)]}'
{
  "log": [
    {
      "commit": "cdb8c78eb7d29e6595053c455141007cb1c13a83",
      "tree": "db17ef01058c8185887e26e31131d62c168a23c7",
      "parents": [
        "6c8d5f9319706be576563b990c875afc0d60d02d"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Mon Feb 17 12:34:02 2020 +0100"
      },
      "committer": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Mon Feb 17 12:34:02 2020 +0100"
      },
      "message": "Revamp DHCP, add basic context management\n\nThis started off as a small change to make the network service DHCP client a bit nicer, and ended up basically me half-assedly starting to add context within Smalltown.\n\nIn my opionion a simple OnStart/OnStop lifecycle management for services will stop working once we have to start handling failing services. I think taking inspiration from Erlang\u0027s OTP and implementing some sort of supervision tree is the way to go. I think this also ties nicely together with Go\u0027s context system, at least partially. Implementing the full supervision tree system is out of scope for this change, but at least this introduces .Context() on the base service struct that service implementations can use. Currently each service has its own background context, but again, this should tie into some sort of supervision tree in the future. There will be a design document for this.\n\nI also rejigger the init code to have a context available immediately, and use that to acquire (with timeout) information about DHCP addresses from the network service.\n\nI also fix a bug where the network service is started twice (once by init, once by the smalltown node code; now the smalltown node code takes in a dependency injected network service instead).\n\nI also fix a bug where OnStop would call OnStart. Whoops.\n\nTest Plan: no new functionality, covered by current tests\n\nBug: T561\n\nX-Origin-Diff: phab/D396\nGitOrigin-RevId: adddf3dd2f140b6ea64eb034ff19533d32c4ef23\n"
    },
    {
      "commit": "aa6b7346a87a5512fbdd5b39db766000c0e10415",
      "tree": "8b7665934b854d4d2ee18e90a289752f8cd85942",
      "parents": [
        "5e0bd2d43ab72cf4091e7689d02f95e07b1c1010"
      ],
      "author": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Thu Dec 12 02:55:02 2019 +0100"
      },
      "committer": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Thu Dec 12 02:55:02 2019 +0100"
      },
      "message": "Attestation \u0026 Identity \u0026 Global Unlock \u0026 Enrolment\n\nThis changes the node startup sequence significantly. Now the following three startup procedures replace the old setup/join mechanic:\n* If no enrolment config is present, automatically bootstrap a new cluster and become master for it.\n* If an enrolment config with an enrolment token is present, register with the NodeManagementService.\n* If an enrolment config without an enrolment token is present, attempt a normal cluster unlock.\n\nIt also completely revamps the GRPC management services:\n* NodeManagementService is a master-only service that deals with other nodes and has a cluster-wide identity\n* NodeService is only available in unlocked state and keyed with the node identity\n* ClusterManagement is now a master-only service that\u0027s been spun out of the main NMS since they have very different authentication models and also deals with EnrolmentConfigs\n\nThe TPM support library has also been extended by:\n* Lots of integrity attestation and verification functions\n* Built-in AK management\n* Some advanced policy-based authentication stuff\n\nAlso contains various enhancements to the network service to make everything work in a proper multi-node environment.\n\nLots of old code has been thrown out.\n\nTest Plan: Passed a full manual test of all three startup modes (bootstrap, enrolment and normal unlock) including automated EnrolmentConfig generation and consumption in a dual-node configuration on swtpm / OVMF.\n\nBug: T499\n\nX-Origin-Diff: phab/D291\nGitOrigin-RevId: d53755c828218b1df83a1d7ad252c7b3231abca8\n"
    },
    {
      "commit": "7ba3152b450889e81e85a02bd2e28f992edba2b0",
      "tree": "f543b51e889ff997beff6780e86a2eb4aab6aa50",
      "parents": [
        "71049afd7c1828f5deb660c059527e5d99e8d1c7"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Mon Feb 03 16:08:19 2020 +0100"
      },
      "committer": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Mon Feb 03 16:08:19 2020 +0100"
      },
      "message": "core/internal/api: use gRPC statuses as much as possible\n\nReturning plain go errors via gRPC will always result in a gRPC \u0027INTERNAL\u0027 error code, which is suboptimal. We go ahead and semanticize some of the possible error paths, and at the same time:\n\n - swallow some internal errors into logs and serve sanitized errors\n - move some of the internal service implementations to also use gRPC statuses\n - change a panic() call into a status.Unimplemented return type\n\nThere\u0027s still plenty work to be done on this front, but this is a good first change.\n\nTest Plan: if this is not covered by tests we\u0027re screwed anyways\n\nX-Origin-Diff: phab/D366\nGitOrigin-RevId: 71880a9e23c65631d6c4df6338855864c34bb11f\n"
    },
    {
      "commit": "6e8f69c53a2c82f5a760ab2e8152218cc86f3430",
      "tree": "1556b56e0a0cdb5108c301dc88710b5b2d74ba1b",
      "parents": [
        "b7a18fd9be7732e9ed9b29f33b7f545916da207b"
      ],
      "author": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Mon Nov 18 10:44:24 2019 +0100"
      },
      "committer": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Mon Nov 18 10:44:24 2019 +0100"
      },
      "message": "Initial Kubernetes Control Plane\n\nThis adds a minimum viable Kubernetes Control Plane consisting of a\nkube-apiserver, kube-controller-manager and kube-scheduler. It contains\ntwo small CAs for Kubernetes Identity management based on shared\ncertificates and contains changes for exposing etcd via UNIX socket\nso that the apiserver can talk to it.\n\nTest Plan:\nTested by manually calling Setup() and observing subsequent logs and\nconnecting to the API server.\n\nBug: T485\n\nX-Origin-Diff: phab/D271\nGitOrigin-RevId: e56f3e50eb9d33ea291289faa1aac3bebdeb3346\n"
    },
    {
      "commit": "68c58755e0a56e1b1c565d80f99056ec4948fbec",
      "tree": "f122ab392769d33620077c65ddf0f0a3aed43d1c",
      "parents": [
        "5ed291ea1833ffd07665b6194f7b6db2b7c1c4aa"
      ],
      "author": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Thu Nov 14 21:00:59 2019 +0100"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Thu Nov 14 21:00:59 2019 +0100"
      },
      "message": "Improve documentation, remove dead code plus some minor refactorings\n\nThis improves our code-to-comments ratio by a lot.\n\nOn the refactorings:\n\n- Simplify the cluster join mode to just a single protobuf message -\n  a node can either join an existing cluster or bootstrap a new one.\n  All of the node-level setup like hostname and trust backend is done\n  using the setup call, since those are identical for both cases.\n\n- We don\u0027t need a node name separate from the hostname. Ideally, we would\n  get rid of IP addresses for etcd as well.\n\n- Google API design guidelines suggest the `List` term (vs. `Get`).\n\n- Add username to comments for consistency. I think the names provide\n  useful context, but git blame is a thing. What do you think?\n\n- Fixed or silenced some ignored error checks in preparation of using\n  an errcheck linter. Especially during early boot, many errors are\n  obviously not recoverable, but logging them can provide useful debugging info.\n\n- Split up the common package into smaller subpackages.\n\n- Remove the audit package (this will be a separate service that probably\n  uses it own database, rather than etcd).\n\n- Move storage constants to storage package.\n\n- Remove the unused KV type.\n\nI also added a bunch of TODO comments with discussion points.\nAdded both of you as blocking reviewers - please comment if I\nmisunderstood any of your code.\n\nTest Plan: Everything compiles and scripts:launch works (for whatever that\u0027s worth).\n\nX-Origin-Diff: phab/D235\nGitOrigin-RevId: 922fec5076e8d683e1138f26d2cb490de64a9777\n"
    },
    {
      "commit": "a4ea9d03f1fb4248739392615967eaf07842e74b",
      "tree": "e2b8e2e3d9aa83ca7f650f2a0d972023869c1d3b",
      "parents": [
        "e47ace84cb3e30375dcb4236c17ee9710a77a6ad"
      ],
      "author": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Thu Oct 31 11:40:30 2019 +0100"
      },
      "committer": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Thu Oct 31 11:40:30 2019 +0100"
      },
      "message": "Added bootstrap CA\n\nThis adds a self-contained CA for bootstrapping and securing etcd\nusing certificates of infinite duration and a CRL for near-instant\nrevocation.\n\nThe bootstrapping problem is addressed by first\ngenerating the CA and issuing initial certificates and then\ninjecting them once the consensus system is up and running.\nAll files are also kept on the encrypted persistent data store to\nprevent the same bootstrapping problem when the node is already\ninitialized. The CRL is synchronized using a sync loop on every\nnode running the consensus service and distributed inside that.\n\nThe CA uses Ed25519-based cryptography and identifies the\nhosts by their external hostname.\n\nTest Plan:\nInitial bootstrapping manually tested on a single node using a\nmanual gRPC call for Setup() and openssl s_client for connecting\nto etcd.\n\nX-Origin-Diff: phab/D233\nGitOrigin-RevId: bd67818b5b649b13e0c098e480059ef990826542\n"
    },
    {
      "commit": "0d7c91e331022831a974c2e34d32bb5b89ddc89c",
      "tree": "5b822873c015053f4b697d60c33fa3b1ef9a3a4b",
      "parents": [
        "043daa57020dd36e074488dcb432114a548a3d2a"
      ],
      "author": {
        "name": "Hendrik Hofstadt",
        "email": "hendrik@certus.one",
        "time": "Wed Oct 23 21:44:47 2019 +0200"
      },
      "committer": {
        "name": "Hendrik Hofstadt",
        "email": "hendrik@certus.one",
        "time": "Wed Oct 23 21:44:47 2019 +0200"
      },
      "message": "Implement monorepo layout\n\nImplemented the nexantic monorepo.\n\nSmalltown code was moved to `core`. From now on all code will live in top level directories named after the projects with the exception for general purpose libraries which should go to `\u003clang\u003elibs`.\n\nGeneral build and utility folders are underscore prefixed.\n\nThe repo name will from now on be rNXT (nexantic). I think this change makes sense since components in this repo will not all be part of Smalltown, the Smalltown brand has been claimed by Signon GmbH so we need to change it anyway and the longer we wait the harder it will be to change/move it.\n\nTest Plan: Launched Smalltown using `./scripts/bin/bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D210\nGitOrigin-RevId: fa5a7f08143d2ead2cb7206b4c63ab641794162c\n"
    }
  ]
}