Aquarium Fish node have to be able to allow users to connect to the resources it knows about, so there need to be a number of mechanisms added:
User management - for now quite rudimentary just admin and the others. We need to go to proper Role-based model to allow certain roles to run a limited amount of Resources, otherwise those users will quickly eat up all the resources we have...
Pass-through itself like that:
User Allocates debug Application, which allows SSH access
User requests ssh credentials via API - and Fish gives the user:token@host:port to connect to via SSH. Port will be the same for the Node
User connects to the Node endpoint via SSH and Fish figuring out the target resource from the provided token, establishes SSH connection with the target Resource and allows to use SSH commands, SCP and port pass-through.
Fish removes the token from the known tokens list if it's lifetime is ended (by default one-time usage). Later we will need to add expiration of tokens.
In theory this should work. One note that only particular fish node, which serves the Resource could access it, so the list of tokens is stored only on it and not shared with the cluster. Request for the SSH access via API could be done in similar way of Snapshots actions.
Aquarium Fish node have to be able to allow users to connect to the resources it knows about, so there need to be a number of mechanisms added:
In theory this should work. One note that only particular fish node, which serves the Resource could access it, so the list of tokens is stored only on it and not shared with the cluster. Request for the SSH access via API could be done in similar way of Snapshots actions.