Endpoints are left in insecure states during some updates #219
Labels
area/controller
Issues dealing with the controller
bug
Something isn't working
needs-triage
Issues that need triage
Comments
euank
added
bug
Merged
euank
changed the title
euank
changed the title
|
This was completed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened
This issue is similar to #208, and mentioned there, but seems worth filling separately for clarity.
Certain updates will leave the edge in an insecure state, even though a security module is configured for the entire duration.
For example, after creating an ngrok edge, a change that tries to replace OIDC with OAUTH will apply without any changes to the serving status of the backend. However, while the change is being applied, the edge will have neither OIDC nor OAUTH configured, and thus may route unauthorized requests.
This is made worse by the fact that changing from OIDC to OAUTH will actually error out terminally, and thus the edge will just be left insecure forever in the above scenario (until a human operator deletes it, or revers the change, or takes some other action).
What you think should happen instead
When an update occurs, the update should be atomic such that either the old or new config applies (i.e. when changing from OAuth to SAML, every request should observe one or the other, not neither or both at once).
The text was updated successfully, but these errors were encountered: