Actions
Bug #12440
closed
When the api authorization plugin is disabled tokens become read only
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Very Small
Priority:
78
Name check:
Fix check:
Regression:
Description
This could be a security problem if the token had restricted read rights, the token then have full access.
The token could instead be interpreted as disabled.
Updated by François ARMAND over 6 years ago
- Related to User story #1211: Nagios Management technique added
Updated by François ARMAND over 6 years ago
See comment/implementation on PR for #12111: https://github.com/Normation/rudder/pull/1858
Updated by François ARMAND over 6 years ago
- Related to deleted (User story #1211: Nagios Management technique)
Updated by François ARMAND over 6 years ago
- Related to User story #12111: Make fine-grained API authorization a plugin added
Updated by Alexis Mousset over 6 years ago
- Subject changed from When the api aithorization plugin is disabled tokens become read only to When the api authorization plugin is disabled tokens become read only
Updated by Benoît PECCATTE over 6 years ago
- Project changed from 53 to Rudder
- Category set to 102
- Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
- User visibility set to Infrequent - complex configurations | third party integrations
- Priority changed from 0 to 64
Updated by Vincent MEMBRÉ over 6 years ago
- Project changed from Rudder to API authorizations
- Category deleted (
102) - Target version set to 444
- Priority changed from 64 to 62
Updated by François ARMAND about 6 years ago
- Effort required set to Very Small
- Priority changed from 62 to 86
Updated by François ARMAND about 6 years ago
Need ot be checked again for the actual status.
"Disable" is better than intersection of "read /\ acls rights" because muech simpler to understand for the user.
Updated by François ARMAND almost 6 years ago
- Assignee changed from Vincent MEMBRÉ to François ARMAND
- Priority changed from 86 to 82
Updated by François ARMAND about 5 years ago
- Target version changed from 444 to 5.0-1.5
- Priority changed from 82 to 78
Updated by François ARMAND about 5 years ago
- Status changed from New to In progress
Updated by François ARMAND about 5 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder/pull/2578
Updated by François ARMAND about 5 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder:rudder|3f594d6d0d22ffa404dfb99a678bcb3102539710.
Updated by Vincent MEMBRÉ almost 5 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 5.0-1.5 which was released today.
Actions