[OPIK-5535] Fix 403 on get_blueprint() when resolving project by name#6051
Merged
[OPIK-5535] Fix 403 on get_blueprint() when resolving project by name#6051
Conversation
The SDK's get_blueprint() resolves project name to ID via POST /v1/private/projects/retrieve, but this endpoint was missing from the PUBLIC_ENDPOINTS whitelist — causing 403 for users with viewer/public access. The equivalent datasets/retrieve endpoint was already whitelisted.
![baz-reviewer[bot]](https://avatars.githubusercontent.com/in/933528?s=60&v=4){kind=small}
apps/opik-backend/src/main/java/com/comet/opik/infrastructure/auth/RemoteAuthService.java
Show resolved
Hide resolved
…ace test Add verifyVisibility check to ProjectService.retrieveByName(), consistent with getById(). Without this, the newly public projects/retrieve endpoint would expose private projects to unauthenticated users falling back to Visibility.PUBLIC. Add test verifying that retrieving a project by name from a different workspace returns 404.
github-actions
bot
added
the
tests
thiagohora
approved these changes
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Details
get_blueprint()callsPOST /v1/private/projects/retrieveto resolve a project name to its ID. This endpoint was missing from thePUBLIC_ENDPOINTSwhitelist inRemoteAuthService, causing a 403 Forbidden for users with viewer/public access — even though the project was accessible via all other (GET-based) API paths.The equivalent
POST /v1/private/datasets/retrievewas already whitelisted. This adds the same for projects.Change checklist
Issues
AI-WATERMARK
AI-WATERMARK: yes
Testing
One-line addition to a static whitelist — no new runtime behavior to test beyond existing auth integration tests.
Documentation
No documentation changes needed.