Is there a way to configure rules for how apps talk to each other?

I’m working on a project where I need to run some untrusted user code and I think would be the way to go. The way it’s going to work in my head is:

  1. A user registers a new function or updates the code of an existing one

  2. One microservice takes care of taking the code and creating a docker image, which is then pushed to the image registry

  3. Once the image is pushed, using Terraform, an app and machine(s) are created for the given function with the docker image from step 2

  4. In the same org, I will have another app, which will act as a gateway/proxy. This will take invocation requests, check bearer tokens, deal with rate limiting, billing, etc. Once it’s checked over everything, it will make a request to the respective app using its .internal address and return the response.

    This way, I’d avoid having every machine carry out the same business logic and I’d also avoid exposing them to the public internet.

However, there is a problem with this. Machines would be able to access each other, therefore, one function could invoke another. Considering these could be for different users, this raises privacy/security/compliance concerns.

Is there a way to control how apps can communicate through .internal addresses (i.e. let the gateway app be able to talk to all other apps, but other apps can only talk to the gateway)?

Unless I’m missing something with your plan, I’m pretty sure you could do this by creating an org for each user-- .internal addresses are per-org, since each org has its own restricted subnet.

I hope this helps :sweat_smile:

I was initially planning on having the gateway be shared across tenants (i.e. orgs) but thinking through it, the option you suggested makes a lot more sense (and is much easier to implement)

1 Like