-
Notifications
You must be signed in to change notification settings - Fork 480
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Implement pluggable password generator #2659
Conversation
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, looks pretty good to me, but a few comments inline.
Also what happened to PasswordGeneratorContextOption
from the issue? Why did this get dropped?
You also get a prize from dropping a dependency of edgex-go. Bravo!
func (p *PasswordProvider) SetConfiguration(passwordProvider string, passwordProviderArgs []string) error { | ||
var err error | ||
p.passwordProvider = passwordProvider | ||
p.passwordProviderArgs = passwordProviderArgs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should there be any validation of these strings (i.e. max length)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PasswordProvider is validated by LookPath. ProviderArgs there is no obvious validation criteria. Also, since this is the password generation function, the input is implicitly trusted. (If the input can be forged, it can run pretty much anything.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, if you're OK with it, then I'll trust your judgement on this. The only reason I brought this up is because of the recent GRub2 BootHole vulnerability which involved buffer overruns involving the Grub2 config file...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changing status so this doesn't get merged accidentally as there are still a few minor open issues.
@mkbhanda we should try to avoid using github's merge from master, and leave this to the PR submitter to handle with 'git pull -r' (which uses rebase to pop-off the pending commits, rebases to latest HEAD, and re-applies the commits). Otherwise we end up with lots of identical "merge from master" commits in our git log. |
Remove dependency on GoKey for password generator; if not specified, the built-in password generator does the equivalent of "openssl rand -base64 33" which generates a base64 encoded random string of 264 random bits. Otherwise, the code looks for a PasswordProvider in configuration that points to an executable, and PasswordProviderArgs that specify the arguments to that executable. The code then launches that exectuable, trims the trailing newline, and uses the result as a password. Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
Rebased and squashed fixup commits. Can @tonyespy please re-review? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the changes, LGTM now.
Remove dependency on GoKey for password generator;
if not specified, the built-in password generator
does the equivalent of "openssl rand -base64 33"
which generates a base64 encoded random string
of 264 random bits.
Otherwise, the code looks for a PasswordProvider
in configuration that points to an executable,
and PasswordProviderArgs that specify the
arguments to that executable. The code then
launches that exectuable, trims the trailing
newline, and uses the result as a password.
Signed-off-by: Bryon Nevis bryon.nevis@intel.com
PR Checklist
Please check if your PR fulfills the following requirements:
make test
has completed successfullyPR Type
What kind of change does this PR introduce?
What is the current behavior?
Current functionality uses Vault root token and database name to feed into GoKey password generator. The GoKey password generator was never fully vetted for this purpose before being introduced. Community would like a pluggable password generator rather than forcing use of Gokey
Issue Number:
Fixes #1946
What is the new behavior?
Remove dependency on GoKey for password generator;
if not specified, the built-in password generator
does the equivalent of "openssl rand -base64 33"
which generates a base64 encoded random string
of 264 random bits.
Otherwise, the code looks for a PasswordProvider
in configuration that points to an executable,
and PasswordProviderArgs that specify the
arguments to that executable. The code then
launches that exectuable, trims the trailing
newline, and uses the result as a password.
Does this PR introduce a breaking change?
Are there any new imports or modules? If so, what are they used for and why?
Are there any specific instructions or things that should be known prior to reviewing?
Other information
While doing research, although openssl is a commonly installed dependency (though by no means guaranteed to there in a minimal container), the apg (automatic password generator) tool is only installed (in Ubuntu) by the Gnome packages. It is reasonable to assume that in a gui-less installation, that apg tool will not be available. Thus, no default external password generator is configured by default. Instead, the code simulates the output of openssl rand -base64 33