Skip to content

fix(BA-5594): restrict agent_nodes and agents_v2 queries to superadmin only#10803

Merged
jopemachine merged 3 commits intomainfrom
fix/BA-5594/restrict-agent-queries-to-admin
Apr 8, 2026
Merged

fix(BA-5594): restrict agent_nodes and agents_v2 queries to superadmin only#10803
jopemachine merged 3 commits intomainfrom
fix/BA-5594/restrict-agent-queries-to-admin

Conversation

@jopemachine
Copy link
Copy Markdown
Member

@jopemachine jopemachine commented Apr 6, 2026
edited
Loading

Summary

  • Regular users could access full agent infrastructure details (addr, available_slots, occupied_slots, scaling_group, region) via agent_nodes and agents_v2 GraphQL queries
  • Legacy agent_nodes: Added superadmin role check in AgentNode.get_connection() — returns empty results for non-superadmin (consistent with existing resolve_agents/resolve_agent_list which use @privileged_query(UserRole.SUPERADMIN))
  • V2 agents_v2: Added check_admin_only() guard
  • agent_summary_list is unaffected — it's the intentional non-admin schema that excludes sensitive fields (no addr, region, hardware_metadata)

Test plan

  • Query agent_nodes as regular user → should return empty results
  • Query agent_nodes as superadmin → should work as before
  • Query agents_v2 as regular user → should return 403
  • Query agents_v2 as superadmin → should work as before
  • Verify agent_summary_list still works for regular users
  • Verify WebUI dashboard displays correctly for both admin and non-admin users

Resolves BA-5594 (#10800)

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings April 6, 2026 03:41
@github-actions github-actions bot added size:XS ~10 LoC comp:manager Related to Manager component labels Apr 6, 2026
Copilot AI reviewed Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses an information disclosure issue where non-superadmin users could retrieve sensitive agent infrastructure details via GraphQL, by restricting access to the legacy agent_nodes connection and the v2 agents_v2 query.

Changes:

  • Enforced superadmin-only access for Strawberry agents_v2 via check_admin_only().
  • Restricted legacy AgentNode.get_connection() to return an empty result set for non-superadmins.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File Description
src/ai/backend/manager/api/gql/agent/resolver.py Adds an admin-only guard to the v2 agents listing resolver.
src/ai/backend/manager/api/gql_legacy/agent.py Adds a superadmin gate to the legacy paginated agent node connection resolver.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/ai/backend/manager/api/gql/agent/resolver.py
Comment thread src/ai/backend/manager/api/gql/agent/resolver.py
Comment thread src/ai/backend/manager/api/gql_legacy/agent.py
Comment thread src/ai/backend/manager/api/gql_legacy/agent.py
Comment thread src/ai/backend/manager/api/gql_legacy/agent.py
jopemachine added a commit that referenced this pull request Apr 6, 2026
@jopemachine @claude
docs: add news fragment for #10803
f5203a1 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jopemachine jopemachine added this to the 25.15 milestone Apr 6, 2026
@github-actions github-actions bot added size:L 100~500 LoC and removed size:XS ~10 LoC labels Apr 6, 2026
@jopemachine jopemachine force-pushed the fix/BA-5594/restrict-agent-queries-to-admin branch from 9702cce to 59ea141 Compare April 6, 2026 04:25
HyeockJinKim
HyeockJinKim previously approved these changes Apr 6, 2026
View reviewed changes
@jopemachine jopemachine force-pushed the fix/BA-5594/restrict-agent-queries-to-admin branch from 59ea141 to 12bab04 Compare April 6, 2026 04:34
@jopemachine jopemachine requested a review from HyeockJinKim April 6, 2026 04:39
@jopemachine jopemachine force-pushed the fix/BA-5594/restrict-agent-queries-to-admin branch from 12bab04 to a9cca0c Compare April 6, 2026 04:51
fregataa
fregataa reviewed Apr 7, 2026
View reviewed changes
Comment thread src/ai/backend/manager/api/gql_legacy/agent.py
@jopemachine jopemachine force-pushed the fix/BA-5594/restrict-agent-queries-to-admin branch from a9cca0c to 99e78a0 Compare April 7, 2026 05:29
@jopemachine jopemachine requested review from a team and fregataa April 8, 2026 04:11
jopemachine and others added 3 commits April 8, 2026 16:02
@jopemachine @claude
fix(BA-5594): restrict agent_nodes and agents_v2 queries to superadmi…
d7458e1 
…n only

Regular users could access full agent infrastructure details (addr,
available_slots, occupied_slots, scaling_group, region) via agent_nodes
and agents_v2 GraphQL queries. The legacy resolve_agents/resolve_agent_list
were properly protected with @privileged_query(UserRole.SUPERADMIN), but
agent_nodes used RBAC with AgentPermission.CREATE_COMPUTE_SESSION which
is granted to all users, and agents_v2 had no access control at all.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jopemachine
fix: Merge
69ba219
@jopemachine @claude
test(BA-5594): add regression tests for agent query admin restriction
3c70210 
Verify that agent_nodes (legacy) and agents_v2 (Strawberry) reject
non-superadmin users: regular users, domain admins, and monitors.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jopemachine jopemachine force-pushed the fix/BA-5594/restrict-agent-queries-to-admin branch from 99e78a0 to 3c70210 Compare April 8, 2026 07:03
@jopemachine jopemachine enabled auto-merge (squash) April 8, 2026 07:03
@jopemachine jopemachine merged commit 2215009 into main Apr 8, 2026
33 checks passed
@jopemachine jopemachine deleted the fix/BA-5594/restrict-agent-queries-to-admin branch April 8, 2026 07:16
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2026

Backport to 26.3 is failed. Please backport manually.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2026

Backport to 26.2 is failed. Please backport manually.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2026

Backport to 25.15 is failed. Please backport manually.

jopemachine added a commit that referenced this pull request Apr 8, 2026
@jopemachine
fix(BA-5594): restrict agent_nodes queries to superadmin only (#10803)
e4d2255 
Restrict legacy `agent_nodes` GraphQL query to superadmin only,
preventing regular users from accessing agent infrastructure details
such as internal addresses, resource capacity, and hardware metadata.

Note: 25.15 does not have the v2 `agents_v2` query, so only the
legacy `agent_nodes` resolver is patched here.

Backported-from: main
Backported-to: 25.15
Backport-of: 10803
@jopemachine jopemachine mentioned this pull request Apr 8, 2026
Merged
HyeockJinKim pushed a commit that referenced this pull request Apr 8, 2026
@jopemachine
fix(BA-5594): restrict agent_nodes queries to superadmin only (#10803) (
4e42f63 
#10868)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@HyeockJinKim HyeockJinKim HyeockJinKim approved these changes

@seedspirit seedspirit seedspirit approved these changes

@fregataa fregataa Awaiting requested review from fregataa

Assignees

@jopemachine jopemachine

Labels

comp:manager Related to Manager component size:L 100~500 LoC

Projects

None yet

Milestone

25.15

Development

Successfully merging this pull request may close these issues.

5 participants

@jopemachine @HyeockJinKim @fregataa @seedspirit