search

kcp-dev / kcp

Kubernetes-like control planes for form-factors and use-cases beyond Kubernetes and container workloads.
https://kcp.io
Apache License 2.0
2.36k stars 381 forks source link

feature: restrict claiming API bindings #2462

Open s-urbaniak opened 1 year ago

s-urbaniak commented 1 year ago

Feature Description

During development of https://github.com/kcp-dev/kcp/pull/2089 it came to our attention that API bindings are special in the virtual API export service.

Today, similar to any other resource API bindings can be claimed like any other resource. This is dangerous as it opens up the possibility for service providers to claim API bindings and thus be able to import any arbitrary API into user workspaces. Creating API bindings should be in the autonomy of the actual workspace users and thus claiming it should be prohibited.

Proposed Solution

Needs discussion and design.

Alternative Solutions

No response

Want to contribute?

Additional Context

No response

stevekuznetsov commented 1 year ago

In the past we spoke not of forbidding it entirely, but allowing it if and only if the permission claim was for "everything", that is - make it clear to users that if they accept a claim on APIBindings, they are giving someone else total admin over all the data in the workspace.