revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-09-22 10:18:48 +02:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications
History
epriestley 5e0f218fe4 Allow device SSH keys to be trusted 
Summary:
Ref T6240. Some discussion in that task. In instance/cluster environments, daemons need to make Conduit calls that bypass policy checks.

We can't just let anyone add SSH keys with this capability to the web directly, because then an adminstrator could just add a key they own and start signing requests with it, bypassing policy checks.

Add a `bin/almanac trust-key --id <x>` workflow for trusting keys. Only trusted keys can sign requests.

Test Plan:
  - Generated a user key.
  - Generated a device key.
  - Trusted a device key.
  - Untrusted a device key.
  - Hit the various errors on trust/untrust.
  - Tried to edit a trusted key.

{F236010}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6240

Differential Revision: https://secure.phabricator.com/D10878
2014-11-20 17:33:30 -08:00
..
almanac Allow device SSH keys to be trusted 2014-11-20 17:33:30 -08:00
aphlict/management Try nodejs before node when starting notification server 2014-06-07 13:56:23 -07:00
arcanist/conduit
audit Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
auth Allow device SSH keys to be trusted 2014-11-20 17:33:30 -08:00
base Move directory SQL patch construction to abstract base class 2014-11-14 14:50:50 -08:00
cache
calendar Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
celerity Break logo/name into replaceable parts 2014-11-06 09:23:17 -08:00
chatlog
conduit Allow device SSH keys to be trusted 2014-11-20 17:33:30 -08:00
config Add email preference links to email footers 2014-11-19 17:06:33 -08:00
conpherence Conpherence - fix fatal on list view for 100+ messages 2014-11-05 17:31:53 -08:00
console
countdown Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
daemon Fix daemon task queue to respect task priority 2014-10-31 09:27:04 -07:00
dashboard Support mentions from dashboard panels 2014-10-27 13:37:16 -07:00
differential Differential - allow setting viewPolicy from web ui during diff creation process 2014-11-19 12:16:07 -08:00
diffusion Diffusion - make projects work properly with commits 2014-11-19 14:43:59 -08:00
diviner Process Remarkup in text and HTML email bodies appropriately 2014-11-17 18:27:21 -08:00
doorkeeper
draft/storage
drydock Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
fact
feed Audit - another partial fix to commit re-parsing bug 2014-10-20 17:39:19 -07:00
files Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
flag Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
fund Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
harbormaster Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
help
herald Differential - allow setting viewPolicy from web ui during diff creation process 2014-11-19 12:16:07 -08:00
home
legalpad Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
lipsum
macro Process Remarkup in text and HTML email bodies appropriately 2014-11-17 18:27:21 -08:00
mailinglists Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
maniphest Add workboard link to emails about workboard changes 2014-11-20 17:27:04 -08:00
meta Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
metamta Add email preference links to email footers 2014-11-19 17:06:33 -08:00
notification Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
nuance
oauthserver Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
owners Owners / Audit - restore link to view audits related to an owners package. 2014-11-07 16:45:59 -08:00
passphrase Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
paste Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
people Allow device SSH keys to be trusted 2014-11-20 17:33:30 -08:00
phame Fix Phame handling of $request 2014-10-24 09:02:18 -07:00
phid Modernize Phortune PHID constants 2014-10-06 16:48:16 -07:00
phlux
pholio Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
phortune Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
phpast
phragment
phrequent Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
phriction Process Remarkup in text and HTML email bodies appropriately 2014-11-17 18:27:21 -08:00
policy Linkify Registration Email 2014-11-07 14:16:30 -08:00
ponder Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
project Don't show "View Wiki" reminder link if viewer has no access to Phriction 2014-11-18 11:41:31 -08:00
releeph Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
remarkup/conduit
repository Diffusion - make projects work properly with commits 2014-11-19 14:43:59 -08:00
search Diffusion - make projects work properly with commits 2014-11-19 14:43:59 -08:00
settings Allow Almanac devices to have SSH keys 2014-11-11 08:20:08 -08:00
slowvote Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
subscriptions
support/application
system
tokens
transactions Add email preference links to email footers 2014-11-19 17:06:33 -08:00
typeahead
uiexample Add ReallyMajorEvent to PHUITimelineView 2014-11-20 16:33:31 -08:00
xhprof