Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Use separate keydb for delegated targets #1095

Closed
wants to merge 10 commits into from
Closed

[WIP] Use separate keydb for delegated targets #1095

wants to merge 10 commits into from

Commits on Aug 4, 2020

  1. This WIP commit creates a separate keydb for each delegating instance. 

    This means that all roles delegated to by root will look for keys
from the root metadata, roles delegated to by targets will look for
keys in targets metadata, and so on.

This commit adds this functionality to the keydb and ensures that
these separate keydbs are created and used for storing keys. It
requires a future change to the roledb to store the delegating role
and further testing.

Signed-off-by: marinamoore <mmoore32@calpoly.edu>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    6f7c541 View commit details
    Browse the repository at this point in the history

  2. This commit adds the parent_role field to roledb. 

    This field can be used by delegated targets to determine
which role delegated to them, and thus which keys should
be used to verify the role.

Signed-off-by: marinamoore <mmoore32@calpoly.edu>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    043c056 View commit details
    Browse the repository at this point in the history

  3. Bug fixes for the per client keydb 

    Signed-off-by: marinamoore <mmoore32@calpoly.edu>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    de40f85 View commit details
    Browse the repository at this point in the history

  4. Update tests for local keydb. 

    The repository keydb will no longer store keys for delegated
roles. Instead look for these keys in delegated keydbs.

Signed-off-by: marinamoore <mmoore32@calpoly.edu>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    1c121e3 View commit details
    Browse the repository at this point in the history

  5. Fix minor issues for pylint 

    Signed-off-by: marinamoore <mmoore32@calpoly.edu>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    e9a59f5 View commit details
    Browse the repository at this point in the history

  6. Bug fixes 

    Signed-off-by: marinamoore <mmoore32@calpoly.edu>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    4d866c4 View commit details
    Browse the repository at this point in the history

  7. use correct keydb when loading keys 

    Signed-off-by: marinamoore <mmoore32@calpoly.edu>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    e0c50c0 View commit details
    Browse the repository at this point in the history

  8. Add parent_role in targets.delegate 

    Signed-off-by: marinamoore <mmoore32@calpoly.edu>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    5b57fa0 View commit details
    Browse the repository at this point in the history

  9. Updated delegation information in repository_tool to use different ke… 

    …ydbs

for delegations and add parent_role to roledb entries for delegations

Signed-off-by: marinamoore <mnm678@gmail.com>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    7642140 View commit details
    Browse the repository at this point in the history

  10. Add delegating_rolename to sig.py 

    Signed-off-by: marinamoore <mnm678@gmail.com>
    @mnm678
    mnm678 committed Aug 4, 2020
    Configuration menu
    Copy the full SHA
    7f4fd5c View commit details
    Browse the repository at this point in the history