Security: Prevent shadow API on "lost" dataplane

[mfeledyn]

Hello Kong community,
You may have heard that shadow API is bad for security.
Consider a Kong hybrid dataplane that cannot connect anymore the control plane (network problem or bug or anything). That dataplane (DP) continues to make the job for API requests, but it is not managed anymore because management goes through the Kong control plane (CP)... The DP is "lost" but still serves API calls, and that is shadow API.
May be we should be able to set a time period after what the DP stops serving API traffic, if it was not successfully synchronized with the CP during that time period.
I'm willing to develop a plugin that can stop traffic for such case (that plugin would have to be created globally in DP). I have searched for getting the last synchronization time with DP, but from what I saw in source code there is no way to get that information.
Could we add some kind of function/method to get the last successful synchronization time ?
It seems pretty simple to implement, but I don't want to fork Kong for my purpose.

Thanks.

[xianghai2]

Hi @mfeledyn,
Exactly, the implementation of DP does not store the last sync time. You man propose a draft PR for this and we could evalute this together. thanks.