phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 05:20:56 +01:00

No description

Find a file

epriestley 6f0d3b0796 Add a query/policy layer on top of SSH keys for Almanac Summary: Ref T5833. Currently, SSH keys are associated only with users, and are a bit un-modern. I want to let Almanac Devices have SSH keys so devices in a cluster can identify to one another. For example, with hosted installs, initialization will go something like this: - A request comes in for `company.phacility.com`. - A SiteSource (from D10787) makes a Conduit call to Almanac on the master install to check if `company` is a valid install and pull config if it is. - This call can be signed with an SSH key which identifies a trusted Almanac Device. In the cluster case, a web host can make an authenticated call to a repository host with similar key signing. To move toward this, put a proper Query class on top of SSH key access (this diff). In following diffs, I'll: - Rename `userPHID` to `objectPHID`. - Move this to the `auth` database. - Provide UI for device/key association. An alternative approach would be to build some kind of special token layer in Conduit, but I think that would be a lot harder to manage in the hosting case. This gives us a more direct attack on trusting requests from machines and recognizing machines as first (well, sort of second-class) actors without needing things like fake user accounts. Test Plan: - Added and removed SSH keys. - Added and removed SSH keys from a bot account. - Tried to edit an unonwned SSH key (denied). - Ran `bin/ssh-auth`, got sensible output. - Ran `bin/ssh-auth-key`, got sensible output. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5833 Differential Revision: https://secure.phabricator.com/D10790		2014-11-06 12:37:02 -08:00
bin	Implement storage of a host ID and a public key for authorizing Conduit between servers	2014-10-03 22:52:41 +10:00
conf	Configuration - re-jigger how we handle bad configuration files	2014-10-06 13:20:56 -07:00
externals	Update Stripe PHP API	2014-07-13 09:19:07 -07:00
resources	Break logo/name into replaceable parts	2014-11-06 09:23:17 -08:00
scripts	Add a query/policy layer on top of SSH keys for Almanac	2014-11-06 12:37:02 -08:00
src	Add a query/policy layer on top of SSH keys for Almanac	2014-11-06 12:37:02 -08:00
support	Minor formatting changes	2014-10-08 08:39:49 +11:00
webroot	Break logo/name into replaceable parts	2014-11-06 09:23:17 -08:00
.arcconfig	Update .arclint in Phabricator for phutil-library lint	2014-05-12 06:01:30 -07:00
.arclint	Rename Conduit classes	2014-07-25 10:54:15 +10:00
.editorconfig	Specify config for text editors	2012-11-03 22:34:44 -07:00
.gitignore	Implement storage of a host ID and a public key for authorizing Conduit between servers	2014-10-03 22:52:41 +10:00
LICENSE	Delete license headers from files	2012-11-05 11:16:51 -08:00
NOTICE	Update Phabricator NOTICE file to reflect modern legal circumstances	2014-06-25 13:42:13 -07:00
README	Reformat README as Remarkup	2014-07-16 22:10:36 +10:00

README

Phabricator is an open source collection of web applications which help
software companies build better software.

Phabricator includes applications for:

  - reviewing and auditing source code;
  - hosting and browsing repositories;
  - assembling a party to venture forth;
  - tracking bugs;
  - hiding stuff from coworkers; and
  - also some other things.

You can learn more about the project (and find links to documentation and
resources) [[http://phabricator.org/ | here]].

Phabricator is developed and maintained by [[http://phacility.com/ |
Phacility]]. The first version of Phabricator was originally built at Facebook.

= LICENSE =
Phabricator is released under the Apache 2.0 license except as otherwise noted.