ChangeProp normally sends unauthenticated update requests to RESTBase & backend services. For private wikis, this won't work as access to content is restricted to specific authenticated users.
Requirements
- All content is updated: We need to make sure that stored content is kept up to date, regardless of the exact access restrictions that apply to this content.
- Minimum privilege: Restrict elevated access to services that actually need it, like ChangeProp. Do not open up access to "all internal services" or similar.
Candidate solutions
Authenticate changeprop as "super user"
- Create a user for the changeprop service, and give it all the rights needed to access content stored in RESTBase.
- Use this user to authenticate requests from ChangeProp, using credentials from the private puppet repo.
- In RESTBase, continue to:
- enforce user-specific restrictions on each read access, and
- drop authentication information for end points that do not have any restrictions set up.