Conductor OSS
API & Worker Authentication #371
-
|
Re-upping conversation from Netflix/conductor#3052 . In the old Netflix repo, the README had "Authentication: We recommend that authentication & authorization be de-coupled from the UI and handled at the web server/access gateway." but this doesn't exist in this repo. As I begin to evaluate Conductor, it still seems true that there is simply no authentication or authorization in any part of the (OSS, non-Orkes) platform, by default. Is that correct? Nothing preventing an inappropriate user on our network from launching a workflow (via API or UI), nothing preventing a pen-tester (for example) from starting a worker process that handles tasks? Unless we use network controls (like iptables or AWS Security groups) and/or an authorizing reverse proxy. Again, is this correct? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Yeah, that seems to missing in the OSS platform. We are planning to use Istio for securing the deployment (which would be your "authorizing reverse proxy") |
Beta Was this translation helpful? Give feedback.
Yeah, that seems to missing in the OSS platform. We are planning to use Istio for securing the deployment (which would be your "authorizing reverse proxy")