Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Revisit authorization logic
See original GitHub issueProblem description
-
The authorization subsystem doesn’t give adequate information to the authorization handler, to disambiguate between scope creation and scope use. One is unable to grant to the administrator the ability to create scopes, and grant to a user the ability to create streams within a given scope (but not to create scopes). Similar situation for scope deletion.
-
Similar situation for streams with respect to scopes; e.g. the ability to write to a stream without the ability to create streams.
-
Some of the calls are marked as requiring
READ_UPDATEwhereasREADmay be sufficient:
getCurrentSegmentsgetSegmentsgetURIisStreamCutValidgetDelegationToken(varies by situation?)
Problem location
io.pravega.controller.server.rpc.grpc.v1.ControllerServiceImplio.pravega.controller.server.rest.resources.StreamMetadataResourceImpl
Suggestions for an improvement
Adjust the argument passed to the authorize call on the auth handler, such that a call to create or delete a sub-resource has the parent resource as the argument. For example:
| action | logic |
|---|---|
| list scopes | authorize("/", READ) |
| create scope | authorize("/", READ_UPDATE) |
| delete scope | authorize("/", READ_UPDATE) |
| list streams | authorize(scopeName, READ) |
| create stream | authorize(scopeName, READ_UPDATE) |
| delete stream | authorize(scopeName, READ_UPDATE) |
| read stream | authorize(scopeName + "/" + streamName, READ) |
| write stream | authorize(scopeName + "/" + streamName, READ_UPDATE) |
Be sure to update ControllerServiceImpl and StreamMetadataResourceImpl since the logic is duplicated.
Issue Analytics
- State:
- Created 5 years ago
- Comments:20 (20 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@ravisharda your table has ‘delete’ operations that are inconsistent with that in the description, and consequently doesn’t solve the original problem.
I don’t see a compelling reason to change the resource argument format, because the handler is not designed to provide a generic hierarchical auth model.
Regarding the question of access rules, we use a fancy policy engine (Keycloak) which is very flexible. We strive to avoid embedding policy into the auth handler. e.g. the concept of roles, sentinel values such as ‘Admin’, permission inheritance.
@EronWright and @sarlaccpit FYI, I’ve started working on this issue.