Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add multiple key options to authn sequence #18

Merged
merged 2 commits into from
Jan 22, 2015
Merged

Add multiple key options to authn sequence #18

merged 2 commits into from
Jan 22, 2015

Conversation

markan
Copy link
Contributor

@markan markan commented Jan 15, 2015

To support key rotation we would like to try to auth against a list of
keys and return the first key that succeeds. This extends the
authenticate_user_request API to accept a list of {key_description,
public_key} pairs and returns {name, user, and key_description} if one
matches.

@sdelano @marcparadise @tylercloke

@markan
Add multiple key options to authn sequence
22f5046 
To support key rotation we would like to try to auth against a list of
keys and return the first key that succeeds. This extends the
authenticate_user_request API to accept a list of {key_description,
public_key} pairs and returns {name, user, and key_description} if one
matches.
marcparadise
marcparadise reviewed Jan 16, 2015
View reviewed changes
src/chef_authn.erl
{name, user_id(), key_desc()}.

verify_sigs(Plain, BodyHash, ContentHash, AuthSig, UserId, [{KeyId, PubKey}], SignVersion) ->
{name, UserId} = verify_sig(Plain, BodyHash, ContentHash, AuthSig, UserId, PubKey, SignVersion),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're intentionally forcing a badmatch if the last key int he list doesn't work?

@marcparadise
Copy link
Member

👍 on this, given that we've discussed pushing out error handling refactor to a separate PR

@tylercloke
Copy link

👍 Let's get this merged!

marcparadise added a commit that referenced this pull request Jan 22, 2015
@marcparadise
Merge pull request #18 from opscode/ma/multikey
e7850d0 
Add multiple key options to authn sequence
@marcparadise marcparadise merged commit e7850d0 into master Jan 22, 2015
@marcparadise marcparadise deleted the ma/multikey branch January 22, 2015 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@markan @marcparadise @tylercloke @sdelano