Uploaded image for project: 'Jenkins'
  1. 必威国际有限公司
  2. JENKINS-51470

Remoting Kafka agents should provide connection security

    XML Printable

Details

    • New Feature
    • Status: Resolved
      A developer had implemented a fix and is waiting for a feedback from the reporter.">Resolved
      (View Workflow)
    • Minor
    • Resolution: Done
    • remoting-kafka-plugin
    • None

    Description

      Follow-up tohttps://github.com/jenkinsci/remoting-kafka-plugin/pull/2#discussion_r189802220

      Currently Remoting Kafka Agents have no security logic, and anybody can connect agent to the master if he knows the agent ID.

      IMHO we need to have at least some basic security enabled, e.g. like common Remoting agents work:

      • Agent defines a secret, which is visible only to users with Computer.CONNECT permissions
      • Kafka agent requires passing secret as an argument
      • Kafka agent sends secret over the channel when connecting
      • Master verifies secrets and rejects connection attempts if it is invalid

      Better Security engine for Kafka could be implemented instead. I am not sure that sending secrets over Kafka can be considered as secure at all, to be researched.

      Attachments

        活动

          There are no comments yet on this issue.

          People

            pvtuan10Pham Vu Tuan
            oleg_nenashevOleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: