Skip to content

Allow unauthenticated connections to /cluster/1.0#112

Merged
tomponline merged 1 commit into
canonical:mainfrom
masnax:public-1.0
Apr 24, 2024
Merged

Allow unauthenticated connections to /cluster/1.0#112
tomponline merged 1 commit into
canonical:mainfrom
masnax:public-1.0

Conversation

@masnax
Copy link
Copy Markdown
Contributor

@masnax masnax commented Apr 20, 2024
edited
Loading

Untrusted systems should still be able to view this non-sensitive information. (name, address, database status, and soon likely API extensions).

@masnax masnax changed the title internal/rest/resources: Allow unauthenticated connections to /cluste… Allow unauthenticated connections to /cluster/1.0 Apr 20, 2024
@masnax
internal/rest/resources: Allow unauthenticated connections to /cluste…
efae3aa 
…r/1.0

Untrusted systems should still be able to view this non-sensitive
information.

Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
roosterfish
roosterfish approved these changes Apr 22, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@roosterfish roosterfish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@tomponline
Copy link
Copy Markdown
Member

tomponline commented Apr 24, 2024

@masnax why do we need this?

@tomponline
Copy link
Copy Markdown
Member

tomponline commented Apr 24, 2024

Untrusted systems should still be able to view this non-sensitive information. (name, address, database status, and soon likely API extensions).

This doesn't explain what this PR fixes?

@masnax
Copy link
Copy Markdown
Contributor Author

masnax commented Apr 24, 2024

Untrusted systems should still be able to view this non-sensitive information. (name, address, database status, and soon likely API extensions).

This doesn't explain what this PR fixes?

This is just server information about the cluster. Like LXD's GetServer on /1.0.

It was restricted to cluster members but all of this information is already available to all cluster members locally.

Nothing here is that sensitive so I thought it would be more flexible to allow untrusted systems to check it, so they can see if the cluster is functional or not.

In LXD sensitive information is appended to the returned data only when the connection is from a trusted source, so I thought we could do something similar if we ever do want to add sensitive information here.

@tomponline tomponline merged commit 9ad84ec into canonical:main Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roosterfish roosterfish roosterfish approved these changes

@tomponline tomponline Awaiting requested review from tomponline

@markylaing markylaing Awaiting requested review from markylaing

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@masnax @tomponline @roosterfish