v23/security,lib/security: allow for undoing partially complete operations
cosnicolaou opened this issue · comments
Cosmos Nicolaou commented
Setting default blessings involves mutating both the blessings store and the blessings roots which means that a failed attempt to modify one or the other can lead to inconsistent state - see lib/security.SetDefaultBlessings for example.
The APIs should be reworked to allow for rolling back changes to one if the change to the other fails.