Long-lived user credentials shouldn't be stored in saraha's database
users provide sahara with credential information so it can access data on their behalf, e.g. data sources and job binaries. those credentials are currently stored in sahara's internal database and include usernames and passwords, primarily for accessing swift.
sahara should not store such credentials. storing short-lived proxy credentials would be acceptable. storing no credentials would be ideal.
idea for storing no credentials: instead of asking for creds when adding a data source or job binary, sahara can require the the credentials be filled in at cluster launch time. sahara can then simply transfer the credentials into the user's cluster where their lifecycle and control will be linked to the cluster's. lifewise, for saraha proxied downloads, credentials would have to be provided at download time.
Blueprint information
- Status:
- Complete
- Approver:
- Sergey Lukjanov
- Priority:
- Undefined
- Drafter:
- Matthew Farrellee
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Not started
- Milestone target:
- None
- Started by
- Completed by
- Vitalii Gridnev
Related branches
Related bugs
Sprints
Whiteboard
Covered by the improved secret storage implementation. Moved to obsolete.