Skip to content

Commit

Permalink
"switch" -> "device"
Browse files Browse the repository at this point in the history 
GC duplicated text about created_on timestamp source.
As in MR#101, version and created_on values must be preserved; use the same
text in all instances.
  • Loading branch information
@haussli @morrowc
haussli authored and morrowc committed Aug 14, 2023
1 parent a8429dd commit 8d90928
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 75 deletions.
16 changes: 7 additions & 9 deletions certz/certz.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -494,22 +494,20 @@ message Entity {
// the credential manager and reported as-is by the telemetry reporting system
// (ie, transparent to the device credential service). Credential managers
// should choose version strings as discrete as possible to ease alert
// generation (eg, for credentials sourced from a bundle, the timestamp of
// the bundle should be used but not the time when the credential is pushed to
// a particular switch). Also, such version strings should be persisted by
// the devices onto non-volatile memory for preservation across system
// reboots.
// generation.
// Also, this version string must be persisted by the device for preservation
// across system reboots / cold-starts.
string version = 1;
// `created_on` contains information when the credentials were created.
// This information is controlled by the credential manager and reported as-is
// by the telemetry reporting system (ie, transparent to the device credential
// service). Credential managers should use the timestamp of the moment when
// credential was created, not the time when the credential is pushed to
// a particular switch).
// Also, this timestamp should be persisted by the devices onto non-volatile
// memory for preservation across system reboots.
// a particular device).
// Also, this timestamp must be persisted by the device for preservation
// across system reboots / cold-starts.
// `created_on` is a timestamp: the number of seconds since
// January 1st, 1970 00:00:00 GMT.
// January 1st, 1970 00:00:00 GMT, a.k.a. unix epoch.
uint64 created_on = 2;

oneof entity {
Expand Down
86 changes: 38 additions & 48 deletions credentialz/credentialz.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,13 +190,13 @@ service Credentialz {
// Step 4: Final commit.
// Client -----> FinalizeRequest----> Target
//
// Use Case 3: Replace keys by generating on the switch
// Use Case 3: Replace keys by generating on the device
//
// Step 1: Start the stream
// Client <---- RotateHostParameters() RPC stream begin ------> Target
//
// Step 2: Trigger key generation on the switch and apply host key. The
// switch returns the public keys corresponding to the generated
// Step 2: Trigger key generation on the device and apply host key. The
// device returns the public keys corresponding to the generated
// private keys which will be used to create host certificates.
// Client -----> GenerateKeysRequest ----> Target
// Client <---- GenerateKeysResponse <----- Target
Expand Down Expand Up @@ -451,22 +451,20 @@ message AccountCredentials {
// the credential manager and reported as-is by the telemetry reporting system
// (ie, transparent to the device credential service). Credential managers
// should choose version strings as discrete as possible to ease alert
// generation (eg, for credentials sourced from a bundle, the timestamp of
// the bundle should be used but not the time when the credential is pushed to
// a particular switch). Also, such version strings should be persisted by
// the devices onto non-volatile memory for preservation across system
// reboots.
// generation.
// Also, this version string must be persisted by the device for preservation
// across system reboots / cold-starts.
string version = 3;
// `created_on` contains information when the credentials were created.
// This information is controlled by the credential manager and reported as-is
// by the telemetry reporting system (ie, transparent to the device credential
// service). Credential managers should use the timestamp of the moment when
// credential was created, not the time when the credential is pushed to
// a particular switch).
// Also, this timestamp should be persisted by the devices onto non-volatile
// memory for preservation across system reboots.
// a particular device).
// Also, this timestamp must be persisted by the device for preservation
// across system reboots / cold-starts.
// `created_on` is a timestamp: the number of seconds since
// January 1st, 1970 00:00:00 GMT.
// January 1st, 1970 00:00:00 GMT, a.k.a. unix epoch.
uint64 created_on = 4;
}

Expand Down Expand Up @@ -506,22 +504,20 @@ message UserPolicy {
// the credential manager and reported as-is by the telemetry reporting system
// (ie, transparent to the device credential service). Credential managers
// should choose version strings as discrete as possible to ease alert
// generation (eg, for credentials sourced from a bundle, the timestamp of
// the bundle should be used but not the time when the credential is pushed to
// a particular switch). Also, such version strings should be persisted by
// the devices onto non-volatile memory for preservation across system
// reboots.
// generation.
// Also, this version string must be persisted by the device for preservation
// across system reboots / cold-starts.
string version = 4;
// `created_on` contains information when the credentials were created.
// This information is controlled by the credential manager and reported as-is
// by the telemetry reporting system (ie, transparent to the device credential
// service). Credential managers should use the timestamp of the moment when
// credential was created, not the time when the credential is pushed to
// a particular switch).
// Also, this timestamp should be persisted by the devices onto non-volatile
// memory for preservation across system reboots.
// a particular device).
// Also, this timestamp must be persisted by the device for preservation
// across system reboots / cold-starts.
// `created_on` is a timestamp: the number of seconds since
// January 1st, 1970 00:00:00 GMT.
// January 1st, 1970 00:00:00 GMT, a.k.a. unix epoch.
uint64 created_on = 5;
}

Expand Down Expand Up @@ -556,22 +552,20 @@ message PasswordRequest {
// the credential manager and reported as-is by the telemetry reporting
// system (ie, transparent to the device credential service). Credential
// managers should choose version strings as discrete as possible to ease
// alert generation (eg, for credentials sourced from a bundle,
// the timestamp of the bundle should be used but not the time when
// the credential is pushed to a particular switch). Also, such version
// strings should be persisted by the devices onto non-volatile memory for
// preservation across system reboots.
// alert generation.
// Also, this version string must be persisted by the device for
// preservation across system reboots / cold-starts.
string version = 3;
// `created_on` contains information when the credentials were created.
// This information is controlled by the credential manager and reported
// as-is by the telemetry reporting system (ie, transparent to the device
// credential service). Credential managers should use the timestamp of
// the moment when credential was created, not the time when the credential
// is pushed to a particular switch).
// Also, this timestamp should be persisted by the devices onto non-volatile
// memory for preservation across system reboots.
// is pushed to a particular device).
// Also, this timestamp must be persisted by the device for preservation
// across system reboots / cold-starts.
// `created_on` is a timestamp: the number of seconds since
// January 1st, 1970 00:00:00 GMT.
// January 1st, 1970 00:00:00 GMT, a.k.a. unix epoch.
uint64 created_on = 4;
}
repeated Account accounts = 1;
Expand Down Expand Up @@ -652,22 +646,20 @@ message CaPublicKeyRequest {
// the credential manager and reported as-is by the telemetry reporting system
// (ie, transparent to the device credential service). Credential managers
// should choose version strings as discrete as possible to ease alert
// generation (eg, for credentials sourced from a bundle, the timestamp of
// the bundle should be used but not the time when the credential is pushed to
// a particular switch). Also, such version strings should be persisted by
// the devices onto non-volatile memory for preservation across system
// reboots.
// generation.
// Also, this version string must be persisted by
// the device for preservation across system reboots / cold-starts.
string version = 2;
// `created_on` contains information when the credentials were created.
// This information is controlled by the credential manager and reported as-is
// by the telemetry reporting system (ie, transparent to the device credential
// service). Credential managers should use the timestamp of the moment when
// credential was created, not the time when the credential is pushed to
// a particular switch).
// Also, this timestamp should be persisted by the devices onto non-volatile
// memory for preservation across system reboots.
// a particular device).
// Also, this timestamp must be persisted by the device for preservation
// across system reboots / cold-starts.
// `created_on` is a timestamp: the number of seconds since
// January 1st, 1970 00:00:00 GMT.
// January 1st, 1970 00:00:00 GMT, a.k.a. unix epoch.
uint64 created_on = 3;
}

Expand Down Expand Up @@ -721,22 +713,20 @@ message ServerKeysRequest {
// the credential manager and reported as-is by the telemetry reporting system
// (ie, transparent to the device credential service). Credential managers
// should choose version strings as discrete as possible to ease alert
// generation (eg, for credentials sourced from a bundle, the timestamp of
// the bundle should be used but not the time when the credential is pushed to
// a particular switch). Also, such version strings should be persisted by
// the devices onto non-volatile memory for preservation across system
// reboots.
// generation.
// Also, this version string must be persisted by
// the device for preservation across system reboots / cold-starts.
string version = 2;
// `created_on` contains information when the credentials were created.
// This information is controlled by the credential manager and reported as-is
// by the telemetry reporting system (ie, transparent to the device credential
// service). Credential managers should use the timestamp of the moment when
// credential was created, not the time when the credential is pushed to
// a particular switch).
// Also, this timestamp should be persisted by the devices onto non-volatile
// memory for preservation across system reboots.
// a particular device).
// Also, this timestamp must be persisted by the device for preservation
// across system reboots / cold-starts.
// `created_on` is a timestamp: the number of seconds since
// January 1st, 1970 00:00:00 GMT.
// January 1st, 1970 00:00:00 GMT, a.k.a. unix epoch.
uint64 created_on = 3;
}

Expand Down
32 changes: 14 additions & 18 deletions pathz/pathz.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,23 +135,21 @@ message UploadRequest {
// the policy manager and reported as-is by the telemetry reporting system
// (ie, transparent to the target policy management service). Policy managers
// should choose version strings as discrete as possible to ease alert
// generation (eg, for policies sourced from a bundle, the timestamp of
// the bundle should be used but not the time when the policy is pushed to
// a particular switch). Also, such version string should be persisted by
// the device onto non-volatile memory for preservation across system
// reboots.
// generation.
// Also, this version string must be persisted by
// the device for preservation across system reboots / cold-starts.
string version = 1;

// `created_on` contains information when the policy was created.
// This information is controlled by the policy manager and reported as-is
// by the telemetry reporting system (ie, transparent to the device policy
// management service). Policy manager should use the timestamp of the moment
// when policy was created, not the time when the policy is pushed to
// a particular switch).
// Also, this timestamp should be persisted by the device onto non-volatile
// memory for preservation across system reboots.
// a particular device).
// Also, this timestamp must be persisted by the device for preservation
// across system reboots / cold-starts.
// `created_on` is a timestamp: the number of seconds since
// January 1st, 1970 00:00:00 GMT a.k.a. unix epoch.
// January 1st, 1970 00:00:00 GMT, a.k.a. unix epoch.
uint64 created_on = 2;

// The actual OpenConfig gNMI Path-based Authorization Policy.
Expand Down Expand Up @@ -216,23 +214,21 @@ message GetResponse {
// the policy manager and reported as-is by the telemetry reporting system
// (ie, transparent to the target policy management service). Policy managers
// should choose version strings as discrete as possible to ease alert
// generation (eg, for policies sourced from a bundle, the timestamp of
// the bundle should be used but not the time when the policy is pushed to
// a particular switch). Also, such version string should be persisted by
// the device onto non-volatile memory for preservation across system
// reboots.
// generation.
// Also, this version string must be persisted by
// the device for preservation across system reboots / cold-starts.
string version = 1;

// `created_on` contains information when the policy was created.
// This information is controlled by the policy manager and reported as-is
// by the telemetry reporting system (ie, transparent to the device policy
// management service). Policy manager should use the timestamp of the moment
// when policy was created, not the time when the policy is pushed to
// a particular switch).
// Also, this timestamp should be persisted by the device onto non-volatile
// memory for preservation across system reboots.
// a particular device).
// Also, this timestamp should be persisted by the device for preservation
// across system reboots / cold-starts.
// `created_on` is a timestamp: the number of seconds since
// January 1st, 1970 00:00:00 GMT a.k.a. unix epoch.
// January 1st, 1970 00:00:00 GMT, a.k.a. unix epoch.
uint64 created_on = 2;

// The actual OpenConfig gNMI Path-based Authorization Policy.
Expand Down

0 comments on commit 8d90928

Please sign in to comment.