From fe1d233e0aa3a58cc9cffe2dc73c8bb865518ad5 Mon Sep 17 00:00:00 2001 From: John Andersen Date: Sat, 9 Nov 2024 12:27:09 -0800 Subject: [PATCH] docs(governance): update todos and game plan for maintainers example Related: https://github.com/publicdomainrelay/reference-implementation/issues/8 Signed-off-by: John Andersen --- docs/adrs/governance.md | 55 ++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/docs/adrs/governance.md b/docs/adrs/governance.md index c4d23e9..cbacf9e 100644 --- a/docs/adrs/governance.md +++ b/docs/adrs/governance.md @@ -21,8 +21,22 @@ Enable two way relay from decentralized to and from centralized. ## Examples +### TODO + +- Revocations for keys within `data` +- Policy which applies to all policies? Flows to check all other policies +- Document process and how Alice signs next then they remove once Eve is + added. Then document secret sharing and further abstract privilege levels in + further ADRs, eventually get to dynamic based on more policy +- Figure out where `runs-on: reproducable-wasm` source is, more policy to okay? + - For instance, running some `uses: actions/checkout@v4` via IPVM + ### Maintainers +- Apply policy to branches in `applies_to` +- Create branch per `mod_branch` +- Run all `deny` actions + ```bash python -m mistletoe docs/adrs/governance.md --renderer mistletoe.ast_renderer.AstRenderer | jq -r --arg searchString "DATA_PUBLIC_KEY_JSON_PATH" --arg excludeString "bash -xe" '.. | strings | select(contains($searchString) and (contains($excludeString) | not))' | bash -xe ``` @@ -44,49 +58,38 @@ python -m mistletoe docs/adrs/governance.md --renderer mistletoe.ast_renderer.As ```yaml name: 'branch_name Maintainers' deny: -- name: 'Deny owner additions without sign off from current owners' action: 'add_owner' applies_to: - 'branch_name' -- 'branch_name_mod_policy_.*' -pending_changes: -- nonce: '... UUID for pending change ...' - action: add_owner - inputs: - new_key_public: '...' - new_key_revocation: '...' - new_owner: 'Eve' - signer_keys: '$this.data.public_keys' +mod_branch: +- '_mod_policy_' data: pending_changes: - # TODO Document process and how Alice signs next then they remove once Eve is - # added. Then document secret sharing and further abstract privilege levels in - # further ADRs, eventually get to dynamic based on more policy - nonce: '... UUID for pending change ...' - cnonce: '... UUID ...' - owner: 'Bob' - secrets: - - name: 'Apple' - expected: - alg: 'sha384' - digest: '...' + action: add_owner + signers: + - cnonce: '... UUID ...' + owner: 'Bob' + inputs: + key_public: '...' + owner: 'Eve' public_keys: - owner: 'Bob' keys: - '...' - revocation: - - '...' - owner: 'Alice' keys: - '...' - revocation: - - '...' + secrets: + - name: 'Apple' + expected: + alg: 'sha384' + digest: '...' actions: - name: add_owner + description: 'Deny owner additions without sign off from current owners' runs-on: slsa-l4 steps: - # TODO Figure out where reproducable-wasm source is, more policy to okay? - # - uses: actions/checkout@v4 ``` Expanded form of action `add_owner`