add BackendSecurityPolicy for traffic (authN/authZ) from gateway to provider #43
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
aabchoo
commented
Dec 12, 2024
•
aabchoo
commented
- add backend security policy for traffic from gateway to backend provider
- introduces api key, oidc, and static key auth
- add reference to backendSecurityPolicy on llmbackend
- add provider type on llmbackend
aabchoo
requested review from
mathetake,
missBerg and
wengyao04
as code owners
mathetake
reviewed
Dec 12, 2024
aabchoo
force-pushed
the
aaron/authorization-api
branch
2 times, most recently
from
52e389b to
89ee946
Compare
Signed-off-by: Aaron Choo <achoo30@bloomberg.net> Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
fix yaml files Signed-off-by: Choo <achoo30@bloomberg.net>
This commit is a follow up on #20. Basically, this makes LLMRoute a pure "addition" to the existing standardized HTTPRoute. This makes it possible to configure something like ``` kind: LLMRoute metadata: name: llm-route spec: inputSchema: OpenAI httpRouteRef: name: my-llm-route --- kind: HTTPRoute metadata: name: my-llm-route spec: matches: - headers: key: x-envoy-ai-gateway-llm-model value: llama3-70b backendRefs: - kserve: weight: 20 - aws-bedrock: weight: 80 ``` where LLMRoute is purely referencing HTTPRoute and users can configure whatever routing condition in a standardized way via HTTPRoute while leveraging the LLM specific information, in this case x-envoy-ai-gateway-llm-model header. In the implementation, though it's not merged yet, we have to do the routing calculation in the extproc by actually analyzing the referenced HTTPRoute, and emulate the behavior in order to do the transformation. The reason is that the routing decision is made at the very end of filter chain in general, and by the time we invoke extproc, we don't have that info. Furthermore, `x-envoy-ai-gateway-llm-model` is not available before extproc. As a bonus of this, we no longer need TargetRef at LLMRoute level since that's within the HTTPRoute resources. This will really simplify the PoC implementation. --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
This adds `backendRef` to LLMBackendSpec which specifies the "backend" either Service or Backend resource of Envoy Gateway. The choice of not embedding is intentional - A backend can be a target of routing in HTTPRoute and can be either of these two types. Hence this is not suitable for embedding. In addition, in the implementation, we won't directly use or reference them, but just simply attach the necessary logic by the names, so basically no benefit by doing so. --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
aabchoo
force-pushed
the
aaron/authorization-api
branch
from
9fb8a19 to
ea69193
Compare
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Krishanx92
reviewed
Dec 13, 2024
Krishanx92
reviewed
Dec 13, 2024
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
aabchoo
force-pushed
the
aaron/authorization-api
branch
from
a829fe8 to
57e0fa1
Compare
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
mathetake
reviewed
Dec 14, 2024
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
aabchoo
force-pushed
the
aaron/authorization-api
branch
from
19c1337 to
d2f72ed
Compare
yuzisun
reviewed
Dec 16, 2024
yuzisun
reviewed
Dec 16, 2024
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
|
@mathetake @arkodg @zhaohuabing can you take another look? |
mathetake
reviewed
Jan 4, 2025
mathetake
reviewed
Jan 4, 2025
mathetake
reviewed
Jan 4, 2025
mathetake
reviewed
Jan 4, 2025
mathetake
reviewed
Jan 4, 2025
mathetake
reviewed
Jan 4, 2025
mathetake
reviewed
Jan 4, 2025
api/v1alpha1/api.go
Outdated
| // CloudProviderCredentials is a mechanism to access a backend(s). Cloud provider specific logic will be applied. | ||
| // | ||
| // +optional | ||
| CloudProviderCredentials *AuthenticationCloudProviderCredentials `json:"cloudProviderCredentials,omitempty"` |
There was a problem hiding this comment.
so i wonder what kind of logic will make cloud providers special compared to others (currently only apiKey though). how do you envision this additional indirect layer will be used? in other words, what kind of logic will be shared among cloud providers
There was a problem hiding this comment.
- ApiKey is a simple authentication mechanism which distributes the token to user and user is responsible to rotate the keys. Providers like Anthropic, Mistral, Cohere only support API keys.
- Cloud authentication is more sophisticated and support issuing temporary tokens like AWS STS, Google STS to access cloud resources. You do not have to distribute the token and major clouds also support OIDC federation to allow managing your user identity in external system.
see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#:~:text=You%20can%20use%20the%20AWS,has%20permissions%20to%20do%20so.
https://cloud.google.com/docs/authentication#credentials
There was a problem hiding this comment.
yeah i get that it's complex, but my question is why this another layer is needed and what kind of logic will be shared among cloud providers? what becomes difficult to achieve when you have *AWSCredentials directly here without another layer of AuthenticationCloudProviderCredentials. How does having AuthenticationCloudProviderCredentials helps implement various cloud providers vs having them in here
There was a problem hiding this comment.
This is mainly a yaml UX, the additional layer for grouping is there for readability, if we list the individual types then it is not intuitive for user to see the classification. The cloud provider security implementations are different but they share the same high level concepts.
zhaohuabing
reviewed
Jan 6, 2025
Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
mathetake
approved these changes
Jan 7, 2025
mathetake
reviewed
Jan 7, 2025
api/v1alpha1/api.go
Outdated
| // Only one type of BackendSecurityPolicy can be defined. | ||
| // +kubebuilder:validation:MaxProperties=2 | ||
| type BackendSecurityPolicySpec struct { | ||
| // Type specifies the auth mechanism used to access the provider. Currently, only "APIKey", AND "AWS_IAM" are supported. |
There was a problem hiding this comment.
This is relevant to the thread to #43 (comment) I am still not convinced by the "Yaml UX" stuff there. I am fine with that but at least to be consistent could you make this CloudProviders and have a type inside it for a specific cloud provider? (which i think is a worse UX vs the flat one)
There was a problem hiding this comment.
I've flattened it out per req
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.