Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51470

Remoting Kafka agents should provide connection security

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Follow-up to https://github.com/jenkinsci/remoting-kafka-plugin/pull/2#discussion_r189802220

      Currently Remoting Kafka Agents have no security logic, and anybody can connect agent to the master if he knows the agent ID.

      IMHO we need to have at least some basic security enabled, e.g. like common Remoting agents work:

      • Agent defines a secret, which is visible only to users with Computer.CONNECT permissions
      • Kafka agent requires passing secret as an argument
      • Kafka agent sends secret over the channel when connecting
      • Master verifies secrets and rejects connection attempts if it is invalid

      Better Security engine for Kafka could be implemented instead. I am not sure that sending secrets over Kafka can be considered as secure at all, to be researched.

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              pvtuan10 Pham Vu Tuan
              Reporter:
              oleg_nenashev Oleg Nenashev
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: