pipelines icon indicating copy to clipboard operation
pipelines copied to clipboard
verified publisher icon kubeflow

[feature] Add authorization to all functions in ReportServer

Open difince opened this issue 3 years ago • 7 comments

Feature Area

There are two API-server endpoints that still miss authorization - ReportWorkflow and ReportScheduledWorkflow. This is a security issue. Each endpoint should validate that the user has permission to call them.

persistent-agent service calls these endpoints. Once authorization is enabled, the persistent-agent need to authorize itself by providing user information in the request headers.

This issue is a related/ follow-up issue to PR https://github.com/kubeflow/pipelines/pull/7819

/area backend

What feature would you like to see?

What is the use case or pain point?

Is there a workaround currently?

no. A security issue exists in the current implementation.

Love this idea? Give it a 👍.

difince avatar Jul 27 '22 08:07 difince

cc: @juliusvonkohout

difince avatar Jul 27 '22 08:07 difince

/assign @difince

difince avatar Jul 27 '22 08:07 difince

For the next KFP meeting ;-)

juliusvonkohout avatar Jul 28 '22 08:07 juliusvonkohout

Hello @difince , the ReportWorkflow and ReportScheduledWorkflow are used by single persistent-agent instance for monitoring the status of workflow. persistent-agent itself cannot and shouldn't authenticate as a user. /assign @chensun

zijianjoy avatar Jul 28 '22 22:07 zijianjoy

Thank you @zijianjoy for your feedback. How services are supposed to authenticate themself then? Any suggestion? I guess this reflects on the implementation of https://github.com/kubeflow/pipelines/pull/7819 as well ?

difince avatar Jul 29 '22 11:07 difince

Hello @difince , the ReportWorkflow and ReportScheduledWorkflow are used by single persistent-agent instance for monitoring the status of workflow. persistent-agent itself cannot and shouldn't authenticate as a user. /assign @chensun

By default every kubeflow user can hijack them, since these endpoints are unauthenticated. So first they need ANY kind of authentication.

juliusvonkohout avatar Aug 01 '22 08:08 juliusvonkohout

Thank you @zijianjoy for your feedback. How services are supposed to authenticate themself then? Any suggestion? I guess this reflects on the implementation of #7819 as well ?

@chensun (@zijianjoy college at google) already approved #7819 so i do not think that it is affected. Readartifact etc. is really called by users for a proper reason. Reportworkflow might only be abused for no reason.

juliusvonkohout avatar Aug 01 '22 08:08 juliusvonkohout

Fixed by #9699 The persistence agent authenticates itself via a service account token, meanwhile, the pipeline API server has enabled authentication and authorization logic.

difince avatar Aug 17 '23 19:08 difince