Explicit auth with TEMP tokens · cockroachdb/cockroach#56577

(6 commentaires) (0 réactions) (0 assignés)Go (32 150 stars) (4 124 forks)batch import

C-wishlistT-disaster-recoverygood first issue

Description

Informs #56536

Use of external storage temp tokens, together with explicit authentication is dangerous. In general, explicitly specified tokens could expire while long running operation (backup, restore) is still executing, without any way for us to regenerate such temp token.

We should error out if external storage URI uses temporary credentials for backup, restore, import, scheduled backup and cdc.

We should also provide an extra URI parameter for the user to specify if they really wish to override this behavior: "&REALLY_USE_TEMP_CREDENTIALS"

Epic CRDB-71

Jira issue: CRDB-2924

Guide contributeur

Stack technique: go
Domaine: databasesecurity
Type d'issue: feature
Difficulté: 4
Temps estimé: 1-2 days
Statut d'activité: stale
Clarté: clear
Prérequis: Go programmingCockroachDB basicsexternal storage conceptsauthentication tokens
Accessibilité débutant: 35
Direction de recherche: Examine the backup and restore code in pkg/backup and pkg/storage. Look for how external storage URIs are parsed and used. Linked issue #56536 provides context. The goal is to detect temporary credential parameters (e.g., in AWS S3 temp tokens) and either reject them or allow an explicit override via a new URI parameter like '&REALLY USE TEMP CREDENTIALS'. Compare with existing validation for other URI parameters.