Closed MVrachev closed 4 weeks ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 98.84%. Comparing base (
47d0a69
) to head (8472b56
). Report is 88 commits behind head on main.:exclamation: Current head 8472b56 differs from pull request most recent head 3f1a803
Please upload reports for the commit 3f1a803 to get more accurate results.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
As discussed with @kairoaraujo I have also introduced the --offline
and --api-server
admin
level options in this pr as well in my last two commits.
Can we try to keep diffs to a minimum? I understand that it sometimes just isn't feasible, but this PR definitely mixes some unrelated things.
Also, a consistent/accurate PR description would be helpful, e.g.:
Automatically save if --bootstrap is used even if --output file argument is not provided. The saved location is a default one - ceremony_payload.json.
vs.
This allowed the removal of "--bootstrap" in ceremony and "--api-server" options for both "ceremony" and "sign".
This is going in the right direction. Here are a few comments on args/opts:
Moving --api-server
to the admin base command is an improvement.
I'm unsure about --offline
. It is only used by 3 out of 5 admin commands, and it means different things for those:
--offline
affects the behavior of opts/args for local file input/output, in an IMO non-intuitive way. If --offline
is passed, sign and update require an input parameter, and the output parameter no longer determines, if a file is written or not.
Generally, the opts/args related to local files don't feel consistent or intuitive to me.
ceremony
has an optional positional OUTPUT
path argumentsign
(and likely update
) has an optional positional SIGNING_JSON_INPUT_FILE
path argument, and a --save
(OUTPUT) optionI think we should...
--offline
to the API write operation only, and call it --dry-run
, then it would also feel save to not write to a local file per default.rstuf [--api-server] admin ceremony [--out [PATH]] [--dry-run]
Perform ceremony and send result to API to trigger bootstrap.
* If `--out [PATH]` is passed, result is written to local PATH (in addition to
being sent to API).
* If `--dry-run` is passed, result is not sent to API. You can pass `--out
[PATH]` to store the result locally. `--api-server` will be ignored and may
be omitted.
rstuf [--api-server] admin metadata {sign, update} [--in PATH] [--out [PATH]] [--dry-run]
Perform sign/metadata update for pending event and send result to API.
* If `--in PATH` is passed, input is not read from API but from local PATH.
* If `--out [PATH]` is passed, result is written to local PATH (in addition to
being sent to API).
* If `--dry-run` is passed, result is not sent to API. You can pass `--out
[PATH]` to store the result locally.
* If `--in` and `--dry-run` is passed, `--api-server` will be ignored and
may be omitted.
(I'm open to naming suggestions)
Please, review it before this one as this pr will be on top of it.
Description
As discussed with @kairoaraujo I have also introduced the
--offline
and--api-server
admin
level options in this pr as well.In this pr I added "--offline" and "--api-server" as admin-level command options which will be reused by all admin subcommands. This allows for a single place of exception handling for those two arguments and consistent behavior across commands. This allowed the removal of "--bootstrap" in ceremony and "--api-server" options for both "ceremony" and "sign".
The "--offline" option allows you to have a local setting.SERVER configuration but still run the commands in a disconnected manner for testing.
Additionally, with "--api-server" and the "--save" (option for "send") or "output" (argument for ceremony) you can upload the payload to the RSTUF API and save the result of the command locally.
Tests for all tests are added and documentation is updated.
Additionally, in this pr I implement some of the missing features from our new admin ceremony.
The features included here are:
--api-server
option for communication with existing RSTUF API deployment.POST /api/v1/bootstrap
--save
option with--output
argument.--bootstrap
is used even if--output
file argument is not provided. The saved location is a default one -ceremony_payload.json
.timeout
option for RSTUF API requests.threshold
number of keys must be described with their public keys.Signed-off-by: Martin Vrachev martin.vrachev@broadcom.com
Related to #533.
Types of changes
Additional requirements
Code of Conduct
By submitting this PR, you agree to follow our Code of Conduct.