open-nomad

Commit Graph

Author	SHA1	Message	Date
Tim Gross	2ce1728fa6	Merge release 1.4.2 files Changelog updates for 1.4.2 and backports.	2022-10-27 13:31:29 -04:00
Tim Gross	9d906d4632	variables: fix filter on List RPC The List RPC correctly authorized against the prefix argument. But when filtering results underneath the prefix, it only checked authorization for standard ACL tokens and not Workload Identity. This results in WI tokens being able to read List results (metadata only: variable paths and timestamps) for variables under the `nomad/` prefix that belong to other jobs in the same namespace. Fixes the filtering and split the `handleMixedAuthEndpoint` function into separate authentication and authorization steps so that we don't need to re-verify the claim token on each filtered object. Also includes: * update semgrep rule for mixed auth endpoints * variables: List returns empty set when all results are filtered	2022-10-27 13:08:05 -04:00

Author

SHA1

Message

Date

Tim Gross

2ce1728fa6

Merge release 1.4.2 files

Changelog updates for 1.4.2 and backports.

2022-10-27 13:31:29 -04:00

Tim Gross

9d906d4632

variables: fix filter on List RPC

The List RPC correctly authorized against the prefix argument. But when
filtering results underneath the prefix, it only checked authorization for
standard ACL tokens and not Workload Identity. This results in WI tokens being
able to read List results (metadata only: variable paths and timestamps) for
variables under the `nomad/` prefix that belong to other jobs in the same
namespace.

Fixes the filtering and split the `handleMixedAuthEndpoint` function into
separate authentication and authorization steps so that we don't need to
re-verify the claim token on each filtered object.

Also includes:
* update semgrep rule for mixed auth endpoints
* variables: List returns empty set when all results are filtered

2022-10-27 13:08:05 -04:00

2 Commits