Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Worker-name identity token #395

Open
tazlin opened this issue Mar 21, 2024 · 0 comments
Open

Worker-name identity token #395

tazlin opened this issue Mar 21, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@tazlin
Copy link
Member

tazlin commented Mar 21, 2024
edited
Loading

The general idea would be:

  • Worker starts.
  • Worker generates a random token and saves it to disk
  • Worker does first jobpop and uses the token in the payload/header
  • API saves the token to the worker name in the db
  • API now requires the random token to be presented when doing jobpops with this worker name for the next 5 minutes (or some other suitable interval).

This would give more resiliance to certain schemes such as automatically starting workers in a cloud environment without having to rely too heavily on worker name management on the client side to avoid name collision.

A couple of notes:

  • This should be entirely optional
  • The token hash should be returned on the various /v2/workers/* endpoints
  • There should be a PATCH/DELETE field/endpoint to remove the token
  • The token should automatically expire - the point isn't security, the point is to prevent worker name collisions.
@tazlin tazlin added the enhancement New feature or request label Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tazlin