python: flux-security #1709
Comments
|
One other thing to think about is what we want the behavior to be when flux-core is not configured with flux-security. Do we want |
|
At least for now I’d say let’s build it in core. We can always change that later, but it’s less duplication for a start. As to the other, I’d say we do whatever core does. @garlick, @grondo, I think that means calling security would be a hard failure, probably a link if not a build failure, right? We could model that as either an import error or as an exception on call to wrapper methods depending on how the api turns out.
On October 6, 2018 at 2:18:36 PM PDT, Stephen Herbein <[email protected]> wrote:
One other thing to think about is what we want the behavior to be when flux-core is not configured with flux-security. Do we want import flux.security to fail with an ImportError? Or do we want the import to succeed and then have some other mechanism for alerting the caller that flux-security isn't available?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#1709 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAoSteM0lsEPOz9G5zFS-SpODoN4bgGrks5uiR4ZgaJpZM4XLjkE>.
|
|
Maybe we should look at having a As I recall this is a bit tricky because the flux security API lets you override the config file location, signing method, etc, but perhaps its worth a look for that one interface, since it will need to be used externally. |
That would be useful. We had discussed that a user-built single-user instance of flux shouldn't have to be built with flux-security (though we should perhaps revisit that as well, we had also discussed possibly requiring flux-security at one point as well) |
- include simple test of wrap/unwrap and security error messaging
- test python3 with flux-security in at least one travis builder
Closes flux-framework#1709
- include simple test of wrap/unwrap and security error messaging
- test python3 with flux-security in at least one travis builder
Closes flux-framework#1709
- include simple test of wrap/unwrap and security error messaging
- test python3 with flux-security in at least one travis builder
Closes flux-framework#1709
- include simple test of wrap/unwrap and security error messaging
- test python3 with flux-security in at least one travis builder
Closes flux-framework#1709
We need to wrap
flux_security_*andflux_sign_wrapso that we can submit signed jobspec from python.One way to do this is by adding a
src/bindings/pythondirectory to theflux-securityrepo and building the bindings in way similar toflux-core.The other way we could do this, is from within
flux-core. We could detect when core is configured withflux-securityand then build the bindings against the installedflux-security.I don't think the latter is any harder than the former, and the latter seems like the cleaner solution. It would avoid duplicating a bunch of build infrastructure between
flux-core&flux-security, and it keepsflux-securitysmall & simple (so it should be easier to audit).Pinging @trws for his thoughts
The text was updated successfully, but these errors were encountered: