Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLS, Authn/z for a function's gRPC server #19673

Open
1 of 2 tasks
michaeljmarshall opened this issue Mar 1, 2023 · 1 comment
Open
1 of 2 tasks

Support TLS, Authn/z for a function's gRPC server #19673

michaeljmarshall opened this issue Mar 1, 2023 · 1 comment
Labels
area/function Stale type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages

Comments

@michaeljmarshall
Copy link
Member

Search before asking

  • I searched in the issues and found nothing similar.

Motivation

A function pod (k8s runtime) or process (process runtime) starts a gRPC server that is accessed by the function worker for a number of operations does not currently support TLS, authentication, or authorization. The endpoints exposed can modify the function's state with the following endpoints defined:

service InstanceControl {
    rpc GetFunctionStatus(google.protobuf.Empty) returns (FunctionStatus) {}
    rpc GetAndResetMetrics(google.protobuf.Empty) returns (MetricsData) {}
    rpc ResetMetrics(google.protobuf.Empty) returns (google.protobuf.Empty) {}
    rpc GetMetrics(google.protobuf.Empty) returns (MetricsData) {}
    rpc HealthCheck(google.protobuf.Empty) returns (HealthCheckResult) {}
}

It is known that functions have this weakness, but it might be valuable to support securing this gRPC server.

For example, here are the two places we start the plaintext clients:

pulsar/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/process/ProcessRuntime.java

Lines 178 to 180 in 82237d3

channel = ManagedChannelBuilder.forAddress("127.0.0.1", instancePort)
.usePlaintext()
.build();

pulsar/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntime.java

Lines 327 to 329 in 82237d3

channel[i] = ManagedChannelBuilder.forAddress(address, grpcPort)
.usePlaintext()
.build();

Solution

The TLS piece would be pretty easy to implement with gRPC, but the authentication and authorization might be more challenging. The question might be whether granular permissions are required. If they are, perhaps there would be a read role and a write role?

Alternatives

No response

Anything else?

I am not able to work on this now, but I wanted to expose this as a potential feature to see if others are interested in it.

Are you willing to submit a PR?

  • I'm willing to submit a PR!
@michaeljmarshall michaeljmarshall added type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages area/function labels Mar 1, 2023
@sijie sijie mentioned this issue Mar 1, 2023
Open
2 tasks
@github-actions
Copy link

github-actions bot commented Apr 1, 2023

The issue had no activity for 30 days, mark with Stale label.

@github-actions github-actions bot added the Stale label Apr 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/function Stale type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michaeljmarshall