-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add security to Riak #662
Add security to Riak #662
Conversation
get_required_permissions(Inputs, _Query) -> | ||
InputPermissions = case Inputs of | ||
Bucket when is_binary(Bucket) -> | ||
[{"riak_kv.list_keys", {<<"default">>, Bucket}}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The sad thing about having all these default bucket name literals spread out through the code is that search and replace to change them into a macro will only miss the ones with typos, the only ones we need to fix :(
From a usage standpoint and the understanding there is a lot of testing that's going to happen off of pre2, I'm +1 for this to go in. |
+1 here too. mapreduce is clear, and boilerplate code looks fine. |
This PR uses the new security APIs in riak_core to do permissions checking on various riak API endpoints.
It currently does not secure ALL of the APIs, specifically stats, link walking and the 'CS bucket' APIs are not covered.
See also basho/riak#355