inspektor-dev / inspektor Goto Github PK
View Code? Open in Web Editor NEWInspektor is a protocol-aware proxy that is used to enforce access policies👮
Home Page: https://inspektor.cloud
License: Apache License 2.0
Inspektor is a protocol-aware proxy that is used to enforce access policies👮
Home Page: https://inspektor.cloud
License: Apache License 2.0
Microsoft teams are widely used by big enterprises and companies. So, it'll be a good addition for the users who are using teams to do temp credentials approval on teams itself
Kafka is one of the popular message bus systems.
Add integration to enforce polices on kafka
control plane stores all of it's metadata in postgres backend.
Add other store backends like etcd as an optional storage backend.
explore ways how we can start measuring, time taken to evaluate a policy,
time it takes to rewrite a query..
Rust metrics crate seems interesting https://github.com/metrics-rs/metrics
we have a policy with allowed attributes without column name. the expected behaviour for that policy is that, all the columns should be updateable.
But it's throwing unauthorized update error
MYSQL
is a popular database in SQL world.
add support to enforce access policies on MYSQL server.
Is your feature request related to a problem? Please describe.
if we not able to parse any of the query instead of failing, dataplane should be able to pass through the query
Describe the solution you'd like
This could solve the unsupported postgres operators. we can add the support by taking the control plane reports.
User able to switch to unauthorised db after gaining the access of authorised db.
Expected behaviour: inspektor should detect those scenario and restrict the user not to switch db.
ssl will allow the end user to query and retrieve data in an encrypted way. So, add support for ssl in dataplane
Current postgres driver, only checks incoming query is valid or not. But, it doesn't know how to act in a transaction block.
for e.g.: end user can query user but can't insert as policy.
SELECT * FROM USERS;
BEGIN;
INSERT INTO USERS(first_name, last_name) VALUES ('pooni', 'kuttypoonai');
COMMIT;
The expected behaviour is that postgres should return data for select statements and send error for insert transaction. But, Inspektor
Postgres driver return error response directly.
datasouce name has to be unique so that it won't collide with any polices.
Also, define the spec for datasource name
Right now, we don't know for what users are querying for. So, it'll be a good value addition if the admin can see what users are querying.
IDEA: dataplane should send all the logs to controlplane. Control plane pushes the logs to respective data sinks.
But, this put a lot of pressure on the control plane. We can make the dataplane to push the logs, but it'll be hard to configure.
We recently added support for creating temp credentials for users #23
But, the above PR alone doesn't solve the issue. We need a mechanism to drop connection if there is a side effect on session.
For example, a role removed by the admin or a session expired.
we ended up in a situation, where developer entered wrong policies, then control plane couldn't be able to compile.
So, it'll be good if the dashboard shows whether a policy is in a healthy state or a bad state.
Systest was recently added to inspektor to do testing. But, systest doesn't run as part of github action workflow.
so add systest to github action so that we can continuously monitor the stability;
Table names are prefixed if any column is considered as protected column.
eg:
select * from actors -> select actor.ssn as NULL, actor.first_name from actors
This may retrieve the results. But it's breaking orm clients.
Expected Behaviour:
Table name should not be prefixed if not required.
Inspektor doesn't have any tests which test the whole integration. So, add systest to do the end to end testing.
Describe the bug
dataplane panics if the controlplane goes offline
To Reproduce
Bring down the controlplane
Expected behavior
dataplane should keep retry connecting controlplane
Describe the bug
Inspektor doesn't support json query support.
To Reproduce
Parse the following query
select * from tmpdb where cast(meta1->'refferedBy' as text) = '3332'
you'll get the following error
ParserError("Expected an expression:, found: >")
Expected behavior
Inspektor should be able to parse json query
On a day-to day basis, orgs use multiple internal tools.
eg: metabase to visualise organisation data and retool to build internal apps
Team don't have any clear view on what these tools are doing and also whether these tools are being misused or not.
So come up with an idea, where inspektor can push some daily reports on slack. So, admins have some view on day-to-day data access. It'll be also used to capture if there's any anomaly on data access.
Inspektor uses it's in-house authentication mechanism to access inspektor dashboard.
Add support for openID connect, so user can use their own identity provider to access inspektor
Error message given by the postgres is not parsed correctly and forwarded to the client.
Instead of forwarding the correct error message, the inspektor just sends ERROR
without any context.
The admin can add roles while creating the user.
We need a way in a UI where we can change the role of the user.
User are not able update the roles of the datasource once after created.
Now, all docker builds use the --no-cache flag to make sure a new binary is being sent to the docker image.
But, it's increasing the build time a lot.
On a local machine, it takes more than 5 mins to build the image. So, explore other opportunities, to decrease build time
reference: https://github.com/poonai/inspektor/blob/main/build_dataplane_docker.sh
Redshift is a aws data warehouse service.
One of the community member asked for this support 🥳
clipboard api doesn't work without https
or localhost
so provide a way to show secret token in insecure mode.
slack integration will ease to process of requesting temp credentials from admin.
for eg:
member can ask inspektor bot for credentials; the credentials will be provided on the approval of admin.
COPY query is not supported in the sqlparser.
add support for the copy command
all the credentials that Inspektor creates are long lived.
There should be a way where admins can create short lived credentials for data sources.
This can help teams to give temporary credentials to the user
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.