cryostat-legacy icon indicating copy to clipboard operation
cryostat-legacy copied to clipboard

Published 20 hours ago verified publisher icon cryostatio

Add API support for uploading client libraries

Open andrewazores opened this issue 3 years ago • 2 comments

https://github.com/cryostatio/cryostat/pull/482#issue-652619236

Should there be an API to allow clients to upload ex. jboss-client.jar to Cryostat's storage in a place that is added to the Cryostat classpath, so that end users can extend their Cryostat deployment to support other protocols than rmi?

andrewazores avatar May 26 '21 18:05 andrewazores

I feel like this could be risky from a security perspective. This may be better suited for the operator, or have the user manually edit the Cryostat deployment. For example, the authenticated Cryostat user may have permission to read objects in the namespace, but not to modify the Cryostat deployment. So there could be some potential for privilege escalation there.

ebaron avatar May 26 '21 18:05 ebaron

Since #599 , maybe we can support this now. Maybe in conjunction with #662 , although that means it may miss 2.0.0. Still, it seems like we should be able to create this upload handler which allows adding libraries but only if the user has an UPDATE_CRYOSTAT permission, which we can map to patch cryostats or similar.

andrewazores avatar Sep 10 '21 20:09 andrewazores