Bug #25348: Deleting CVE group is possible even if it is a system group - Rudder - Issue Tracker

Actions

Bug #25348

closed

Deleting CVE group is possible even if it is a system group

Added by Clark ANDRIANASOLO 3 months ago. Updated about 2 months ago.

Status:

Released

Priority:

N/A

Assignee:

François ARMAND

Category:

API

Target version:

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

Minor - inconvenience | misleading | easy workaround

UX impact:

User visibility:

Operational - other Techniques | Rudder settings | Plugins

Effort required:

Small

Priority:

0

Name check:

To do

Fix check:

Checked

Regression:

No

Description

Since the feature of making groups based on CVEs #25147, I can create a CVE group from a specific CVE, and there is a button to delete the group in the CVE details :

This successfully creates the properties to mark each node as impacted by the CVE ("CVE-XXXX-XXXX":"impacted"). The "Delete group" button is removing all these properties in impacted nodes.

But when going to the group page, I can delete the group from here, the property still remains in the group :

The CVE groups should not even be deletable, because they are system groups (in the API and in the UI).
And cloning should not also be allowed (or at least clone the group as a non-system one).
Also in the UI we would need to disable the button and show a tooltip to indicate that the group UI is not removable from there, but only from the CVE details page (and if possible add the url).

Files

Download all files

clipboard-202408231447-ttzcn.png (37.4 KB) clipboard-202408231447-ttzcn.png		Clark ANDRIANASOLO, 2024-08-23 14:47
clipboard-202408231452-dgqgg.png (56.2 KB) clipboard-202408231452-dgqgg.png		Clark ANDRIANASOLO, 2024-08-23 14:52
clipboard-202409121533-26olh.png (25.1 KB) clipboard-202409121533-26olh.png		François ARMAND, 2024-09-12 15:33

Subtasks 1 (0 open — 1 closed)

Actions

#1

Updated by Clark ANDRIANASOLO 3 months ago

Description updated (diff)

Actions

#2

Updated by Clark ANDRIANASOLO 3 months ago

Description updated (diff)

Actions

#4

Updated by Clark ANDRIANASOLO 3 months ago

Status changed from New to In progress

Actions

#5

Updated by Clark ANDRIANASOLO 3 months ago

Status changed from In progress to Pending technical review
Assignee changed from Clark ANDRIANASOLO to François ARMAND
Pull Request set to https://github.com/Normation/rudder/pull/5833

PR https://github.com/Normation/rudder/pull/5833

Actions

#6

Updated by Clark ANDRIANASOLO 3 months ago

Pull Request changed from https://github.com/Normation/rudder/pull/5833 to https://github.com/Normation/rudder/pull/5834

PR https://github.com/Normation/rudder/pull/5834

Actions

#7

Updated by Clark ANDRIANASOLO 3 months ago · Edited

In fact CVE groups are not system groups.

Only the "CVE Groups" category is a system category...

And the UI for each CVE group is weird since it show that the category is the "Root category", and not the "CVE Groups" one

Actions

#8

Updated by Clark ANDRIANASOLO 3 months ago

Description updated (diff)

Actions

#9

Updated by Clark ANDRIANASOLO 3 months ago

Status changed from Pending technical review to Pending release

Applied in changeset rudder|11de0e1ef34195f65a6d6cb30b4c9b02497b5840.

Actions

#10

Updated by Clark ANDRIANASOLO 3 months ago

This has been merged in 8.1, not 8.2

Actions

#11

Updated by Clark ANDRIANASOLO 3 months ago

Target version changed from 8.2.0~beta1 to 8.1.7

Actions

#12

Updated by Clark ANDRIANASOLO 3 months ago

Subtask #25397 added

Actions

#13

Updated by François ARMAND 2 months ago

File clipboard-202409121533-26olh.png clipboard-202409121533-26olh.png added
Fix check changed from To do to Checked

Button is not here anymore, and API reports an error

Actions

#14

Updated by Vincent MEMBRÉ about 2 months ago

Status changed from Pending release to Released

This bug has been fixed in Rudder 8.1.7 which was released today.

Actions

Also available in: Atom PDF