server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon hashtopolis

Feature: Automatic trusting of agent

Open kochie opened this issue 3 years ago • 3 comments

I'm interested in implementing a feature that would automatically trust an agent when it registers. I'm currently running my agents in containers that can start up and shut down depending on the host system. As I scale up the number of hosts I'm using I want to be able to have the agents automatically get trusted by the server.

I think the best way to do this would be to have a flag on voucher creation that specifies agents registering with said voucher are automatically trusted.

I'm happy to implement this in a PR but I'm curious if there are any thoughts/comments?

kochie avatar Sep 30 '21 01:09 kochie

To confirm, what you do mean with trusting? Marking it as trusted so it can deal with secret information or trusting it just that it will start cracking?

With both, are you aware that there is an API available for doing both actions?

-> https://raw.githubusercontent.com/hashtopolis/server/master/doc/user-api/user-api.pdf

setTrusted Set if an agent is trusted or not. { "section": "agent", "request": "setTrusted", "trusted": false, "agentId": 2, "accessKey": "mykey" }

{ "section": "agent", "request": "createVoucher", "accessKey": "mykey" }

With this it would be possible to automate both proccesses. You just simply would have to create a small script which talks to the API with a pre-generated/static API key (which you passalone as an environment setting to your container). Request a voucher and give the voucher code to the hashtopolis client.

zyronix avatar Oct 04 '21 10:10 zyronix

If the agent could set on its creation if it is trusted or not, this somehow would make the trusted flag useless, as then any agent could come and claim it is trusted and access any resource on the server.

The more proper way (IMO) would be to extend the server config to allow to set "defaults" for new agents, e.g. if they are trusted per default, if they have any parameters added, etc. on creation. This way the server is still in control of the permissions. Do you understand what I mean? If you would like to make a pull request with having something like this implemented, that would be highly appreciated. Otherwise, I can see that I can work on something like this the next time I get to work on programming.

s3inlc avatar Oct 07 '21 19:10 s3inlc

Hey @zyronix I meant trusting so it can deal with secret information. I've forked the server and made the modifications already.

I did see the API but I wanted a more "universal" configuration.

Screenshot 2021-10-08 164236

All I've done is added an extra attribute to the voucher and done a check on agent registration. The idea is that if you have a large number of agents you don't have to select trusted for each agent.

@s3inlc I agree with you 100%. I think I've made the changes similar to what you're saying. I'm happy to set up the PR and you can check to see if it's good.

kochie avatar Oct 08 '21 05:10 kochie