Support for multiple accounts #86
Comments
|
I'm unclear about the use-case here. Enabling cluster-state-service to save information about clusters belonging to multiple accounts seems like an easy privilege escalation exploit, which can lead to all sorts of undesired behaviors. Especially since there's no strong auth scheme for CSS. Shouldn't we be concerned more about making sure that CSS only saves the cluster-state only if one has permissions to list/describe the cluster? I can understand supporting ARNs in its APIs. But, not the former use-case of supporting multiple clusters. |
|
@aaithal Yes, supporting multiple use cases will lead to privilege issues. I was thinking more along the lines of enabling this for all clusters across accounts that the user has permissions to list/describe like you mentioned. We'll have to think through the design in depth. My bad for not pointing out the privilege escalation issues that this will introduce. Thanks for pointing it out here.
|
Today, CSS consumes data for clusters within a single account. We should add support for multiple accounts.
Also, since we deal with a single account, APIs referring to entities (like cluster, etc.) by just names and not ARNs work fine. We'll have to figure out a way for data disambiguation when we support multiple accounts.
The text was updated successfully, but these errors were encountered: