When the api authorization plugin is disabled tokens become read only
Critical - prevents main use of Rudder | no workaround | data loss | security
Infrequent - complex configurations | third party integrations
This could be a security problem if the token had restricted read rights, the token then have full access.
The token could instead be interpreted as disabled.
- Subject changed from When the api aithorization plugin is disabled tokens become read only to When the api authorization plugin is disabled tokens become read only
- Project changed from Private plugins common to Rudder
- Category set to 102
- Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
- User visibility set to Infrequent - complex configurations | third party integrations
- Priority changed from 0 to 64
- Assignee set to Vincent MEMBRÉ
- Project changed from Rudder to API Authorizations
- Category deleted (
- Target version set to 444
- Priority changed from 64 to 62
- Effort required set to Very Small
- Priority changed from 62 to 86
Need ot be checked again for the actual status.
"Disable" is better than intersection of "read /\ acls rights" because muech simpler to understand for the user.
- Assignee changed from Vincent MEMBRÉ to François ARMAND
- Priority changed from 86 to 82
- Target version changed from 444 to 5.0-1.5
- Priority changed from 82 to 78
- Status changed from New to In progress
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder/pull/2578
- Status changed from Pending technical review to Pending release
- Status changed from Pending release to Released
This bug has been fixed in Rudder 5.0-1.5 which was released today.
Also available in: Atom