Re: [Pulp-dev] RBAC: Secure by default?
+1 What happens if a new account is created on an existing Pulp installation (if that is possible)? Would it then start following the deny-by-default pattern? On Wed, Jan 6, 2021 at 8:57 AM David Davis wrote: > +1 from me. > > David > > > On Wed, Jan 6, 2021 at 8:28 AM Ina Panova wrote: > >> +1 to the change. >> >> >> >> Regards, >> >> Ina Panova >> Senior Software Engineer| Pulp| Red Hat Inc. >> >> "Do not go where the path may lead, >> go instead where there is no path and leave a trail." >> >> >> On Wed, Dec 16, 2020 at 8:14 PM Tanya Tereshchenko >> wrote: >> >>> It sounds like a good idea, and additional +1 that it doesn't break >>> things. >>> >>> On Tue, Dec 15, 2020 at 5:57 PM Matthias Dellweg >>> wrote: >>> In today's pulpcore meeting, we discussed that any endpoint that is not aware of RBAC yet will be open to every authenticated user. The suggestion that was given, is that we change that default. So all endpoints will raise permission errors unless RBAC opens them up. This would not affect any existing installation, where we only allowed the use of a single admin user. And by circumventing the permission framework this special user will remain to be able to talk to all available endpoints without restrictions. On the other hand it should smooth out the transition period until we have RBAC in all places. Since you could start giving permissions to users for viewsets that have an access_policy, while not risking to give them access to other sensitive parts that don't have it yet. What do you all think? ___ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev >>> ___ >>> Pulp-dev mailing list >>> Pulp-dev@redhat.com >>> https://www.redhat.com/mailman/listinfo/pulp-dev >>> >> ___ >> Pulp-dev mailing list >> Pulp-dev@redhat.com >> https://www.redhat.com/mailman/listinfo/pulp-dev >> > ___ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev > ___ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev
Re: [Pulp-dev] RBAC: Secure by default?
+1 from me. David On Wed, Jan 6, 2021 at 8:28 AM Ina Panova wrote: > +1 to the change. > > > > Regards, > > Ina Panova > Senior Software Engineer| Pulp| Red Hat Inc. > > "Do not go where the path may lead, > go instead where there is no path and leave a trail." > > > On Wed, Dec 16, 2020 at 8:14 PM Tanya Tereshchenko > wrote: > >> It sounds like a good idea, and additional +1 that it doesn't break >> things. >> >> On Tue, Dec 15, 2020 at 5:57 PM Matthias Dellweg >> wrote: >> >>> In today's pulpcore meeting, we discussed that any endpoint that is not >>> aware of RBAC yet will be open to every authenticated user. >>> >>> The suggestion that was given, is that we change that default. So all >>> endpoints will raise permission errors unless RBAC opens them up. >>> This would not affect any existing installation, where we only allowed >>> the use of a single admin user. And by circumventing the permission >>> framework this special user will remain to be able to talk to all available >>> endpoints without restrictions. >>> On the other hand it should smooth out the transition period until we >>> have RBAC in all places. Since you could start giving permissions to users >>> for viewsets that have an access_policy, while not risking to give them >>> access to other sensitive parts that don't have it yet. >>> >>> What do you all think? >>> ___ >>> Pulp-dev mailing list >>> Pulp-dev@redhat.com >>> https://www.redhat.com/mailman/listinfo/pulp-dev >>> >> ___ >> Pulp-dev mailing list >> Pulp-dev@redhat.com >> https://www.redhat.com/mailman/listinfo/pulp-dev >> > ___ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev > ___ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev
Re: [Pulp-dev] RBAC: Secure by default?
+1 to the change. Regards, Ina Panova Senior Software Engineer| Pulp| Red Hat Inc. "Do not go where the path may lead, go instead where there is no path and leave a trail." On Wed, Dec 16, 2020 at 8:14 PM Tanya Tereshchenko wrote: > It sounds like a good idea, and additional +1 that it doesn't break > things. > > On Tue, Dec 15, 2020 at 5:57 PM Matthias Dellweg > wrote: > >> In today's pulpcore meeting, we discussed that any endpoint that is not >> aware of RBAC yet will be open to every authenticated user. >> >> The suggestion that was given, is that we change that default. So all >> endpoints will raise permission errors unless RBAC opens them up. >> This would not affect any existing installation, where we only allowed >> the use of a single admin user. And by circumventing the permission >> framework this special user will remain to be able to talk to all available >> endpoints without restrictions. >> On the other hand it should smooth out the transition period until we >> have RBAC in all places. Since you could start giving permissions to users >> for viewsets that have an access_policy, while not risking to give them >> access to other sensitive parts that don't have it yet. >> >> What do you all think? >> ___ >> Pulp-dev mailing list >> Pulp-dev@redhat.com >> https://www.redhat.com/mailman/listinfo/pulp-dev >> > ___ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev > ___ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev
Re: [Pulp-dev] RBAC: Secure by default?
It sounds like a good idea, and additional +1 that it doesn't break things. On Tue, Dec 15, 2020 at 5:57 PM Matthias Dellweg wrote: > In today's pulpcore meeting, we discussed that any endpoint that is not > aware of RBAC yet will be open to every authenticated user. > > The suggestion that was given, is that we change that default. So all > endpoints will raise permission errors unless RBAC opens them up. > This would not affect any existing installation, where we only allowed the > use of a single admin user. And by circumventing the permission framework > this special user will remain to be able to talk to all available endpoints > without restrictions. > On the other hand it should smooth out the transition period until we have > RBAC in all places. Since you could start giving permissions to users for > viewsets that have an access_policy, while not risking to give them access > to other sensitive parts that don't have it yet. > > What do you all think? > ___ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev > ___ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev
