HomePhabricator

Add a query/policy layer on top of SSH keys for Almanac

Description

Add a query/policy layer on top of SSH keys for Almanac

Summary:
Ref T5833. Currently, SSH keys are associated only with users, and are a bit un-modern. I want to let Almanac Devices have SSH keys so devices in a cluster can identify to one another.

For example, with hosted installs, initialization will go something like this:

  • A request comes in for company.phacility.com.
  • A SiteSource (from D10787) makes a Conduit call to Almanac on the master install to check if company is a valid install and pull config if it is.
  • This call can be signed with an SSH key which identifies a trusted Almanac Device.

In the cluster case, a web host can make an authenticated call to a repository host with similar key signing.

To move toward this, put a proper Query class on top of SSH key access (this diff). In following diffs, I'll:

  • Rename userPHID to objectPHID.
  • Move this to the auth database.
  • Provide UI for device/key association.

An alternative approach would be to build some kind of special token layer in Conduit, but I think that would be a lot harder to manage in the hosting case. This gives us a more direct attack on trusting requests from machines and recognizing machines as first (well, sort of second-class) actors without needing things like fake user accounts.

Test Plan:

  • Added and removed SSH keys.
  • Added and removed SSH keys from a bot account.
  • Tried to edit an unonwned SSH key (denied).
  • Ran bin/ssh-auth, got sensible output.
  • Ran bin/ssh-auth-key, got sensible output.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10790

Details