Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v3 onion migration] fail if v3 partial config is encountered #4681

Closed
conorsch opened this issue Aug 20, 2019 · 1 comment · Fixed by #4729
Closed

[v3 onion migration] fail if v3 partial config is encountered #4681

conorsch opened this issue Aug 20, 2019 · 1 comment · Fixed by #4729
Assignees
@zenmonkeykstop
Projects
SecureDrop Team Board
Milestone
1.0.0

Comments

@conorsch
Copy link
Contributor

Description

In securedrop-admin install when a user runs with v3_onion_services=True, we should:

  • check for existing client auth files
  • check for existing tor keypairs JSON file
  • fail if one-but-not-both are found

The goal is to provide a fail-fast mechanism that prevents breaking v3 services for orgs with multiple Administrators. See discussion #4652 (comment) for context. The "validate" role seems like the best place to run this logic, since that'll catch misconfigurations even if securedrop-admin sdconfig was not run.
@conorsch conorsch mentioned this issue Aug 20, 2019
Merged
13 tasks
@redshiftzero redshiftzero added this to the 1.0.0 milestone Aug 20, 2019
@redshiftzero redshiftzero added this to Nominated for next sprint in SecureDrop Team Board Aug 20, 2019
@eloquence eloquence moved this from Nominated for next sprint to Current Sprint - 8/21-9/4 in SecureDrop Team Board Aug 21, 2019
@redshiftzero
Copy link
Contributor

If a playbook run bails after the tor keypairs JSON fail is generated but before the ths/client auth files exist, we probably shouldn't start failing subsequent attempts to run the playbook since it won't actually be due to this multiple administrator situation, it's due to a playbook failure which can happen pretty often because Tor (this happened to me while testing the other day and I thought of this ticket).

However in the scenario where the admin does have ths/client auth files but not the tor keypairs JSON file, we should fail because it means they only fetched half the secrets they need from the other admin. Lmk if you disagree @conorsch @kushaldas

@zenmonkeykstop zenmonkeykstop self-assigned this Sep 3, 2019
@zenmonkeykstop zenmonkeykstop mentioned this issue Sep 3, 2019
Merged
7 tasks
SecureDrop Team Board automation moved this from SD 1.0.0 Release Sprint - 9/4-/9/18 to Done Sep 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zenmonkeykstop zenmonkeykstop

Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
1.0.0
Development

Successfully merging a pull request may close this issue.

Adds check for valid v3 config on Admin Workstation zenmonkeykstop/securedrop
3 participants
@conorsch @zenmonkeykstop @redshiftzero