solace-agent-mesh icon indicating copy to clipboard operation
solace-agent-mesh copied to clipboard
Published 2 days ago verified publisher icon SolaceLabs

docs(DATAGO-115627): update installation and RBAC guides with secure-by-default authorization details

Open cyrus2281 opened this issue 1 month ago • 2 comments

What is the purpose of this change?

This change implements secure-by-default authorization for Agent Mesh Enterprise by updating documentation to reflect that all access is denied unless explicitly configured. The update explains the security model and provides clear guidance on configuring proper authorization for both development and production environments.

How is this accomplished?

  • docs(installation, rbac): update installation and RBAC guides with secure-by-default authorization details
    • Added clear warnings about secure-by-default behavior in installation guide
    • Updated RBAC documentation to explain authorization types (deny_all, default_rbac, custom, none)
    • Added development mode examples with proper security warnings
    • Clarified production security requirements throughout documentation

Anything reviews should focus on/be aware of?

Ensure security warnings are appropriately prominent and that the development-only configurations are clearly marked as unsuitable for production use.

cyrus2281 avatar Nov 12 '25 17:11 cyrus2281

Must be merged after https://github.com/SolaceDev/solace-agent-mesh-enterprise/pull/319

cyrus2281 avatar Nov 18 '25 18:11 cyrus2281

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

sonarqube-solacecloud[bot] avatar Nov 21 '25 17:11 sonarqube-solacecloud[bot]