🔒 : secure "/api/state" endpoint #59

juwit · 2019-07-21T18:01:18Z

Is your feature request related to a problem? Please describe.
/api/state endpoint may expose sensitive information.
This endpoint MUST be secured.
terraform httpd backend supports BASIC http authentication, so /api/state should support this kind of auth.
When the endpoint is secured, the backend configuration should be generated using credentials that allow a specific module to connect to its backend.

See https://www.terraform.io/docs/backends/types/http.html

Describe the solution you'd like
Maybe we should generate a "one-time" couple of credentials when generating a backend configuration for a stack. Or at least, a unique couple of credentials for each stack, so that a stack owner cannot see other stacks information.
We may need to implement a custom spring UserDetailsService for this purpose.

Describe alternatives you've considered
N/A

Additional context
N/A

The text was updated successfully, but these errors were encountered:

juwit added the ✨ enhancement New feature or request label Jul 21, 2019

juwit self-assigned this Feb 4, 2020

juwit added this to the 1.3.0 milestone Feb 4, 2020

juwit mentioned this issue Feb 5, 2020

🔒 : secure api state endpoint #224

Merged

juwit added 🔒 security Fixing security issues. ✨ feature:jobs Jobs and removed ✨ enhancement New feature or request labels Feb 5, 2020

cdubuisson closed this as completed in #224 Feb 5, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🔒 : secure "/api/state" endpoint #59

🔒 : secure "/api/state" endpoint #59

juwit commented Jul 21, 2019

🔒 : secure "/api/state" endpoint #59

🔒 : secure "/api/state" endpoint #59

Comments

juwit commented Jul 21, 2019