[
https://issues.apache.org/jira/browse/IGNITE-19077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mikhail Pochatkin updated IGNITE-19077:
---------------------------------------
Description:
Looking at ClusterManagementGroupManager#onElectedAsLeader we can see that REST
authentication configuration is applied to the distributed configuration on
leader election. This happens because there is no any other way to put any
values to the cluster configuration on init. This leads to the following
situation:
- cluster init in progress, some REST endpoints are blocked
(cluster/configuration for example)
- cluster initialized, REST is available without auth
*anybody can use the REST*
- authentication configuration is applied to the distributed configuration and
REST is secured
To fix this issue we have to design the solution for "atomic configuration
initialization" of something like this.
After IGNITE-18576 its possible to provide Authentication cluster configuration
on cluster init.
was:
Looking at ClusterManagementGroupManager#onElectedAsLeader we can see that REST
authentication configuration is applied to the distributed configuration on
leader election. This happens because there is no any other way to put any
values to the cluster configuration on init. This leads to the following
situation:
- cluster init in progress, some REST endpoints are blocked
(cluster/configuration for example)
- cluster initialized, REST is available without auth
*anybody can use the REST*
- authentication configuration is applied to the distributed configuration and
REST is secured
To fix this issue we have to design the solution for "atomic configuration
initialization" of something like this.
> Investigation: Apply cutom cluster config on cluster init
> ---------------------------------------------------------
>
> Key: IGNITE-19077
> URL: https://issues.apache.org/jira/browse/IGNITE-19077
> Project: Ignite
> Issue Type: Task
> Components: rest
> Reporter: Aleksandr
> Priority: Major
> Labels: ignite-3
>
> Looking at ClusterManagementGroupManager#onElectedAsLeader we can see that
> REST authentication configuration is applied to the distributed configuration
> on leader election. This happens because there is no any other way to put any
> values to the cluster configuration on init. This leads to the following
> situation:
> - cluster init in progress, some REST endpoints are blocked
> (cluster/configuration for example)
> - cluster initialized, REST is available without auth
> *anybody can use the REST*
> - authentication configuration is applied to the distributed configuration
> and REST is secured
> To fix this issue we have to design the solution for "atomic configuration
> initialization" of something like this.
>
> After IGNITE-18576 its possible to provide Authentication cluster
> configuration on cluster init.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
