Page MenuHomePhabricator

Allow device SSH keys to be trusted
ClosedPublic

Authored by epriestley on Nov 19 2014, 10:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 23, 6:31 AM
Unknown Object (File)
Fri, Dec 20, 8:11 PM
Unknown Object (File)
Thu, Dec 19, 5:21 PM
Unknown Object (File)
Sun, Dec 8, 1:38 PM
Unknown Object (File)
Sat, Dec 7, 1:00 PM
Unknown Object (File)
Thu, Dec 5, 11:53 PM
Unknown Object (File)
Thu, Dec 5, 11:07 PM
Unknown Object (File)
Tue, Dec 3, 8:51 PM
Subscribers

Details

Summary

Ref T6240. Some discussion in that task. In instance/cluster environments, daemons need to make Conduit calls that bypass policy checks.

We can't just let anyone add SSH keys with this capability to the web directly, because then an adminstrator could just add a key they own and start signing requests with it, bypassing policy checks.

Add a bin/almanac trust-key --id <x> workflow for trusting keys. Only trusted keys can sign requests.

Test Plan
  • Generated a user key.
  • Generated a device key.
  • Trusted a device key.
  • Untrusted a device key.
  • Hit the various errors on trust/untrust.
  • Tried to edit a trusted key.

Screen_Shot_2014-11-19_at_2.34.54_PM.png (143×976 px, 31 KB)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Allow device SSH keys to be trusted.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
  • Fix a pht() string to print information more clearly.
btrahan edited edge metadata.
This revision is now accepted and ready to land.Nov 19 2014, 10:43 PM
This revision was automatically updated to reflect the committed changes.