Open rberrelleza opened 3 years ago
NACK. This is weak against spoofing (unless it is used together with TLS).
@AkihiroSuda yes, this should be used in addition to TLS. The way I'm thinking about it, TLS is used to guarantee the caller is talking to the expected buildkit instance, and the caller presents a token so the buildkit server can verify that the caller should have access to it.
sgtm
Currently, buildkit only supports authorization using certificates. This is very useful, but it doesn't scale well beyond a small number of users. For Okteto, we run a shared buildkitd service that can be shared with multiple users in an organization. It would be very useful if buildkitd supported a token-based authorization mechanism.
This could work as follows:
WithRPCCreds
to include an auth token in the requestauth
interceptor extracts theauthorization
header, and makes a POST request with it to the authorization endpointThis initial idea is just a go/no-go type of authorization. In the future this could be extended to also include quotas, rate limits, or even an 'identity context' across more bulidkit operations. A PoC of this is available here https://github.com/okteto/buildkit/commit/7c82ae09ec87471a981607106cdf68fc767b1dec