Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add an Admin API to temporarily grant the ability to update an existing cross-signing key without UIA #16634

Merged
merged 12 commits into from
Nov 15, 2023
Merged

Add an Admin API to temporarily grant the ability to update an existing cross-signing key without UIA #16634

merged 12 commits into from
Nov 15, 2023

Conversation

DMRobertson
Copy link
Contributor

Fixes #16632.

@github-actions github-actions bot deployed to PR Documentation Preview November 14, 2023 20:54 Active
@github-actions github-actions bot deployed to PR Documentation Preview November 14, 2023 20:57 Active
DMRobertson
DMRobertson commented Nov 14, 2023
View reviewed changes
docs/admin_api/user_admin_api.md
Comment on lines +778 to +779
This endpoint is not intended for server administrator usage;
we describe it here for completeness.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wasn't sure if I should omit this. But I thought it might be best to err on the side of transparency.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy to keep this documented, it's clear enough that as an admin you shouldn't use that

DMRobertson
DMRobertson commented Nov 14, 2023
View reviewed changes
synapse/handlers/e2e_keys.py
Comment on lines +1459 to +1461
Returns: a 2-tuple of booleans
- whether the user has cross-signing set up, and
- whether the user's master cross-signing key may be replaced without UIA.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A bit naughty, since there aren't really 4 states here. But I think this makes things clearer at the call site.

DMRobertson
DMRobertson commented Nov 14, 2023
View reviewed changes
synapse/rest/admin/users.py
"""

PATTERNS = admin_patterns(
"/users/(?P<user_id>[^/]*)/_allow_cross_signing_replacement_without_uia"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sandhose and I wondered if this should come with warnings e.g. "This is an internal endpoint, we reserve the right to break this". That's what the _ in _allow means.

DMRobertson
DMRobertson commented Nov 14, 2023
View reviewed changes
synapse/storage/schema/main/delta/83/05_cross_signing_key_update_grant.sql
* See the License for the specific language governing permissions and
* limitations under the License.
*/
ALTER TABLE e2e_cross_signing_keys ADD COLUMN updatable_without_uia_before_ms bigint DEFAULT NULL;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did think about adding a check constraint to enforce that only master keys may have this column set to a non-null value. But then I'd have to think about adding a background update to validate the check in the background; it didn't seem worth it.

@github-actions github-actions bot deployed to PR Documentation Preview November 14, 2023 21:07 Active
@github-actions github-actions bot deployed to PR Documentation Preview November 14, 2023 21:10 Active
@DMRobertson DMRobertson marked this pull request as ready for review November 15, 2023 13:38
@DMRobertson DMRobertson requested a review from a team as a code owner November 15, 2023 13:38
@github-actions github-actions bot deployed to PR Documentation Preview November 15, 2023 13:38 Active
@github-actions github-actions bot deployed to PR Documentation Preview November 15, 2023 13:56 Active
sandhose
sandhose approved these changes Nov 15, 2023
View reviewed changes
synapse/storage/databases/main/end_to_end_keys.py Show resolved Hide resolved
synapse/storage/schema/main/delta/83/05_cross_signing_key_update_grant.sql Show resolved Hide resolved
tests/rest/client/test_keys.py
},
}
)
def test_master_cross_signing_key_replacement_msc3861(self) -> None:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is way more testing that I'd have expected, nice!

tests/handlers/test_e2e_keys.py Show resolved Hide resolved
docs/admin_api/user_admin_api.md
Comment on lines +778 to +779
This endpoint is not intended for server administrator usage;
we describe it here for completeness.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy to keep this documented, it's clear enough that as an admin you shouldn't use that

@github-actions github-actions bot deployed to PR Documentation Preview November 15, 2023 16:16 Active
@github-actions github-actions bot deployed to PR Documentation Preview November 15, 2023 16:34 Active
sandhose
sandhose approved these changes Nov 15, 2023
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything looks good, thanks!

@DMRobertson DMRobertson merged commit 43d1aa7 into develop Nov 15, 2023
38 of 40 checks passed
@DMRobertson DMRobertson deleted the dmr/reset-cross-signing branch November 15, 2023 17:28
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sandhose sandhose sandhose approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add an Admin API to temporarily grant the ability to update an existing cross-signing key without UIA
2 participants
@DMRobertson @sandhose