federated data planes: punch list

[jgraettinger]

• [x] Gazette: support label-name:prefix syntax for label selectors
  • Replaces existing prefix syntax for journal names.
  • Required for authorized Apply RPCs of shard specs.
  • Future: can power partition-based authorization over estuary.dev/field/some-field values.
• [x] Gazette: support streaming or long-polled List API for journal watches
  • Replaces direct Etcd watch of journals.
  • Required for cross-DP partition discover within shuffled reads and writes.
• [x] Gazette: authorization modeled as label selectors
  • JWT verification of journal read, append, list, replicate, and apply RPCs.
  • JWT verification of shard list, apply, and stat RPCs.
  • Auth checks are enabled & required if and only if started with a configured secret
  • Replaces similar authorization checks and proxying in data-plane-gateway
  • Required for securing public Gazette endpoints with unproxied peer-to-peer access.
• [ ] Control plane: introduce authorization API for brokered data plane access
  • Requesting data-plane X signs claims for access from catalog name Foo/One (in X) to Bar/Two (in Y) using X's secret
    • (Note the requester doesn't need to know what data-plane the resource lives in)
  • API verifies claims and checks current RBAC
  • API responds with Y's address and scoped token for Bar/Two signed with Y's secret.
• [ ] Reactors: sign and request access for read & written collections from authorization API
  • Replaces current direct access through internal broker API.
• [ ] Reactors: use Gazette List API for journal watches in shuffled reads & appends
  • Replaces current direct access to Etcd journals watch
• [ ] Control plane: model and track data-planes on live_specs