)]}' { "log": [ { "commit": "37110c360f012c10f3b9456a0eb282eefd3275b3", "tree": "0d8ade7c95d54a576d88e53fb5e8ca9ee76c8f29", "parents": [ "5456a3c4f14f7f73eb49dbfbb3de0bc009c970fe" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 01 13:57:27 2023 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 16:55:28 2023 +0000" }, "message": "m/pkg/event: make type-safe\n\nThis is a fairly large change which makes use of Go type parameters\n(“generics”) to make the event library (and its memory/etcd\nimplementations) type safe.\n\nSince we now have the event.Value interface strongly typed, we also move\noptions which were implementation-specific (like BacklogOnly)\nto be part of that interface, instead of the previously type-asserted\nspecific implementations. Use of options that are not handled by a\nparticular implementation is a runtime error. Expressing this in the\ntype system is probably not worth the effort.\n\nWe also implement Filter to allow offloading some of the functionality previously implemented in type assertion wrappers into the library itself.\n\nIn the end, this ends up removing a bunch of type assertion code, at\nthe cost of a fairly sweeping change. Unfortunately, some of this is due\nto IntelliJ suddenly deciding to reformat comments.\n\nChange-Id: I1ca6d93db1b5c4055a21af3fb9e5e3d425c0d86e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1322\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "237cf4076e4314ea98f4d47e9557857ef73f554b", "tree": "2c4a6f8e62958469f84b5e948faace8bd8e3441e", "parents": [ "d57ef1c61a520fa251ede0b4ef2491b8c3ebd3b8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 12:14:37 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 14:03:05 2022 +0000" }, "message": "m/p/pki: set correct authority key identifier\n\nThe current code sets the AuthorityKeyId of a signed certificate to the\nparent\u0027s AuthorityKeyId while it should set it to the parent\u0027s\nSubjectKeyId. This worked as we do not currently use intermediate CAs.\n\nChange-Id: I74dae8b50fd32d2b158ed95ccf918a6a38a1c699\nReviewed-on: https://review.monogon.dev/c/monogon/+/819\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "999e1db0130f148ac6e79e1acbb5ee68db1dcb64", "tree": "570784da91193e279b2777b809d6c4be55aa120e", "parents": [ "e78a08987e48aa5d9f77954886b7cc544f218638" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 30 20:37:38 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 09 17:51:43 2021 +0000" }, "message": "m/p/pki: implement CRLs\n\nThis implements revokation and CRL watching functionality in the main\nmetropolis PKI library, in preparation for use in the consensus library\n(which has full CRL support). In the future, this should also be\nextended to be used in Metropolis authentication/authorization.\n\nThis also introduces a breaking change by changing the layout of etcd\nstorage for the PKI library - but we\u0027re pre-MVP, so this is fine.\n\nChange-Id: If0775f5447a76949d8498d8853dd7b9c03e0e6dc\nReviewed-on: https://review.monogon.dev/c/monogon/+/465\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3379a5d0ffcd652031c135f2ffe7600272fa0093", "tree": "6c771e39336d5df9f7d956fadb9578b94b25b174", "parents": [ "6adf8840e846b15b7b34151c3432c886b540f420" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 09 12:56:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:13:53 2021 +0000" }, "message": "m/n/core: factor out gRPC/TLS into rpc and identity libraries\n\nThis is an annoying large change, which started its life as me pulling\nthe \u0027let\u0027s add tests for authentication\u0027 thread, and ended up in\nunifying a whole bunch of dispersed logic under two new libraries.\n\nNotable changes:\n\n - m/n/core/identity now contains the NodeCertificate (now called Node)\n and NodeCredentials types. These used to exist in the cluster code,\n but were factored out to prevent loops between the curator, the\n cluster enrolment logic, and other code. They can now be shared by\n nearly all of the node code, removing the need for some conversions\n between subsystems/packages.\n - Alongside Node{,Credentials} types, the identity package contains\n code that creates x509 certificate templates and verifies x509\n certificates, and has functions specific to nodes and users - not\n clients and servers. This allows moving most of the rest of\n certificate checking code into a single set of functions, and allows\n us to test this logic thoroughly.\n - pki.{Client,Server,CA} are not used by the node core code anymore,\n and can now be moved to kubernetes-specific code (as that was their\n original purpose and that\u0027s their only current use).\n - m/n/core/rpc has been refactored to deduplicate code between the\n local/external gRPC servers and unary/stream interceptors for these\n servers, also allowing for more thorough testing and unified\n behaviour between all.\n - A PeerInfo structure is now injected into all gRPC handlers, and is\n unified to contain information both about nodes, users, and possibly\n unauthenticated callers.\n - The AAA.Escrow implementation now makes use of PeerInfo in order to\n retrieve the client\u0027s certificate, instead of rolling its own logic.\n - The EphemeralClusterCredentials test helper has been moved to the rpc\n library, and now returns identity objects, allowing for simplified\n test code (less juggling of bare public keys and\n {x509,tls}.Certificate objects).\n\nChange-Id: I9284966b4f18c0d7628167ca3168b4b4037808c1\nReviewed-on: https://review.monogon.dev/c/monogon/+/325\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9", "tree": "37e0b443caf904f0b78d423ba6580c1416f5bc11", "parents": [ "9ffa1f9577003ab70a6b483475874f3552d1ccc3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:03:06 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 03 11:15:40 2021 +0000" }, "message": "m/n/core/rpc: create library for common gRPC functions\n\nThis is the beginning of consolidating all gRPC-related code into a\nsingle package.\n\nWe also run the Curator service publicly and place it behind a new\nauthorization permission bit. This is in preparation for Curator\nfollowers needing access to this Service.\n\nSome of the service split and authorization options are likely to be\nchanged in the future (I\u0027m considering renaming Curator to something\nelse, or at least clearly stating that it\u0027s a node-to-node service).\n\nChange-Id: I0a4a57da15b35688aefe7bf669ba6342d46aa3f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/316\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "9ffa1f9577003ab70a6b483475874f3552d1ccc3", "tree": "a688d02424e8601ed830d12021b5867688d31438", "parents": [ "6bd415920b84bd695038caeb386f1e97184f0c51" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:42:23 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 02 10:38:15 2021 +0000" }, "message": "m/n/core/curator: authenticated RPC\n\nThis adds authentication middleware (server interceptors) for gRPC\nservices running on the public curator listener.\n\nMost of this code is testing harnesses to start up just the curator\nlistener with enough of a PKI infrastructure copy from a real Metropolis\ncluster to be able to start running tests against GetRegisterTicket.\n\nChange-Id: I429ff29e3c1233d74e8da619ddb543d56bc051b9\nReviewed-on: https://review.monogon.dev/c/monogon/+/311\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a41caacc71418f7307d851fad95991cf80bdcb41", "tree": "cbcf9af76f29ccb94b7c2b94d75f1e8eb39cfb3d", "parents": [ "5253884d51cb64c1d1afcb2d7b969f7c2b50b302" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 12 17:00:55 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: forbid External/Managed certificates without name\n\nThis ensures any stored certificates must have a name set - otherwise\nthey end up being created with an empty string as a name, and end up\ncolliding with eachother.\n\nChange-Id: I9e415b6ff89dbda179526920d58e33e638a28cec\nReviewed-on: https://review.monogon.dev/c/monogon/+/286\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "5253884d51cb64c1d1afcb2d7b969f7c2b50b302", "tree": "10a6bf03472e9c14da2515ea7755d74bb3f660e6", "parents": [ "99f477412a2e701f89f7698be1dd432adcfff17c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 11 16:22:41 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: refactor, allow for external certificates\n\nThe pki library supported managing certificates in two modes:\n\n - default, when name !\u003d \"\"\n - volatile/ephemeral, when name \u003d\u003d \"\"\n\nThe difference between the two being that default certificates were\nfully stored in etcd (key and x509 certificate), while volatile\ncertificates weren\u0027t stored at all. However, both kinds needed private\nkeys passed to the pki library.\n\nWe want to be able to emit certificates without having private keys for\nthat certificate, so we end up a third mode of operation: \u0027external\ncertificates\u0027. These are still stored in etcd, but without any\ncorresponding private key.\n\nIn the future we might actually get rid of ephemeral certificates by\nexpanding the logic of external certificates to provide a full audit log\nand revocation system, instead of matching by Certificate Name. But this\nwill do for now.\n\nWe also use this opportunity to write some simple tests for this\npackage.\n\nChange-Id: I193f4b147273b0a3981c38d749b43362d3c1b69a\nReviewed-on: https://review.monogon.dev/c/monogon/+/263\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "9411f7c2ed0afbbf617075ab37901addc76fadfb", "tree": "f1f62aa538ba3c2265815d2dbe942377264850a5", "parents": [ "0de189355c6afad6f677029d90fa40dee824141b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "message": "m/node/kubernetes/pki: refactor out CA functionality\n\nThis factors out all non-k8s-specific CA functionality from\nmetropolis/node/kubernetes/pki into metropolis/pkg/pki.\n\nThis will allow us to re-use the same PKI-in-CA system to issue\ncertificates for the Metropolis cluster and nodes.\n\nWe also drive-by change some Kubernetes/PKI interactions to make things\ncleaner. Notably, this implements Certificate.Mount to return a\nfileargs.FileArgs containing all the files neede to use this\nCertificate.\n\nTest Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.\n\nX-Origin-Diff: phab/D709\nGitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad\n" } ] }