forked from keylime/keylime
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
verifier: move to new failure architecture
We only send notifications if a event with a higher severity level was generated and save the severity level (as integer) and the first event id that generated the failure with that level in the database. The current design assumes that when a device is added no failures should occur on the first validation to mark the device as in use to recive revocation notifcations. If a failure is generated that is irrecoverable we stop polling the agent. Part of enhancement proposal keylime/enhancements#48 Signed-off-by: Thore Sommer <[email protected]>
- Loading branch information
Showing
4 changed files
with
140 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
45 changes: 45 additions & 0 deletions
45
keylime/migrations/versions/257fe0f0c039_add_fields_for_revocation_context_to_.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
"""Add fields for revocation context to verifier | ||
Revision ID: 257fe0f0c039 | ||
Revises: f35cdd35eb83 | ||
Create Date: 2021-08-20 12:42:30.427138 | ||
""" | ||
from alembic import op | ||
import sqlalchemy as sa | ||
|
||
|
||
# revision identifiers, used by Alembic. | ||
revision = '257fe0f0c039' | ||
down_revision = 'f35cdd35eb83' | ||
branch_labels = None | ||
depends_on = None | ||
|
||
|
||
def upgrade(engine_name): | ||
globals()["upgrade_%s" % engine_name]() | ||
|
||
|
||
def downgrade(engine_name): | ||
globals()["downgrade_%s" % engine_name]() | ||
|
||
|
||
|
||
|
||
|
||
def upgrade_registrar(): | ||
pass | ||
|
||
|
||
def downgrade_registrar(): | ||
pass | ||
|
||
|
||
def upgrade_cloud_verifier(): | ||
op.add_column('verifiermain', sa.Column('severity_level', sa.String)) | ||
op.add_column('verifiermain', sa.Column('last_event_id', sa.String)) | ||
|
||
|
||
def downgrade_cloud_verifier(): | ||
op.drop_column('verifiermain', 'severity_level') | ||
op.drop_column('verifiermain', sa.Column('last_event_id', sa.String)) |