You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 1, 2022. It is now read-only.
Today, CSS consumes data for clusters within a single account. We should add support for multiple accounts.
Also, since we deal with a single account, APIs referring to entities (like cluster, etc.) by just names and not ARNs work fine. We'll have to figure out a way for data disambiguation when we support multiple accounts.
The text was updated successfully, but these errors were encountered:
I'm unclear about the use-case here. Enabling cluster-state-service to save information about clusters belonging to multiple accounts seems like an easy privilege escalation exploit, which can lead to all sorts of undesired behaviors. Especially since there's no strong auth scheme for CSS. Shouldn't we be concerned more about making sure that CSS only saves the cluster-state only if one has permissions to list/describe the cluster?
I can understand supporting ARNs in its APIs. But, not the former use-case of supporting multiple clusters.
@aaithal Yes, supporting multiple use cases will lead to privilege issues. I was thinking more along the lines of enabling this for all clusters across accounts that the user has permissions to list/describe like you mentioned. We'll have to think through the design in depth. My bad for not pointing out the privilege escalation issues that this will introduce. Thanks for pointing it out here.
I can understand supporting ARNs in its APIs. But, not the former use-case of supporting multiple clusters.
I'm not sure I understand this statement.
Today, CSS consumes data for clusters within a single account. We should add support for multiple accounts.
Also, since we deal with a single account, APIs referring to entities (like cluster, etc.) by just names and not ARNs work fine. We'll have to figure out a way for data disambiguation when we support multiple accounts.
The text was updated successfully, but these errors were encountered: