Open MattDavis00 opened 3 years ago
We probably want to ask some more "existential" questions before diving into lots of detail here, for example:
0.9.0
, but defer any migration process for later?parsec
binary crate. Would the script be a Rust program that imports parsec
as a library (which might be possible, but quite irregular). Or would it be the parsec
executable itself, with special command-line arguments to run it in migration mode rather than starting the service?
Design the
OnDisk
->SQLite
KIM migration script.This script could have a config file for setting required fields such as the
authenticator_id
&provider_name
.provider_uuid
,key_name
&application_name
can be inferred from the values held within theOnDisk
KIM.Design considerations:
OnDisk
KIM it is possible to create two keys with the same name on different providers. The namespace for the keys held in the SQLiteKIM does not support this, keys are not separated by provider type. For exampleMy Key 🔑
can exist within anMbedCrypto
andTrustedServices
provider at the same time, for the same client; this is not the case for the SQLiteKeyInfoManager. Some method for dealing with duplicate key names should be thought of. This could be an explicit mapping from old to new like Figure. 1.provider_uuid
can be inferred from theprovider_id
of the originalKeyTriple
. Likewise,application_name
can be inferred from the original application name, anauthenticator_id
just needs appending. Could theauthenticator_id
be inferred from the new Parsecconfig.toml
if there is only one? Could theprovider_name
be inferred from theconfig.toml
if there is only one provider of each type?