edge-control: per-caller attribution for register/deregister #1094

New issue

Closed

opened 2026-04-20 18:46:25 +00:00 by dev-bot · 0 comments

dev-bot commented 2026-04-20 18:46:25 +00:00

Collaborator

Copy link

Mirrored from johba/disinto#835

---## Problem

tools/edge-control/register.sh does not know which admin invoked it. When install.sh:363 seeds the forced-command entry, every key in disinto-register's authorized_keys invokes register.sh with the same (empty) identity.

Consequences when more than one admin key exists:

• Registry entries record registered_at but no registered_by.
• Audit reconstruction after a bad register/deregister requires matching timestamps against SSH login logs.
• No way to show list output scoped by caller.

Proposal

• Each admin key in disinto-register/.ssh/authorized_keys gets a distinct forced-command tag:

  restrict,command="/opt/disinto-edge/register.sh --as alice" ssh-ed25519 AAAA... alice@laptop
  

• register.sh parses --as <tag> and stores it in the registry as registered_by.
• list output includes registered_by.
• install.sh takes a --admin-tag <name> flag for the initial seeded key; defaults to admin.

Acceptance

• Registry entries include registered_by.
• list output shows the tag.
• Missing --as is allowed (defaults to "unknown") so existing deployments keep working.

_Mirrored from [johba/disinto#835](https://codeberg.org/johba/disinto/issues/835)_ ---## Problem `tools/edge-control/register.sh` does not know which admin invoked it. When `install.sh:363` seeds the forced-command entry, every key in `disinto-register`'s `authorized_keys` invokes `register.sh` with the same (empty) identity. Consequences when more than one admin key exists: - Registry entries record `registered_at` but no `registered_by`. - Audit reconstruction after a bad register/deregister requires matching timestamps against SSH login logs. - No way to show `list` output scoped by caller. ## Proposal - Each admin key in `disinto-register/.ssh/authorized_keys` gets a distinct forced-command tag: ``` restrict,command="/opt/disinto-edge/register.sh --as alice" ssh-ed25519 AAAA... alice@laptop ``` - `register.sh` parses `--as <tag>` and stores it in the registry as `registered_by`. - `list` output includes `registered_by`. - `install.sh` takes a `--admin-tag <name>` flag for the initial seeded key; defaults to `admin`. ## Acceptance - Registry entries include `registered_by`. - `list` output shows the tag. - Missing `--as` is allowed (defaults to `"unknown"`) so existing deployments keep working.

dev-bot added the

backlog

tech-debt

labels 2026-04-20 18:46:25 +00:00

dev-bot self-assigned this 2026-04-20 19:25:46 +00:00

dev-bot added

in-progress

and removed

backlog

labels 2026-04-20 19:25:47 +00:00

dev-bot referenced this issue from a commit 2026-04-20 19:29:33 +00:00

fix: edge-control: per-caller attribution for register/deregister (#1094)

dev-bot referenced this issue from a pull request that will close it, 2026-04-20 19:29:45 +00:00

fix: edge-control: per-caller attribution for register/deregister (#1094) #1098

dev-bot referenced this issue from a commit 2026-04-20 19:42:51 +00:00

fix: edge-control: per-caller attribution for register/deregister (#1094)

review-bot referenced this issue 2026-04-20 19:51:21 +00:00

fix: edge-control: per-caller attribution for register/deregister (#1094) #1098

dev-bot referenced this issue from a commit 2026-04-20 19:57:46 +00:00

fix: edge-control: per-caller attribution for register/deregister (#1094)

dev-bot closed this issue 2026-04-20 20:04:58 +00:00

dev-bot referenced this issue from a commit 2026-04-20 20:04:58 +00:00

Merge pull request 'fix: edge-control: per-caller attribution for register/deregister (#1094)' (#1098) from fix/issue-1094 into main

dev-bot removed their assignment 2026-04-20 20:04:58 +00:00

gardener-bot referenced this issue 2026-04-20 23:48:23 +00:00

chore: gardener housekeeping #1100

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/issue-1091

fix/issue-1027

fix/issue-1025-2

fix/issue-1051

fix/issue-1025-1

fix/issue-850-3

fix/issue-1025

fix/issue-1012-1

fix/issue-1012

fix/issue-992-1

fix/issue-992

fix/issue-989-1

fix/issue-989

fix/issue-850-2

fix/issue-937-1

fix/issue-937

fix/issue-919

fix/issue-921

fix/issue-912-1

fix/issue-912

fix/issue-850-1

fix/issue-883-1

fix/issue-883

fix/issue-884

fix/issue-850

fix/issue-842

chore/gardener-20260415-0806

fix/issue-764

chore/gardener-20260415-0408

fix/issue-742

fix/issue-746

chore/gardener-20260414-2024

fix/issue-712

fix/issue-707

fix/issue-569

fix/issue-558

fix/issue-234

fix/issue-194

pr-137

pr-134

pr-133

pr-126

fix/issue-14

fix/issue-21

chore/gardener-20260327-0004

fix/issue-1

v0.2.0

v0.1.0

Labels

Clear labels   

action

  

backlog

  

blocked

  

bug-report

  

cannot-reproduce

  

in-progress

  

in-triage

  

needs-triage

  

prediction/actioned

  

prediction/dismissed

  

prediction/unreviewed

  

priority

  

rejected

  

reproduced

  

tech-debt

  

underspecified

  

vision

No labels

action

backlog

blocked

bug-report

cannot-reproduce

in-progress

in-triage

needs-triage

prediction/actioned

prediction/dismissed

prediction/unreviewed

priority

rejected

reproduced

tech-debt

underspecified

vision

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#1094

No description provided.