| commit | 0c2801516b5191472bd4bc1a07ab6f414a805b27 | [log] [tgz] |
|---|---|---|
| author | Serge Bazanski <serge@monogon.tech> | Mon Feb 05 14:33:19 2024 +0100 |
| committer | Serge Bazanski <serge@monogon.tech> | Thu Feb 08 11:10:07 2024 +0000 |
| tree | ddcffa8351f934c0a7066a6341b8bc6888e90ab3 | |
| parent | ad86a55c9c507478e2c4989f50912d7869164066 [diff] |
m/n/core/rpc: limit API footgun availability
This unifies the interface of the
New{Ephemeral,Authenticated}Credentials calls. They now use the same set
of CredentialsOpt options which allows both calls to request a
particular verification of the remote side of the connection.
NewEphemeralCredentials also now requires an explicit WantInsecure
option which surfaces attempts to dial the cluster without CA/node
verification.
Change-Id: Ibb65cb0952f6ff2092a3f55fe1c5a31bd2b72b36
Reviewed-on: https://review.monogon.dev/c/monogon/+/2741
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
This is the main repository containing the source code for the Monogon Platform.
This is pre-release software - take a look, and check back later!
Our build environment is self-contained and requires only minimal host dependencies:
/dev/kvm (if you want to run tests).Our docs assume that Bazelisk is available as bazel on your PATH.
Refer to SETUP.md for detailed instructions.
Build CLI and node image:
bazel build //metropolis/cli/dbg //:launch --config dbg
Launch an ephemeral test node:
bazel test //:launch --config dbg --test_output=streamed
Run a kubectl command while the test is running:
bazel-bin/metropolis/cli/dbg/dbg_/dbg kubectl describe node
Run full test suite:
bazel test --config dbg //...