server: use a whitelist for non-admin APIs #44150
Labels
A-authentication
Pertains to authn subsystems
A-kv-security
A-kv-server
Relating to the KV-level RPC server
A-server-architecture
Relates to the internal APIs and src org for server code
C-cleanup
Tech debt, refactors, loose ends, etc. Solution not expected to significantly change behavior.
T-server-and-security
DB Server & Security
Projects
This issue is to address the cleanup and strengthening of the solutions implemented for #42567
the server code that accepts incoming RPCs and HTTP requests should consider that the request requires admin privileges by default, and only allow non-admins to use the endpoint if the endpoint is in a whitelist. This will prevent mistakenly introducing new privileged APIs without the appropriate privilege checks in the future. Action plan:
the auth info should be determined very early (during the TLS handshake) and populated in the context for use everywhere, see these two comments:
#42567 (comment)
and
#42567 (comment)
Epic: CRDB-1473
Jira issue: CRDB-5247
The text was updated successfully, but these errors were encountered: