-
Notifications
You must be signed in to change notification settings - Fork 10
Security
Broccoli allows you to secure the HTTP API. To enable security, set broccoli.auth.mode to conf. This will read the user accounts from the configuration. In order to run without security, set the configuration value to none.
It is highly recommended to switch on HTTPS if you have authentication enabled so passwords are not transmitted unencrypted.
Authentication is performed on a username and password level. All HTTP endpoints are secured and you will have to perform a login action before. On successful login you will receive a session cookie.
Authorization is done on a role basis + a regular expression for managing instance permissions.
Broccoli knows three roles at the moment: Administrators, operators and users. Each user is assigned to one role.
- Administrators have full privileges. They are allowed to create, modify, start, stop and delete instances.
- Operators have limited privileges. They are only allowed to start and stop instances, but not modify them.
- Users have read-only access. They can inspect instances and their job and service statuses but make no modifications whatsoever.
In order to restrict operations to a certain group of instances, each user also has a regular expression which controls the instances he can see / modify (depending on his role).
If you, e.g., want to allow a user to access only the test environment, you can prefix all test instances with test- and then assign the user the following regex: ^test-.* to make sure he only can look at instances matching this prefix.
Currently Broccoli only supports account management based on the configuration. To setup user accounts for Broccoli, make sure to set the broccoli.auth.mode=conf variable and then use broccoli.auth.conf.accounts to define accounts.
An account has the following properties:
- User name
- Password
- Instance regular expression (optional, default is
.*) - Role (optional, default is administrator)
How to configure this depends on whether you are using a configuration file or the command line parameters.
broccoli.auth.mode=conf
broccoli.auth.conf.accounts=[
{username:admin, password:admin, instanceRegex=".*", role:"administrator"},
{username:operator, password:operator, instanceRegex=".*", role:"operator"},
{username:user, password:user, instanceRegex=".*", role:"user"},
{username:test, password:test, instanceRegex="^test.*", role:"administrator"}
]
cluster-broccoli -Dbroccoli.auth.mode=conf \
-Dbroccoli.auth.conf.accounts.0.username=admin \
-Dbroccoli.auth.conf.accounts.0.password=admin
The Web UI is just a layer on top of the HTTP API so it uses the same mechanisms as described above. However, be aware that you might be susceptible to XSS or CSRF attacks.