To recreate commits with GPG signaturegit fetch upstream && git rebase --force --gpg-sign upstream/main
Fixes #511
The most important change is in MatchExpressions.java. The backend should not trust the client to provide the list of whole Target objects to evalute match expressions against. This endpoint should really just take a list of target database IDs that the client wants to test with the provided match expression, but it is late to make such a change now. With this patch the server picks only the connectUrl from each of the client's provided targets, then looks up each actual Target instance from the database that has that connectUrl, and tests the provided match expression against this reconstructed list. This ensures that the client is not lying about any properties of the targets, and also ensures that the server doesn't skip evaluating any properties of the target that the client did not include with the request (such as the labels and annotations, which are the root of the associated bug).
How to manually test:
Check out and build PR
./smoketest.bash -Ot
Go to Automated Rules > Create
Test a match expression like 'PORT' in target.annotations.cryostatThis is an automatic backport of pull request #512 done by Mergify.
Welcome to Cryostat3! 👋
Before contributing, make sure you have:
main
branch[chore, ci, docs, feat, fix, test]
To recreate commits with GPG signature
git fetch upstream && git rebase --force --gpg-sign upstream/main
Fixes #511
The most important change is in
MatchExpressions.java
. The backend should not trust the client to provide the list of wholeTarget
objects to evalute match expressions against. This endpoint should really just take a list of target database IDs that the client wants to test with the provided match expression, but it is late to make such a change now. With this patch the server picks only theconnectUrl
from each of the client's provided targets, then looks up each actual Target instance from the database that has thatconnectUrl
, and tests the provided match expression against this reconstructed list. This ensures that the client is not lying about any properties of the targets, and also ensures that the server doesn't skip evaluating any properties of the target that the client did not include with the request (such as the labels and annotations, which are the root of the associated bug).How to manually test:
./smoketest.bash -Ot
'PORT' in target.annotations.cryostat
This is an automatic backport of pull request #512 done by Mergify.