Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: enforce permissions #981

Merged
merged 1 commit into from
Nov 11, 2024
Merged

chore: enforce permissions #981

merged 1 commit into from
Nov 11, 2024

Conversation

ctron
Copy link
Contributor

@ctron ctron commented Nov 7, 2024
edited
Loading

Right now, in most cases, we just require a user to be authenticated. However, we also should provide a minimal authorization, as we did in trustification.

@ctron ctron force-pushed the feature/require_permissions_1 branch 3 times, most recently from 53da210 to a553b66 Compare November 8, 2024 10:36
@ctron ctron force-pushed the feature/require_permissions_1 branch from a553b66 to 6b897dc Compare November 8, 2024 11:13
@bobmcwhirter
Copy link
Contributor

LGTM
narrator: he didn't look

@ctron
Copy link
Contributor Author

ctron commented Nov 11, 2024

LGTM narrator: he didn't look

At least you commented. I appreciate that. 😆

JimFuller-RedHat
JimFuller-RedHat reviewed Nov 11, 2024
View reviewed changes
common/auth/src/authorizer/require.rs
}

#[macro_export]
macro_rules! all {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

JimFuller-RedHat
JimFuller-RedHat approved these changes Nov 11, 2024
View reviewed changes
Copy link
Collaborator

@JimFuller-RedHat JimFuller-RedHat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pedant in me feels the need to point out that this is a coarse grained perms on REST API eg. that is likely not to easily evolve past securing CRUD on endpoints (ex. securing a single vulnerability, advisory, etc). From an infra pov - we could alternately have nginx or api gateway enforce such things. All that being said - LGTM as designed (just making explicit).

@ctron ctron added this pull request to the merge queue Nov 11, 2024
@ctron
Copy link
Contributor Author

ctron commented Nov 11, 2024

The pedant in me feels the need to point out that this is a coarse grained perms on REST API eg. that is likely not to easily evolve past securing CRUD on endpoints (ex. securing a single vulnerability, advisory, etc). From an infra pov - we could alternately have nginx or api gateway enforce such things. All that being said - LGTM as designed (just making explicit).

I agree, it's the best we can do today. I think, moving forward, we need much finer grained permissions. And ACL/RBAC/…

Merged via the queue into trustification:main with commit 15e9b31 Nov 11, 2024
2 checks passed
@ctron ctron deleted the feature/require_permissions_1 branch November 11, 2024 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JimFuller-RedHat JimFuller-RedHat JimFuller-RedHat approved these changes

@jcrossley3 jcrossley3 Awaiting requested review from jcrossley3

Assignees
No one assigned
Labels
None yet
Projects
Trustify
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ctron @bobmcwhirter @JimFuller-RedHat