Skip to content

feat(cloud): add shared-instance flag in limit superflag in alpha (#7770) #8625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 8, 2023
Merged

feat(cloud): add shared-instance flag in limit superflag in alpha (#7770) #8625

merged 1 commit into from
Feb 8, 2023

Conversation

all-seeing-code
Copy link
Contributor

@all-seeing-code all-seeing-code commented Jan 23, 2023
edited
Loading

This PR adds a shared-instance flag to --limit superflag.
When set to true (false by default), it will:

  • Restrict access to any of the ACL operations like Login, add/remove/update user from non-galaxy namespaces.
  • Prevent the leaking of environment variables for minio and aws.

(cherry picked from commit 5f3cece)

@CLAassistant
Copy link

CLAassistant commented Jan 23, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot added the area/testing Testing related issues label Jan 23, 2023
@all-seeing-code all-seeing-code marked this pull request as ready for review January 23, 2023 14:37
@all-seeing-code all-seeing-code mentioned this pull request Jan 23, 2023
Closed
@all-seeing-code all-seeing-code added the slash-to-main PRs which bring slash branch on par with main. label Jan 23, 2023
@coveralls
Copy link

coveralls commented Jan 31, 2023
edited
Loading

Coverage Status

Coverage: 67.207% (+0.7%) from 66.471% when pulling ccc5d6c on anurag/cp-limit-flag-2 into 41d4b99 on main.

mangalaman93
mangalaman93 requested changes Feb 2, 2023
View reviewed changes
Copy link
Member

@mangalaman93 mangalaman93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we doing this in cloud? Can we live without it? And what is the comment about that says that this PR avoids leaking secrets.

@all-seeing-code
Copy link
Contributor Author

all-seeing-code commented Feb 7, 2023
edited
Loading

Why are we doing this in cloud? Can we live without it? And what is the comment about that says that this PR avoids leaking secrets.

I am not very sure about why do we need this in cloud. @rarvikar could you put some thoughts on this?

PR avoids leaking secrets.

I couldn't find a place that pertained to this. I do see a test in cloud_test.go which tests that access creds are required when exporting.

mangalaman93
mangalaman93 requested changes Feb 8, 2023
View reviewed changes
@rarvikar
Copy link

rarvikar commented Feb 8, 2023

Hi @anurags92 @mangalaman93 , we use this flag to bypass ACL logins for users of shared backends. This flag IS in-use on all of our regional shared Dgraph clusters hosting shared and free customer backends.

mangalaman93
mangalaman93 previously approved these changes Feb 8, 2023
View reviewed changes
@all-seeing-code
parent d3bf7b7
a9616be 
author Anurag <[email protected]> 1620201646 +0530
committer Anurag <[email protected]> 1675852162 +0530

parent d3bf7b7
author Anurag <[email protected]> 1620201646 +0530
committer Anurag <[email protected]> 1675851671 +0530

feat(cloud): add shared-instance flag in limit superflag in alpha (#7770)

This PR adds a shared-instance flag to --limit superflag.
When set to true (false by default), it will:

- Restrict access to any of the ACL operations like Login, add/remove/update user from non-galaxy namespaces.
- Prevent the leaking of environment variables for minio and aws.

(cherry picked from commit 5f3cece)
@all-seeing-code all-seeing-code merged commit a153ed5 into main Feb 8, 2023
@all-seeing-code all-seeing-code deleted the anurag/cp-limit-flag-2 branch February 8, 2023 13:55
@rderbier rderbier mentioned this pull request Mar 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mangalaman93 mangalaman93 mangalaman93 approved these changes

@harshil-goel harshil-goel harshil-goel approved these changes

@akon-dey akon-dey Awaiting requested review from akon-dey

@skrdgraph skrdgraph Awaiting requested review from skrdgraph

@darkn3rd darkn3rd Awaiting requested review from darkn3rd

@meghalims meghalims Awaiting requested review from meghalims

@matthewmcneely matthewmcneely Awaiting requested review from matthewmcneely

@billprovince billprovince Awaiting requested review from billprovince

Assignees
No one assigned
Labels
area/testing Testing related issues slash-to-main PRs which bring slash branch on par with main.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@all-seeing-code @CLAassistant @coveralls @rarvikar @mangalaman93 @harshil-goel