-
|
I've noticed that (via the GRPC proxy at least) anybody can create ("grant") and keepalive leases, even if they are not authenticated (do not send the Authorization header) Is this by design? Surely this 1) creates the possibility of some sort of denial of service attack (too many open leases?) and 2) means anybody with read access to a key can keepalive that value (because they can read the lease associated with the KV?) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Currently only leaseRevoke will be checked the permission if the lease is connected to keys; otherwise all other lease requests are not checked the permission.
Yes, it's true based on current implementation. Probably we should allow only admin to create leases, but it will be breaking change. Also unfortunately I do not see detailed document on lease.
This seems like a bug. If the lease is attached keys, then only users who have write permission can keepalive the lease. Could you raise an issue to track it? Thanks. |
Beta Was this translation helpful? Give feedback.
Currently only leaseRevoke will be checked the permission if the lease is connected to keys; otherwise all other lease requests are not checked the permission.
Yes, it's true based on current implementation. Probably we should allow only admin to create leases, but it will be breaking change. Also unfortunately I do not see detailed document on lease.