Fine-grained control allowed functions and their privilege using FunctionPermission #1904
Description
Since KRM functions enable running untrusted code that manipulates the package configuration, it’s important to provide visibility and control into what KRM functions are allowed to run with what permissions. There are two attack surfaces that we need to protect:
- Local Machine:
kpt fnrexposes the machine where kpt functions are invoked. - Workload Cluster: Configuration manipulated by KRM functions is eventually applied to a cluster so that opens up another attack surface area to run malicious code.
We can introduce another metadata file under API group config.kpt.dev/v1 with Kind FunctionPermission. Kpt will look for the FunctionPermission KRM to determine what images (or binaries) are allowed with what permissions and enforce that while executing the functions. Sharing an example of the function permission resource below. Note that this is just a placeholder to describe the high level approach, the actual schema needs to be designed:
apiVersion: config.kpt.dev/v1
kind: FunctionPermission
metadata:
name: functionPermission
# only allow builtin (See #1905)
only-builtins: true
# granular permission
allow:
- image: gcr.io/foo/func-a
permissions:
- network
# globbing
- image: gcr.io/bar/*
disallow:
- image: gcr.io/baz/*