-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/build: revamp the security model used by gomote #47521
Comments
Change https://golang.org/cl/352809 mentions this issue: |
This change introduces some metrics collection around gomote usage. It records: - gomote creates and the associated builder types. - gomote ssh and the success of the call. - gomote RDP. Updates golang/go#47521 Fixes golang/go#48579 Change-Id: I5dfa04862254de0ceae747d0328918480d11db7c Reviewed-on: https://go-review.googlesource.com/c/build/+/352809 Trust: Carlos Amedee <carlos@golang.org> Trust: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org>
Change https://golang.org/cl/356589 mentions this issue: |
This change adds a skeleton for a new GRPC gomote API. This work is part of a reworking of the security model around gomotes. Updates golang/go#47521 Updates golang/go#48742 Change-Id: I4b0ae84bf58fe6e999fb34c17e670a6f638055f0 Reviewed-on: https://go-review.googlesource.com/c/build/+/356589 Trust: Carlos Amedee <carlos@golang.org> Trust: Alexander Rakoczy <alex@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Change https://golang.org/cl/358915 mentions this issue: |
Change https://golang.org/cl/361098 mentions this issue: |
This change adds an access package which is intented to contain functions which will handle Identity Aware Proxy authentication. It may be extended to include authorization logic in the future. Fixes golang/go#48729 Updates golang/go#47521 Change-Id: I68cd90c3e83066763e3194fcb58e324c3630f811 Reviewed-on: https://go-review.googlesource.com/c/build/+/358915 Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Alexander Rakoczy <alex@golang.org> Trust: Alexander Rakoczy <alex@golang.org> Run-TryBot: Alexander Rakoczy <alex@golang.org> TryBot-Result: Go Bot <gobot@golang.org>
Change https://golang.org/cl/365735 mentions this issue: |
This change: - Adds a simple GRPC gomote server. - Updates the documentation for the audiance required for IAP authentication. - Adds a field for the backend service id in the build enviornment package. - Creates middleware for the GRPC server use in the existing HTTP servers. Updates golang/go#47521 Updates golang/go#48742 Change-Id: I2a56e39b96bf1b429f807f79c58aee3f72a45a33 Reviewed-on: https://go-review.googlesource.com/c/build/+/361098 Trust: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org>
This change mounts the gomote and coordinator servers in the proper locations. Updates golang/go#47521 Updates golang/go#49191 Change-Id: I7c0054028fa928ba025b3c511701512e183894fd Reviewed-on: https://go-review.googlesource.com/c/build/+/365735 Trust: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Alexander Rakoczy <alex@golang.org>
Change https://golang.org/cl/367554 mentions this issue: |
This change ensures the buildenv is set when the coordinator is running in production. Updates golang/go#47521 Change-Id: Ibd1a31609f5e85ac6445bad5daec5222a06b13e4 Reviewed-on: https://go-review.googlesource.com/c/build/+/367554 Trust: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org>
This change adds the implementation for GRPC put command to the gomote client. Updates golang/go#48737 For golang/go#47521 Change-Id: Ib2376444321ef9d0a754b60bcd3783f66a932f3d Reviewed-on: https://go-review.googlesource.com/c/build/+/406015 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com>
Change https://go.dev/cl/407878 mentions this issue: |
Change https://go.dev/cl/410818 mentions this issue: |
Change https://go.dev/cl/410819 mentions this issue: |
This change adds the implementation for GRPC puttar command to the gomote client. Updates golang/go#48737 For golang/go#47521 Change-Id: I9b500b2f3ca70c78c3f288d0280eba02a1c59554 Reviewed-on: https://go-review.googlesource.com/c/build/+/407878 Auto-Submit: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Alex Rakoczy <alex@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
This change adds the implementation for GRPC putbootstrap command to the gomote client. It also adds the gomote server implementation of the AddBootstrap endpoint. This endpoint adds the bootstrap Go version to an existing client. Updates golang/go#48737 Updates golang/go#48742 For golang/go#47521 Change-Id: Ib0807a13e85a0e350485c8300ac2e180456bd0fc Reviewed-on: https://go-review.googlesource.com/c/build/+/410818 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Carlos Amedee <carlos@golang.org> Reviewed-by: Alex Rakoczy <alex@golang.org>
This change adds the implementation for GRPC push command to the gomote client. Updates golang/go#48737 For golang/go#47521 Change-Id: Ibb40dff14b9be0c273fb26a625d5e64b1bca25f0 Reviewed-on: https://go-review.googlesource.com/c/build/+/410819 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Carlos Amedee <carlos@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org>
Change https://go.dev/cl/411065 mentions this issue: |
This change fixes an incorrect variable in the ExecuteCommand endpoint. For golang/go#47521 Updates golang/go#48742 Change-Id: Ic0f63e1ce83ba86a566981bdca16d57074dbb544 Reviewed-on: https://go-review.googlesource.com/c/build/+/411065 Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Carlos Amedee <carlos@golang.org>
Change https://go.dev/cl/412374 mentions this issue: |
This change adds a missing directory setting to the GRPC push command. For golang/go#48737 For golang/go#47521 Change-Id: I33daab7da55403df83033d0d4b6921bfeb10623c Reviewed-on: https://go-review.googlesource.com/c/build/+/412374 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Carlos Amedee <carlos@golang.org>
Change https://go.dev/cl/423999 mentions this issue: |
This change makes the GRPC gomote API the default for gomote operations. Updates golang/go#47521 Change-Id: If50f66d7c8d6fc9ea1385821f09f62d419757d49 Reviewed-on: https://go-review.googlesource.com/c/build/+/423999 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org>
Change https://go.dev/cl/430279 mentions this issue: |
This removes the original API used to instantiate remote buildlet and gomote instances. This also removes the original gomote SSH access implementation. This API has been replaced with a GRPC based API. The SSH functionality has been replaced with an implementation which uses certificate authentication. Gomote client changes will follow this CL once in-flight changes have been submitted. Updates golang/go#47521 Fixes golang/go#54735 Change-Id: Idfd7b95eb7ed64637e74c3c0149e0bff7027f507 Reviewed-on: https://go-review.googlesource.com/c/build/+/430279 Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
Change https://go.dev/cl/499595 mentions this issue: |
The new gomote SSH implementation doesn't rely on knowing the user's GitHub account and its public SSH keys, there's no more need for the GitHubOfGomoteUser function and its maintenance. For golang/go#54735. For golang/go#47521. Change-Id: Ic35ad254d8cf8bbd0ef652bedbec7e6222bb1cd9 Reviewed-on: https://go-review.googlesource.com/c/build/+/499595 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org>
This is a tracking issue for the redesign of the authentication for the gomote application. The gomote application will have the authentication method changed as well as the addition of an authorization layer. This work will be broken down into many steps which will be added here as they are fully decided upon:
@golang/release
The text was updated successfully, but these errors were encountered: