Project

General

Profile

Actions

Bug #25348

closed

Deleting CVE group is possible even if it is a system group

Added by Clark ANDRIANASOLO 4 months ago. Updated 3 months ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

Since the feature of making groups based on CVEs #25147, I can create a CVE group from a specific CVE, and there is a button to delete the group in the CVE details :

This successfully creates the properties to mark each node as impacted by the CVE ("CVE-XXXX-XXXX":"impacted"). The "Delete group" button is removing all these properties in impacted nodes.

But when going to the group page, I can delete the group from here, the property still remains in the group :

The CVE groups should not even be deletable, because they are system groups (in the API and in the UI).
And cloning should not also be allowed (or at least clone the group as a non-system one).
Also in the UI we would need to disable the button and show a tooltip to indicate that the group UI is not removable from there, but only from the CVE details page (and if possible add the url).


Files

clipboard-202408231447-ttzcn.png (37.4 KB) clipboard-202408231447-ttzcn.png Clark ANDRIANASOLO, 2024-08-23 14:47
clipboard-202408231452-dgqgg.png (56.2 KB) clipboard-202408231452-dgqgg.png Clark ANDRIANASOLO, 2024-08-23 14:52
clipboard-202409121533-26olh.png (25.1 KB) clipboard-202409121533-26olh.png François ARMAND, 2024-09-12 15:33

Subtasks 1 (0 open1 closed)

Change validation - Bug #25397: Added test groups make change-validation tests failReleasedFrançois ARMANDActions
Actions #1

Updated by Clark ANDRIANASOLO 4 months ago

  • Description updated (diff)
Actions #2

Updated by Clark ANDRIANASOLO 4 months ago

  • Description updated (diff)
Actions #4

Updated by Clark ANDRIANASOLO 4 months ago

  • Status changed from New to In progress
Actions #5

Updated by Clark ANDRIANASOLO 4 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Clark ANDRIANASOLO to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/5833
Actions #6

Updated by Clark ANDRIANASOLO 4 months ago

  • Pull Request changed from https://github.com/Normation/rudder/pull/5833 to https://github.com/Normation/rudder/pull/5834
Actions #7

Updated by Clark ANDRIANASOLO 4 months ago · Edited

In fact CVE groups are not system groups.

Only the "CVE Groups" category is a system category...

And the UI for each CVE group is weird since it show that the category is the "Root category", and not the "CVE Groups" one

Actions #8

Updated by Clark ANDRIANASOLO 4 months ago

  • Description updated (diff)
Actions #9

Updated by Clark ANDRIANASOLO 4 months ago

  • Status changed from Pending technical review to Pending release
Actions #10

Updated by Clark ANDRIANASOLO 4 months ago

This has been merged in 8.1, not 8.2

Actions #11

Updated by Clark ANDRIANASOLO 4 months ago

  • Target version changed from 8.2.0~beta1 to 8.1.7
Actions #12

Updated by Clark ANDRIANASOLO 4 months ago

  • Subtask #25397 added
Actions #13

Updated by François ARMAND 3 months ago

Button is not here anymore, and API reports an error

Actions #14

Updated by Vincent MEMBRÉ 3 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 8.1.7 which was released today.

Actions

Also available in: Atom PDF