x/build: revamp the security model used by gomote #47521
Assignees
Labels
Projects
Milestone
Comments
cagedmantis
added
Builders
|
Change https://golang.org/cl/352809 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Sep 29, 2021
This change introduces some metrics collection around gomote usage. It records: - gomote creates and the associated builder types. - gomote ssh and the success of the call. - gomote RDP. Updates golang/go#47521 Fixes golang/go#48579 Change-Id: I5dfa04862254de0ceae747d0328918480d11db7c Reviewed-on: https://go-review.googlesource.com/c/build/+/352809 Trust: Carlos Amedee <carlos@golang.org> Trust: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org>
This was referenced Oct 1, 2021
Closed
|
Change https://golang.org/cl/356589 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Oct 21, 2021
This change adds a skeleton for a new GRPC gomote API. This work is part of a reworking of the security model around gomotes. Updates golang/go#47521 Updates golang/go#48742 Change-Id: I4b0ae84bf58fe6e999fb34c17e670a6f638055f0 Reviewed-on: https://go-review.googlesource.com/c/build/+/356589 Trust: Carlos Amedee <carlos@golang.org> Trust: Alexander Rakoczy <alex@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
Change https://golang.org/cl/358915 mentions this issue: |
|
Change https://golang.org/cl/361098 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Nov 8, 2021
This change adds an access package which is intented to contain functions which will handle Identity Aware Proxy authentication. It may be extended to include authorization logic in the future. Fixes golang/go#48729 Updates golang/go#47521 Change-Id: I68cd90c3e83066763e3194fcb58e324c3630f811 Reviewed-on: https://go-review.googlesource.com/c/build/+/358915 Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Alexander Rakoczy <alex@golang.org> Trust: Alexander Rakoczy <alex@golang.org> Run-TryBot: Alexander Rakoczy <alex@golang.org> TryBot-Result: Go Bot <gobot@golang.org>
|
Change https://golang.org/cl/365735 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Nov 23, 2021
This change: - Adds a simple GRPC gomote server. - Updates the documentation for the audiance required for IAP authentication. - Adds a field for the backend service id in the build enviornment package. - Creates middleware for the GRPC server use in the existing HTTP servers. Updates golang/go#47521 Updates golang/go#48742 Change-Id: I2a56e39b96bf1b429f807f79c58aee3f72a45a33 Reviewed-on: https://go-review.googlesource.com/c/build/+/361098 Trust: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org>
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Nov 23, 2021
This change mounts the gomote and coordinator servers in the proper locations. Updates golang/go#47521 Updates golang/go#49191 Change-Id: I7c0054028fa928ba025b3c511701512e183894fd Reviewed-on: https://go-review.googlesource.com/c/build/+/365735 Trust: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Alexander Rakoczy <alex@golang.org>
|
Change https://golang.org/cl/367554 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Nov 29, 2021
This change ensures the buildenv is set when the coordinator is running in production. Updates golang/go#47521 Change-Id: Ibd1a31609f5e85ac6445bad5daec5222a06b13e4 Reviewed-on: https://go-review.googlesource.com/c/build/+/367554 Trust: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org>
gopherbot
pushed a commit
to golang/build
that referenced
this issue
May 16, 2022
This change moves the SSH handlers into the internal packages. It also adds the handler which will use the session pool instead of the remote buildlets. Updates golang/go#52594 For golang/go#47521 Change-Id: I7e99fdbb16e0f80a871696cec79a9b638354e662 Reviewed-on: https://go-review.googlesource.com/c/build/+/405257 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Carlos Amedee <carlos@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
gopherbot
pushed a commit
to golang/build
that referenced
this issue
May 16, 2022
… status This adds the gomote instances to the status page presented at farmer.golang.org. Updates golang/go#52594 For golang/go#47521 Change-Id: I29c73262031fc95cc85cdb43734da49149c958b3 Reviewed-on: https://go-review.googlesource.com/c/build/+/405258 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> Auto-Submit: Carlos Amedee <carlos@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Alex Rakoczy <alex@golang.org>
|
Change https://go.dev/cl/406857 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
May 17, 2022
This change adds the implementation for the GRPC gettar comamnd to the gomote client. Updates golang/go#48737 For golang/go#47521 Change-Id: I8b8f12a3104977128d912ced41215faed69ea719 Reviewed-on: https://go-review.googlesource.com/c/build/+/406857 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Carlos Amedee <carlos@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
gopherbot
pushed a commit
to golang/build
that referenced
this issue
May 19, 2022
This change adds the implementation for GRPC put command to the gomote client. Updates golang/go#48737 For golang/go#47521 Change-Id: Ib2376444321ef9d0a754b60bcd3783f66a932f3d Reviewed-on: https://go-review.googlesource.com/c/build/+/406015 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com>
|
Change https://go.dev/cl/407878 mentions this issue: |
|
Change https://go.dev/cl/410818 mentions this issue: |
|
Change https://go.dev/cl/410819 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Jun 7, 2022
This change adds the implementation for GRPC puttar command to the gomote client. Updates golang/go#48737 For golang/go#47521 Change-Id: I9b500b2f3ca70c78c3f288d0280eba02a1c59554 Reviewed-on: https://go-review.googlesource.com/c/build/+/407878 Auto-Submit: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Alex Rakoczy <alex@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Jun 7, 2022
This change adds the implementation for GRPC putbootstrap command to the gomote client. It also adds the gomote server implementation of the AddBootstrap endpoint. This endpoint adds the bootstrap Go version to an existing client. Updates golang/go#48737 Updates golang/go#48742 For golang/go#47521 Change-Id: Ib0807a13e85a0e350485c8300ac2e180456bd0fc Reviewed-on: https://go-review.googlesource.com/c/build/+/410818 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Carlos Amedee <carlos@golang.org> Reviewed-by: Alex Rakoczy <alex@golang.org>
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Jun 7, 2022
This change adds the implementation for GRPC push command to the gomote client. Updates golang/go#48737 For golang/go#47521 Change-Id: Ibb40dff14b9be0c273fb26a625d5e64b1bca25f0 Reviewed-on: https://go-review.googlesource.com/c/build/+/410819 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Carlos Amedee <carlos@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org>
|
Change https://go.dev/cl/411065 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Jun 12, 2022
This change fixes an incorrect variable in the ExecuteCommand endpoint. For golang/go#47521 Updates golang/go#48742 Change-Id: Ic0f63e1ce83ba86a566981bdca16d57074dbb544 Reviewed-on: https://go-review.googlesource.com/c/build/+/411065 Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Carlos Amedee <carlos@golang.org>
|
Change https://go.dev/cl/412374 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Jun 15, 2022
This change adds a missing directory setting to the GRPC push command. For golang/go#48737 For golang/go#47521 Change-Id: I33daab7da55403df83033d0d4b6921bfeb10623c Reviewed-on: https://go-review.googlesource.com/c/build/+/412374 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Carlos Amedee <carlos@golang.org>
|
Change https://go.dev/cl/423999 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Aug 16, 2022
This change makes the GRPC gomote API the default for gomote operations. Updates golang/go#47521 Change-Id: If50f66d7c8d6fc9ea1385821f09f62d419757d49 Reviewed-on: https://go-review.googlesource.com/c/build/+/423999 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Carlos Amedee <carlos@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org>
|
Change https://go.dev/cl/430279 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Sep 12, 2022
This removes the original API used to instantiate remote buildlet and gomote instances. This also removes the original gomote SSH access implementation. This API has been replaced with a GRPC based API. The SSH functionality has been replaced with an implementation which uses certificate authentication. Gomote client changes will follow this CL once in-flight changes have been submitted. Updates golang/go#47521 Fixes golang/go#54735 Change-Id: Idfd7b95eb7ed64637e74c3c0149e0bff7027f507 Reviewed-on: https://go-review.googlesource.com/c/build/+/430279 Run-TryBot: Carlos Amedee <carlos@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
|
Change https://go.dev/cl/499595 mentions this issue: |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
May 31, 2023
The new gomote SSH implementation doesn't rely on knowing the user's GitHub account and its public SSH keys, there's no more need for the GitHubOfGomoteUser function and its maintenance. For golang/go#54735. For golang/go#47521. Change-Id: Ic35ad254d8cf8bbd0ef652bedbec7e6222bb1cd9 Reviewed-on: https://go-review.googlesource.com/c/build/+/499595 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a tracking issue for the redesign of the authentication for the gomote application. The gomote application will have the authentication method changed as well as the addition of an authorization layer. This work will be broken down into many steps which will be added here as they are fully decided upon:
@golang/release
The text was updated successfully, but these errors were encountered: