OpenStack Searchlight

Role-based data separation

Registered by Steve McLellan

See https://bugs.launchpad.net/searchlight/+bug/1504399

Problem
-------------
We realized towards the end of Liberty that scrubbing fields from the output is not completely enough to guarantee isolation of information; it's possibly to construct queries on fields that are meant to be hidden that would allow a mailicious/curious non-administrative user to locate information by guessing search terms; for instance, OS-EXT-SRV-ATTR:host, an admin-only field, can be removed from the result output but a query such as:

  {"query": {"range": {"OS-EXT-SRV-ATTR:host": {"gte": "n"}}}}

will allow a binary search until host names are discovered; it's relatively easy to do that programmatically.

See https://review.openstack.org/#/c/245357 for solution proposal and discussion.

Blueprint information

Status:
Complete
Approver:
Travis Tripp
Priority:
Essential
Drafter:
Steve McLellan
Direction:
Approved
Assignee:
Steve McLellan
Definition:
Approved
Series goal:
Accepted for mitaka
Implementation:
Implemented
Milestone target:
milestone icon mitaka-2
Started by
Travis Tripp
Completed by
Steve McLellan

Related branches

Sprints

Whiteboard

[TravT] I think that most of the description above should be changed to a couple of summary sentences with a link to the spec review you submitted.

https://review.openstack.org/#/c/245357

Gerrit topic: https://review.openstack.org/#q,topic:bp/index-level-role-separation,n,z

Addressed by: https://review.openstack.org/257516
    WIP Separate documents by role

Addressed by: https://review.openstack.org/274965
    Only evaluate RBAC filter for current request

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.