Feature #14200

Updated by Peter Amstutz about 2 years ago

Design sketch

* Container requests get an optional "use token for container" field
* When creating a container request on a remote cluster, controller creates a scoped token on the home cluster which is restricted to read-only access to collections in the container request mounts
* Provide the scoped token in the "use token for container" field
* The container running on the remote cluster can use that token to access resources on both the remote cluster and on the home cluster.
* How to prevent remote cluster from using this token to access other remote clusters?
* How to allow remote cluster to use this token to access other remote clusters?
* Should be a regular (unsalted) token in v2 format.
* Additional "cluster_scope" column restricting which clusters should accept it? If cluster B tries do use with cluster C, cluster A will tell cluster C not to use it.
* "cluster_ scope" could also instruct remote clusters to limit their scope (so token used on cluster C still only has access to read-only collections).
** Proposed format: {cluster1: [scope1, scope2], cluster2: [scope3, scope4]}