...
Egress request routing from mod-scheduler
Requests to both public and system interfaces
Changes/enhancements to Eureka core components (i.e module sidecars, and/or mod-scheduler, and/or Kong)
Out of Scope
…
Research Questions
How should mod-scheduler calls be routed to system interfaces?
What is the relative effort and complexity for each of the solutions?
...
the implementation is simple. it will affect only sidecar code
mod-scheduler and folio-module-sidecar remain unchanged
the approach can also address Public/Private API problemprotects timer interfaces in a standard way via Keycloak authorization, like all other resources
can be extended later to support more accurate resource-based access as opposite to “all resources“ access
Cons
system user has unrestricted access to all system resources. Ideally it would be more correct to have some dedicated user and role (like “Run scheduled jobs”) with access to timer interfaces only. Right now it’s not that easy to implement because timers usually do not require any permissions and it’s tricky to build the right capabilities for them and automatically assign to some role
...