Right now, all a user needs in order to update a queue is permissions.CreateQueue:
https://github.com/G-Research/armada/blob/1476c18bec337b77434c038ec8dea6458ba253ff/internal/armada/server/submit.go#L158-L172
This seems wrong. If I can update a queue, I can change who owns it and who has what permissions, or its resource limits so it can't do useful work. All that seems well beyond the scope of a permission called CreateQueue, which I'd say should allow you only to create queues, not to mess with existing queues.
I propose:
- adding a queue-specific
queue.PermissionVerb called queue.PermissionVerbUpdate
- renaming global permission
permissions.DeleteQueue to permissions.ModifyQueue
- changing
submit.UpdateQueue() to require both queue.PermissionVerbUpdate and permissions.ModifyQueue (but not permissions.CreateQueue
┆Issue is synchronized with this Jira Task by Unito
Right now, all a user needs in order to update a queue is
permissions.CreateQueue:https://github.com/G-Research/armada/blob/1476c18bec337b77434c038ec8dea6458ba253ff/internal/armada/server/submit.go#L158-L172
This seems wrong. If I can update a queue, I can change who owns it and who has what permissions, or its resource limits so it can't do useful work. All that seems well beyond the scope of a permission called
CreateQueue, which I'd say should allow you only to create queues, not to mess with existing queues.I propose:
queue.PermissionVerbcalledqueue.PermissionVerbUpdatepermissions.DeleteQueuetopermissions.ModifyQueuesubmit.UpdateQueue()to require bothqueue.PermissionVerbUpdateandpermissions.ModifyQueue(but notpermissions.CreateQueue┆Issue is synchronized with this Jira Task by Unito