You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Last week we had a couple of meetings with RSTUF contributors where we discussed some general notes about this feature:
We will support only path prefixes. The other option - path hash prefixes is not considered for now.
All Custom Target Roles will use the same 1 online key as the rest of the online roles
a. Add documentation that custom target roles doesn’t support custom keys at the moment. - ISSUE
We are conservative: only artifacts with paths matching one of the prefixes of custom target roles are allowed
If the user wants to add an artifact with path not included in any path prefixes we say we cannot do this.
We need to validate that input of the custom target role paths contains specific characters (letters and numbers for example) DO NOT ALLOW: *, /, \, ., etc. as those can lead to unexpected results.
What is the feature about?
The user could have the flexibility to create delegated roles from the Targets Role.
The delegated role would require:
path
to make it unique, for exampleproject-name/*/*
*
is reserved for current RSTUFBINS
succinct delegate role-bins
. For example:MyProjectRole
will create alsoMyProjectRole-bins
This feature requires the following features as pre-requisite:
Services it relates to
repository-service-for-tuf-api, repository-service-for-tuf-worker
Related tasks
No response
References
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: