Roadmap for official Rust agent

[lkatalin]

This is an issue to keep track of todo items around deprecating the current Python agent and instead using the Rust agent as the official Keylime agent. This is meant to be changed and updated and to be a discussion starter, so please add comments!

High level

• CI in Keylime repo should pass using the Rust agent (Rust agent fails main Keylime CI when getting pub keys or identity quote rust-keylime#441)
• Load testing with the Rust agent (to be done by end of Aug. @maugustosilva @galmasi )

Python agent side

• Optional Remove loading of revocation actions as Python modules (Path to deprecation for loading revocation actions as Python modules #884)

Rust agent side

• Re-enable option to disable mTLS (Add option to disable mTLS rust-keylime#365)
• Ability to run as non-root (Drop privileges after startup rust-keylime#364)
• Remove wiremock dependency (registrar_agent: Mock without wiremock rust-keylime#301)
• Optional Remove loading of revocation actions as Python modules (Remove Python shim once loading rev actions as module is deprecated in Python agent rust-keylime#325 and Make support for legacy python revocation actions optional rust-keylime#377)
• Fix measured boot regression (quotes_handler: Rewind measured boot log file rust-keylime#384)
• Add dependabot automation (Add dependabot for automatic dependency updates rust-keylime#399)
• Try Rust agent with TOML-based config file (Improve configuration and change format to TOML rust-keylime#449)
• Better testing
  • Add Packit CI testing (CI: Add packit to run end-to-end tests rust-keylime#370)
  • Optional Address outstanding issues in integration testing
• Make testing Rust agent mandatory in .ci/run_local.sh (Enable testing of Rust agent as well as Python by default #1109)
• Release of Rust agent 0.1.0 (or higher)

Post-release of 0.1.0 Rust agent

• Update keylime/keylime documentation to refer to Rust agent (Make Rust agent offical, improve docs #1121)
• Add warning that Python agent will be deprecated (Mark Python agent with deprecation warning #1111)
• Better documentation on Rust agent repo (to be defined)

After Python agent deprecation period (end of Q4 2022)

• Remove Python agent-specific dependencies from packaging
• Remove Rust agent-specific env vars from testing
• Remove running of tests on Python agent in .ci/run_local.sh

[lkatalin]

cc @mpeters @ueno @ansasaki @maugustosilva @lukehinds

[lkatalin]

This list was created from some conversations on Slack:

https://cloud-native.slack.com/archives/C01ARE2QUTZ/p1650650434797609
https://cloud-native.slack.com/archives/C01ARE2QUTZ/p1651073817395479

[THS-on]

@lkatalin with the next release the Rust agent will be the only one. I think can close this issue as completed 🎉

[lkatalin]

@THS-on Amazing! Can/should we check off the last 3 items under "python agent deprecation" too?

[THS-on]

@lkatalin there are still some leftovers in the e2e tests referencing the rust agent specifically and I'll double check if we can drop some Python dependencies.

[ansasaki]

I'm closing this as complete. The rust agent is now the only implementation.