New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RPC Authorization #710
RPC Authorization #710
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This goes in the right direction.
We need to discuss whether the "policy" config option is part of the consensus component configuration (only for crdts, for raft it would be implicit), or general in the cluster
section like proposed here.
This decision has to do with where we place the trusted_peerset
option which will be used by crdts.
@lanzafame opinion?
Can I get a quick review for this? |
7bc56cb
to
0964bca
Compare
Thanks @kishansagathiya , I will finish this PR |
This commit adds permission policy for raft consensus and adds permission policy to config(but hides it from user). It proposes minimum set of RPC methods which we have to allow peers in order for all cluster features to work as expected. It restricts peers from accessing methods that are not part of the proposed RPC method set. Proposed authorization would work only for raft consensus. `authorizeWithPolicy` would need to be edited in order to support upcoming consensus mechanisms. Issue #666
Addressed some review comments - added `authorizer` that could contain all information required to be used authrorize function - ability to add more peers after `authorizer` has been created
- No need to change gx hash for gorpc and ocgorpc - Use map for trusted peers instead of array Issue #666
Superseeded at #775 |
This PR adds permission policy for raft consensus and adds
permission policy to config(but hides it from user).
It proposes minimum set of RPC methods which we have to allow peers in
order for all cluster features to work as expected. It restricts peers
from accessing methods that are not part of the proposed RPC method set.
Proposed authorization would work only for raft consensus.
authorizeWithPolicy
would need to be edited in order to supportupcoming consensus mechanisms.
#666