Current state: Under Discussion
To support authentication by username/password when accessing milvus instance.
There is no basic security model for milvus instances currently. Users can access any milvus instance once they have the address by any milvus sdk.
This project aims to support basic authentication with username/password. Clients need to provide username and password when accessing the milvus instance.
- SDK clients MUST encrypt password when connecting to milvus service.
- Milvus create default user root as an initial user to create other users.
Since grpc requests all handled by proxy, we will do the authentication in the proxy component. Logging on to the milvus instance will follow the processes below：
- Create credential for each milvus instance and store encrypted password in etcd. Here we use bcrypt which implements Provos and Mazières's adaptive hashing algorithm.
- On the client side, SDK sends ciphertext when connecting milvus service. The ciphertext is base64(<username>:<passwd>) and attached to the metadata with the key "authorization".
- Milvus proxy component intercepts the request and verify the credential.
- Credentials are cached locally on Proxy component.
Cache Update Workflow
- Credential apis (insert/query/delete credentials) are implemented by RootCoord.
- Credential modification apis persist credentials on etcd (or other storage like mysql), and call each proxy's api to invalidate local caches in all proxy components.
- Auth interceptor in proxy component will firstly find credential records from local cache. If the cache missed, it will trigger rpc call to fetch record from RootCoord and update the local cache.
Etcd model for credentials
Interface of credentials apis
To be compatible with preview version, Milvus will use a toggle for it. If the toggle is on, it will check the credentials for each grpc call, otherwise it acts like the non-authenticate mode.
Case 1: create credentials for milvus
- Access with correct credentials should succeed
- Access with incorrect credentials should fail
- Access without credentials should fail
Case 2: no credentials created for milvus
- Access without credentials should succeed
- Access with credentials should succeed (just ignore the input credential)
Authorization on RBAC control