search

vmware / vic

vSphere Integrated Containers Engine is a container runtime for vSphere.
http://vmware.github.io/vic
Other
639 stars 173 forks source link

Authn/Authz: Design and implementation of VCH Authz module #6415

Open lcastellano opened 6 years ago

lcastellano commented 6 years ago

User Statement: To provide Authn/Authz services for VHC clients, the VCH must be enhanced to provide access control.

Details: Docker implements an Authz plugin interface to allow request to be filtered by an access control system. The Authz plugin relies on client certificates to provide user identity. A similar approach can be used in the VCH. A new module inspired by the Authz plugin structure should be added to the VCH. This requires implementing a new Middleware in the API server. The new middleware will call into the access control module which, in turns collects the user Security Context from Admiral.

https://confluence.eng.vmware.com/display/~lcastellano/VIC+Engine+Authentication+and+Authorization

Acceptance Criteria: The VCH contains a new middleware that uses Admiral to enforce access control.

mdubya66 commented 6 years ago

not a requirment for 1.3, removing. @pdaigle to prioritize