1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 03:50:54 +01:00
phorge-phorge/resources
epriestley 5e0f218fe4 Allow device SSH keys to be trusted
Summary:
Ref T6240. Some discussion in that task. In instance/cluster environments, daemons need to make Conduit calls that bypass policy checks.

We can't just let anyone add SSH keys with this capability to the web directly, because then an adminstrator could just add a key they own and start signing requests with it, bypassing policy checks.

Add a `bin/almanac trust-key --id <x>` workflow for trusting keys. Only trusted keys can sign requests.

Test Plan:
  - Generated a user key.
  - Generated a device key.
  - Trusted a device key.
  - Untrusted a device key.
  - Hit the various errors on trust/untrust.
  - Tried to edit a trusted key.

{F236010}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6240

Differential Revision: https://secure.phabricator.com/D10878
2014-11-20 17:33:30 -08:00
..
builtin Add an icon+background selector for project images 2013-10-17 09:32:34 -07:00
celerity Minor, increase spacing on buttons 2014-11-20 17:05:32 -08:00
chatbot Remove PhabricatorBotDifferentialNotificationHandler reference in example_config.json for phabot 2014-06-11 09:36:30 -07:00
font Made Meme Generator 2013-01-19 18:43:43 -08:00
sprite Break logo/name into replaceable parts 2014-11-06 09:23:17 -08:00
sql Allow device SSH keys to be trusted 2014-11-20 17:33:30 -08:00
sshd Update repository hosting documentation for all the issues users have hit 2014-03-26 06:44:18 -07:00