Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/build/internal/coordinator/remote: add certificate authentication to SSH server #52594

Closed
cagedmantis opened this issue Apr 27, 2022 · 5 comments
Closed

x/build/internal/coordinator/remote: add certificate authentication to SSH server #52594

cagedmantis opened this issue Apr 27, 2022 · 5 comments
Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
Go Release Team
Milestone
Backlog

Comments

@cagedmantis
Copy link
Contributor

This tracks the adding of OpenSSH certificate authentication to the coordinator SSH server.

This is a component of the project to revamp the security model used by gomote #47521
https://github.com/orgs/golang/teams/release
@cagedmantis cagedmantis added Builders x/build issues (builders, bots, dashboards) NeedsFix The path to resolution is known, but the work has not been done. labels Apr 27, 2022
@cagedmantis cagedmantis added this to the Backlog milestone Apr 27, 2022
@cagedmantis cagedmantis self-assigned this Apr 27, 2022
@cagedmantis cagedmantis mentioned this issue Apr 27, 2022
Closed
16 tasks
@gopherbot
Copy link

Change https://go.dev/cl/405258 mentions this issue: cmd/coordinator, internal/coordinator/remote: add gomote instances to status

@gopherbot
Copy link

Change https://go.dev/cl/405255 mentions this issue: cmd/coordinator, internal/coordinator/remote: move SSH server to internal package

@gopherbot
Copy link

Change https://go.dev/cl/405257 mentions this issue: cmd/coordinator, internal/coordinator/remote: move handlers into internal package

@heschi heschi added this to In Progress in Go Release Team May 10, 2022
@gopherbot
Copy link

Change https://go.dev/cl/405256 mentions this issue: internal/coordinator/remote: add certificate authentication to server

gopherbot pushed a commit to golang/build that referenced this issue May 16, 2022
@cagedmantis @gopherbot
cmd/coordinator, internal/coordinator/remote: move SSH to internal
77cbab5 
This change refactors the SSH Server used by the coordinator. Portions
of the server have been moved into the internal/coordinator/remote
package and are being prepared for the addition of a different
authentication scheme.

Updates golang/go#52594
For golang/go#47521

Change-Id: Ib1e961ea6d27c861f787068d237a02a47b6b0a2c
Reviewed-on: https://go-review.googlesource.com/c/build/+/405255
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Run-TryBot: Carlos Amedee <carlos@golang.org>
Reviewed-by: Alex Rakoczy <alex@golang.org>
Auto-Submit: Carlos Amedee <carlos@golang.org>
Go Release Team automation moved this from In Progress to Done May 16, 2022
gopherbot pushed a commit to golang/build that referenced this issue May 16, 2022
@cagedmantis @gopherbot
cmd/coordinator, internal/coordinator/remote: move post handlers
19a23aa 
This change moves the SSH handlers into the internal packages. It also
adds the handler which will use the session pool instead of the remote
buildlets.

Updates golang/go#52594
For golang/go#47521

Change-Id: I7e99fdbb16e0f80a871696cec79a9b638354e662
Reviewed-on: https://go-review.googlesource.com/c/build/+/405257
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Carlos Amedee <carlos@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
gopherbot pushed a commit to golang/build that referenced this issue May 16, 2022
@cagedmantis
cmd/coordinator, internal/coordinator/remote: add gomote instances to…
cf01afa 
… status

This adds the gomote instances to the status page presented at
farmer.golang.org.

Updates golang/go#52594
For golang/go#47521

Change-Id: I29c73262031fc95cc85cdb43734da49149c958b3
Reviewed-on: https://go-review.googlesource.com/c/build/+/405258
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Carlos Amedee <carlos@golang.org>
Auto-Submit: Carlos Amedee <carlos@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Alex Rakoczy <alex@golang.org>
@gopherbot
Copy link

Change https://go.dev/cl/415679 mentions this issue: internal/coordinator/remote: check for ownerID in principals of cert

gopherbot pushed a commit to golang/build that referenced this issue Jul 11, 2022
@cagedmantis @gopherbot
internal/coordinator/remote: check for ownerID in principals of cert
8973f7a 
This change checks that the owner ID which has been set in the
certificates principals correspond with the session being
authenticated. The certificate contains the session ID and
owner ID in the principals section. The session ID is checked
before the owner ID is checked.

For golang/go#52594

Change-Id: I5cedde248e01cbec22bf1c4c77aabf29a1edb2a7
Reviewed-on: https://go-review.googlesource.com/c/build/+/415679
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Carlos Amedee <carlos@golang.org>
Auto-Submit: Carlos Amedee <carlos@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
@golang golang locked and limited conversation to collaborators Jul 2, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
Go Release
Archived in project
Go Release Team
Done
Milestone
Backlog
Development

No branches or pull requests
2 participants
@cagedmantis @gopherbot