Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gRPC authentication proposal - using gRPC secure channels #1541

Open
wants to merge 20 commits into
base: master
Choose a base branch
from

Conversation

JacekBartynowski
Copy link

@JacekBartynowski JacekBartynowski commented Nov 12, 2024

Description

Checklist

  • Documentation for the feature
  • Tests for the feature
  • The arguments and description in doc/configuration.rst have been updated
  • Add a section on how to use the feature to doc/usage.rst
  • Add a section on how to use the feature to doc/development.rst
  • PR has been tested
  • Man pages have been regenerated

@JacekBartynowski
Copy link
Author

Here is a proposal for securing the gRPC channels (SSL encryption).
The authentication code will be reworked:

  • possibly abstract interface would be added
  • the concrete implementation would be done via additional package + certain 'entry points' as a way of the integration

@ep1cman
Copy link
Contributor

ep1cman commented Nov 12, 2024

I imagine the private key (and thus the certificates?) would need to be generated on first start rather than included in the code, for anyone to see and copy?

@JacekBartynowski
Copy link
Author

JacekBartynowski commented Nov 12, 2024 via email

Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
jacbar01-arm and others added 18 commits November 20, 2024 01:25
…ate Python packages - decoupling authentication code
Add methods to the RawNetworkInterfaceDriver to set interfaces up and
down, as well as getting and waiting for the interface state.

This allows the driver to take more control over the interface,
preconfiguration is not needed anymore. Tests that expect the exporter
interface to be down (such as ethernet selftests, cable tests) are now
possible.

Note that the RawNetworkInterfaceDriver now brings the bound interface
up on activate and down on deactivate.

Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Add interface configuration (`ethtool --change`) support to the
RawNetworkInterfaceDriver. This allows configuring the bound interface
(speed, lanes, duplex, port, master-slave, mdix, autoneg, advertise,
phyad, xcvr, wol, sopass, msglvl).

Also add add a `get_settings()` method to query those settings. Note
that ethtool gained the required --json support for the default sub
command in v6.10.

Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Add interface Energy Efficient Ethernet (EEE) configuration
(`ethtool --set-eee`) support to the RawNetworkInterfaceDriver. This
allows configuring the EEE parameters eee, tx-lpi, tx-timer and advertise
on the bound interface.

Also add a `get_eee_settings()` method to query those settings. Note
that ethtool gained the required --json support for this sub command in
v6.10.

Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Add interface pause configuration (`ethtool --pause`) support to the
RawNetworkInterfaceDriver. This allows configuring the pause parameters
autoneg, rx and tx on the bound interface.

Also add a `get_pause_settings()` method to query those settings.

Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
…ate Python packages - decoupling authentication code

Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <jacek.bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <Jacek.Bartynowski@arm.com>
Signed-off-by: Jacek Bartynowski <Jacek.Bartynowski@arm.com>
@JacekBartynowski
Copy link
Author

I update the Pull request, mainly added the instrumentation to select custom authentication plugins for the gRPC authentication.
These plugins would be delivered as a separate Python packages installed within the labgrid Python virtual environment and integrated/instantiated using Python 'entry-points' instrumentation.

…generation

Signed-off-by: Jacek Bartynowski <Jacek.Bartynowski@arm.com>
@JacekBartynowski
Copy link
Author

I added instruction on generating SSL certificate and key + sample configuration file that could be re-used for this purpose. I updated the certificate + key files, they should contain now generic configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants