Add keybridge satellite service #164
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
phlogistonjohn
changed the title
phlogistonjohn
force-pushed
the
jjm-keybridge
branch
2 times, most recently
from
472129b to
1601762
Compare
Fixes: samba-in-kubernetes#160 While it's not strictly necessary to make the protobuf file(s) part of the python library because we generate the code ahead of time this silences a warning from setuptools as well as making the file part of the library, so it's distributed along with the code - which could possibly be helpful in some situations. And it will be consistent with our plans for varlink interface files, which do *need* to be part of the library. Signed-off-by: John Mulligan <[email protected]>
phlogistonjohn
force-pushed
the
jjm-keybridge
branch
from
55edd63 to
b58a8b5
Compare
|
I don't this this is necessarily 100% complete for all of our KMIP needs but I think it's sufficient for now, enough to be reviewed and possibly merged. Other bugs and features can be tackled in later PRs. |
phlogistonjohn
requested review from
Shwetha-Acharya,
anoopcs9,
avanthakkar,
gd,
spuiuk and
synarete
synarete
reviewed
Jul 14, 2025
anoopcs9
reviewed
Jul 14, 2025
sambacc/varlink/interfaces/org.samba.containers.keybridge.varlink
Outdated
Show resolved
Hide resolved
Define a simple-ish interface for fetching data blobs from a peer service. The intent is that the backing service can be a basic key-value store or a more complex secret store. The keybridge server encapsulates the complexity of talking to a web-service or whatnot requiring the client to only deal with identifying the scope and key to fetch the value. Plus debugging and introspection stuff. Signed-off-by: John Mulligan <[email protected]>
Add a new keybridge extra. It will be used to build a server that depends on varlink and kmip libraries. Adding it now allows mypy to do it's thing. Signed-off-by: John Mulligan <[email protected]>
Signed-off-by: John Mulligan <[email protected]>
Signed-off-by: John Mulligan <[email protected]>
phlogistonjohn
force-pushed
the
jjm-keybridge
branch
from
b58a8b5 to
6af69af
Compare
phlogistonjohn
force-pushed
the
jjm-keybridge
branch
from
8d6053a to
4f987c3
Compare
|
Was also missing a new |
anoopcs9
reviewed
Jul 15, 2025
Shwetha-Acharya
requested changes
Jul 15, 2025
The sambacc varlink server types wrap the python varlink libraries types allowing it to more flexibly initialize the services (aka endpoints). Signed-off-by: John Mulligan <[email protected]>
Signed-off-by: John Mulligan <[email protected]>
Signed-off-by: John Mulligan <[email protected]>
Signed-off-by: John Mulligan <[email protected]>
Instead of constantly having to define new dedicated subcommands for things that don't fit neatly under the `samba-container` umbrella, create a new concept for things provided by sambacc that "orbit" the samba & smbd processes but are very optional in most scenarios. Establish the keybridge server as our first satellite. The keybridge server can be set up via the sambacc config or configured/customized by command line values. In particular, the TLS credentials needed for KMIP can be specified on the command line while the other params are in the file because of ceph-shaped reasons. Signed-off-by: John Mulligan <[email protected]>
Add the new varlink and kmip related packages to the list in the setuptools config. Sort the list of packages so it's easier to read and understand. Signed-off-by: John Mulligan <[email protected]>
Signed-off-by: John Mulligan <[email protected]>
Add the samba-satellite script to the setup.cfg configuration as well as the example RPM spec file. Signed-off-by: John Mulligan <[email protected]>
Signed-off-by: John Mulligan <[email protected]>
I am certain that the .varlink and .proto files were being added to the source tarballs and wheels. However, when testing the container image I found that they were missing from the RPM. After mostly fruitless web searches and some pretty nonsense LLM responses I closely read the output being generated by the rpm python tools and revisited the docs and it managed to loosen something up to revisit MANIFEST.in and... it worked. Signed-off-by: John Mulligan <[email protected]>
phlogistonjohn
force-pushed
the
jjm-keybridge
branch
from
c86f8d4 to
aca87d7
Compare
anoopcs9
approved these changes
Jul 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A satellite service is a service provided by sambacc that "orbits" smbd or another core samba daemon, providing it optional enhanced features.
Our first sattelite service is
keybridge- a server process that provides a varlink based RPC over a local unix socket. The keybridge server acts like a key-value store, where keys are embedded in a particular scope. That scope can be simple - such as a mapping in memory - or complex such as a KMIP client. Keybridge exists to hide complexity from smbd allowing it to focus on getting key material using this simple API.