Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-3579

Make default value for endpoint security configurable in CheCluster CR

XMLWordPrintable

    • False
    • None
    • False

      OpenShift DevSpaces allows configuring whether an endpoint exposed by an application running in a workspace is secured by the JWT token of the user's current session. 

      There are two ways to configure this endpoint security. Either within the devfile through the value of components.container.endpoint.secure or 
      'on the fly' using the IDE, i.e. a new window asking if one would like to create an endpoint for a new process listening on port xyz (after having started some application).

      In both scenarios the endpoint is created by default with options public and not secure, meaning that everyone can access this endpoint if the exact URL is known (and access to the OpenShift cluster is available, of course). 

      When working with sensitive code or data, this 'insecure' default is not desirable. Here, it would make more sense to have the option secure=true as the default and have the user explicitly specify if an insecure endpoint is desired.

      Could you please enhance DevSpaces by introducing an attribute in the CheCluster CR that specifies the default behavior for endpoint security? 

      If you have projects with sensitive data. As regards the default for endpoint security, this is, in our view, a security weakness. It is best practice to let the user explicitly opt-in to the less-secure alternative. In DevSpaces, it is the other way around. Currently one has to opt-in to the more secure alternative.

              ibuziuk@redhat.com Ilya Buziuk
              rhn-support-rludva Radomir Ludva
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: