1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 15:52:41 +01:00
phorge-phorge/src/applications/policy
epriestley 944539a786 Simplify locking of Almanac cluster services
Summary:
Fixes T6741. Ref T10246. Broadly, we want to protect Almanac cluster services:

  - Today, against users in the Phacility cluster accidentally breaking their own instances.
  - In the future, against attackers compromising administrative accounts and adding a new "cluster database" which points at hardware they control.

The way this works right now is really complicated: there's a global "can create cluster services" setting, and then separate per-service and per-device locks.

Instead, change "Can Create Cluster Services" into "Can Manage Cluster Services". Require this permission (in addition to normal permissions) to edit or create any cluster service.

This permission can be locked to "No One" via config (as we do in the Phacility cluster) so we only need this one simple setting.

There's also zero reason to individually lock //some// of the cluster services.

Also improve extended policy errors.

The UI here is still a little heavy-handed, but should be good enough for the moment.

Test Plan:
  - Ran migrations.
  - Verified that cluster services and bindings reported that they belonged to the cluster.
  - Edited a cluster binding.
  - Verified that the bound device was marked as a cluster device
  - Moved a cluster binding, verified the old device was unmarked as a cluster device.
  - Tried to edit a cluster device as an unprivileged user, got a sensible error.

{F1126552}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6741, T10246

Differential Revision: https://secure.phabricator.com/D15339
2016-02-25 03:38:39 -08:00
..
__tests__ Fix incorrect key handling in extended policy filtering 2016-01-11 07:04:47 -08:00
application Allow different policy rules for different types of objects 2015-06-13 15:44:03 -07:00
capability Use getPhobjectClassConstant() to access class constants 2015-10-01 16:56:21 -07:00
config Move FontIcon calls to Icon 2016-01-28 08:48:45 -08:00
constants Extend from Phobject 2015-06-15 18:02:27 +10:00
controller De-garbage the horrible garbage project section of the policy selection control 2016-02-05 09:50:06 -08:00
editor Fix an issue with editing pre-space objects using a form with no visibility controls 2016-02-18 11:15:40 -08:00
engineextension Formalize custom Conduit fields on objects 2015-12-14 11:54:13 -08:00
exception Modernize OAuthserver and provide more context on "no permission" exception 2015-09-03 10:05:23 -07:00
filter Simplify locking of Almanac cluster services 2016-02-25 03:38:39 -08:00
interface Add support for "Extended Policies" 2015-06-03 18:59:27 -07:00
management phtize all the things 2015-05-22 21:16:39 +10:00
phid Mark PhabricatorPHIDType::getPHIDTypeApplicationClass() as abstract 2015-11-03 06:47:12 +11:00
query Don't show archived projects by default in policy control 2016-02-06 12:41:58 -08:00
rule Trivial fixes from D14467 2015-12-23 17:19:33 -08:00
storage Convert all calls to 'IconFont' to just 'Icon' 2016-01-27 20:59:27 -08:00