Auth Schema
The Auth Plugin manages the authentication mechanisms that determine access controls for services interacting with sensitive data in the enclave, thus maintaining the system's security posture.
Auth plugin schema
The auth plugin schema inherits from the basic plugin schema, and adds the following to the required fields:
spec
spec.ports
spec.volumes
spec.outboundConnections
The following JSON presents an example of the structure of the auth plugin schema:
{
"$id": "http://example.com/oblv_k8_schema/json-schemas/plugins/auth-schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Auth Plugin Schema",
"description": "Schema for authentication plugin configuration.",
"$ref": "/oblv_k8_schema/json-schemas/plugins/plugins-base-schema.json",
"type": "object",
"properties": {
"proxyPort": {
"description": "Port which the enclave proxy will forward requests to. This is the port that the application should listen on.",
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"spec": {
"type": "object",
"properties": {
"ports": {
"$ref": "/oblv_k8_schema/json-schemas/privileges/ports.json"
},
"volumes": {
"$ref": "/oblv_k8_schema/json-schemas/privileges/volumes.json"
},
"outboundConnections": {
"$ref": "/oblv_k8_schema/json-schemas/privileges/outbound.json"
},
"env": {
"$ref": "/oblv_k8_schema/json-schemas/privileges/env.json"
},
"resources": {
"$ref": "/oblv_k8_schema/json-schemas/privileges/resources.json"
},
"securityContext": {
"$ref": "/oblv_k8_schema/json-schemas/privileges/security-context.json"
}
}
}
},
"required": [
"spec",
"proxyPort"
]
}
The key values from the JSON object above are described in the table below.
Field | Description |
---|---|
proxyPort | The port on which the enclave's proxy service forwards incoming requests. This should be configured to the port that the application is set to listen on. |
spec | Contains detailed configurations for operational and security aspects of the plugin. |
ports | Defines which network ports are accessible to the service, allowing only explicitly permitted ports. |
volumes | Specifies the storage volumes that can be mounted and accessed by the service, managing data persistence and access rights. |
outboundConnections | Outlines rules for outbound connections, controlling which external systems or services the service can interact with. |
env | Manages the environment variables for the service, configuring runtime settings. |
resources | Determines the allocation of CPU and memory resources to the service. |
securityContext | Sets the security attributes and capabilities for the service, including permissions and user/group IDs. |