Restrict workers to have full API access by random, individual tokens (was: change worker authentication)
|Target version:||QA - future|
workers currently use user tokens and therefore have access to the full API. Workers should have differnt privileges that only allows them to grab jobs, set jobs to finish etc. That makes sure test code run by a worker cannot accidentally nor intentionally mess with the API.
#2 Updated by lnussel about 5 years ago
And as dicussed in the hall earlier: every worker should have its own random token - and we should IMO offer an option to allow every worker to generate that token himself, i.e. plug&play.
Yes. As long as we rely on nfs anyways I think the idea with dropping a token to the shared space would be ok for now too.