-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple API versions #889
base: master
Are you sure you want to change the base?
Conversation
743f8ea
to
2dde804
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files
Flags with carried forward coverage won't be shown. Click here to find out more.
|
2dde804
to
5627a10
Compare
The failing test needs an update proposed in: RedHat-SP-Security/keylime-tests#688 |
I just realized the registrar already supports the |
5627a10
to
ae48f30
Compare
This is to account for the addition of the options: - idevid_password - idevid_handle - iak_password - iak_handle Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
In many places the dependency are unnecessary and used only for testing. Replace the usage of common::API_VERSION with a static string. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
Move the serialization module from keylime-agent to the keylime library Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
Make the agent to provide the endpoints under multiple API versions (currently only under versions 2.1 and 2.2). A new configuration option is introduced, 'api_versions', which allows the user to set the API versions to enable. Only a subset of the versions defined in api::SUPPORTED_API_VERSIONS can be enabled. If a unsupported version is set in the configuration, it will be ignored with a warning. The agent will fail to start if no valid API versions list is configured. The 'api_versions' option supports 2 keywords that can be used instead of the explicit list of versions: - "default": Enables all the supported API versions - "latest": Enables only the latest supported API version This is part of the implementation of the enhancement proposal 114: keylime/enhancements#115 Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
The registrar_client module implements the builder pattern to allow setting the optional parameters as needed. This also implements the mechanism to allow the agent to communicate with the registrar that support different API versions: - The client will make a GET request to the '/version' endpoint of the registrar. If the request is successful, the client will use the provided API version if it is enabled. - If the registrar does not support the '/version' endpoint, the client will try to register using each of the enabled API versions, starting from the latest. If none of the enabled versions is supported by the registrar, the registration fails. This is part of the implementation of the enhancement proposal 114: keylime/enhancements#115 Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
be15945
to
ede6c9a
Compare
Use the keylime::registrar_client module instead of the registrar_agent, which is deleted. This enables the agent to communicate with a registrar using an older API version, restoring the backwards compatibility. This also removes the unnecessary `API_VERSION` from `common.rs`. This is part of the implementation of the enhancement proposal 114: keylime/enhancements#115 Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
Validate the values set in the `api_versions` configuration option, and filter only the supported versions. The configured versions are also sorted so that the agent can try the enabled versions from the newest to the oldest. If none of the configured options are supported, fallback to use all the supported API versions instead. This is part of the implementation of the enhancement proposal 114: keylime/enhancements#115 Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
ede6c9a
to
a9aec72
Compare
This introduces a new configuration option
api_versions
which allows the user to select a subset of the supported API versions to enable.The agent creates the endpoints under each enable API version, allowing it to receive requests from older versions of the other components (verifier and tenant).
During registration, the agent will try to query the version of the API supported by the registrar making a GET request to the
/version
endpoint. If the registrar supports it and replies with a version, the agent will check if the version is enabled and will use it for the following requests.In case the registrar does not support the
/version
endpoint, then the agent will try all the enabled versions. If the registration is successful, the agent will keep the successful API version to use in the following requests.This is part of the implementation for the enhancement proposal 114: keylime/enhancements#115