1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
phorge-phorge/src/applications
epriestley 5e0f218fe4 Allow device SSH keys to be trusted
Summary:
Ref T6240. Some discussion in that task. In instance/cluster environments, daemons need to make Conduit calls that bypass policy checks.

We can't just let anyone add SSH keys with this capability to the web directly, because then an adminstrator could just add a key they own and start signing requests with it, bypassing policy checks.

Add a `bin/almanac trust-key --id <x>` workflow for trusting keys. Only trusted keys can sign requests.

Test Plan:
  - Generated a user key.
  - Generated a device key.
  - Trusted a device key.
  - Untrusted a device key.
  - Hit the various errors on trust/untrust.
  - Tried to edit a trusted key.

{F236010}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6240

Differential Revision: https://secure.phabricator.com/D10878
2014-11-20 17:33:30 -08:00
..
almanac Allow device SSH keys to be trusted 2014-11-20 17:33:30 -08:00
aphlict/management Try nodejs before node when starting notification server 2014-06-07 13:56:23 -07:00
arcanist/conduit Rename Conduit classes 2014-07-25 10:54:15 +10:00
audit Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
auth Allow device SSH keys to be trusted 2014-11-20 17:33:30 -08:00
base Move directory SQL patch construction to abstract base class 2014-11-14 14:50:50 -08:00
cache Automatically build all Lisk schemata 2014-10-02 09:51:20 -07:00
calendar Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
celerity Break logo/name into replaceable parts 2014-11-06 09:23:17 -08:00
chatlog Minor formatting changes 2014-10-08 08:39:49 +11:00
conduit Allow device SSH keys to be trusted 2014-11-20 17:33:30 -08:00
config Add email preference links to email footers 2014-11-19 17:06:33 -08:00
conpherence Conpherence - fix fatal on list view for 100+ messages 2014-11-05 17:31:53 -08:00
console Move DarkConsole to an application 2014-10-13 11:17:09 -07:00
countdown Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
daemon Fix daemon task queue to respect task priority 2014-10-31 09:27:04 -07:00
dashboard Support mentions from dashboard panels 2014-10-27 13:37:16 -07:00
differential Differential - allow setting viewPolicy from web ui during diff creation process 2014-11-19 12:16:07 -08:00
diffusion Diffusion - make projects work properly with commits 2014-11-19 14:43:59 -08:00
diviner Process Remarkup in text and HTML email bodies appropriately 2014-11-17 18:27:21 -08:00
doorkeeper Minor formatting changes 2014-10-08 08:39:49 +11:00
draft/storage Automatically build all Lisk schemata 2014-10-02 09:51:20 -07:00
drydock Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
fact Minor formatting changes 2014-10-08 08:39:49 +11:00
feed Audit - another partial fix to commit re-parsing bug 2014-10-20 17:39:19 -07:00
files Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
flag Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
fund Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
harbormaster Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
help Implement the getName method in PhabricatorApplication subclasses 2014-07-23 23:52:50 +10:00
herald Differential - allow setting viewPolicy from web ui during diff creation process 2014-11-19 12:16:07 -08:00
home Minor formatting changes 2014-10-08 08:39:49 +11:00
legalpad Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
lipsum Apply some autofix linter rules 2014-09-10 06:55:05 +10:00
macro Process Remarkup in text and HTML email bodies appropriately 2014-11-17 18:27:21 -08:00
mailinglists Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
maniphest Add workboard link to emails about workboard changes 2014-11-20 17:27:04 -08:00
meta Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
metamta Add email preference links to email footers 2014-11-19 17:06:33 -08:00
notification Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
nuance Automatically build all Lisk schemata 2014-10-02 09:51:20 -07:00
oauthserver Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
owners Owners / Audit - restore link to view audits related to an owners package. 2014-11-07 16:45:59 -08:00
passphrase Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
paste Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
people Allow device SSH keys to be trusted 2014-11-20 17:33:30 -08:00
phame Fix Phame handling of $request 2014-10-24 09:02:18 -07:00
phid Modernize Phortune PHID constants 2014-10-06 16:48:16 -07:00
phlux Minor formatting changes 2014-10-08 08:39:49 +11:00
pholio Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
phortune Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
phpast Minor formatting changes 2014-10-08 08:39:49 +11:00
phragment Minor formatting changes 2014-10-08 08:39:49 +11:00
phrequent Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
phriction Process Remarkup in text and HTML email bodies appropriately 2014-11-17 18:27:21 -08:00
policy Linkify Registration Email 2014-11-07 14:16:30 -08:00
ponder Add addLinkSection to MailBody to properly format URIs 2014-10-30 15:24:10 -07:00
project Don't show "View Wiki" reminder link if viewer has no access to Phriction 2014-11-18 11:41:31 -08:00
releeph Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
remarkup/conduit Rename Conduit classes 2014-07-25 10:54:15 +10:00
repository Diffusion - make projects work properly with commits 2014-11-19 14:43:59 -08:00
search Diffusion - make projects work properly with commits 2014-11-19 14:43:59 -08:00
settings Allow Almanac devices to have SSH keys 2014-11-11 08:20:08 -08:00
slowvote Decouple some aspects of request routing and construction 2014-10-17 05:01:40 -07:00
subscriptions Minor formatting changes 2014-10-08 08:39:49 +11:00
support/application Implement the getName method in PhabricatorApplication subclasses 2014-07-23 23:52:50 +10:00
system Automatically build all Lisk schemata 2014-10-02 09:51:20 -07:00
tokens Minor formatting changes 2014-10-08 08:39:49 +11:00
transactions Add email preference links to email footers 2014-11-19 17:06:33 -08:00
typeahead Projects - tokenize projects more aggressively with respect to '-' 2014-08-14 12:28:11 -07:00
uiexample Add ReallyMajorEvent to PHUITimelineView 2014-11-20 16:33:31 -08:00
xhprof Automatically build all Lisk schemata 2014-10-02 09:51:20 -07:00