owned this note
owned this note
Published
Linked with GitHub
# FIPS user stories
## General
* As a user, I can run Pulp 3 in FIPS-enabled mode.
* Pulp will support all of the default checksums (see below) including md5 and sha-1 in FIPS mode
* As a user, when I migrate from Pulp 2, I get the default set of checksums that I can then later modify
* In other words, we will migrate all of the checksum information from Pulp 2
## Configuring Pulp
* As a user, I can configure which checksums I want pulp to use when dealing with content by setting `ALLOWED_CONTENT_CHECKSUMS`
* The default list is md5, sha-1, sha-224, sha-256, sha-384, sha-512
* ALLOWED_CONTENT_CHECKSUMS must be a subset of: md5, sha-1, sha-224, sha-256, sha-384, sha-512
* As a user, I can change `ALLOWED_CONTENT_CHECKSUMS` after I have content in Pulp
* User must run the `handle-artifact-checksums` command (see Reporting & Updating section)
## Startup Checks
* As a user, I get a warning at start time if I have on-demand content checksums that are not in `ALLOWED_CONTENT_CHECKSUMS`
* As a user, Pulp refuses to start if I have immediate content that are non compliant with `ALLOWED_CONTENT_CHECKSUMS`
* This can be fixed by running the `handle-artifact-checksums` command
## Reporting & Updating Pulp's Checksums
* As a user, I can fix immediate content checksums to be compliant with `ALLOWED_CONTENT_CHECKSUMS`
* The `handle-artifact-checksums` command will add artifact checksums missing from `ALLOWED_CONTENT_CHECKSUMS`
* And it will remove checksums from artifact that are not in `ALLOWED_CONTENT_CHECKSUMS`
* As a user, I can evaluate a "what-if scenario" by generating a report of impacted content from a set of user provided checksums (not from `ALLOWED_CONTENT_CHECKSUMS`)
* for immediate content, it will give an idea of how long the switch to the new checksum setting might take
* for on_demand content, it must be clear how many items will be unusable if a user doesn't go back and download that content
* for publications (rpm specific), it would be good to produce a list of affected ones, so user knows what to republish
* This may be hard to do without parsing the published artifacts.
* Also, ALLOWED_CONTENT_CHECKSUMS should apply to user actions, not passed actions/artifacts.
## Possible Runtime Errors
* As a user, I get an error message when I try to sync content and the only available checksum is not in `ALLOWED_CONTENT_CHECKSUMS`
* As a user, I get an error message when I try to create a publication which has content with a checksum that is not in `ALLOWED_CONTENT_CHECKSUMS`
* As a client, I get an error message when I try to consume on_demand content with a checksum that is not in `ALLOWED_CONTENT_CHECKSUMS`
## Questions
* How do we handle the checksums in updateinfo.xml?
* Document that `ALLOWED_CONTENT_CHECKSUMS` doesn't apply to updateinfo.xml?
* [ttereshc] +1
* Can we support running the handle-artifact-checksums command while Pulp is running?
* Maybe allow users to start the process while Pulp is running, take down pulp, then run the handle-artifact-checksums command
* How would we handle RemoteArtifacts that have multiple checksums, one/some of which are 'forbidden'?
* Probably not something that we need to be concerned with initially - file and rpm don't do this "in real life", There Can Be Only One.
* The model allows it - so we need to have a story for handling it 'eventually'
###### tags: `FIPS`
