testground icon indicating copy to clipboard operation
testground copied to clipboard
verified publisher icon testground

EPIC: Add Authentication to TaaS

Open nonsense opened this issue 3 years ago • 2 comments

Description

At the moment TaaS doesn't have authentication, so any project which targets the publicly accessible HTTP endpoint of the testground daemon can schedule testplan runs on it.

This results in many forks of IPFS, Lotus, etc. that have configured to schedule testplan runs on TaaS to also schedule runs on TaaS, overwhelming the TaaS deployment for no good reason.

Basically anyone who runs testground run composition -f some-composition.toml on a client machine where the client is configured to target a publicly accessible TaaS deployment can schedule tasks.

[client]
endpoint = "https://ci.testground.ipfs.team"

Since the new cluster will be hosted on EKS, the solution should ideally use AWS resources as much as possible.

What defines this endeavor to be complete

  • [ ] Investigate authentication support for the TaaS cluster on EKS
  • [ ] Write a design doc, and invite others to discuss the proposal

Once the tasks above have been completed, we can open a new task to implement Auth.

2022-09-19: Added notes from last week's meeting

nonsense avatar Mar 10 '22 11:03 nonsense

2022-03-10 note: DNS is managed by Route53 in the AWS account

There is no existing design for authentication, but this will presumably be token based.

BigLep avatar Mar 10 '22 15:03 BigLep

2022-09-19: Added notes from last week's meeting

brdji avatar Sep 19 '22 08:09 brdji