lhumina_code/hero_compute
0
0
Fork 0
Code Issues 7 Pull requests 2 Projects Releases 9 Packages Wiki Activity Actions

Simple secret-based auth for VM ownership #2

New issue
Closed
opened 2026-03-05 08:11:38 +00:00 by mahmoud · 1 comment
mahmoud commented 2026-03-05 08:11:38 +00:00
Owner
Copy link

Description

Add a secret field to VM deployment so users can only see and manage their own VMs. No user accounts, no JWT; just a secret string stored on the VM record.

How It Works

When deploying a VM, the user provides a secret:

  • deploy_vm(name, slice_sid, image, cpu_count, secret)

The secret is stored on the Vm record. All subsequent operations require the same secret to be passed:

  • list_vms(secret) — returns only VMs matching the secret
  • get_vm(sid, secret) — returns error if secret doesn't match
  • delete_vm(sid, secret) — returns error if secret doesn't match
  • start_vm, stop_vm, restart_vm — require secret too

VMs without a matching secret are invisible — not returned in lists, not accessible by sid. No indication they exist.

Changes Required

  • schemas/cloud/cloud.oschema — add secret: str to Vm type and update all affected service methods
  • rpc.rs — validate secret on every VM operation
  • hero_cloud_sdk — update all input types with secret field
  • openrpc.json — regenerate from schema
  • docs/api.md — document secret field and behavior

Notes

  • Secret is stored as plaintext for now (keep it simple)
  • Empty string secret = no protection (backward compatible)
  • This is the foundation for multi-tenant usage on the Explorer
### Description Add a `secret` field to VM deployment so users can only see and manage their own VMs. No user accounts, no JWT; just a secret string stored on the VM record. ### How It Works When deploying a VM, the user provides a secret: - `deploy_vm(name, slice_sid, image, cpu_count, secret)` The secret is stored on the Vm record. All subsequent operations require the same secret to be passed: - `list_vms(secret)` — returns only VMs matching the secret - `get_vm(sid, secret)` — returns error if secret doesn't match - `delete_vm(sid, secret)` — returns error if secret doesn't match - `start_vm`, `stop_vm`, `restart_vm` — require secret too VMs without a matching secret are invisible — not returned in lists, not accessible by sid. No indication they exist. ### Changes Required - `schemas/cloud/cloud.oschema` — add `secret: str` to Vm type and update all affected service methods - `rpc.rs` — validate secret on every VM operation - `hero_cloud_sdk` — update all input types with secret field - `openrpc.json` — regenerate from schema - `docs/api.md` — document secret field and behavior ### Notes - Secret is stored as plaintext for now (keep it simple) - Empty string secret = no protection (backward compatible) - This is the foundation for multi-tenant usage on the Explorer
despiegk added this to the now milestone 2026-03-09 10:11:11 +00:00
mahmoud commented 2026-03-09 10:21:16 +00:00
Author
Owner
Copy link

Fixed

Fixed
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
development
feat/hypervisor-rpc-driver
development_mik02_heartbeat_preserve_ip
main
development_tfgrid
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
prio_critical

   
prio_low

   
type_bug

   
type_contact

   
type_issue

   
type_lead

   
type_question

   
type_story

   
type_task
No labels
prio_critical
prio_low
type_bug
type_contact
type_issue
type_lead
type_question
type_story
type_task
Milestone
Clear milestone
No items
No milestone
now
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
zaelgohary
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_compute#2
No description provided.