cadence icon indicating copy to clipboard operation
cadence copied to clipboard

Published 20 hours ago verified publisher icon uber

Rethink permission requirements for Admin API DescribeCluster endpoint

Open mantas-sidlauskas opened this issue 1 year ago • 1 comments

Context

Cadence WEB is using admin.DescribeCluster API call to check if advanced visibility options are available for a cluster. All admin.* calls require admin level token when OAuth is enabled. This makes WEB unusable for a user who has only "read" level access to specific domain(s).

There are multiple options how to resolve this issue:

  • Change DescribeCluster to require read level, you can't change anything anyway
  • Move this endpoint to "Frontend" API, change WEB to request Frontend API

mantas-sidlauskas avatar Feb 22 '24 12:02 mantas-sidlauskas

Hi @demirkayaender , does this require backend or frontend change. If backend, i would like to work on this, can you please provide some context on what are the required changes here.

d-vignesh avatar Feb 27 '24 07:02 d-vignesh

would like to work on this.

osho-20 avatar Jun 23 '24 07:06 osho-20

For now, this is fixed with: https://github.com/uber/cadence/pull/6081

Thanks for your interest @osho-20 !

mantas-sidlauskas avatar Jun 27 '24 11:06 mantas-sidlauskas