[Engine-patches] Change in ovirt-engine[master]: enigne:Trusted Compute Pools - Open Attestation integration ...

Mon, 13 May 2013 00:55:00 -0700 

ofri masad has posted comments on this change.

Change subject: enigne:Trusted Compute Pools - Open Attestation integration 
with oVirt engine proposal
......................................................................


Patch Set 2: (7 inline comments)

I am missing the initialization mechanism we talked about. we need to set up a 
quartz job which will run on engine start and send an aggregated query to the 
attestation server, in order to save network round-trips.

....................................................
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/attestationbroker/AttestationService.java
Line 72:     }
Line 73: 
Line 74:     public boolean validateHostIsTrusted(VDS vds) {
Line 75:         Set<String> hosts = new HashSet<String>();
Line 76:         hosts.add(vds.gethost_name());
please make sure you are rebased. this method was renamed on Feb 11.
Line 77:         List<AttestationValue> valueList = attestHosts(hosts);
Line 78:         if (valueList.get(0).getTrustLevel() == 
AttestationResultEnum.TRUSTED) {
Line 79:             return true;
Line 80:         } else {


Line 74:     public boolean validateHostIsTrusted(VDS vds) {
Line 75:         Set<String> hosts = new HashSet<String>();
Line 76:         hosts.add(vds.gethost_name());
Line 77:         List<AttestationValue> valueList = attestHosts(hosts);
Line 78:         if (valueList.get(0).getTrustLevel() == 
AttestationResultEnum.TRUSTED) {
simplify: 
return valueList.get(0).getTrustLevel() == AttestationResultEnum.TRUSTED;
Line 79:             return true;
Line 80:         } else {
Line 81:             return false;
Line 82:         }


Line 98:             log.debug("return attested result:" + strResponse);
Line 99:             if (statusCode == 200) {
Line 100:                 values = parsePostedResp(strResponse);
Line 101:             } else {
Line 102:                 String fault = strResponse;
redundant variable 'fault'.
Line 103:                 log.error("attestation error:" + fault);
Line 104:             }
Line 105:         } catch (JsonParseException e) {
Line 106:             log.error(


....................................................
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/attestationbroker/AttestationValue.java
Line 5: 
Line 6: public class AttestationValue {
Line 7: 
Line 8:     private String hostName;
Line 9:     private AttestationResultEnum trustLevel;
Can a host be only trusted/untrusted. otherwise, we may want to use an integer 
value (for example: host trust level is 74%). that way the user could configure 
the trust threshold.
Line 10: 
Line 11:     public AttestationValue() {
Line 12:         trustLevel = AttestationResultEnum.UNKNOWN;
Line 13:     }


....................................................
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitVdsOnUpCommand.java
Line 70:         super(parameters);
Line 71:         setVds(parameters.getVds());
Line 72:     }
Line 73: 
Line 74:     private boolean validateHost() {
please set a more defining name, like validateHostIsTrusted.
Line 75:         if 
(AttestationService.getInstance().validateHostIsTrusted(getVds())) {
Line 76:             return true;
Line 77:         } else {
Line 78:             setNonOperational(NonOperationalReason.GENERAL, null);


Line 74:     private boolean validateHost() {
Line 75:         if 
(AttestationService.getInstance().validateHostIsTrusted(getVds())) {
Line 76:             return true;
Line 77:         } else {
Line 78:             setNonOperational(NonOperationalReason.GENERAL, null);
please add a new NonOperationalReason "UNTRUSTED"
Line 79:             return false;
Line 80:         }
Line 81:     }
Line 82: 


....................................................
File 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/Config.java
Line 39:      *
Line 40:      * @return an absolute path for AttestaionTruststore
Line 41:      */
Line 42:     public static String resolveAttestationTrustStorePath() {
Line 43:         return ConfigUtil.resolvePath(resolveCABasePath(), 
Config.<String> GetValue(ConfigValues.AttestationTruststore));
resolveCABasePath() does not exist any more.
Line 44:     }
Line 45: 


--
To view, visit http://gerrit.ovirt.org/14605
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I8ce3448a821c74521d277f92f2c8d63ba0accfed
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Dave Chen <wei.d.c...@intel.com>
Gerrit-Reviewer: Dave Chen <wei.d.c...@intel.com>
Gerrit-Reviewer: Doron Fediuck <dfedi...@redhat.com>
Gerrit-Reviewer: Omer Frenkel <ofren...@redhat.com>
Gerrit-Reviewer: Tal Nisan <tni...@redhat.com>
Gerrit-Reviewer: ofri masad <oma...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to