keylime icon indicating copy to clipboard operation
keylime copied to clipboard
verified publisher icon keylime

Roadmap for official Rust agent

Open lkatalin opened this issue 3 years ago • 2 comments

This is an issue to keep track of todo items around deprecating the current Python agent and instead using the Rust agent as the official Keylime agent. This is meant to be changed and updated and to be a discussion starter, so please add comments!

High level

  • [x] CI in Keylime repo should pass using the Rust agent (https://github.com/keylime/rust-keylime/issues/441)
  • [x] Load testing with the Rust agent (to be done by end of Aug. @maugustosilva @galmasi )

Python agent side

  • [ ] Optional Remove loading of revocation actions as Python modules (https://github.com/keylime/keylime/issues/884)

Rust agent side

  • [x] Re-enable option to disable mTLS (https://github.com/keylime/rust-keylime/pull/365)
  • [x] Ability to run as non-root (https://github.com/keylime/rust-keylime/pull/364)
  • [x] Remove wiremock dependency (https://github.com/keylime/rust-keylime/issues/301)
  • [x] Optional Remove loading of revocation actions as Python modules (https://github.com/keylime/rust-keylime/issues/325 and https://github.com/keylime/rust-keylime/pull/377)
  • [x] Fix measured boot regression (https://github.com/keylime/rust-keylime/pull/384)
  • [x] Add dependabot automation (https://github.com/keylime/rust-keylime/pull/399)
  • [x] Try Rust agent with TOML-based config file (https://github.com/keylime/rust-keylime/pull/449)
  • [ ] Better testing
    • [x] Add Packit CI testing (https://github.com/keylime/rust-keylime/pull/370)
    • [ ] Optional Address outstanding issues in integration testing
  • [x] Make testing Rust agent mandatory in .ci/run_local.sh (https://github.com/keylime/keylime/pull/1109)
  • [x] Release of Rust agent 0.1.0 (or higher)

Post-release of 0.1.0 Rust agent

  • [ ] Update keylime/keylime documentation to refer to Rust agent
  • [ ] Add warning that Python agent will be deprecated (https://github.com/keylime/keylime/issues/1111)
  • [ ] Better documentation on Rust agent repo (to be defined)

After Python agent deprecation period (end of Q4 2022)

  • [ ] Remove Python agent-specific dependencies from packaging
  • [ ] Remove Rust agent-specific env vars from testing
  • [ ] Remove running of tests on Python agent in .ci/run_local.sh

lkatalin avatar May 04 '22 18:05 lkatalin

cc @mpeters @ueno @ansasaki @maugustosilva @lukehinds

lkatalin avatar May 04 '22 18:05 lkatalin

This list was created from some conversations on Slack:

https://cloud-native.slack.com/archives/C01ARE2QUTZ/p1650650434797609 https://cloud-native.slack.com/archives/C01ARE2QUTZ/p1651073817395479

lkatalin avatar May 23 '22 13:05 lkatalin

@lkatalin with the next release the Rust agent will be the only one. I think can close this issue as completed :tada:

THS-on avatar Mar 14 '23 11:03 THS-on

@THS-on Amazing! Can/should we check off the last 3 items under "python agent deprecation" too?

lkatalin avatar Mar 14 '23 14:03 lkatalin

@lkatalin there are still some leftovers in the e2e tests referencing the rust agent specifically and I'll double check if we can drop some Python dependencies.

THS-on avatar Mar 15 '23 11:03 THS-on

I'm closing this as complete. The rust agent is now the only implementation.

ansasaki avatar Sep 06 '23 13:09 ansasaki