Skip to content

Multi-App Workflows #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 24, 2025
Merged

Multi-App Workflows #76

merged 1 commit into from
Jun 24, 2025

Conversation

@JoshVanL
Copy link
Contributor

@JoshVanL JoshVanL commented Mar 24, 2025

No description provided.

@JoshVanL
Multi-App Workflows
daad522 
Signed-off-by: joshvanl <[email protected]>
@JoshVanL JoshVanL mentioned this pull request Mar 24, 2025
Closed
@olitomlinson
Copy link

olitomlinson commented Mar 27, 2025

+1 for this proposal...

...as long as security boundaries are not broken. If they are broken, then a viable permission model is accompanied to allow a developer to specify which external Apps are allowed to call management operations on the Host Workflow Application*, which defaults to secure-by-design / zero trust)

Host Workflow Application is the application where the Workflow is registered.

@WhitWaldo
Copy link

WhitWaldo commented Apr 22, 2025

My only note here would be that if the specified app ID cannot be found, or the type cannot be found on the app ID or just generally something happens that is unexpected (e.g. security boundary violation), it'd be nice to have some context in the error returned by the runtime to the SDK so it can be handled and addressed programmatically and clearly instead of requiring an Easter egg hunt by the developer after the fact to figure out why it broke (e.g. today it just returns a 500 for either of the first two scenarios) - recent request for this on Discord.

@WhitWaldo WhitWaldo mentioned this pull request Apr 25, 2025
Open
@olitomlinson olitomlinson mentioned this pull request Jun 12, 2025
Open
This was referenced Jun 24, 2025
Merged
Merged
Merged
@cicoyle
Copy link
Contributor

cicoyle commented Jun 24, 2025

+1 binding although Ik based on the PRs I currently have open that the protos might differ slightly but overall the logic is sound. Protos can be updated afterwards 👍🏻

@olitomlinson
Copy link

olitomlinson commented Jun 24, 2025

@cicoyle curious how your implementation so far (and implementations to come) will challenge/change the existing security boundaries as I have outlined in my feedback above :)

@JoshVanL
Copy link
Contributor Author

JoshVanL commented Jun 24, 2025

+1 binding

1 similar comment
@yaron2
Copy link
Member

yaron2 commented Jun 24, 2025

+1 binding

@yaron2 yaron2 merged commit 2ab4efc into dapr:main Jun 24, 2025
1 check passed
@olitomlinson
Copy link

olitomlinson commented Jun 24, 2025

It saddens me to see this proposal merged without receiving any feedback to what I believe are valid questions around how this impacts the existing workflows security model.

@yaron2
Copy link
Member

yaron2 commented Jun 25, 2025

It saddens me to see this proposal merged without receiving any feedback to what I believe are valid questions around how this impacts the existing workflows security model.

Forgot to update here @olitomlinson. We took this into consideration, the implementation supporting this proposal keeps the existing security posture as-is: apps that participate in a workflow cannot use the management API to alter the workflow. Only the app that registered it can do that

@olitomlinson
Copy link

olitomlinson commented Jul 3, 2025

I forgot to remind about this security consideration here @cicoyle - has this being catered for in the implementation?

dapr/dapr#8578 (comment)

Potential areas of concern - Discoverability of Activities across App-boundaries

  • Apps are the security boundary of workflows and their registered Activities.
  • Allowing Activities to be used from outside of the App boundary would create a security hole.
    • Therefore we must have a way to mark each Activity as discoverable, so that it can be discovered and used by one or more other Apps in the mesh. Dapr already has an ACL concept for Service Invoke, can we extend the ACL with Workflows in the same/similar manner?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yaron2 yaron2 yaron2 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@JoshVanL @olitomlinson @WhitWaldo @cicoyle @yaron2