Page MenuHomePhabricator

Allow Almanac services to be locked
ClosedPublic

Authored by epriestley on Dec 18 2014, 1:02 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 21, 9:33 AM
Unknown Object (File)
Sat, Nov 16, 11:56 PM
Unknown Object (File)
Tue, Nov 12, 7:40 AM
Unknown Object (File)
Thu, Oct 24, 9:17 PM
Unknown Object (File)
Thu, Oct 24, 9:22 AM
Unknown Object (File)
Oct 18 2024, 8:09 AM
Unknown Object (File)
Oct 16 2024, 6:16 PM
Unknown Object (File)
Oct 12 2024, 2:40 AM
Subscribers

Details

Summary

Fixes T6741. This allows Almanac services to be locked from the CLI. Locked services (and their bindings, interfaces and devices) can not be edited. This serves two similar use cases:

  • For normal installs, you can protect cluster configuration from an attacker who compromises an account (or generally harden services which are intended to be difficult to edit).
  • For Phacility, we can lock externally-managed instance cluster configuration without having to pull any spooky tricks.
Test Plan
  • Locked and unlocked services.
  • Verified locking a service locks connected properties, bindings, binding properties, interfaces, devices, and device properties.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Allow Almanac services to be locked.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
btrahan edited edge metadata.
btrahan added inline comments.
src/applications/almanac/servicetype/AlmanacClusterServiceType.php
30–31

"See %s for more information." maybe?

This revision is now accepted and ready to land.Dec 18 2014, 9:30 PM
This revision was automatically updated to reflect the committed changes.