On Thu, 17 Apr 2014 17:35:13 +0200
Vitaly Kuznetsov <vkuznets(a)redhat.com> wrote:
<snip>
> Another possible snag is that I want to start locking down
network
> access on most if not all of the test clients so that it's less
> possible for user-submitted tasks to go awry and do things they
> shouldn't. This hasn't been done yet, though and it's something
> that we can discuss going forward.
For valid we'll require two things:
1) Access to Cloud's (AWS, Openstack, ...) endpoint
2) SSH to running VM
Interfacing with EC2 wasn't a use-case that I was thinking of for
network isolation of the taskotron clients, so those plans may change
somewhat. The clients aren't isolated yet, so this won't be a problem
immediately.
Can we have special dedicated test client for valid? That would make
sense from securitty pov as we need to store cloud access credentials
there.
I suppose that we could but I'd really prefer to avoid that if at all
possible. Having one "special" client isn't an issue but it does open
the door to other task authors asking for the same thing and that will
get unmanageable pretty quick.
That being said, I'm not sure how to go about managing credentials like
that in a secure fashion. This'll require some more thought but
suggestions are certainly welcome :)
Tim