You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Gate is configured to use an anonymous principal with the username anonymous, but Fiat is configured to use the default Spring Security settings which uses an anonymous principal of the string anonymousUser.
Feature Area:
Security
Description:
In Gate, AnonymousConfig configures anonymous authentication with the username anonymous. Every other services uses FiatAuthenticationConfig (from fiat-api) which configures anonymous authentication using the default Spring Security settings which uses a principal of anonymousUser (just the string, not wrapped in a UserDetails object or similar). Any code that relies on getting the authenticated username in a request directly from the Authentication object will get a different anonymous username than expected compared to using AuthenticatedRequest.getSpinnakerUser().orElse("anonymous"), the common idiom (which is being simplified in spinnaker/kork#1138).
This can cause problems in permission check code which tries to look up permissions for anonymousUser rather than anonymous which can lead to failed pipeline executions (e.g., those invoked via an unauthenticated web hook) where unrestricted permissions are not respected. This issue originally came up in code where I refactored various ways of getting the current user id to make use of SpinnakerUsers::getCurrentUserId and SpinnakerUsers::getUserId, but an unauthenticated web hook trigger to Gate made an anonymous request to Echo which led to a pipeline being invoked with the username anonymousUser who did not have permission to do jack shit.
The text was updated successfully, but these errors were encountered:
Spring Security uses an anonymous principal of "anonymousUser" by
default which does not match the rest of Spinnaker where the anonymous
user is expected to have the username "anonymous". This ensures that
fiat-api code consistently uses the same anonymous principal.
Related to spinnaker/spinnaker#6918
This issue is tagged as 'stale' and hasn't been updated in 45 days, so we are tagging it as 'to-be-closed'. It will be closed in 45 days unless updates are made. If you want to remove this label, comment:
Issue Summary:
Gate is configured to use an anonymous principal with the username
anonymous
, but Fiat is configured to use the default Spring Security settings which uses an anonymous principal of the stringanonymousUser
.Feature Area:
Security
Description:
In Gate,
AnonymousConfig
configures anonymous authentication with the usernameanonymous
. Every other services usesFiatAuthenticationConfig
(fromfiat-api
) which configures anonymous authentication using the default Spring Security settings which uses a principal ofanonymousUser
(just the string, not wrapped in aUserDetails
object or similar). Any code that relies on getting the authenticated username in a request directly from theAuthentication
object will get a different anonymous username than expected compared to usingAuthenticatedRequest.getSpinnakerUser().orElse("anonymous")
, the common idiom (which is being simplified in spinnaker/kork#1138).This can cause problems in permission check code which tries to look up permissions for
anonymousUser
rather thananonymous
which can lead to failed pipeline executions (e.g., those invoked via an unauthenticated web hook) where unrestricted permissions are not respected. This issue originally came up in code where I refactored various ways of getting the current user id to make use ofSpinnakerUsers::getCurrentUserId
andSpinnakerUsers::getUserId
, but an unauthenticated web hook trigger to Gate made an anonymous request to Echo which led to a pipeline being invoked with the usernameanonymousUser
who did not have permission to do jack shit.The text was updated successfully, but these errors were encountered: