Remove access manager (#470)

* remove access manager from code base * document new node ssh workflow * keep config backwards compatible * slow down link checking to prevent http 429 Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2025-06-04 20:59:02 -04:00 · 2022-11-11 08:44:36 +01:00 · 2022-11-11 08:44:36 +01:00 · b92b3772ca
commit b92b3772ca
parent b0f4a09ebe
59 changed files with 251 additions and 2831 deletions
--- a/debugd/internal/cdbg/cmd/deploy.go
+++ b/debugd/internal/cdbg/cmd/deploy.go
@ -28,8 +28,8 @@ import (
 func newDeployCmd() *cobra.Command {
 	deployCmd := &cobra.Command{
 		Use:   "deploy",
-		Short: "Deploys a self-compiled bootstrapper binary and SSH keys on the current constellation",
-		Long: `Deploys a self-compiled bootstrapper binary and SSH keys on the current constellation.
+		Short: "Deploys a self-compiled bootstrapper binary on the current constellation",
+		Long: `Deploys a self-compiled bootstrapper binary on the current constellation.
 	Uses config provided by --config and reads constellation config from its default location.
 	If required, you can override the IP addresses that are used for a deployment by specifying "--ips" and a list of IP addresses.
 	Specifying --bootstrapper will upload the bootstrapper from the specified path.`,
@ -88,7 +88,6 @@ func deploy(cmd *cobra.Command, fileHandler file.Handler, constellationConfig *c
 			debugdEndpoint:   net.JoinHostPort(ip, strconv.Itoa(constants.DebugdPort)),
 			bootstrapperPath: bootstrapperPath,
 			reader:           reader,
-			authorizedKeys:   constellationConfig.SSHUsers,
 		}
 		if err := deployOnEndpoint(cmd.Context(), input); err != nil {
 			return err
@ -102,10 +101,9 @@ type deployOnEndpointInput struct {
 	debugdEndpoint   string
 	bootstrapperPath string
 	reader           fileToStreamReader
-	authorizedKeys   []config.UserKey
 }

-// deployOnEndpoint deploys SSH public keys and a locally built bootstrapper binary to a debugd endpoint.
+// deployOnEndpoint deploys a custom built bootstrapper binary to a debugd endpoint.
 func deployOnEndpoint(ctx context.Context, in deployOnEndpointInput) error {
 	log.Printf("Deploying on %v\n", in.debugdEndpoint)
 	dialCTX, cancel := context.WithTimeout(ctx, debugd.GRPCTimeout)
@ -117,23 +115,6 @@ func deployOnEndpoint(ctx context.Context, in deployOnEndpointInput) error {
 	defer conn.Close()
 	client := pb.NewDebugdClient(conn)

-	if len(in.authorizedKeys) > 0 {
-		log.Println("Warning: Uploading authorized keys is currently disabled.")
-	}
-	// TODO (stateless-ssh): re-enable once ssh keys can be deployed on readonly rootfs.
-	// log.Println("Uploading authorized keys")
-	// pbKeys := []*pb.AuthorizedKey{}
-	// for _, key := range in.authorizedKeys {
-	// 	pbKeys = append(pbKeys, &pb.AuthorizedKey{
-	// 		Username: key.Username,
-	// 		KeyValue: key.PublicKey,
-	// 	})
-	// }
-	// authorizedKeysResponse, err := client.UploadAuthorizedKeys(ctx, &pb.UploadAuthorizedKeysRequest{Keys: pbKeys}, grpc.WaitForReady(true))
-	// if err != nil || authorizedKeysResponse.Status != pb.UploadAuthorizedKeysStatus_UPLOAD_AUTHORIZED_KEYS_SUCCESS {
-	// 	return fmt.Errorf("uploading authorized keys to instance %v failed: %v / %w", in.debugdEndpoint, authorizedKeysResponse, err)
-	// }
-
 	stream, err := client.UploadBootstrapper(ctx, grpc.WaitForReady(true))
 	if err != nil {
 		return fmt.Errorf("starting bootstrapper upload to instance %v: %w", in.debugdEndpoint, err)