FrankChen021 commented on code in PR #19253:
URL: https://github.com/apache/druid/pull/19253#discussion_r3141492431
##########
web-console/src/views/services-view/services-view.tsx:
##########
@@ -366,6 +524,54 @@ ORDER BY
});
}
+ if (capabilities.hasCoordinatorAccess() &&
visibleColumns.shown('Detail')) {
+ auxiliaryQueries.push(async (servicesWithAuxiliaryInfo, signal) => {
+ const [cloneStatusResp, configResp] = await Promise.all([
+ getApiArrayFromKey<CloneStatusInfo>(
+ '/druid/coordinator/v1/config/cloneStatus',
+ 'cloneStatus',
+ signal,
+ ).catch(() => {
+ AppToaster.show({
+ icon: IconNames.ERROR,
+ intent: Intent.DANGER,
+ message: 'There was an error getting the clone status map',
+ });
+ return [] as CloneStatusInfo[];
+ }),
+ Api.instance
+ .get<CoordinatorDynamicConfig>('/druid/coordinator/v1/config',
{ signal })
Review Comment:
[P2] Avoid requiring config permission for services view
The services view is available when hasCoordinatorAccess() is true, which
only proves the user can reach coordinator state endpoints. This new auxiliary
request calls /druid/coordinator/v1/config, which is protected by
ConfigResourceFilter, so users with STATE read access but without CONFIG read
access will now get a failure toast on every Services refresh/open even though
the table itself can load. The decommissioning/turbo details should be fetched
through a state-authorized endpoint or the 403 should be treated as unavailable
without surfacing an error.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
