OpAMP agent setting to disable remote management of monitoringjobs receiver

[portertech]

We are actively developing the monitoringjobs receiver which schedules the execution of local host commands. We are concerned that this receiver introduces a potential security risk when combined with remote management. In order to control the risk, we need to add a OpAMP agent setting to enable the remote management of the monitoringjobs receiver(s).

Possible Implementations

Inspect ALLOW/DENY Remote Configuration

• Update OpAMP agent extension to inspect received remote configuration contents
• By default, reject remote configuration that contains one or more instances of the monitoringjobs receiver
• Also reject remote configuration that contains one or more instances of the receivercreator receiver that manages one or more instances of the monitoringjobs receiver
• Add a extension setting to allow the remote configuration of the monitoringjobs receiver
• Consider denying the remote management of the receivercreator receiver altogether

[portertech]

Related: https://github.com/open-telemetry/opamp-spec/blob/main/specification.md#configuration-restrictions