)]}' { "commit": "3379a5d0ffcd652031c135f2ffe7600272fa0093", "tree": "6c771e39336d5df9f7d956fadb9578b94b25b174", "parents": [ "6adf8840e846b15b7b34151c3432c886b540f420" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 09 12:56:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:13:53 2021 +0000" }, "message": "m/n/core: factor out gRPC/TLS into rpc and identity libraries\n\nThis is an annoying large change, which started its life as me pulling\nthe \u0027let\u0027s add tests for authentication\u0027 thread, and ended up in\nunifying a whole bunch of dispersed logic under two new libraries.\n\nNotable changes:\n\n - m/n/core/identity now contains the NodeCertificate (now called Node)\n and NodeCredentials types. These used to exist in the cluster code,\n but were factored out to prevent loops between the curator, the\n cluster enrolment logic, and other code. They can now be shared by\n nearly all of the node code, removing the need for some conversions\n between subsystems/packages.\n - Alongside Node{,Credentials} types, the identity package contains\n code that creates x509 certificate templates and verifies x509\n certificates, and has functions specific to nodes and users - not\n clients and servers. This allows moving most of the rest of\n certificate checking code into a single set of functions, and allows\n us to test this logic thoroughly.\n - pki.{Client,Server,CA} are not used by the node core code anymore,\n and can now be moved to kubernetes-specific code (as that was their\n original purpose and that\u0027s their only current use).\n - m/n/core/rpc has been refactored to deduplicate code between the\n local/external gRPC servers and unary/stream interceptors for these\n servers, also allowing for more thorough testing and unified\n behaviour between all.\n - A PeerInfo structure is now injected into all gRPC handlers, and is\n unified to contain information both about nodes, users, and possibly\n unauthenticated callers.\n - The AAA.Escrow implementation now makes use of PeerInfo in order to\n retrieve the client\u0027s certificate, instead of rolling its own logic.\n - The EphemeralClusterCredentials test helper has been moved to the rpc\n library, and now returns identity objects, allowing for simplified\n test code (less juggling of bare public keys and\n {x509,tls}.Certificate objects).\n\nChange-Id: I9284966b4f18c0d7628167ca3168b4b4037808c1\nReviewed-on: https://review.monogon.dev/c/monogon/+/325\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "322a3373bba8aa7f00c752e0ad96b056fc9c34d2", "old_mode": 33188, "old_path": "metropolis/node/core/cluster/BUILD.bazel", "new_id": "2d3e81344ea3a6ef831f8e9687073e566a658691", "new_mode": 33188, "new_path": "metropolis/node/core/cluster/BUILD.bazel" }, { "type": "modify", "old_id": "2905d1727264893ab8443633908bad1448524afd", "old_mode": 33188, "old_path": "metropolis/node/core/cluster/cluster_bootstrap.go", "new_id": "2b3b3339c22e466ac436d9309630e7c33332d038", "new_mode": 33188, "new_path": "metropolis/node/core/cluster/cluster_bootstrap.go" }, { "type": "delete", "old_id": "af5b6547058b6d958ef60381ecf99347350e2de1", "old_mode": 33188, "old_path": "metropolis/node/core/cluster/node.go", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "delete", "old_id": "079d4dcb30bc34ceba4924a90f96578eca0d1f7a", "old_mode": 33188, "old_path": "metropolis/node/core/cluster/node_test.go", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "modify", "old_id": "3f99567c80cd43caa3a30a88328eb212d78ec490", "old_mode": 33188, "old_path": "metropolis/node/core/cluster/status.go", "new_id": "3dbfb56475dfe0a1456d5cc43287396235f94e36", "new_mode": 33188, "new_path": "metropolis/node/core/cluster/status.go" }, { "type": "modify", "old_id": "40f77409e6aa482921d864f678a56ed884dbdb63", "old_mode": 33188, "old_path": "metropolis/node/core/curator/BUILD.bazel", "new_id": "22e237f2477ca63937d50542301230ae012c5a2e", "new_mode": 33188, "new_path": "metropolis/node/core/curator/BUILD.bazel" }, { "type": "modify", "old_id": "98d176a1e7bf9d9aab16351a7f48721ba863857c", "old_mode": 33188, "old_path": "metropolis/node/core/curator/bootstrap.go", "new_id": "e1add0d0cbf6e3065688fd33c7f05be85b5791f6", "new_mode": 33188, "new_path": "metropolis/node/core/curator/bootstrap.go" }, { "type": "modify", "old_id": "35b066ed84e32e302179a104ef76395c7ab6f742", "old_mode": 33188, "old_path": "metropolis/node/core/curator/curator.go", "new_id": "6d16d62eec7d515a3444bd83ca14a87c2e326552", "new_mode": 33188, "new_path": "metropolis/node/core/curator/curator.go" }, { "type": "modify", "old_id": "c67fc99890740e4cbfb8d1ce25b1e4a45155b2e3", "old_mode": 33188, "old_path": "metropolis/node/core/curator/curator_test.go", "new_id": "af87c9e8944c7a97a130b35fd95c26ea2fb0bc06", "new_mode": 33188, "new_path": "metropolis/node/core/curator/curator_test.go" }, { "type": "modify", "old_id": "2f8124abb17fa42f1ef511cb6ab1be14c76b3ded", "old_mode": 33188, "old_path": "metropolis/node/core/curator/impl_leader_aaa.go", "new_id": "dd0d54688a8031a7af2ca0b6e5007b6db0d3c34c", "new_mode": 33188, "new_path": "metropolis/node/core/curator/impl_leader_aaa.go" }, { "type": "modify", "old_id": "eb1db38af7c887bff3f2ff8eb17007ea21d7b32d", "old_mode": 33188, "old_path": "metropolis/node/core/curator/impl_leader_test.go", "new_id": "593830da6b85ccbaced947d2a5b91475e3e05dba", "new_mode": 33188, "new_path": "metropolis/node/core/curator/impl_leader_test.go" }, { "type": "modify", "old_id": "c49eab33c6560f8fd19fd74b58c95bb33661316c", "old_mode": 33188, "old_path": "metropolis/node/core/curator/listener.go", "new_id": "d21d9517cfe0070d2963c1b644a071491fa792d1", "new_mode": 33188, "new_path": "metropolis/node/core/curator/listener.go" }, { "type": "modify", "old_id": "4644f6c870d7ad0e6e4948a763fdb628005c7abc", "old_mode": 33188, "old_path": "metropolis/node/core/curator/listener_test.go", "new_id": "fad7e9219a339710065acacee041f41bd92e1bed", "new_mode": 33188, "new_path": "metropolis/node/core/curator/listener_test.go" }, { "type": "modify", "old_id": "4e2535fe27e80505174cc68967816dc699a7ffb5", "old_mode": 33188, "old_path": "metropolis/node/core/curator/state_node.go", "new_id": "e0763c4c119400653f1c8c8c3bf9363e26503acf", "new_mode": 33188, "new_path": "metropolis/node/core/curator/state_node.go" }, { "type": "modify", "old_id": "5c217c57f1d51d0345fa5a032f1e56e50c524018", "old_mode": 33188, "old_path": "metropolis/node/core/curator/state_pki.go", "new_id": "2384158049281819cd5e76ac4ac869ad8433c598", "new_mode": 33188, "new_path": "metropolis/node/core/curator/state_pki.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "c5b481acb891f275e903c1870e5d7e41d03d0f3a", "new_mode": 33188, "new_path": "metropolis/node/core/identity/BUILD.bazel" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "95b7e0d6234c72047b65929fde22023d95be58ff", "new_mode": 33188, "new_path": "metropolis/node/core/identity/certificates.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "f96f5172ae449cc1ce386958967f244fd344aa7e", "new_mode": 33188, "new_path": "metropolis/node/core/identity/certificates_test.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "862e794c3f99bf513b72b41b21e0f989d76843d9", "new_mode": 33188, "new_path": "metropolis/node/core/identity/identity.go" }, { "type": "modify", "old_id": "9ed2bebe665d984337662895d1a77440f631662f", "old_mode": 33188, "old_path": "metropolis/node/core/main.go", "new_id": "fa768c2bcc98bb530085ff4328b4405cae5d1848", "new_mode": 33188, "new_path": "metropolis/node/core/main.go" }, { "type": "modify", "old_id": "df03356ee189f4c851dcc6c7fc4f40244dd0b6cf", "old_mode": 33188, "old_path": "metropolis/node/core/rpc/BUILD.bazel", "new_id": "d281a923da61e880783e08a91abb559c6ffaa4bc", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/BUILD.bazel" }, { "type": "modify", "old_id": "cc48f95fa0c8277887ea3785b3e04ba454e05fa3", "old_mode": 33188, "old_path": "metropolis/node/core/rpc/client.go", "new_id": "10d2545eb65e92a651039673a360adc9d1c716dc", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/client.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "0a597faeaf85b837680ee19a95bf8140a1165c0d", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/methodinfo.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "a4d685cf9dffc1bb3525a8db4d8f50b69a214ece", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/peerinfo.go" }, { "type": "modify", "old_id": "3d6917d2acf69256cda25465abb5dc4f33a06d0c", "old_mode": 33188, "old_path": "metropolis/node/core/rpc/server.go", "new_id": "70a0a74fade116db6ca6b15fe3818df534e181a8", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/server.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "6ae2618366874645cbece794ce2b13c88b6e3e01", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/server_authentication.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "d383150e79fce7050528c4c79a1c7531d0ae7809", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/server_authentication_test.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "93e4b467af1b5b02b56758d4e37cef97e71ceed3", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/testhelpers.go" }, { "type": "modify", "old_id": "547d73358b66c02c479e4a37be0f8fa848f76eba", "old_mode": 33188, "old_path": "metropolis/pkg/pki/BUILD.bazel", "new_id": "c215ce26e1ca7b0d830ee43c47bd0d1b6741608b", "new_mode": 33188, "new_path": "metropolis/pkg/pki/BUILD.bazel" }, { "type": "delete", "old_id": "f97596765b89bab845259ceaf37d69340c81883d", "old_mode": 33188, "old_path": "metropolis/pkg/pki/testhelpers.go", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "modify", "old_id": "711ed001141846a3a13a9160c34d21133a4f11c9", "old_mode": 33188, "old_path": "metropolis/pkg/supervisor/supervisor_testhelpers.go", "new_id": "b2812c21c524d6fda7f1d66b0782c245a2b16f2b", "new_mode": 33188, "new_path": "metropolis/pkg/supervisor/supervisor_testhelpers.go" } ] }