Full removal of the tenant WebApp

The WebApp was unmaintained and did not support more of the newer features
of Keylime. Therefore it gets removed. If there is enough interest a new
WebApp can be developed by directly using the REST APIs.

Signed-off-by: Thore Sommer <[email protected]>

.github/codeql-config.yml

@@ -1,4 +1,2 @@
 paths:
-  - keylime
-paths-ignore:
-  - keylime/tenant_webapp.py # The webapp is currently mostly unused and introduces too much false positives
+  - keylime

README.md

@@ -20,8 +20,7 @@ remotely attest machines not under their own full control (such as a consumer of
 hybrid cloud or a remote Edge / IoT device in an insecure physical tamper prone
 location.)
 
-Keylime can be driven with a CLI application, web front end, and a set of
-RESTful APIs.
+Keylime can be driven with a CLI application and a set of RESTful APIs.
 
 Keylime consists of three main components; The Verifier, Registrar and the
 Agent.
@@ -281,7 +280,7 @@ the agent starts up properly, then you can proceed.
 ### Provisioning
 
 To kick everything off you need to tell keylime to provision a machine. This can be
-done either with the keylime tenant or webapp.
+done with the keylime tenant.
 
 #### Provisioning with keylime_tenant
 
@@ -303,15 +302,6 @@ For additional advanced options for the tenant utility run:
 
 `keylime_tenant -h`
 
-#### Provisioning with keylime_webapp
-
-There is also a WebApp GUI interface for the tenant, available by
-running `keylime_webapp`.  Next, simply navigate to the WebApp in
-your web browser (https://localhost/webapp/ by default, as specified in `/etc/keylime.conf`).
-
-Note that the webapp must be run on the same machine as the tenant, since it
-uses its keys for TLS authentication in `/var/lib/keylime/`.
-
 ### Using keylime CA
 
 A simple certificate authority is available to use with keylime. You can interact

docs/installation.rst

@@ -74,15 +74,6 @@ You can then start the various components using commands::
     keylime_registrar
     keylime_agent
 
-WebApp
-~~~~~~
-
-The web application can be started with the command `keylime_webapp`. If using
-Vagrant, port 443 will be forwarded from the guest to port 8443 on the host.
-
-This will result in the web application being available on url:
-
-https://localhost:8443/webapp/
 
 Rust Cloud agent
 ~~~~~~~~~~~~~~~

docs/rest_apis.rst

@@ -522,61 +522,6 @@ Cloud Registrar
           "deepquote" : b64,
         }
 
-Tenant WebApp
-~~~~~~~~~~~~~
-
-.. http:get::  /v2.1/agents/
-
-    Get ordered list of registered agents
-
-.. http:get::  /v2.1/agents/{agent_id:UUID}
-
-    Get list of registered agents
-
-.. http:put::  /v2.1/agents/{agent_id:UUID}
-
-    Start agent `agent_id` (For an already bootstrapped `agent_id` agent)
-
-.. http:post::  /v2.1/agents/{agent_id:UUID}
-
-    Add agent `agent_id` to registrar
-
-    **Requires JSON Body**:
-
-    .. sourcecode:: json
-
-      {
-        “ip” : ipaddr,
-        “keyfile_data” : base64,
-        “keyfile_name” : string, (opt)
-        “file_data” : base64,
-        “file_name” : string, (opt)
-        “ca_dir” : string,
-        “ca_dir_pw” : string,
-        “include_dir_data” : base64,
-        “include_dir_name” : string,
-      }
-
-.. http:get::  /v2.1/logs/
-
-          Get terminal log data
-
-.. http:get::  /v2.1/logs/{logType:string}
-
-          Get terminal log data for given logType
-
-          Optional query parameters:
-
-          .. sourcecode:: bash
-
-            pos : int, (opt)
-
-          Example:
-
-          .. sourcecode:: bash
-
-            /v2.1/logs/tenant?pos=#
-
 
 Changelog
 ---------

docs/user_guide/runtime_ima.rst

@@ -198,9 +198,6 @@ within `/etc/keylime.conf`, you can then use `default` as follows::
 
   `keylime_tenant -v 127.0.0.1 -t neptune -f /root/excludes.txt --uuid D432FBB3-D2F1-4A97-9EF7-75BD81C00000 --allowlist default --exclude default`
 
-The allowlist can also be uploaded using the WebApp:
-
-.. image:: /images/allowlist_ui.png
 
 How can I test this?
 --------------------

keylime.conf

@@ -608,19 +608,6 @@ cert_crl_dist=http://localhost:38080/crl
 cfssl_ip = 127.0.0.1
 cfssl_port = 8888
 
-#=============================================================================
-[webapp]
-#=============================================================================
-
-# The webapp's IP address and port on which it can be reached.
-webapp_ip = 127.0.0.1
-webapp_port = 443
-
-# The intervals for populating agents, updating agents and updating terminal.
-populate_agents_interval = 4000
-update_agents_interval = 1500
-update_terminal_interval = 2000
-
 #=============================================================================
 # GLOBAL LOGGING CONFIGURATION
 #=============================================================================

keylime/keylime_logging.py

@@ -7,7 +7,7 @@
 from keylime import config
 
 LOG_TO_FILE = ["registrar", "provider_registrar", "cloudverifier"]
-LOG_TO_STREAM = ["tenant_webapp"]
+LOG_TO_STREAM = []
 LOGDIR = os.getenv("KEYLIME_LOGDIR", "/var/log/keylime")
 # not clear that this works right.  console logging may not work
 LOGSTREAM = os.path.join(LOGDIR, "keylime-stream.log")