Open knz opened 4 years ago
@dhartunian this is one of the issues we discussed earlier today, if you want to keep an eye on it or add it to some to-do list.
We have marked this issue as stale because it has been inactive for 18 months. If this issue is still relevant, removing the stale label or adding a comment will keep it active. Otherwise, we'll close it in 10 days to keep the issue queue tidy. Thank you for your contribution to CockroachDB!
This issue is to address the cleanup and strengthening of the solutions implemented for #42567
the server code that accepts incoming RPCs and HTTP requests should consider that the request requires admin privileges by default, and only allow non-admins to use the endpoint if the endpoint is in a whitelist. This will prevent mistakenly introducing new privileged APIs without the appropriate privilege checks in the future. Action plan:
the auth info should be determined very early (during the TLS handshake) and populated in the context for use everywhere, see these two comments:
https://github.com/cockroachdb/cockroach/issues/42567#issuecomment-555568850
and
https://github.com/cockroachdb/cockroach/issues/42567#issuecomment-555641888
Epic: CRDB-1473
Jira issue: CRDB-5247