Add read-only security_policy to block admin HTTP endpoints. #5321
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
can you undo the go.* changes? @deepthi suggests |
|
This is already the result after |
|
I reverted back to the go.{mod,sum} in master, and then checked in only the result after |
Previously, the only built-in policies available were effectively "allow all" and "deny all". Anything else required writing a custom plugin. This adds a new built-in policy called `read-only` that does NOT do any authentication, but allows anyone to query HTTP endpoints designated as requiring the DEBUGGING or MONITORING roles, while denying everyone access to ADMIN endpoints. The default when no policy is specified remains "allow all". The fallback policy remains "deny all" when an unknown, non-empty policy name is requested. In addition, you can now explicitly request the `deny-all` policy without having to engage fallback by providing an invalid policy name. Note that security_policy only applies to HTTP endpoints. It does NOT affect gRPC calls, nor SQL queries. Also, the security_policy flag must be set individually on every process (e.g. vttablet, vtgate, vtctld) and only applies to endpoints served directly by that one process. Signed-off-by: Anthony Yeh <enisoc@planetscale.com>
sougou
approved these changes
Oct 19, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously, the only built-in policies available were effectively
"allow all" and "deny all". Anything else required writing a custom
plugin.
This adds a new built-in policy called
read-onlythat does NOT do anyauthentication, but allows anyone to query HTTP endpoints designated as
requiring the DEBUGGING or MONITORING roles, while denying everyone
access to ADMIN endpoints.
The default when no policy is specified remains "allow all".
The fallback policy remains "deny all" when an unknown, non-empty
policy name is requested. In addition, you can now explicitly request
the
deny-allpolicy without having to engage fallback by providing aninvalid policy name.
Note that security_policy only applies to HTTP endpoints. It does NOT
affect gRPC calls, nor SQL queries. Also, the security_policy flag
must be set individually on every process (e.g. vttablet, vtgate, vtctld)
and only applies to endpoints served directly by that one process.
Signed-off-by: Anthony Yeh enisoc@planetscale.com