Issue 13832045: environs/httpstorage: authentication support

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 13832045: environs/httpstorage: authentication support

Can't Edit
Can't Publish+Mail
Start Review

Created:
10 years, 7 months ago by axw

Modified:
10 years, 7 months ago

Reviewers:
axw1, mp+187152, fwereade

Visibility:
Public.

Description

environs/httpstorage: authentication support This change to httpstorage enables authentication, where authentication implies authorisation. For an authenticating httpstorage, authentication is required only for Put/Remove* methods; List/Get will work unauthenticated. Authentication is implemented by a client providing a certificate signed by the CA, where the CA is previously agreed upon. There will be a followup branch which enables this for the null provider, via additions to the worker/localstorage.LocalStorageConfig interface, and storage CA certificate generation at bootstrap time. NOTE: one caveat is that wget et al. will need to skip certificate validation. Fixes #1225916 https://code.launchpad.net/~axwalk/juju-core/1225916-httpstroage-authentication/+merge/187152 (do not edit description out of merge proposal)

Patch Set 1 #

Created: 10 years, 7 months ago

Download [raw] [tar.bz2]

Unified diffs	Side-by-side diffs	Stats (+285 lines, -30 lines)			Patch
[revision details]	View	1 chunk	+2 lines, -0 lines	0 comments	Download
cert/cert.go	View	3 chunks	+21 lines, -3 lines	0 comments	Download
cert/cert_test.go	View	5 chunks	+44 lines, -6 lines	0 comments	Download
environs/config/config.go	View	1 chunk	+2 lines, -1 line	0 comments	Download
environs/httpstorage/backend.go	View	6 chunks	+61 lines, -1 line	0 comments	Download
environs/httpstorage/backend_test.go	View	9 chunks	+79 lines, -8 lines	0 comments	Download
environs/httpstorage/storage.go	View	5 chunks	+44 lines, -9 lines	0 comments	Download
environs/httpstorage/storage_test.go	View	4 chunks	+30 lines, -1 line	0 comments	Download
testing/cert.go	View	1 chunk	+2 lines, -1 line	0 comments	Download

Messages

Total messages: 3

Expand All Messages | Collapse All Messages

fwereade

message: Lovely; LGTM. It makes me think a bit though: AFAIR the only clients that ...

10 years, 7 months ago (2013-09-24 13:33:06 UTC) #2

axw1

10 years, 7 months ago (2013-09-25 02:30:33 UTC) #3

On 2013/09/24 13:33:06, fwereade wrote:
> message: Lovely; LGTM. It makes me think a bit though: AFAIR the only clients
> that need authentication will be the CLI and the manager nodes, and both of
> those do already have suitable storage-manipulation pathways.

What do you mean by "suitable storage-manipulation pathways"?

> So, if cert distribution proves to be a hassle, we can in fact fall back to
> other storage mechanisms without losing functionality (and we still get the
> security we care about). Handy if we need it.

Not really following. What are the other storage mechanisms that can be fallen
back on?

Expand All Messages | Collapse All Messages