Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deploy: set vm-config features for sd-{app,proxy,whonix} #1001

Merged
merged 5 commits into from
Apr 25, 2024
Merged

deploy: set vm-config features for sd-{app,proxy,whonix} #1001

merged 5 commits into from
Apr 25, 2024

Conversation

cfm
Copy link
Member

@cfm cfm commented Apr 24, 2024
edited
Loading

Status

Ready for review

Description of Changes

Towards #936 (superseding #956 due to its skip-ci/ prefix):

  1. sets values from the dom0 config.json to keys under the vm-config/ prefix in QubesDB (under the vm-config. prefix in Salt); and
  2. tests all VMs for expected configuration keys, eliminating the special-casing of QUBES_GPG_DOMAIN;
  3. tests configured VMs for their expected values from config.json; and
  4. leaves TODO hints in state files that can be removed as each VM's applications are updated to read configuration from this store, as in feat(Config): read from QubesDB if available; otherwise from environment variables securedrop-client#1883, and their Salt-managed configuration files can be removed.

Testing

With this branch checked out in your $SECUREDROP_DEV_VM:

[user@dom0 securedrop-workstation]$ make clone
[user@dom0 securedrop-workstation]$ make dev

Now you can poke around (e.g.):

[user@dom0 securedrop-workstation]$ qvm-run --pass-io sd-app qubesdb-read /vm-config/QUBES_GPG_DOMAIN
sd-gpg
[user@dom0 securedrop-workstation]$ qvm-run --pass-io sd-app qubesdb-read /vm-config/SD_SUBMISSION_KEY_FPR
5F4BB12BAF811C789347DDFF148B87347CB3DDA1

That's it! Since nothing downstream consumes from this configuration store yet, it has no side effects.

Extra credit

Test the enforcement of expected configuration keys:

[user@dom0 securedrop-workstation]$ qubesdb-write -d sd-proxy /vm-config/QUBES_GPG_DOMAIN "you shouldn't have this"
[user@dom0 securedrop-workstation]$ make test-proxy  # Expected: "AssertionError: Items in the first set but not the second..."

Deployment

As part of work towards #965, this assumes a fresh installation (except during testing) and so has no special considerations.

Checklist

If you have made changes to the provisioning logic

  • All tests (make test) pass in dom0

@cfm cfm mentioned this pull request Apr 24, 2024
Closed
4 tasks
cfm added 4 commits April 24, 2024 17:52
@cfm
refactor: proactively load "config.json" into SD_VM_Local_Test.dom0_c…
698b2cc 
…onfig
@cfm
test(_vm_config_read): helper function for qubesdb-read via qvm-run
c1f5a4f
@cfm
test: check the "vm-config" values expected by each VM
dc6f763
@cfm
refactor(SD_VM_Local_Test): automatically check all VMs for expected …
bf786e2 
…configuration keys

This eliminates the need to treat $QUBES_GPG_DOMAIN as special: now only
a VM that expects it lists it in its "expected_config_keys" set, and any
other VM will fail SD_VM_Local_Test.test_vm_config_keys() if it's
present.
@cfm cfm marked this pull request as ready for review April 25, 2024 01:13
@legoktm legoktm self-assigned this Apr 25, 2024
legoktm
legoktm approved these changes Apr 25, 2024
View reviewed changes
Copy link
Member

@legoktm legoktm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, this looks great. Test plan checked out (qubesdb-read works properly, setting another key causes tests to fail).

Explicitly noting that the PGP secret key is not included in this PR, per #936 (comment) and follow-up discussion.

One other thing I was curious about is whether we need to explicitly delete these or if they're removed as part of VM deletion. So I set an extra key (as part of the earlier testing), did a sdw-admin --uninstall && make dev and that key is (correctly) missing.

@legoktm legoktm added this pull request to the merge queue Apr 25, 2024
Merged via the queue into main with commit 3eff2d5 Apr 25, 2024
7 checks passed
@legoktm legoktm deleted the 936-vm-config branch April 25, 2024 15:44
This was referenced Apr 25, 2024
Open
Closed
@legoktm legoktm mentioned this pull request May 2, 2024
Closed
This was referenced May 9, 2024
Open
Closed
@zenmonkeykstop zenmonkeykstop mentioned this pull request May 14, 2024
Closed
@cfm cfm mentioned this pull request May 22, 2024
Merged
5 tasks
@deeplow deeplow mentioned this pull request May 24, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@legoktm legoktm legoktm approved these changes

Assignees

@legoktm legoktm

Labels
None yet
Projects
SecureDrop dev cycle
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cfm @legoktm