Skip to content

flowctl: normalize --prefix trailing slash to avoid misleading PermissionDenied#3075

Open
GregorShear wants to merge 1 commit into
masterfrom
greg/flowctl-prefix-trailing-slash
Open

flowctl: normalize --prefix trailing slash to avoid misleading PermissionDenied#3075
GregorShear wants to merge 1 commit into
masterfrom
greg/flowctl-prefix-trailing-slash

Conversation

@GregorShear

Copy link
Copy Markdown
Contributor

Problem

flowctl catalog pull-specs --prefix AcmeCo (no trailing slash) returns a misleading error even for fully-authorized users:

PermissionDenied: [email protected] is not authorized to access prefix or name 'AcmeCo' with required capability read

The value is passed verbatim to models::Prefix::new. Estuary prefixes must end in /, so the control plane treats AcmeCo as an unrecognized catalog name rather than a prefix and rejects it.

Fix

Auto-normalize the prefix by appending a trailing / when it's missing. The fix lives in to_vars — the single point through which every NameSelector-based command routes its --prefix values:

  • catalog list
  • catalog pull-specs
  • catalog delete

An empty prefix is deliberately left untouched: "" is a valid selector meaning "everything the user can access", whereas "/" is invalid, so blindly appending would introduce a new bug.

Testing

  • New unit test test_normalize_prefix covers the missing-slash case, multi-segment prefixes, already-normalized input, and the empty edge case.
  • cargo test -p flowctl normalize_prefix passes.

Out of scope

flowctl alerts subscriptions and flowctl raw accept their own --prefix args that don't go through NameSelector, so they retain the same foot-gun. The issue scoped the fix to NameSelector; happy to fold those in as a follow-up if desired.

Closes #2834

…sionDenied

Passing `--prefix <tenant>` without a trailing slash (e.g. `--prefix AcmeCo`) sent the value verbatim to `models::Prefix::new`. Estuary prefixes must end in `/`, so the control plane treated the value as an unrecognized catalog name and returned a misleading `PermissionDenied` error even for fully-authorized users.

Normalize the prefix in `to_vars`, the single point through which `catalog list`, `catalog pull-specs`, and `catalog delete` all route their `--prefix` values. A missing trailing slash is appended; an empty prefix is preserved, since it is a valid "everything" selector and a bare `/` would be rejected.

Closes #2834
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

flowctl catalog: missing trailing slash on --prefix gives misleading PermissionDenied error

1 participant