Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Update IPSec protobuf API to CRUD model #446

Closed
sandersms opened this issue Mar 8, 2024 · 1 comment
Closed

[security] Update IPSec protobuf API to CRUD model #446

sandersms opened this issue Mar 8, 2024 · 1 comment
Labels
enhancement New feature or request network API or code related to network area security APIs or code related to security area (e.g. ipsec)

Comments

@sandersms
Copy link
Contributor

sandersms commented Mar 8, 2024
edited
Loading

The current IPSec protobuf API follows a service model of specific rpc commands instead of a CRUD model. The API needs to be refactored to the Create, Update, List, Delete, Get structure of commands. This will allow for various offloads of IPSec to be supported.

The current support is focused toward strongswan and other options for IPSec support need to be accommodated. Other options for IPSec could be openswan, racoon, etc.
@sandersms sandersms added enhancement New feature or request security APIs or code related to security area (e.g. ipsec) network API or code related to network area labels Mar 8, 2024
@sandersms
Copy link
Contributor Author

We may want to expand this for VPNs in general or create an API that addresses VPNs to cover alternatives such as wireguard, OpenVPN, and others that are alternatives to IPSec and IKEv2.

stevedoyle added a commit to stevedoyle/opi-api that referenced this issue Jun 24, 2024
@stevedoyle
refactor(security)!: Change API to a CRUD API
00668d2 
Update the OPI security API to use CRUD operations and to use more
non-implementation specific types. The v1 API messages were very specifc
to a strongSwan implementation. This version updates the API to
align with the more generic types from the IETF yang model described
in RFC 9061.

Using an API version tag of v2alpha1 as the API is not backwards
compatible with the v1 IPsec APIs.

Adpoting protobuf naming conventions for all messages and services.

fixes: opiproject#446, opiproject#104

BREAKING-CHANGE: Breaks compatiblity with the existing OPI security
API definition.

Signed-off-by: Stephen Doyle <stephen.doyle@intel.com>
@stevedoyle stevedoyle mentioned this issue Jun 24, 2024
Merged
stevedoyle added a commit to stevedoyle/opi-api that referenced this issue Jun 24, 2024
@stevedoyle
refactor(security)!: Change API to a CRUD API
12a4fba 
Update the OPI security API to use CRUD operations and to use more
non-implementation specific types. The v1 API messages were very specifc
to a strongSwan implementation. This version updates the API to
align with the more generic types from the IETF yang model described
in RFC 9061.

Using an API version tag of v2alpha1 as the API is not backwards
compatible with the v1 IPsec APIs.

Adpoting protobuf naming conventions for all messages and services.

fixes: opiproject#446, opiproject#104

BREAKING-CHANGE: Breaks compatiblity with the existing OPI security
API definition.

Signed-off-by: Stephen Doyle <stephen.doyle@intel.com>
stevedoyle added a commit to stevedoyle/opi-api that referenced this issue Jun 24, 2024
@stevedoyle
refactor(security)!: change API to a CRUD API
840235f 
Update the OPI security API to use CRUD operations and to use more
non-implementation specific types. The v1 API messages were very specifc
to a strongSwan implementation. This version updates the API to
align with the more generic types from the IETF yang model described
in RFC 9061.

Using an API version tag of v2alpha1 as the API is not backwards
compatible with the v1 IPsec APIs.

Adpoting protobuf naming conventions for all messages and services.

fixes: opiproject#446, opiproject#104

BREAKING-CHANGE: Breaks compatiblity with the existing OPI security
API definition.

Signed-off-by: Stephen Doyle <stephen.doyle@intel.com>
stevedoyle added a commit to stevedoyle/opi-api that referenced this issue Jun 24, 2024
@stevedoyle
refactor(security)!: change API to a CRUD API
c97b78b 
Update the OPI security API to use CRUD operations and to use more
non-implementation specific types. The v1 API messages were very specifc
to a strongSwan implementation. This version updates the API to
align with the more generic types from the IETF yang model described
in RFC 9061.

Using an API version tag of v2alpha1 as the API is not backwards
compatible with the v1 IPsec APIs.

Adpoting protobuf naming conventions for all messages and services.

fixes: opiproject#446, opiproject#104

BREAKING-CHANGE: Breaks compatiblity with the existing OPI security
API definition.

Signed-off-by: Stephen Doyle <stephen.doyle@intel.com>
stevedoyle added a commit to stevedoyle/opi-api that referenced this issue Jun 28, 2024
@stevedoyle
refactor(security)!: change API to a CRUD API
383d344 
Update the OPI security API to use CRUD operations and to use more
non-implementation specific types. The v1 API messages were very specifc
to a strongSwan implementation. This version updates the API to
align with the more generic types from the IETF yang model described
in RFC 9061.

Using an API version tag of v2alpha1 as the API is not backwards
compatible with the v1 IPsec APIs.

Adpoting protobuf naming conventions for all messages and services.

fixes: opiproject#446, opiproject#104

BREAKING-CHANGE: Breaks compatiblity with the existing OPI security
API definition.

Signed-off-by: Stephen Doyle <stephen.doyle@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request network API or code related to network area security APIs or code related to security area (e.g. ipsec)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sandersms