Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: Add/Split "Server Read-only Access" section from "Configuring Your Artifact Repository" page #13599

Open
agilgur5 opened this issue Sep 14, 2024 · 1 comment
Open

Docs: Add/Split "Server Read-only Access" section from "Configuring Your Artifact Repository" page #13599

agilgur5 opened this issue Sep 14, 2024 · 1 comment
Labels
area/docs Incorrect, missing, or mistakes in docs area/server solution/suggested A solution to the bug has been suggested. Someone needs to implement it. type/feature Feature request type/security Security related

Comments

@agilgur5
Copy link
Contributor

agilgur5 commented Sep 14, 2024
edited
Loading

Summary

Per #12467 (comment) and #13425 (review), instructions for Server access should be split into its own section in the artifact repo configuration page called "Server Read-only Access"

Use Cases

As the Server is an optional component and only needs read-only access to artifacts, this should be split into its own section on this page. It can also be linked to from the Server docs ("Argo Server" page, which already links out a good bit).

Any sections with existing Server references and permissions should be split to this section. It can reflect the same page structure with sub-sections per artifact repository provider.

Message from the maintainers:

Love this feature request? Give it a 👍. We prioritise the proposals with the most 👍.
@agilgur5 agilgur5 added type/feature Feature request area/docs Incorrect, missing, or mistakes in docs labels Sep 14, 2024
@agilgur5 agilgur5 mentioned this issue Sep 14, 2024
Merged
@agilgur5 agilgur5 added the solution/suggested A solution to the bug has been suggested. Someone needs to implement it. label Sep 14, 2024
@agilgur5
Copy link
Contributor Author

We should also make some more notations about least privilege use:

  • the Server role should be separate from the ones used by the Executor
  • invert Delete permissions as optional for Artifact GC? per feat(artifacts): support ephemeral credentials for S3. Fixes #5446 #12467 (comment), it currently says "remove if you don't use" but it should probably be inverted for least privilege
  • "Get" is needed for input artifacts, "Put" is needed for output artifacts. If you're not using both, these could potentially be split

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/docs Incorrect, missing, or mistakes in docs area/server solution/suggested A solution to the bug has been suggested. Someone needs to implement it. type/feature Feature request type/security Security related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@agilgur5