somethingnew2-0
commented
3 years ago Ok, updated the README.md and bumped helm chart version. This PR should be good to go. Thanks for the review @dustin-decker 😄
Closed somethingnew2-0 closed 3 years ago
somethingnew2-0
commented
3 years ago Ok, updated the README.md and bumped helm chart version. This PR should be good to go. Thanks for the review @dustin-decker 😄
broamski
commented
3 years ago Is plugin checksum validation something we should consider? Too paranoid?
somethingnew2-0
commented
3 years ago @broamski I'm not sure what plugin checksum validation would protect against as K-Rail does not have a backend database and separate administration control-plane to register the enabled plugin hashes unlike Vault. If plugin checksums were required they would probably be listed in the K-Rail configuration file which could already be modified by anyone with privileges to deploy K-Rail + K-Rail plugin binaries. Feels too paranoid to me.
Add the ability to make custom K-Rail Policy Plugins using GRPC over localhost and Hashicorp's go-plugin interface.
An example plugin is provided that can be used as a template for other plugins.