insights-core
insights-core copied to clipboard
Allow the gpg keyring to be configured
The gpg keyring used to verify that a playbook to be executed by a worker is currently hardcoded to a keyring file that we install as part of insights-core. This is good for security in production but it would be nice if there was a way to change this value for development and testing of the workers. In that use case, a developer wants to be able to write a script, sign it, have their worker process it as if it came from rhcd, and then verify that the script returned the expected output. If the only valid key is what we ship, then they would have to have their test scripts signed by the production keyring (which has other, negative security implications as well...) to execute that test.