You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary:
This diff introduces the following things:
1) Additional check when running APIs against universes to verify they belong to the customer.
2) A User table to support multiple users for a customer. The users also have an associated role for RBAC. The registration now creates a customer and an admin user.
3) Migrate existing YWs to move customer level info to the Users table.
4) The session controller now uses the AuthToken/ApiToken at the user level rather than the customer.
5) Added RBAC so that read only users cannot access POST/PUT requests (other than for metrics)
6) New APIs to work with the Users (Create, Get, Delete and Change Role).
7) Updated insecure login to only allow read-only access and for insecure-logins to only work in single-tenant YWs.
8) Made corresponding changes to yugabyted to work correctly with the new insecure login.
Test Plan: Created a multi-tenant YW with version 2.0.6. Created two customers. Then upgraded the YW to the latest version and verified through the postgres table that the Users table got populated. Verified that YW worked as expected. Created two read only users and verified that it did not support POST/PUT requests. Created a universe and verified that the read only user for the same customer could see the metrics as well as the universe information and that the other customer's users could not see the universe as well as access the universe even with the universe UUID in the URL.
Reviewers: sanketh, andrew, vit.pankin, ram, wesley
Reviewed By: ram, wesley
Subscribers: daniel, wesley, jenkins-bot, yugaware
Differential Revision: https://phabricator.dev.yugabyte.com/D7694
Implement RBAC in platform side, with atleast two roles (admin and read-only).
The text was updated successfully, but these errors were encountered: