Skip to content
This repository was archived by the owner on Mar 26, 2020. It is now read-only.
This repository was archived by the owner on Mar 26, 2020. It is now read-only.

glustercli ReST auth should not use the GD2 secret directly #1030

Description

@kshlm

glustercli at the moment uses the GD2 secret directly to generate a JWT auth token. This is not secure. Clients to GD2 are not supposed to be accessing GD2's auth secret directly. They should instead be provided a token from GD2, which they need to pass on when making their ReST calls.

Currently, GD2 creates a secret file with a random secret when starting, which used for JWT token validation. I propose that in addition to this secret file, an additional token file be generated which would contain the token to be used by glustercli.

glustercli should use this default token file, and provide ways to specify an explicit token (env-variable/CLI options).

I only came upon the issue when reviewing #1021. Refer my comment for more context.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions