Currently, controller lacks a permission management system, which poses significant security risks. This issue tracks the authentication and authorization roadmap for Kvrocks Controller.
Direction
We plan to use Casbin for authz (authorization).
For authc (authentication), we plan to support third-party login or gateway authentication first. Local controller-managed users may be added later as a fallback or lightweight testing feature.
Contribution Process
This roadmap is intentionally high-level. Contributors should design the concrete approach in the corresponding issue before implementation.
Before opening an implementation PR for any sub-task, please first post a proposal and wait for maintainer agreement. The proposal should describe the intended behavior, implementation steps, API and Web UI impact, storage and configuration impact, backward compatibility, security considerations, and test plan.
Sub-issues
Currently, controller lacks a permission management system, which poses significant security risks. This issue tracks the authentication and authorization roadmap for Kvrocks Controller.
Direction
We plan to use Casbin for authz (authorization).
For authc (authentication), we plan to support third-party login or gateway authentication first. Local controller-managed users may be added later as a fallback or lightweight testing feature.
Contribution Process
This roadmap is intentionally high-level. Contributors should design the concrete approach in the corresponding issue before implementation.
Before opening an implementation PR for any sub-task, please first post a proposal and wait for maintainer agreement. The proposal should describe the intended behavior, implementation steps, API and Web UI impact, storage and configuration impact, backward compatibility, security considerations, and test plan.
Sub-issues