettings merges database settings and settings from environment variables into API response. | |||
There was a problem hiding this comment.
Suggested change
| // convertReadOnlySettings merges database settings and settings from environment variables into API response. | |
| // convertReadOnlySettings created a subset of database settings for the "viewer" role. |
There was a problem hiding this comment.
I don't see the envvars involved here. :)
BupycHuk
requested changes
Jan 29, 2025
api/server/v1/server.proto
Outdated
Comment on lines
194
to
195
| // Percona Platform user's email, if this PMM instance is linked to the Platform. | ||
| string platform_email = 8; |
There was a problem hiding this comment.
do we really need this setting to be public?
api/server/v1/server.proto
Outdated
Comment on lines
190
to
191
| MetricsResolutions metrics_resolutions = 3; | ||
| google.protobuf.Duration data_retention = 4; |
There was a problem hiding this comment.
do we really need these settings to be public?
There was a problem hiding this comment.
let's reserve these numbers, but not provide value yet until it's required
api/server/v1/server.proto
Outdated
Comment on lines
199
to
201
| string pmm_public_address = 11; | ||
| // Intervals between Advisor runs. | ||
| AdvisorRunIntervals advisor_run_intervals = 12; |
There was a problem hiding this comment.
do we really need these settings to be public?
There was a problem hiding this comment.
Not really - they are shown on the advanced settings page, but non-admin roles can't access that page anyway - we can reserve the number as in the other cases
api/server/v1/server.proto
Outdated
| // True if Azure Discover is enabled. | ||
| bool azurediscover_enabled = 14; | ||
| // True if Access Control is enabled. | ||
| bool enable_access_control = 17; |
There was a problem hiding this comment.
oh shit, it's inconsistent with other fields.
There was a problem hiding this comment.
Yeah I saw too - will need to prep separate PR to update it
idoqo
force-pushed
the
PMM-12356-allow-editor-for-check-results
branch
from
81319bf to
c88f399
Compare
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PMM-13715
PMM-12356
Link to the Feature Build: SUBMODULES-3840
If this PR adds or removes or alters one or more API endpoints, please review and add or update the relevant API documents as well:
If this PR is related to some other PRs in this or other repositories, please provide links to those PRs: