server: add schema validation / authentication #852
Description
Following up on a discussion about multi-tenancy, I'm thinking about submitting a PR that's fairly opinionated, where the user can provide a flag for which "trusted headers" have to match the schema name. Here's what I envision that flow looking like:
- Mosaic is configured with
tenant_id,user_id, or something like that as thepreagg.schema - Client sends through authenticated requests. Implementation is out of scope for this PR, but this assumes that there is a cookie or
Authorizationheader per request, which is verified through an API Gateway or other mechanism. That middleware would inject some trusted headers, likeX-Tenant-Id: 12345,verified-user-id: abc - Mosaic server is started with a flag:
--schema_match_headers=X-Tenant-Id,verified-user-id - When the Mosaic server receives a request, it calls json_serialize_sql to get the full AST. It recurses through all the schema objects, and returns a 403 error if any schemas are referenced that don't match the header values
- Finally execute the original SQL (or possibly json_execute_serialized_sql if there are performance benefits) and return the results as normal
A production implementation might pull those valid values out of a jwt or other mechanisms, headers just seems like the broadest solution for OSS. If that sounds like a reasonable fit, I'm happy to submit a PR to the Go server.
There's a larger question around the purpose of the servers (currently python, rust, and go). Are they there more as an option to have a plug and play server to use with mosaic, or if they're more intended as a proof of concept / implementation starter. The Go server I contributed was more in line with the latter, assuming that most use cases would have custom logic to run alongside the code, but maybe I'm thinking about it the wrong way.
Related Discussion: