Listing all snaps from Brand Store requires "store admin"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Snap Store Server |
Won't Fix
|
Undecided
|
Celso Providelo |
Bug Description
To list snaps from Brand Store one can use the Brand Store (list all snaps) and Snaps (list releases for a snap) APIs.
The first stage (list all snaps) requires store_admin permissions where for the second stage just the package_access is enough. It feels that requiring the admin-like permission for reading snaps from the store is too much and it would be better to be able to access this information w/o requiring such an elevated access level.
This has high importance as it triggers security issues.
Using viewer credentials does not change anything, store admin is required anyways:
λ ~ surl -s production -e <email address hidden> https:/
Password for <email address hidden>:
{"error-list": [{"message": "Permission \"store_admin\" is required as a macaroon caveat.", "code": "macaroon-
Changed in snapstore: | |
assignee: | nobody → Celso Providelo (cprov) |
Konrad,
There is a fundamental problem with your suggestion to reduce permission to access the Publisher's store-snaps (<dashboard> /api/v2/ stores/ <store> /snaps) because it's not equivalent to the Device's snap-browsing (api.s. io/api/ v1/snaps) API.
See the usage examples:
{{{ /dashboard. snapcraft. io//api/ v2/stores/ test-feeds/ snaps | jq '.snaps | length'
# Store-snaps
$ surl -a prod-store https:/
10
# Snap-browsing /api.snapcraft. io/api/ v1/snaps? fields= package_ name" | jq '._embedded[ "clickindex: package" ] | length'
$ curl -s -H 'X-Ubuntu-Series: 16' -H 'X-Ubuntu-Store: test-feeds' "https:/
103
}}}
The store-snaps API is supposed to be used by store-admins only because it doesn't not include snaps from whitelist-ed stores, for which the store admin has no authority. The store-snaps list 3 categories os snaps only: local (registered in the context store), essential (implicitly inherited from Global) and included (from other stores the allow inclusion by the context one). Only the "included" snap set can be managed.
Summing up the store-snaps API was not designed to "list all snaps in a store", but instead to manage snap inclusion, if one wants to list all snaps available in a store in their most-stable channel the `snap-browsing` API should be used.
Let me know if the explanation makes sense.