Authentication docs are incorrect with respect to default policy on v2 APIs #3797
Labels
pr/critical
Priority: Must be resolved immediately to prevent significant impact
th/auth
Theme: Relates to authentication and authorization
th/documentation
Theme: Related to documentation, including tutorials and API docs
As we migrate from v1 to v2 APIs we must consider the current authentication in our docs
https://docs.bacalhau.org/setting-up/running-node/auth#by-default
This is false for v2 and true for v1. In v2 there are not limits and anyone can submit a job to a cluster if they know its IP address. So in general this is false since all deployments support the v1 and v2 APIs
This is false for v2 and true for v1. In v2 there are no signatures - identity of the job submitter are not checked and the submit job payload does not contain a signature. So in general this is false since all deployments support the v1 and v2 APIs`
This is false, all users have full permissions against a cluster by default.
To summarize, by default, a bacalhau cluster is wide open, anyone can do anything and nothing about their identity is checked.
The text was updated successfully, but these errors were encountered: