grpc-go icon indicating copy to clipboard operation
grpc-go copied to clipboard

Published 20 hours ago verified publisher icon grpc

Allow ALTS to run on untrusted platforms/handshakers

Open nickjenkin opened this issue 4 years ago • 5 comments

Use case(s) - what problem will this feature solve?

Allow reuse of built in ALTS TransportCredentials. Currently alts.newALTS checks if the environment is running on GCP. This prevents custom handshakers from running in non-GCP environments.

Proposed Solution

Allow for running outside GCP with a custom handshaker. Using the alts.ClientOptions/ServerOptions, an additional option to override the GCP check (AllowUntrustedPlatform?)

Alternatives Considered

Additional Context

Custom ALTS handshakers can be created via implementation of the handshaker grpc/protobuf proto.

nickjenkin avatar Jul 14 '21 02:07 nickjenkin

ping @cesarghali What do you think of this?

menghanl avatar Jul 28 '21 18:07 menghanl

In principle, this is ok. We need to make sure that this check will be used to bypass the GCP check.

We should also have feature parity with other languages. @yihuazhang and @menghanl you know more about this than me. What do you think?

cesarghali avatar Jul 28 '21 18:07 cesarghali

In C-core, we have an API that allows to bypass the GCP check. We need to expose it in C++ though. It is not clear to me though how a user can use a custom ALTS handshaker with the built-in credential API as we does not provide any hook to use an external handshaker.

yihuazhang avatar Jul 28 '21 20:07 yihuazhang

@ZhenLian what do you think about this feature request now? Who would be a good assignee for this if we keep it open?

dfawley avatar Nov 28 '22 21:11 dfawley

Maybe @erm-g can make the call here. Would you mind taking a look at this please? Thank you!

ZhenLian avatar Nov 30 '22 23:11 ZhenLian

The team does not have the cycles to work on this at the moment. We are happy to accept a PR for this, or will work on this when this becomes a priority.

easwars avatar Sep 21 '23 16:09 easwars

Hey everyone, I wouldn't mind trying to give this a go. So we'd like to give users the ability to work with custom ALTS handshakers in an untrusted platform (one outside of GCP) right?

CemGurhan avatar Dec 12 '23 22:12 CemGurhan

@matthewstevenson88 / @erm-g / @gtcooke94 / @rockspore - any advice on this one? Per https://github.com/grpc/grpc-go/issues/4596#issuecomment-888597751 there was a way to do it in c-core but not C++. I'm not sure about Java. I agree with that comment's sentiments that we should have similar functionality (or plans for similar functionality) in all languages. So does this make sense to implement for users?

@CemGurhan thanks for volunteering. Do you need this feature for yourself, or are you just interested in helping out with the gRPC-Go project generally? If the latter, there are probably other things we need that are ready to work on now, vs. this which I don't believe we've ever gotten agreement from our security folks that it's desirable. If the former, explaining your use case might be helpful.

Thanks!

dfawley avatar Dec 12 '23 22:12 dfawley

@dfawley Id just like to help out with the gRPC-Go project yes.

I'll have a look at some of the other issues that are open and that require some more immediate help, thanks!

CemGurhan avatar Dec 12 '23 22:12 CemGurhan

@CemGurhan #6748 or #6583 might be good options?

@matthewstevenson88 et al, please advise on this issue, still. Thanks.

dfawley avatar Dec 12 '23 23:12 dfawley

To the best of my knowledge, we've not had any serious asks for using ALTS off-GCP, so I recommend that we close this issue. I'll wait a couple of days for someone to respond and correct me, and otherwise close.

matthewstevenson88 avatar Dec 13 '23 05:12 matthewstevenson88

Agree - this can be implemented with a small patch for anyone who needs

nickjenkin avatar Dec 14 '23 03:12 nickjenkin