Feature #14200

Updated by Tom Clegg about 2 years ago

A Design sketch

* Container requests get an optional "use token for container" field
* When creating a
container running request on cluster A might have inputs located a remote cluster, controller creates a scoped token on the home cluster B. Therefore, it must have a runtime token capable of authorizing API calls which is restricted to cluster B. However, read-only access to collections in the container does not need all of request mounts
* Provide
the privileges scoped token in the "use token for container" field
* The container running
on the remote cluster B can use that it needs token to access resources on both the remote cluster A: for example, it does not need and on the home cluster.
* How
to create prevent remote cluster from using this token to access other remote clusters?
* How to allow remote cluster to use this token to access other remote clusters?
* Should be
a log collection on cluster B.

regular (unsalted) token in v2 format.
* Additional "cluster_scope" column restricting which clusters should accept it? If cluster B tries do use with cluster C, cluster A will tell cluster C not to use it.
* "cluster_ scope" could also instruct remote clusters to limit their scope (so token used on cluster C still only has access to read-only collections).
** Proposed format: {cluster1: [scope1, scope2], cluster2: [scope3, scope4]}