Feature #14200
Updated by Tom Clegg about 6 years ago
A Design sketch * Container requests get an optional "use token for container" field * When creating a container running request on cluster A might have inputs located a remote cluster, controller creates a scoped token on the home cluster B. Therefore, it must have a runtime token capable of authorizing API calls which is restricted to cluster B. However, read-only access to collections in the container does not need all of request mounts * Provide the privileges scoped token in the "use token for container" field * The container running on the remote cluster B can use that it needs token to access resources on both the remote cluster A: for example, it does not need and on the home cluster. * How to create prevent remote cluster from using this token to access other remote clusters? * How to allow remote cluster to use this token to access other remote clusters? * Should be a log collection on cluster B. Proposal: regular (unsalted) token in v2 format. * Additional "cluster_scope" column restricting which clusters should accept it? If cluster B tries do use with cluster C, cluster A will tell cluster C not to use it. * "cluster_ scope" could also instruct remote clusters to limit their scope (so token used on cluster C still only has access to read-only collections). ** Proposed format: {cluster1: [scope1, scope2], cluster2: [scope3, scope4]}