Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Create/Remove custom delegate Target Roles #354

Open
2 of 3 tasks
Tracked by #355
, #240
...
kairoaraujo opened this issue May 29, 2023 · 2 comments
Open
2 of 3 tasks
Tracked by #355
, #240
...

Feature: Create/Remove custom delegate Target Roles #354

kairoaraujo opened this issue May 29, 2023 · 2 comments
Assignees
@kairoaraujo @MVrachev
Labels
FEATURE RSTUF Feature
Milestone
v1.0.0

Comments

@kairoaraujo
Copy link
Member

What is the feature about?

The user could have the flexibility to create delegated roles from the Targets Role.

The delegated role would require:

  • Role name (not allowed top-level roles and BINS)
  • path to make it unique, for example project-name/*/*
    • the top-level * is reserved for current RSTUF BINS succinct delegate role
  • Optional succinct delegated roles and the size
    • The name would be automatically the Role name followed by -bins. For example: MyProjectRole will create also MyProjectRole-bins
    • It will automatically use the online key

This feature requires the following features as pre-requisite:

Services it relates to

repository-service-for-tuf-api, repository-service-for-tuf-worker

Related tasks

No response

References

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@kairoaraujo kairoaraujo added the FEATURE RSTUF Feature label May 29, 2023
@kairoaraujo kairoaraujo changed the title Create/Remove custom delegate Target Roles Feature: Create/Remove custom delegate Target Roles May 29, 2023
@kairoaraujo kairoaraujo mentioned this issue May 29, 2023
Open
4 tasks
@MVrachev
Copy link
Member

MVrachev commented Jan 20, 2024
edited

Last week we had a couple of meetings with RSTUF contributors where we discussed some general notes about this feature:

  1. We will support only path prefixes. The other option - path hash prefixes is not considered for now.
  2. All Custom Target Roles will use the same 1 online key as the rest of the online roles
    a. Add documentation that custom target roles doesn’t support custom keys at the moment. - ISSUE
  3. We are conservative: only artifacts with paths matching one of the prefixes of custom target roles are allowed
  4. If the user wants to add an artifact with path not included in any path prefixes we say we cannot do this.
  5. We need to validate that input of the custom target role paths contains specific characters (letters and numbers for example) DO NOT ALLOW: *, /, \, ., etc. as those can lead to unexpected results.

This was referenced Jan 20, 2024
Closed
Closed
Open
@MVrachev
Copy link
Member

TODO first iteration defining custom target roles only during initial bootstrap:

@MVrachev MVrachev added this to the v1.0.0 milestone Mar 13, 2024
@kairoaraujo kairoaraujo mentioned this issue Apr 11, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kairoaraujo kairoaraujo

@MVrachev MVrachev

Labels
FEATURE RSTUF Feature
Projects
No open projects
[Sprint 13]: 12 January 2024 - 26 January 2024
Status: Todo
Milestone
v1.0.0
Development

No branches or pull requests
2 participants
@kairoaraujo @MVrachev