KBS | Plugin system design #502
Comments
|
I support this proposal and appreciate the direction it’s taking. However, I would like to emphasize the need for caution regarding variables that require awareness across multiple plugins, such as the current session state or client authentication status. Properly managing these variables will be crucial for maintaining consistency and security throughout the plugin execution process. |
|
I think the resource plugins are the simplest and most important in the short term. Claudio has been on vacation but I think he will be back to workin on his PR next weekish. One thing that might be cool to add in the future is an admin plugin that creates a basic web interface that lists out the policies that are enabled, the guests that are connected, the logs, etc. We'd need to come up with a good way to surface all that info. |
|
The support for hot-swappable plugins is something worth considering. It offers a couple of advantages:
To make hot-swapping work smoothly, the KBS could provide at least two API endpoints for managing plugins:
I think it would make sense for |
|
Close as #514 finished |
Now we have a resource plugin system which will be used by clients to perform complex operations not only for simple get resource. #396
Let's re-examine the entire plug-in design mechanism from the architectural level. We can easily find that we are facing three typical overall potential plugin interfaces.
Client Request Plugins
They are plugins that extend the way for clients to call KBS. A long discussion has been talked about this in the issue. Here I want to claim a design that with path of KBS
/kbs/v0/<plugin-name>/..., the request of client will be delivered to different plugins. How to parse the concrete parameters is decided by the concrete plugin (e.g. queries or paths). Actually up to now we support the following pluginsresource. This plugin helps the client to retrieve confidential data/resource from KBS. Conceptually it's a simple KV store authorized by a successfully remote attestation and resource policy filter. The resource is indexed by the following<repository>/<type>/<tag>authandattest. Well, this is actually a same plugin used to do remote attestation to perform RCAR handshake.Potentially we could implement other plugins, like
nebula/. This is also a way for nebula to integrate with KBS in a more standard way without influenceresourceAPI. @cclaudioregister/. This is another form ofauth/attest, but the result is that the KBS provisions a public key cert to the pod/guest.Server Admin Plugins
They are plugins extending the way for KBS owner/admin to call KBS. We have such use cases for now and potentially have more. What we have as admin plugin, for example is Set Resource API that helps the owner of KBS to store arbitrary data with given resource URI when the admin public key authentication passes.
Potential needs include
We might need a flexible plugin design for those, to help developers to integrate different admin plugins who share a same admin authentication method.
Server Request Plugins
Different from Client Request Plugins, Server Request Plugins are plugins providing ways for KBS to call clients. This kind of needs exist, e.g. split api design from @c3d @ray-valdez. KBS needs to call APIs from guest/pods. Typically KBS is publicly exposed to the client while the KBS cannot connects directly to client. Thus we might need a mechanism to keep a long connection tunnel (e.g. websocket, round-robin task fetch, ...) between the client and KBS once the client accesses KBS. Then, some reverse calls (from KBS to Clients) could be performed upon the tunnel.
We could have a basic design for the underlying tunnel and then a flexible RPC definition way to integrate into KBS for outer callers to call from KBS to the client side.
The text was updated successfully, but these errors were encountered: