)]}'
{
  "log": [
    {
      "commit": "a41caacc71418f7307d851fad95991cf80bdcb41",
      "tree": "cbcf9af76f29ccb94b7c2b94d75f1e8eb39cfb3d",
      "parents": [
        "5253884d51cb64c1d1afcb2d7b969f7c2b50b302"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@monogon.tech",
        "time": "Thu Aug 12 17:00:55 2021 +0200"
      },
      "committer": {
        "name": "Sergiusz Bazanski",
        "email": "serge@monogon.tech",
        "time": "Thu Aug 19 10:20:55 2021 +0000"
      },
      "message": "m/pkg/pki: forbid External/Managed certificates without name\n\nThis ensures any stored certificates must have a name set - otherwise\nthey end up being created with an empty string as a name, and end up\ncolliding with eachother.\n\nChange-Id: I9e415b6ff89dbda179526920d58e33e638a28cec\nReviewed-on: https://review.monogon.dev/c/monogon/+/286\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n"
    },
    {
      "commit": "5253884d51cb64c1d1afcb2d7b969f7c2b50b302",
      "tree": "10a6bf03472e9c14da2515ea7755d74bb3f660e6",
      "parents": [
        "99f477412a2e701f89f7698be1dd432adcfff17c"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@monogon.tech",
        "time": "Wed Aug 11 16:22:41 2021 +0200"
      },
      "committer": {
        "name": "Sergiusz Bazanski",
        "email": "serge@monogon.tech",
        "time": "Thu Aug 19 10:20:55 2021 +0000"
      },
      "message": "m/pkg/pki: refactor, allow for external certificates\n\nThe pki library supported managing certificates in two modes:\n\n - default, when name !\u003d \"\"\n - volatile/ephemeral, when name \u003d\u003d \"\"\n\nThe difference between the two being that default certificates were\nfully stored in etcd (key and x509 certificate), while volatile\ncertificates weren\u0027t stored at all. However, both kinds needed private\nkeys passed to the pki library.\n\nWe want to be able to emit certificates without having private keys for\nthat certificate, so we end up a third mode of operation: \u0027external\ncertificates\u0027. These are still stored in etcd, but without any\ncorresponding private key.\n\nIn the future we might actually get rid of ephemeral certificates by\nexpanding the logic of external certificates to provide a full audit log\nand revocation system, instead of matching by Certificate Name. But this\nwill do for now.\n\nWe also use this opportunity to write some simple tests for this\npackage.\n\nChange-Id: I193f4b147273b0a3981c38d749b43362d3c1b69a\nReviewed-on: https://review.monogon.dev/c/monogon/+/263\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n"
    },
    {
      "commit": "216fe7b3ae949376467f626f339423a31ea7da97",
      "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b",
      "parents": [
        "6ebdc418f3c4799c12368e34ea78dc9c9757fb54"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Fri May 21 18:36:16 2021 +0200"
      },
      "committer": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Fri May 28 17:54:03 2021 +0200"
      },
      "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n"
    },
    {
      "commit": "9411f7c2ed0afbbf617075ab37901addc76fadfb",
      "tree": "f1f62aa538ba3c2265815d2dbe942377264850a5",
      "parents": [
        "0de189355c6afad6f677029d90fa40dee824141b"
      ],
      "author": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Wed Mar 10 13:12:53 2021 +0100"
      },
      "committer": {
        "name": "Serge Bazanski",
        "email": "serge@nexantic.com",
        "time": "Wed Mar 10 13:12:53 2021 +0100"
      },
      "message": "m/node/kubernetes/pki: refactor out CA functionality\n\nThis factors out all non-k8s-specific CA functionality from\nmetropolis/node/kubernetes/pki into metropolis/pkg/pki.\n\nThis will allow us to re-use the same PKI-in-CA system to issue\ncertificates for the Metropolis cluster and nodes.\n\nWe also drive-by change some Kubernetes/PKI interactions to make things\ncleaner. Notably, this implements Certificate.Mount to return a\nfileargs.FileArgs containing all the files neede to use this\nCertificate.\n\nTest Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.\n\nX-Origin-Diff: phab/D709\nGitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad\n"
    }
  ]
}