Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51470

Remoting Kafka agents should provide connection security


      Follow-up to https://github.com/jenkinsci/remoting-kafka-plugin/pull/2#discussion_r189802220

      Currently Remoting Kafka Agents have no security logic, and anybody can connect agent to the master if he knows the agent ID.

      IMHO we need to have at least some basic security enabled, e.g. like common Remoting agents work:

      • Agent defines a secret, which is visible only to users with Computer.CONNECT permissions
      • Kafka agent requires passing secret as an argument
      • Kafka agent sends secret over the channel when connecting
      • Master verifies secrets and rejects connection attempts if it is invalid

      Better Security engine for Kafka could be implemented instead. I am not sure that sending secrets over Kafka can be considered as secure at all, to be researched.

            pvtuan10 Pham Vu Tuan
            oleg_nenashev Oleg Nenashev
            0 Vote for this issue
            1 Start watching this issue