Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v23.2.x] admin: fix path param parsing in admin api #16813

Merged
merged 4 commits into from
Mar 6, 2024
Merged

[v23.2.x] admin: fix path param parsing in admin api #16813

merged 4 commits into from
Mar 6, 2024

Conversation

pgellert
Copy link
Contributor

Backport of PR #16694

@pgellert pgellert added this to the v23.2.x-next milestone Feb 29, 2024
@pgellert pgellert added the kind/backport PRs targeting a stable branch label Feb 29, 2024
@pgellert pgellert marked this pull request as ready for review March 1, 2024 09:10
@oleiman
Copy link
Member

oleiman commented Mar 1, 2024

Looks like this got sort of mangled (or I'm reading it wrong)

  1. Some code motion between 23.2 and now, so this PR introduces admin/util.
  2. 776ea0a is empty? so the new function isn't getting called, right?

Given (1) maybe we should ditch this backport? Or also cherry-pick the original admin/util commits? Was there an urgent need to have this in v23.2.x?

pgellert added 4 commits March 4, 2024 16:13
@pgellert
admin: implement path parameter parser
ed6bb52 
This adds a utility method to parse/unescape path parameters in urls.

This was motivated by an issue where the admin API was using query
parameter unescaping to parse the username path parameter in ACL delete
and update requests, in which case the + sign was incorrectly replaced
with a ' '. This prevented admins from deleting users with a + in their
username.

(cherry picked from commit 27fe9c6)
@pgellert
admin: fix admin API path parameter parsing
7bec562 
This uses the new path parameter parsing method to correctly decode path
parameters in the admin API.

This was motivated by an issue where the admin API was using query
parameter unescaping to parse the username path parameter in ACL delete
and update requests, in which case the + sign was incorrectly replaced
with a ' '. This prevented admins from deleting users with a + in their
username.

(cherry picked from commit 02bb44e)
@pgellert
test: rpk user delete of complex username
2780b2b 
This adds a regression test to test that we can both create and delete a
user with a complex username (containing symbols that are considered to
be special symbols in the url syntax). This is tested through a ducktape
test using rpk to validate that the url encoding and decoding works well
throughout the interaction of rpk and the admin API.

This adds a regression test to test that we can both create and delete a
user with a complex username (containing symbols that are considered to
be special symbols in the url syntax). This is tested through a ducktape
test using rpk to validate that the url encoding and decoding works well
throughout the interaction of rpk and the admin API.

(cherry picked from commit c55f603)
@pgellert
admin/test: add unit tests for path_decode
5a9169a 
(cherry picked from commit bf6c0f6)
@pgellert pgellert force-pushed the vbotbuildovich/backport-16694-v23.2.x-541 branch from 89f3433 to 5a9169a Compare March 4, 2024 18:08
@pgellert
Copy link
Contributor Author

pgellert commented Mar 4, 2024

Looks like this got sort of mangled (or I'm reading it wrong)

  1. Some code motion between 23.2 and now, so this PR introduces admin/util.

Yes, it's made a bit more complex because the admin API code was only separated out into the admin/ folder by v23.3.x so the backporting creates the file (and its containing directory) that I am otherwise editing in the original PR.

  1. 776ea0a is empty? so the new function isn't getting called, right?

It is getting called but as I was cherry picking and resolving conflicts the change to exercise the new functions got ahead to the first commit. I've fixed this now in the force-push to moves this back to the second (now non-empty) commit to align with the original PR.

Based on the Slack discussion, I think this should be good to merge as is, but let me know what you think.

@oleiman
Copy link
Member

oleiman commented Mar 4, 2024
edited
Loading

the change to exercise the new functions got ahead to the first commit

Ah, yeah, my diffs were noisy from the admin/util changes, so I missed it. Sounds good.

For the admin/util changes themselves, I think doing it this way would make backporting the original admin/util change more difficult, but presumably there's no plan to do that. If you're unsure, you might solicit a 3rd set of eyes, but it seems fine to me.

@pgellert pgellert merged commit 3805bc4 into redpanda-data:v23.2.x Mar 6, 2024
22 checks passed
@BenPope BenPope modified the milestones: v23.2.x-next, v23.2.27 Mar 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oleiman oleiman oleiman approved these changes

@BenPope BenPope Awaiting requested review from BenPope

@graphcareful graphcareful Awaiting requested review from graphcareful

@michael-redpanda michael-redpanda Awaiting requested review from michael-redpanda

Assignees

@pgellert pgellert

Labels
area/redpanda kind/backport PRs targeting a stable branch
Projects
None yet
Milestone
v23.2.27
Development

Successfully merging this pull request may close these issues.
3 participants
@pgellert @oleiman @BenPope