Skip to content

security: reproducible local multi-operator offensive test bench #208

Description

@juev

Summary

Provide a reproducible local multi-operator test bench for offensive testing. The audit passes under #178 exercised tenancy and authz through the source plus the automated multi-tenant test suite (tenant_scope_test, scoping_boundary_test, *_authz_test, scoping_property_test), but there is no documented live bench to run manual attacks against.

Scope

A scripted bench (Makefile target / docker-compose / shell script) that stands up:

  • the mgmt server with a known master key,
  • 2+ operators, each with their own CA(s) and networks,
  • a few hosts per network (enrolled + pending + blocked),

and documents how to drive manual offensive checks against it: auth bypass, IDOR / cross-tenant reads, enrollment-token reuse, certificate-issuance abuse, poll host-spoofing.

Why

Lowers the cost of re-running the offensive objectives (1–4 in #178) on each release and lets contributors reproduce findings locally.

Part of #178 (checklist: Local multi-operator test bench).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions