this post was submitted on 04 Dec 2023
16 points (94.4% liked)

Programming

17699 readers
450 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 2 years ago
MODERATORS
 

Apologies in advance for sharing two link posts here two days in a row. Unemployment may be driving me a little nuts... ๐Ÿ˜…

I've been working on Satounki since I got laid off last month. It's the culmination of a lot of experience building similar ad-hoc internal tooling at various places throughout my professional career.

Satounki already includes:

  • AWS support
  • GCP support
  • Cloudflare support
  • Auto-generated Terraform providers from the Rust API
  • Auto-generated Typescript client wrapper from the Rust API
  • Slack bot for request notifications, approvals and rejections
  • CLI for requests, approvals and rejections
  • Dashboard for exploring policies, requests and stats

The scope of this project is pretty big and I'm looking for contributors.

The majority of the project is written in Rust, including the generated Go and TS code. The stack is pretty simple; Actix, Diesel, SQLite, Tera etc., so if you have experience with writing web apps in Rust it should feel familiar!

Even if this is a totally new stack to you, this is a great project to develop some familiarity and experience with it, especially if you can help improve the quality of the generated Go and TS code at the same time!

you are viewing a single comment's thread
view the rest of the comments
[โ€“] LGUG2Z 2 points 1 year ago (1 children)

What sort of sensitive data are you imagining in your reading of the README? It would be useful to understand to update the language appropriately ๐Ÿ™

[โ€“] [email protected] 2 points 1 year ago (1 children)

Well the actual rules โ€” who gets access to what โ€” where is that stored and how is it secured, to what standards? Is there logging, audit, non-repudiation, tamper-proof, time-stamping etc.

[โ€“] LGUG2Z 4 points 1 year ago

tl;dr all the same caveats with self-hosted software apply; don't do anything you wouldn't do with a self hosted database or monitoring stack.

Well the actual rules โ€” who gets access to what

The rules themselves are the same public rules in the IAM docs on AWS, GCP etc., while the collections of these public rules (eg. the storage_analytics_ro example in the README) defined at the org level will likely be stored in two ways: 1) in a (presumably private) infra-as-code repo most probably using the Terraform provider or a future Pulumi provider, 2) the data store backing the service which I talk about more below.

"Who received access to what" is something that is tracked in the runtime logs and audit logs, but as this is a temporary elevated access management solution where anyone who is given access to the service can make a request that can be approved or denied, this is not the right place or tool for a general long-lived least-privilege mapping of "this rule => this person/this whole team".

where is that stored and how is it secured, to what standards?

This is largely up to the the team responsible for the implementation and maintenance, just like it would be for a self-hosted monitoring stack like Prom + Grafana or a self-hosted PostgreSQL instance; you can have your data exposed through public IPs, FQDNs and buckets with PostgreSQL or Prom + Grafana, or you can have them completely locked down and only available through a private network, and the same applies with Satounki.

Is there logging, audit, non-repudiation, tamper-proof, time-stamping etc.

Yes, yes, yes, yes and yes, though the degree of confidence in each of these depends to some degree on the competence of the people responsible for the implementation and the maintenance of the service as is the case with all things self-hosted.

If deployed in an organization which doesn't adhere to at least a basic least-privilege permissions approach, there is nothing stopping a bad internal actor with Administrator permissions wherever this is deployed from opening up the database directly and making whatever malicious changes they want.