Great, the extra detail helps a lot. I'm not all that familiar with the server-side, lmr is the person for suggestions there. Though, I imagine it will be a lot easier (or exponentially harder) since the results, droppings, and names don't need to be secret.
Presuming none of the users (except maybe the secret-approved) have remote (or physical) access to the clients/hosts, lmr's prior-suggestion may meet your needs. I think the client/host systems and source for the test(s) are the biggest threat to secrecy. Mainly because that's where the code lives and will be exposed to some degree in transit. In the same category, I'd be concerned about limited-users somehow injecting or executing other code/tests before, during, or after the secret test(s) run. Secondarily, you will likely need to address the issue of storing any secret test-source access credentials or licenses on the autotest server. For example, if a user can view a server-side control-file or data which allows out-of-band downloading/accessing the secret test source. Either way, I think the client/host systems are likely the biggest exposure vector to plug. Hopefully that helps. On 05/15/2013 01:28 PM, Gawlas, Julius wrote: > Chris, > > Let me try to describe the general model/requirements first > > 1) There is autotest server with shared hosts/users/tests/recurring > jobs etc, there is a requirement of user being registered to use the > service > > 2) special user is a registered user of that setup and wants to find > a way to run secret test using that autotest server (with its hosts, > install server etc) - as long as only he can initiate secret test, > CLI is OK - nobody will see the secret code, okay to see autotest > wrapper (control file) - test results don't need to be hidden > > Based on that: > > * What does "see" mean, does it include file/directory names as well > as contents? > > I believe the code that does the actual testing should not be visible > to anyone outside of predefined set of users; Visibility of > file/directory or control file would be ok. > > * How is the test being run, it this a stand-alone client running the > secret test or is it being controlled by an autotest or other server? > > > Autotest CLI, but there is some freedom here as long as above req are > met > > * Can unprivileged users run tests on the client? > > No, only predefined set of user should be able to initiate them. > > * What level of access to users of each type have to a shell or other > interface on the server and/or clients? (i.e. root, sudo, > read/execute autotest client tests manually, etc.) > > Hopefully answered above > > * If clients are controlled from a server, do all users > (secret-privileged and not) have access to schedule/run tests from > the server? > > The autotest server is general purpose, there are bunch of hosts, > tests and users and recurring jobs being run on the same server. > > * How are test-results to be secured, should all users be able to > view them? Do 'secret' test results need to be filtered/obfuscated? > > I believe that the test results and any droppings that it produced > should be only visible to user that initiated it (I am double check > with users right now) > > Julius > > > -----Original Message----- From: Chris Evich > [mailto:[email protected]] Sent: Wednesday, May 15, 2013 9:57 AM To: > Gawlas, Julius Cc: [email protected] Subject: Re: [Autotest] > Running secret tests > > On 05/15/2013 11:52 AM, Gawlas, Julius wrote: >> One of our users is interested in running a secret test, which is a >> test that has legal restrictions on who can run it. >> >> Let's say we are given some test covered by NDA and it was agreed >> that only limited set of people can see it and run the code. How >> would we go about hooking such test to autotest instance? >> >> Any ideas or pointers? >> >> >> Thanks Julius > > I think we we need more details to help narrow the option list down: > > * What does "see" mean, does it include file/directory names as well > as contents? > > * How is the test being run, it this a stand-alone client running the > secret test or is it being controlled by an autotest or other > server? Can unprivileged users run tests on the client? > > * What level of access to users of each type have to a shell or other > interface on the server and/or clients? (i.e. root, sudo, > read/execute autotest client tests manually, etc.) > > * If clients are controlled from a server, do all users > (secret-privileged and not) have access to schedule/run tests from > the server? > > * How are test-results to be secured, should all users be able to > view them? Do 'secret' test results need to be filtered/obfuscated? > > * What other specific conditions/aspects should be restricted? > > -- Chris Evich, RHCA, RHCE, RHCDS, RHCSS Quality Assurance Engineer > e-mail: cevich + `@' + redhat.com o: 1-888-RED-HAT1 x44214 > -- Chris Evich, RHCA, RHCE, RHCDS, RHCSS Quality Assurance Engineer e-mail: cevich + `@' + redhat.com o: 1-888-RED-HAT1 x44214 _______________________________________________ Autotest-kernel mailing list [email protected] https://www.redhat.com/mailman/listinfo/autotest-kernel
