Extensions#
Current Limitations#
This feature is not yet production ready for two reasons:
It doesn’t scale to handle large volumes of concurrent requests (i.e. 1 VM cannot handle 100 students submitting right before the deadline)
Currently we are storing the private key to the VM on the gradescope autograder, which is not fully secure.
Future Direction#
We want to address the problems listed above over the next month with two solutions. First, we plan to adapt the framework to use Red Hat Open Shift for spawning containers to serve autograding requests.
Addressing Security and Scale#
Currently, the framework has an online VM which spawns an OPE container in which to run the tests and scp results back to the gradescope container hosted on AWS. We plan to change this by having an OpenShift cluster VM open a port to listen for incoming gradescope requests. These request include a private key for the OpenShift cluster to use to scp state to and from the Gradescope container. This way the gradescope container doesn’t have a private key to the cluster, but rather the other way around.
If a request arrives with the proper certificate which is signed by a valid CA that this is a gradescope VM for the designated class (need to figure out how to have a class-level granularity), then OpenShift spawns the corresponding OPE container, runs the code, then sends the results back to the gradescope container.
Note: this is a brainstormed solution and still in the works! Something could be said about the risk of having a private key on a gradescope container; however, the default gradescope containers already have some secuirty vulnerabilities.