-
Notifications
You must be signed in to change notification settings - Fork 768
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Cadence authorization #2833
Comments
Independently of the API chosen the Actor and Action is not enough to make the decision. For example source IP address and some other properties like workflow type might affect the authorization. |
Just to give you ideas. Here is the kubernetes auth callbacks: https://kubernetes.io/docs/reference/access-authn-authz/webhook/ |
True, the idea is to have all needed info in AuthorizationParams. This one should be more specific
|
Current preference:
|
Problem
As a multi-tendency platform, Cadence wants to provide authN and authZ for domain owner to protect their workflows from being start/describe/terminate by unauthorized person/services.
Assuming authN is taken care already and all requests to Cadence server contains identity information (say this info lives in request context).
AuthZ needs to check: is actor X allow to perform action Y on resource Z.
Proposal
Option 1
Option 2
With an Authority implementation, in frontend service each API handler can check
IsAuthorized
to approved or denied requests.Option 1 is more clear than Option 2, but less flexible. Cadence-dev inclines proposal 1 but open to opinions from communities.
One possible open source implementation is to use Open Policy Agent, with which Cadence service maintainer can define policy and construct json input for eval.
The text was updated successfully, but these errors were encountered: