-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Border0 Connector / Docker Exec #1990
base: main
Are you sure you want to change the base?
Conversation
thanks @adrianosela |
6455a18
to
3a064a1
Compare
Hey @hellt - just FYI I pushed another commit that uses the Border0 authentication flow from our SDK, which maintains backwards compatibility with the legacy (email + password) flow. I mostly did this hoping that removing code from here would make codecov's diff happy :D But that did not happen. What are your contributing guidelines? Do we need to satisfy test coverage here since we are just calling out to our SDK? (which has plenty of tests there). |
No worries @adrianosela, it is fine to have gaps in test coverage for the parts related to b0 integration. So for my understanding, is email/pass-based auth is completely legacy and everything can be done with the new flow? If yes, then I am in favor of removing the email/pass code parts completely |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1990 +/- ##
==========================================
- Coverage 53.58% 53.58% -0.01%
==========================================
Files 160 160
Lines 11536 11518 -18
==========================================
- Hits 6182 6172 -10
+ Misses 4489 4482 -7
+ Partials 865 864 -1
|
With respect to the email + password flow: the email + password (programmatic) authentication IS formally deprecated. However, at the time of deprecating such logins, we opted to allowlist a handful of users who were using the feature to continue to use it in order to prioritize speed of rolling out the new (more secure) authentication flow. Some of these users (at least one of which is definitely a containerlab user) are still active today. We should figure out together if we want to:
I'd be happy to strip out a lot of code from here, but I think we should have a live conversation after you've given the new Border0 Connector based flow a try and we'd figured out together exactly how you'd/we'd like containerlab users to manage their policies and sockets with the new flow. Take your time, we are in no rush :) It seems historically in containerlab you would define Border0 policies and sockets in the config yaml directly. We should figure out if you want to keep supporting that and if so we'd have to make some adjustments to the code here. With the connector model (as in the docs linked above) everything is remotely managed, instead of static-config managed. However we could add a border0 command here to create and link the resources in static config to a connector anyways. Let's follow on our ongoing email thread until we have clarity. cc:// @atoonk |
@adrianosela after playing with this a little bit I wonder why do we want to tie this in to containerlab via the tools command? What I mean is I think it would make a lot of sense if I might be missing something here, but I think a single b0 container providing a connector is really all we need. It is easier to setup and requires fewer steps. |
Hey @hellt - that sure sounds more reasonable! Since the B0 container isn't really part of the lab's topology (and if a customer wants to do that they can still do it themselves). Our internal priorities have shifted quite a bit. I don't anticipate any work here in the next ~2 weeks. But we'll get back to it soon enough. |
Support for Border0 Connector / Docker Exec
This PR introduces the ability to deploy the Border0 Connector as a node in a containerlab environment (lab)... connecting all nodes without the need to expose nodes' SSH ports or manage/provision any nodes with secrets.
This makes for a seamless experience for containerlab users who wish to expose their labs over the internet (behind their authentication method of choice: Google/GitHub/Microsoft/Email-Link).
The nicest thing about it is users can talk to their nodes from any web browser using our web client.
Video Demo
clab-x-border0-LOW-RES.mp4
I alluded to this feature being in the works in #1768:
We are excited to hear your thoughts and collaborate on making the containerlab x border0 experience as best as it can be!
cc:// @steiler @hellt @atoonk