)]}'
{
  "log": [
    {
      "commit": "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9",
      "tree": "37e0b443caf904f0b78d423ba6580c1416f5bc11",
      "parents": [
        "9ffa1f9577003ab70a6b483475874f3552d1ccc3"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@monogon.tech",
        "time": "Wed Sep 01 15:03:06 2021 +0200"
      },
      "committer": {
        "name": "Sergiusz Bazanski",
        "email": "serge@monogon.tech",
        "time": "Fri Sep 03 11:15:40 2021 +0000"
      },
      "message": "m/n/core/rpc: create library for common gRPC functions\n\nThis is the beginning of consolidating all gRPC-related code into a\nsingle package.\n\nWe also run the Curator service publicly and place it behind a new\nauthorization permission bit. This is in preparation for Curator\nfollowers needing access to this Service.\n\nSome of the service split and authorization options are likely to be\nchanged in the future (I\u0027m considering renaming Curator to something\nelse, or at least clearly stating that it\u0027s a node-to-node service).\n\nChange-Id: I0a4a57da15b35688aefe7bf669ba6342d46aa3f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/316\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n"
    },
    {
      "commit": "9ffa1f9577003ab70a6b483475874f3552d1ccc3",
      "tree": "a688d02424e8601ed830d12021b5867688d31438",
      "parents": [
        "6bd415920b84bd695038caeb386f1e97184f0c51"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@monogon.tech",
        "time": "Wed Sep 01 15:42:23 2021 +0200"
      },
      "committer": {
        "name": "Sergiusz Bazanski",
        "email": "serge@monogon.tech",
        "time": "Thu Sep 02 10:38:15 2021 +0000"
      },
      "message": "m/n/core/curator: authenticated RPC\n\nThis adds authentication middleware (server interceptors) for gRPC\nservices running on the public curator listener.\n\nMost of this code is testing harnesses to start up just the curator\nlistener with enough of a PKI infrastructure copy from a real Metropolis\ncluster to be able to start running tests against GetRegisterTicket.\n\nChange-Id: I429ff29e3c1233d74e8da619ddb543d56bc051b9\nReviewed-on: https://review.monogon.dev/c/monogon/+/311\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n"
    },
    {
      "commit": "a41caacc71418f7307d851fad95991cf80bdcb41",
      "tree": "cbcf9af76f29ccb94b7c2b94d75f1e8eb39cfb3d",
      "parents": [
        "5253884d51cb64c1d1afcb2d7b969f7c2b50b302"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@monogon.tech",
        "time": "Thu Aug 12 17:00:55 2021 +0200"
      },
      "committer": {
        "name": "Sergiusz Bazanski",
        "email": "serge@monogon.tech",
        "time": "Thu Aug 19 10:20:55 2021 +0000"
      },
      "message": "m/pkg/pki: forbid External/Managed certificates without name\n\nThis ensures any stored certificates must have a name set - otherwise\nthey end up being created with an empty string as a name, and end up\ncolliding with eachother.\n\nChange-Id: I9e415b6ff89dbda179526920d58e33e638a28cec\nReviewed-on: https://review.monogon.dev/c/monogon/+/286\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n"
    },
    {
      "commit": "5253884d51cb64c1d1afcb2d7b969f7c2b50b302",
      "tree": "10a6bf03472e9c14da2515ea7755d74bb3f660e6",
      "parents": [
        "99f477412a2e701f89f7698be1dd432adcfff17c"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@monogon.tech",
        "time": "Wed Aug 11 16:22:41 2021 +0200"
      },
      "committer": {
        "name": "Sergiusz Bazanski",
        "email": "serge@monogon.tech",
        "time": "Thu Aug 19 10:20:55 2021 +0000"
      },
      "message": "m/pkg/pki: refactor, allow for external certificates\n\nThe pki library supported managing certificates in two modes:\n\n - default, when name !\u003d \"\"\n - volatile/ephemeral, when name \u003d\u003d \"\"\n\nThe difference between the two being that default certificates were\nfully stored in etcd (key and x509 certificate), while volatile\ncertificates weren\u0027t stored at all. However, both kinds needed private\nkeys passed to the pki library.\n\nWe want to be able to emit certificates without having private keys for\nthat certificate, so we end up a third mode of operation: \u0027external\ncertificates\u0027. These are still stored in etcd, but without any\ncorresponding private key.\n\nIn the future we might actually get rid of ephemeral certificates by\nexpanding the logic of external certificates to provide a full audit log\nand revocation system, instead of matching by Certificate Name. But this\nwill do for now.\n\nWe also use this opportunity to write some simple tests for this\npackage.\n\nChange-Id: I193f4b147273b0a3981c38d749b43362d3c1b69a\nReviewed-on: https://review.monogon.dev/c/monogon/+/263\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n"
    },
    {
      "commit": "216fe7b3ae949376467f626f339423a31ea7da97",
      "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b",
      "parents": [
        "6ebdc418f3c4799c12368e34ea78dc9c9757fb54"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Fri May 21 18:36:16 2021 +0200"
      },
      "committer": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Fri May 28 17:54:03 2021 +0200"
      },
      "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n"
    },
    {
      "commit": "9411f7c2ed0afbbf617075ab37901addc76fadfb",
      "tree": "f1f62aa538ba3c2265815d2dbe942377264850a5",
      "parents": [
        "0de189355c6afad6f677029d90fa40dee824141b"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Wed Mar 10 13:12:53 2021 +0100"
      },
      "committer": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Wed Mar 10 13:12:53 2021 +0100"
      },
      "message": "m/node/kubernetes/pki: refactor out CA functionality\n\nThis factors out all non-k8s-specific CA functionality from\nmetropolis/node/kubernetes/pki into metropolis/pkg/pki.\n\nThis will allow us to re-use the same PKI-in-CA system to issue\ncertificates for the Metropolis cluster and nodes.\n\nWe also drive-by change some Kubernetes/PKI interactions to make things\ncleaner. Notably, this implements Certificate.Mount to return a\nfileargs.FileArgs containing all the files neede to use this\nCertificate.\n\nTest Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.\n\nX-Origin-Diff: phab/D709\nGitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad\n"
    }
  ]
}