New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide authorization for Agents connecting to Consul #76

Open

DImuthuUpe opened this issue Jan 25, 2023 · 0 comments

Labels

Contributor

DImuthuUpe commented Jan 25, 2023

MFT Agents communicate with the controller through the consul key-value store. https://github.com/apache/airavata-mft/blob/master/common/common-clients/src/main/java/org/apache/airavata/mft/admin/MFTConsulClient.java Consul keys are represented through paths and each agent has its own path to access messages. Currently there is no mechanism to control access to those paths as anyone can read from it. We can use the Access Control setup provided through consul to enforce authorization for agent communication. https://developer.hashicorp.com/consul/tutorials/security/access-control-setup-production The idea is,

No open access to any consul path is provided. All communication should happen through Consul tokens.
When an agent needs to connect to consul, it is give a consul token and agent can only access a particular path using that token.

DImuthuUpe added the enhancement label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment