We need a way for a brand new installation of Procession to be set up with a user that has SUPER privileges. Obviously, if we want to have a p7n bootstrap command that allows creation of such things, we need a method of doing one-time high-security actions against the server (particularly the IAM service).
My initial thought is to add a new configuration option to the IAM service called --bootstrap-key (which would take its value from a PROCESSION_BOOTSTRAP_KEY environ variable if the command-line option isn't set). This bootstrap key value would be "" by default and when "", no bootstrapping actions would be possible.
A corresponding p7n bootstrap command would be made that would accept a CLI --key option. The value of this CLI option would need to match the --bootstrap-key server configuration option and if it did, would allow the user to set some bootstrap information for this system, including an aforementioned user with SUPER privileges. When the bootstrap action was completed on the server side, by default, the server would delete the value of its --bootstrap-key configuration option by setting it to "". This should provide a simple yet secure way to configure the Procession system.
jaypipes
commented
7 years ago
We need a way for a brand new installation of Procession to be set up with a user that has SUPER privileges. Obviously, if we want to have a
p7n bootstrapcommand that allows creation of such things, we need a method of doing one-time high-security actions against the server (particularly the IAM service).My initial thought is to add a new configuration option to the IAM service called
--bootstrap-key(which would take its value from aPROCESSION_BOOTSTRAP_KEYenviron variable if the command-line option isn't set). This bootstrap key value would be "" by default and when "", no bootstrapping actions would be possible.A corresponding
p7n bootstrapcommand would be made that would accept a CLI--keyoption. The value of this CLI option would need to match the--bootstrap-keyserver configuration option and if it did, would allow the user to set some bootstrap information for this system, including an aforementioned user with SUPER privileges. When the bootstrap action was completed on the server side, by default, the server would delete the value of its--bootstrap-keyconfiguration option by setting it to "". This should provide a simple yet secure way to configure the Procession system.