Introduction of the optional authentication mechanism for Labgrid (i.e. Oauth2) for securing gRPC communication between coordinator, client, exporter

[JacekBartynowski]

Hello,

I work for ARM Ltd.
We are planning to use the Labgrid for our testing and releases purposes (part of the build and CI/CD pipelines).

Currently, the main obstacle from our perspective (commercial organization) is the lack of an authentication/authorization.
I am aware that the Labgrid is an open-source, publicly available product that can be adapted by many organizations/projects, and the authentication/authorization mechanism may not be the desired thing.

I would like to get your opinions about the potential introduction of the authentication mechanism to secure a communication between the labgird-client(s), labgrid-cooridnator, and labgrid-exporter. The gRPC protocol provides many options to configure and use authentication.

The potential authentication mechanism would probably be OAuth2 with the external authentication provider (like Github, Google, Microsoft, Facebook, etc.), the mechanism would require to:

• Obtain the SSO (single-sign-on) token from the external authentication provider (OAuth2, OpenID based solution)
• Obtain SSL certificates (file system, remote storage solution like vault, etc.)

The scope of changes would probably include:

• adding selector mechanism to apply/use/configure the authentication or skip it
• adding functionality to obtain SSO token (OAuth2, OpenID standard)
• adding functionality to obtain SSL certificate(s)
• changes in labgrid/remote/client.py
• changes in labgrid/remote/coordinator.py
• changes in labgrid/remote/exporter.py

If possible, I would like to learn your opinions and views on:

• Possibility of adding optional (i.e. configurable via command line arguments) authentication mechanism
• Selection of the potential authentication mechanism
• Probable timeline of reviewing/accepting and releasing the modifications related to the authentication
• Maybe you consider any other authentication mechanism in the past?
  ?