Page MenuHomePhabricator

Add `cluster.addresses` and require membership before accepting cluster authentication tokens
ClosedPublic

Authored by epriestley on Jan 2 2015, 9:13 PM.
Tags
None
Referenced Files
F15579405: D11159.id26800.diff
Wed, May 7, 12:01 AM
F15574670: D11159.diff
Tue, May 6, 2:38 AM
F15546117: D11159.diff
Sat, Apr 26, 1:54 PM
F15538056: D11159.diff
Thu, Apr 24, 5:14 PM
F15535639: D11159.id26800.diff
Thu, Apr 24, 6:02 AM
F15516163: D11159.id.diff
Fri, Apr 18, 4:52 PM
F15512915: D11159.diff
Thu, Apr 17, 2:52 PM
F15414563: D11159.id26800.diff
Mar 20 2025, 1:12 AM
Subscribers

Details

Summary

Ref T2783. Ref T6706.

  • Add cluster.addresses. This is a whitelist of CIDR blocks which define cluster hosts.
  • When we recieve a request that has a cluster-based authentication token, require the cluster to be configured and require the remote address to be a cluster member before we accept it.
    • This provides a general layer of security for these mechanisms.
    • In particular, it means they do not work by default on unconfigured hosts.
  • When cluster addresses are configured, and we receive a request to an address not on the list, reject it.
    • This provides a general layer of security for getting the Ops side of cluster configuration correct.
    • If cluster nodes have public IPs and are listening on them, we'll reject requests.
    • Basically, this means that any requests which bypass the LB get rejected.
Test Plan
  • With addresses not configured, tried to make requests; rejected for using a cluster auth mechanism.
  • With addresses configred wrong, tried to make requests; rejected for sending from (or to) an address outside of the cluster.
  • With addresses configured correctly, made valid requests.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable