Make storing of extra SQL attributes optional¶
Allow a cloud provider to disable the storing of “extra” SQL attributes.
Problem Description¶
Our SQL drivers have for a long time supported clients piggybacking on our formal entity attributes by just including extra attributes in the API call (e.g. POST) - which we then store in the ‘extras’ column. While this is used by a number of customers, it’s a practice we don’t want to encourage. Moreover, allowing this could mean that cloud providers are unintentionally storing PII information if the client includes such attributes in their API calls.
Proposed Change¶
We will provide a configuration option to define whether our SQL drivers will store extra attributes. For backward compatibility this will be set, by default, to allow such storage. Disabling this option will support any extra parameters to either be silently ignored (with a warning to the log) or error in both read and write of SQL entities.
If this option is disabled on a system that already has extra attributes stored this data will not be deleted - that is left as an out-of-band operation for the cloud provider.
As an aside, although we do support extra attributes for LDAP drivers, the storage of these is already optional by virtue of the fact that a mapping must be defined in the LDAP section of the configuration file.
Alternatives¶
None
Security Impact¶
This should close a potential security loophole.
Notifications Impact¶
None
Other End User Impact¶
None
Performance Impact¶
None
Other Deployer Impact¶
None
Developer Impact¶
None
Implementation¶
Assignee(s)¶
Primary assignee:
Henry Nash (henry-nash)
Work Items¶
Create configuration option
Honor that option in the core SQL code which converts the extra attributes
Dependencies¶
None
Documentation Impact¶
Update to the configuration.rst
References¶
None