[OKAPI-762] Add read permission for discovery/deployment endpoints Created: 23/Sep/19  Updated: 21/Feb/20  Resolved: 09/Oct/19

Status: Closed
Project: Okapi
Components: None
Affects versions: None
Fix versions: 2.34.0

Type: New Feature Priority: P2
Reporter: Ian Hardy Assignee: Adam Dickmeiss
Resolution: Done Votes: 0
Labels: platform-backlog, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to MODPERMS-68 user permissions can be accessed w/o ... Closed
relates to OKAPI-766 Undocumented API allows unauthenticat... Closed
relates to OKAPI-808 Consider adding read permission for G... Open
relates to OKAPI-767 permissionsRequired required (securin... Closed
Sprint: CP: sprint 74
Story Points: 1
Development Team: Core: Platform

 Description   

On the reference environments getting _/discovery/modules will show deployment descriptors that include database connection secrets. Example:

https://folio-snapshot-okapi.aws/_/discovyer/modules

Consider using a required permission like what is required to view the the _/env endpoint or some other approach to better secure the system.



 Comments   
Comment by Adam Dickmeiss [ 24/Sep/19 ]

We could add permissions to access these for the internal Okapi module.. I believe this would be an incompatible change.. If a UI or other reads the env or discovery that would have to be changed or just not shown.. Perhaps not the case, so I do think that in virtuallly all cases, you would do the env/discover in the same areas as you'd do deployment...

Generated at Thu Feb 08 23:19:31 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.