Skip to content
This repository has been archived by the owner on Nov 9, 2022. It is now read-only.

Operating state conductor flows with least privilege #114

Open
freshie opened this issue Jul 9, 2020 · 0 comments
Open

Operating state conductor flows with least privilege #114

freshie opened this issue Jul 9, 2020 · 0 comments
Assignees
Labels
enhancement New feature or request
Milestone

Comments

@freshie
Copy link
Contributor

freshie commented Jul 9, 2020

The state conductor requires extra privilege to run. Some that are customer privilege other privilege that Marklogic locks down. There should be a role created that has all the need privilege to run. There is a role called state-conductor-operator that could be used for this. It hasn't been updated in some time and some would need to go through the code and make sure it has all the required privilege to run.

The state conductor can call custom module that should not have the elevated privilege form this role. In order to allow state-conductor-operator to have the elevated privilege but not the custom modules an amp could be places on the processJob function and we could ignore amps when calling the custom modules.

@freshie freshie added the enhancement New feature or request label Jul 9, 2020
@freshie freshie added this to the 0.8.0 milestone Jul 9, 2020
@aclavio aclavio self-assigned this Jul 20, 2020
@aclavio aclavio modified the milestones: 0.8.0, 0.9.0 Oct 1, 2020
@aclavio aclavio modified the milestones: 0.9.0, 1.0.0 Nov 5, 2020
@aclavio aclavio modified the milestones: 1.0.0, 1.0.1 Jan 13, 2021
@aclavio aclavio modified the milestones: 1.0.1, 1.2.0 Apr 9, 2021
@aclavio aclavio modified the milestones: 1.2.0, 1.3.0 Jun 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants