AMP 1.6.9 - ADS Roles can't specify permissions for instance modules

  • Last Post 07 July 2018
drakmir posted this 06 July 2018

OS Name/Version:
Debian 9

Product Name/Version:
AMP 1.6.9

Problem Description:
Role management not correct when using ADS and instances are using it as an authorization server.

Steps to reproduce:
Install ADS standalone
Create minecraft instance through UI
Note that admin user and password are required fields, but are not used in this case
Try to create a role that has minecraft related permissions
No minecraft permissions can be set as they are not present

Actions taken to resolve so far:
Loaded plugins into ADS
Created instance to try to get ADS to "see" the relevance of the permissions
No action found to work, other than not using ADS as an authentication server

Expected Result:
ADS should either allow all permissions to setup in roles or should be based on the plugins / instances that it knows about.

Order By: Standard | Newest | Votes
Mike posted this 06 July 2018

This functionality is not yet implemented.

drakmir posted this 06 July 2018

Understood. That makes the transparent authentication not useful then since I can't create users that don't have access to the ADS instance so they can manage the instances created with ADS. This results in the possible leakage of the license key for AMP (a clear violation of the network license)

Mike posted this 06 July 2018

The licence key shouldn't be being leaked. Password fields don't have their actual value sent to the client.

drakmir posted this 07 July 2018

What I mean is that since I can't make a useful user (for the managed minecraft server) they have to be super admins or equiv. That leads to them being able to create instances which is a violation of the rules for the network license.

Also, you do leak the license key with docker creation (in the console).

Mike posted this 07 July 2018

Correct, you'd have to run the instances standalone and don't have them authenticate via ADS right now.