From 081b4f2847199bd2ee37efc2e6ea474471025cbf Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Tue, 5 Mar 2024 10:29:49 +0100 Subject: [PATCH] nunki -> contrast Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- .github/workflows/cluster_recreate.yml | 2 +- .github/workflows/e2e_openssl.yml | 8 ++-- .github/workflows/e2e_simple.yml | 4 +- .github/workflows/release.yml | 22 +++++----- CONTRIBUTING.md | 6 +-- README.md | 40 +++++++++---------- cli/cmd/common.go | 4 +- cli/cmd/generate.go | 14 +++---- cli/cmd/policies.go | 16 ++++---- cli/cmd/set.go | 16 ++++---- cli/cmd/verify.go | 18 ++++----- cli/main.go | 4 +- coordinator/main.go | 8 ++-- coordinator/mesh.go | 8 ++-- coordinator/meshapi.go | 12 +++--- coordinator/userapi.go | 14 +++---- coordinator/userapi_test.go | 8 ++-- .../emojivoto-sm-egress/coordinator.yml | 6 +-- deployments/emojivoto-sm-egress/emoji.yml | 2 +- .../emojivoto-sm-egress/portforwarder.yml | 4 +- deployments/emojivoto-sm-egress/voting.yml | 2 +- deployments/emojivoto-sm-egress/web.yml | 4 +- deployments/emojivoto/coordinator.yml | 6 +-- deployments/emojivoto/emoji.yml | 2 +- deployments/emojivoto/portforwarder.yml | 4 +- deployments/emojivoto/voting.yml | 2 +- deployments/emojivoto/web.yml | 2 +- deployments/openssl/coordinator.yml | 6 +-- deployments/openssl/openssl-backend.yml | 4 +- deployments/openssl/openssl-client.yml | 4 +- deployments/openssl/openssl-frontend.yml | 4 +- deployments/openssl/portforwarder.yml | 2 +- deployments/simple/coordinator.yml | 6 +-- deployments/simple/initializer.yml | 2 +- deployments/simple/portforwarder.yml | 2 +- e2e/internal/kuberesource/parts.go | 10 ++--- e2e/internal/kuberesource/resourcegen/main.go | 2 +- e2e/openssl/openssl_test.go | 2 +- flake.nix | 2 +- go.mod | 2 +- initializer/main.go | 10 ++--- internal/appendable/appendable_test.go | 2 +- internal/atls/atls.go | 2 +- .../attestation/snp/cached_client_test.go | 2 +- internal/attestation/snp/extensions.go | 2 +- internal/attestation/snp/issuer.go | 2 +- internal/attestation/snp/validator.go | 4 +- internal/ca/ca.go | 2 +- internal/embedbin/regular.go | 2 +- .../grpc/atlscredentials/atlscredentials.go | 2 +- internal/grpc/dialer/dialer.go | 4 +- internal/logger/logger.go | 14 +++---- internal/memstore/memstore_test.go | 2 +- internal/meshapi/meshapi.proto | 2 +- internal/userapi/userapi.proto | 2 +- justfile | 28 ++++++------- packages/by-name/cli-release/package.nix | 4 +- .../by-name/{nunki => contrast}/package.nix | 14 +++---- packages/containers.nix | 12 +++--- packages/scripts.nix | 18 ++++----- service-mesh/go.mod | 2 +- tools/parsesnp.go | 2 +- 62 files changed, 210 insertions(+), 210 deletions(-) rename packages/by-name/{nunki => contrast}/package.nix (87%) diff --git a/.github/workflows/cluster_recreate.yml b/.github/workflows/cluster_recreate.yml index 9c40e6e59f..959c384c18 100644 --- a/.github/workflows/cluster_recreate.yml +++ b/.github/workflows/cluster_recreate.yml @@ -4,7 +4,7 @@ on: workflow_dispatch: env: - azure_resource_group: nunki-ci + azure_resource_group: contrast-ci jobs: recreate: diff --git a/.github/workflows/e2e_openssl.yml b/.github/workflows/e2e_openssl.yml index ef7d888134..fd36c7fcf8 100644 --- a/.github/workflows/e2e_openssl.yml +++ b/.github/workflows/e2e_openssl.yml @@ -11,7 +11,7 @@ on: env: container_registry: ghcr.io/edgelesssys - azure_resource_group: nunki-ci + azure_resource_group: contrast-ci jobs: test: @@ -52,16 +52,16 @@ jobs: - name: Get credentials for CI cluster run: | just get-credentials - - name: Build, deploy, nunki generate, nunki set, nunki verify + - name: Build, deploy, contrast generate, contrast set, contrast verify run: | - just default openssl nunki.cli + just default openssl contrast.cli - name: Setup Summary run: | cat ./workspace/just.namespace | tee -a "${GITHUB_STEP_SUMMARY}" cat ./workspace/just.perf | tee -a "${GITHUB_STEP_SUMMARY}" - name: E2E Test run: | - env K8S_NAMESPACE=$(cat ./workspace/just.namespace) nix shell .#nunki.e2e --command openssl.test -test.v + env K8S_NAMESPACE=$(cat ./workspace/just.namespace) nix shell .#contrast.e2e --command openssl.test -test.v - name: Undeploy if: always() && inputs.skip-undeploy != 'true' run: | diff --git a/.github/workflows/e2e_simple.yml b/.github/workflows/e2e_simple.yml index b43575766f..80694f2ebe 100644 --- a/.github/workflows/e2e_simple.yml +++ b/.github/workflows/e2e_simple.yml @@ -11,7 +11,7 @@ on: env: container_registry: ghcr.io/edgelesssys - azure_resource_group: nunki-ci + azure_resource_group: contrast-ci jobs: test: @@ -52,7 +52,7 @@ jobs: - name: Get credentials for CI cluster run: | just get-credentials - - name: Build, deploy, nunki generate, nunki set, nunki verify + - name: Build, deploy, contrast generate, contrast set, contrast verify run: | just default simple cli-release - name: Summary diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d996c24e89..fc690bfaad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -104,18 +104,18 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} - path: nunki-working + path: contrast-working - name: Checkout main uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: main - path: nunki-main + path: contrast-main - name: Bump flake version to post release patch pre-version id: bump - uses: ./nunki-working/.github/actions/bump_version # Run action from working branch! + uses: ./contrast-working/.github/actions/bump_version # Run action from working branch! with: version: ${{ needs.process-inputs.outputs.NEXT_MINOR_PRE_WITHOUT_V }} - working-directory: nunki-main + working-directory: contrast-main commit: false - name: Create PR uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0 @@ -131,7 +131,7 @@ jobs: committer: edgelessci author: edgelessci token: ${{ secrets.NUNKI_CI_COMMIT_PUSH_PR }} - path: ./nunki-main + path: ./contrast-main release: name: Build and push artifacts, create release @@ -165,12 +165,12 @@ jobs: commit: false - name: Push containers with release tag run: | - nix run .#containers.push-coordinator -- "$container_registry/nunki/coordinator" - nix run .#containers.push-initializer -- "$container_registry/nunki/initializer" + nix run .#containers.push-coordinator -- "$container_registry/contrast/coordinator" + nix run .#containers.push-initializer -- "$container_registry/contrast/initializer" - name: Create portable coordinator resource definitions run: | mkdir -p workspace - nix run .#scripts.write-coordinator-yaml -- "${container_registry}/nunki/coordinator:${{ inputs.version }}" > workspace/coordinator.yaml + nix run .#scripts.write-coordinator-yaml -- "${container_registry}/contrast/coordinator:${{ inputs.version }}" > workspace/coordinator.yaml - name: Update coordinator policy hash run: | yq < workspace/coordinator.yaml \ @@ -192,7 +192,7 @@ jobs: tag_name: ${{ inputs.version }} target_commitish: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} files: | - result-cli/bin/nunki + result-cli/bin/contrast workspace/coordinator.yaml - name: Reset temporary changes run: | @@ -225,13 +225,13 @@ jobs: gh api \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/edgelesssys/nunki/milestones | + /repos/edgelesssys/contrast/milestones | jq -r '.[] | .title' | \ grep -xqF "${{ inputs.version }}" && exit 0 gh api \ --method POST \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/edgelesssys/nunki/milestones \ + /repos/edgelesssys/contrast/milestones \ -f title='${{ inputs.version }}' \ -f state='open' diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 704a924b9b..3e4f17a05f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -68,11 +68,11 @@ just [default ] This will build, containerize and push all relevant components. Ensure the pushed container images are accessible to your cluster. -The manifest will the be generated (`nunki generate`). +The manifest will the be generated (`contrast generate`). Further the flow will deploy the selected deployment and wait for components to come up. -The manifest will automatically be set (`nunki set`) and the Coordinator will will be verified -(`nunki verify`). The flow will also wait for the workload to get ready. +The manifest will automatically be set (`contrast set`) and the Coordinator will will be verified +(`contrast verify`). The flow will also wait for the workload to get ready. This target is idempotent and will delete an existing deployment before re-deploying. diff --git a/README.md b/README.md index 1bd48e2498..8c0a20e8e6 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,16 @@ -# Nunki +# Contrast -Nunki ([/ˈnʌŋki/](https://en.wikipedia.org/wiki/Sigma_Sagittarii)) runs confidential container deployments +Contrast ([/ˈnʌŋki/](https://en.wikipedia.org/wiki/Sigma_Sagittarii)) runs confidential container deployments on untrusted Kubernetes at scale. -Nunki is based on the [Kata Containers](https://github.com/kata-containers/kata-containers) and +Contrast is based on the [Kata Containers](https://github.com/kata-containers/kata-containers) and [Confidential Containers](https://github.com/confidential-containers) projects. Confidential Containers are Kubernetes pods that are executed inside a confidential micro-VM and provide strong hardware-based isolation from the surrounding environment. This works with unmodified containers in a lift-and-shift approach. -## The Nunki Coordinator +## The Contrast Coordinator -The Nunki Coordinator is the central remote attestation component of a Nunki deployment. It's a certificate +The Contrast Coordinator is the central remote attestation component of a Contrast deployment. It's a certificate authority and issues certificates for workload pods running inside confidential containers. The Coordinator is configured with a *manifest*, a configuration file that holds the reference values of all other parts of a deployment. The Coordinator ensures that your app's topology adheres to your specified manifest. It verifies @@ -22,9 +22,9 @@ To verify your deployment, the remote attestation of the Coordinator and its man attestation statement for your entire deployment. Anyone can use this to verify the integrity of your distributed app, making it easier to assure stakeholders of your app's security. -## The Nunki Initializer +## The Contrast Initializer -Nunki provides an Initializer that handles the remote attestation on the workload side transparently and +Contrast provides an Initializer that handles the remote attestation on the workload side transparently and fetches the workload certificate. The Initializer runs as init container before your workload is started. ## Installation @@ -32,24 +32,24 @@ fetches the workload certificate. The Initializer runs as init container before Download the latest CLI from our release and put it into your PATH: ```sh -curl -fLo nunki https://github.com/edgelesssys/nunki/releases/download/latest/nunki -mv nunki /usr/local/bin/nunki +curl -fLo contrast https://github.com/edgelesssys/contrast/releases/download/latest/contrast +mv contrast /usr/local/bin/contrast ``` ## Generic Workflow -### Deploy the Nunki Coordinator +### Deploy the Contrast Coordinator -Install the latest Nunki Coordinator release, comprising a single replica deployment and a +Install the latest Contrast Coordinator release, comprising a single replica deployment and a LoadBalancer service, into your cluster. ```sh -kubectl apply -f https://github.com/edgelesssys/nunki/releases/download/latest/coordinator.yaml +kubectl apply -f https://github.com/edgelesssys/contrast/releases/download/latest/coordinator.yaml ``` ### Preprare your Kubernetes resources -Nunki will add annotations to your Kubernetes YAML files. If you want to keep the original files +Contrast will add annotations to your Kubernetes YAML files. If you want to keep the original files unchanged, you can copy the files into a separate local directory. You can also generate files from a Helm chart or from a Kustomization. @@ -67,7 +67,7 @@ helm template release-name chart-name > resources/all.yaml To specify that a workload (pod, deployment, etc.) should be deployed as confidential containers, add `runtimeClassName: kata-cc-isolation` to the pod spec (pod definition or template). -In addition, add the Nunki Initializer as `initContainers` to these workloads and configure the +In addition, add the Contrast Initializer as `initContainers` to these workloads and configure the workload to use the certificates written to the `tls-certs` volumeMount. ```yaml @@ -75,7 +75,7 @@ spec: # v1.PodSpec runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator @@ -93,7 +93,7 @@ Run the `generate` command generate the execution policies and add them as annot deployment files. A `manifest.json` with the reference values of your deployment will be created. ```sh -./nunki generate resources/*.yaml +./contrast generate resources/*.yaml ``` ### Apply Resources @@ -105,7 +105,7 @@ manifest is set at the Coordinator. kubectl apply -f resources/ ``` -### Connect to the Nunki Coordinator +### Connect to the Contrast Coordinator For the next steps, we will need to connect to the Coordinator. The released Coordinator resource includes a LoadBalancer definition we can use. @@ -126,7 +126,7 @@ coordinator=$(kubectl get svc coordinator -o=jsonpath='{.status.loadBalancer.ing Attest the Coordinator and set the manifest: ```sh -./nunki set -c "${coordinator}:1313" -m manifest.json +./contrast set -c "${coordinator}:1313" -m manifest.json ``` After this step, the Coordinator will start issuing TLS certs to the workloads. The init container @@ -134,10 +134,10 @@ will fetch a certificate for the workload and the workload is started. ### Verify the Coordinator -An end user (data owner) can verify the Nunki deployment using the `verify` command. +An end user (data owner) can verify the Contrast deployment using the `verify` command. ```sh -./nunki verify -c "${coordinator}:1313" -o ./verify +./contrast verify -c "${coordinator}:1313" -o ./verify ``` The CLI will attest the Coordinator using embedded reference values. The CLI will write the service mesh diff --git a/cli/cmd/common.go b/cli/cmd/common.go index d20f54cc5f..757f171ff0 100644 --- a/cli/cmd/common.go +++ b/cli/cmd/common.go @@ -14,7 +14,7 @@ const ( settingsFilename = "settings.json" rulesFilename = "rules.rego" verifyDir = "./verify" - cacheDirEnv = "NUNKI_CACHE_DIR" + cacheDirEnv = "CONTRAST_CACHE_DIR" ) var ( @@ -33,7 +33,7 @@ func cachedir(subdir string) (string, error) { if err != nil { return "", err } - dir = filepath.Join(cachedir, "nunki") + dir = filepath.Join(cachedir, "contrast") } return filepath.Join(dir, subdir), nil } diff --git a/cli/cmd/generate.go b/cli/cmd/generate.go index e51902dc15..1d08e0e958 100644 --- a/cli/cmd/generate.go +++ b/cli/cmd/generate.go @@ -20,17 +20,17 @@ import ( "slices" "strings" - "github.com/edgelesssys/nunki/internal/embedbin" - "github.com/edgelesssys/nunki/internal/manifest" + "github.com/edgelesssys/contrast/internal/embedbin" + "github.com/edgelesssys/contrast/internal/manifest" "github.com/spf13/cobra" ) const ( - kataPolicyAnnotationKey = "io.katacontainers.config.agent.policy" - nunkiRoleAnnotationKey = "nunki.edgeless.systems/pod-role" + kataPolicyAnnotationKey = "io.katacontainers.config.agent.policy" + contrastRoleAnnotationKey = "contrast.edgeless.systems/pod-role" ) -// NewGenerateCmd creates the nunki generate subcommand. +// NewGenerateCmd creates the contrast generate subcommand. func NewGenerateCmd() *cobra.Command { cmd := &cobra.Command{ Use: "generate [flags] paths...", @@ -45,7 +45,7 @@ func NewGenerateCmd() *cobra.Command { The hashes of the policies are added to the manifest. - If the Kubernetes YAML contains a Nunki Coordinator pod whose policy differs from + If the Kubernetes YAML contains a Contrast Coordinator pod whose policy differs from the embedded default, the generated policy will be printed to stdout, alongside a warning message on stderr. This hash needs to be passed to the set and verify subcommands. @@ -391,5 +391,5 @@ func installDir() (string, error) { if err != nil { return "", err } - return filepath.Join(home, ".nunki"), nil + return filepath.Join(home, ".contrast"), nil } diff --git a/cli/cmd/policies.go b/cli/cmd/policies.go index 91cc44b276..d1afc97c82 100644 --- a/cli/cmd/policies.go +++ b/cli/cmd/policies.go @@ -6,8 +6,8 @@ import ( "os" "slices" - "github.com/edgelesssys/nunki/internal/kubeapi" - "github.com/edgelesssys/nunki/internal/manifest" + "github.com/edgelesssys/contrast/internal/kubeapi" + "github.com/edgelesssys/contrast/internal/manifest" ) func policiesFromKubeResources(yamlPaths []string) (map[string]deployment, error) { @@ -31,23 +31,23 @@ func policiesFromKubeResources(yamlPaths []string) (map[string]deployment, error case kubeapi.Pod: name = obj.Name annotation = obj.Annotations[kataPolicyAnnotationKey] - role = obj.Annotations[nunkiRoleAnnotationKey] + role = obj.Annotations[contrastRoleAnnotationKey] case kubeapi.Deployment: name = obj.Name annotation = obj.Spec.Template.Annotations[kataPolicyAnnotationKey] - role = obj.Spec.Template.Annotations[nunkiRoleAnnotationKey] + role = obj.Spec.Template.Annotations[contrastRoleAnnotationKey] case kubeapi.ReplicaSet: name = obj.Name annotation = obj.Spec.Template.Annotations[kataPolicyAnnotationKey] - role = obj.Spec.Template.Annotations[nunkiRoleAnnotationKey] + role = obj.Spec.Template.Annotations[contrastRoleAnnotationKey] case kubeapi.StatefulSet: name = obj.Name annotation = obj.Spec.Template.Annotations[kataPolicyAnnotationKey] - role = obj.Spec.Template.Annotations[nunkiRoleAnnotationKey] + role = obj.Spec.Template.Annotations[contrastRoleAnnotationKey] case kubeapi.DaemonSet: name = obj.Name annotation = obj.Spec.Template.Annotations[kataPolicyAnnotationKey] - role = obj.Spec.Template.Annotations[nunkiRoleAnnotationKey] + role = obj.Spec.Template.Annotations[contrastRoleAnnotationKey] } if annotation == "" { continue @@ -98,7 +98,7 @@ func checkPoliciesMatchManifest(policies map[string]deployment, policyHashes map return nil } -// getCoordinatorPolicyHash returns the policy hash for the Nunki coordinator among the given deployments. +// getCoordinatorPolicyHash returns the policy hash for the Contrast coordinator among the given deployments. // // If the deployments contain a coordinator, that coordinator's policy hash is returned, otherwise // an empty string is returned. diff --git a/cli/cmd/set.go b/cli/cmd/set.go index dfc6475a89..aca580d887 100644 --- a/cli/cmd/set.go +++ b/cli/cmd/set.go @@ -16,19 +16,19 @@ import ( "slices" "time" - "github.com/edgelesssys/nunki/internal/atls" - "github.com/edgelesssys/nunki/internal/attestation/snp" - "github.com/edgelesssys/nunki/internal/fsstore" - "github.com/edgelesssys/nunki/internal/grpc/dialer" - "github.com/edgelesssys/nunki/internal/manifest" - "github.com/edgelesssys/nunki/internal/spinner" - "github.com/edgelesssys/nunki/internal/userapi" + "github.com/edgelesssys/contrast/internal/atls" + "github.com/edgelesssys/contrast/internal/attestation/snp" + "github.com/edgelesssys/contrast/internal/fsstore" + "github.com/edgelesssys/contrast/internal/grpc/dialer" + "github.com/edgelesssys/contrast/internal/manifest" + "github.com/edgelesssys/contrast/internal/spinner" + "github.com/edgelesssys/contrast/internal/userapi" "github.com/spf13/cobra" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) -// NewSetCmd creates the nunki set subcommand. +// NewSetCmd creates the contrast set subcommand. func NewSetCmd() *cobra.Command { cmd := &cobra.Command{ Use: "set [flags] paths...", diff --git a/cli/cmd/verify.go b/cli/cmd/verify.go index 0cdef5f100..56bec90ceb 100644 --- a/cli/cmd/verify.go +++ b/cli/cmd/verify.go @@ -8,25 +8,25 @@ import ( "os" "path/filepath" - "github.com/edgelesssys/nunki/internal/atls" - "github.com/edgelesssys/nunki/internal/attestation/snp" - "github.com/edgelesssys/nunki/internal/fsstore" - "github.com/edgelesssys/nunki/internal/grpc/dialer" - "github.com/edgelesssys/nunki/internal/manifest" - "github.com/edgelesssys/nunki/internal/userapi" + "github.com/edgelesssys/contrast/internal/atls" + "github.com/edgelesssys/contrast/internal/attestation/snp" + "github.com/edgelesssys/contrast/internal/fsstore" + "github.com/edgelesssys/contrast/internal/grpc/dialer" + "github.com/edgelesssys/contrast/internal/manifest" + "github.com/edgelesssys/contrast/internal/userapi" "github.com/google/go-sev-guest/abi" "github.com/google/go-sev-guest/kds" "github.com/google/go-sev-guest/validate" "github.com/spf13/cobra" ) -// NewVerifyCmd creates the nunki verify subcommand. +// NewVerifyCmd creates the contrast verify subcommand. func NewVerifyCmd() *cobra.Command { cmd := &cobra.Command{ Use: "verify", - Short: "Verify a nunki deployment", + Short: "Verify a contrast deployment", Long: ` - Verify a nunki deployment. + Verify a contrast deployment. This will connect to the given Coordinator using aTLS. During the connection initialization, the remote attestation of the Coordinator CVM happens and diff --git a/cli/main.go b/cli/main.go index 7898046520..f0f32df316 100644 --- a/cli/main.go +++ b/cli/main.go @@ -6,7 +6,7 @@ import ( "os" "os/signal" - "github.com/edgelesssys/nunki/cli/cmd" + "github.com/edgelesssys/contrast/cli/cmd" "github.com/spf13/cobra" ) @@ -27,7 +27,7 @@ var version = "0.0.0-dev" func newRootCmd() *cobra.Command { root := &cobra.Command{ - Short: "nunki", + Short: "contrast", PersistentPreRun: preRunRoot, Version: version, } diff --git a/coordinator/main.go b/coordinator/main.go index d86b6bc020..581ae672b4 100644 --- a/coordinator/main.go +++ b/coordinator/main.go @@ -5,10 +5,10 @@ import ( "net" "os" - "github.com/edgelesssys/nunki/internal/ca" - "github.com/edgelesssys/nunki/internal/logger" - "github.com/edgelesssys/nunki/internal/meshapi" - "github.com/edgelesssys/nunki/internal/userapi" + "github.com/edgelesssys/contrast/internal/ca" + "github.com/edgelesssys/contrast/internal/logger" + "github.com/edgelesssys/contrast/internal/meshapi" + "github.com/edgelesssys/contrast/internal/userapi" "golang.org/x/sync/errgroup" ) diff --git a/coordinator/mesh.go b/coordinator/mesh.go index 5d850fa568..333ca9608e 100644 --- a/coordinator/mesh.go +++ b/coordinator/mesh.go @@ -10,10 +10,10 @@ import ( "log/slog" "sync" - "github.com/edgelesssys/nunki/internal/appendable" - "github.com/edgelesssys/nunki/internal/attestation/snp" - "github.com/edgelesssys/nunki/internal/ca" - "github.com/edgelesssys/nunki/internal/manifest" + "github.com/edgelesssys/contrast/internal/appendable" + "github.com/edgelesssys/contrast/internal/attestation/snp" + "github.com/edgelesssys/contrast/internal/ca" + "github.com/edgelesssys/contrast/internal/manifest" "github.com/google/go-sev-guest/abi" "github.com/google/go-sev-guest/kds" "github.com/google/go-sev-guest/proto/sevsnp" diff --git a/coordinator/meshapi.go b/coordinator/meshapi.go index d75806d420..29de55d68b 100644 --- a/coordinator/meshapi.go +++ b/coordinator/meshapi.go @@ -7,12 +7,12 @@ import ( "net" "time" - "github.com/edgelesssys/nunki/internal/atls" - "github.com/edgelesssys/nunki/internal/attestation/snp" - "github.com/edgelesssys/nunki/internal/grpc/atlscredentials" - "github.com/edgelesssys/nunki/internal/logger" - "github.com/edgelesssys/nunki/internal/memstore" - "github.com/edgelesssys/nunki/internal/meshapi" + "github.com/edgelesssys/contrast/internal/atls" + "github.com/edgelesssys/contrast/internal/attestation/snp" + "github.com/edgelesssys/contrast/internal/grpc/atlscredentials" + "github.com/edgelesssys/contrast/internal/logger" + "github.com/edgelesssys/contrast/internal/memstore" + "github.com/edgelesssys/contrast/internal/meshapi" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/keepalive" diff --git a/coordinator/userapi.go b/coordinator/userapi.go index b5cc3ffbda..697cc95103 100644 --- a/coordinator/userapi.go +++ b/coordinator/userapi.go @@ -13,13 +13,13 @@ import ( "sync" "time" - "github.com/edgelesssys/nunki/internal/appendable" - "github.com/edgelesssys/nunki/internal/attestation/snp" - "github.com/edgelesssys/nunki/internal/grpc/atlscredentials" - "github.com/edgelesssys/nunki/internal/logger" - "github.com/edgelesssys/nunki/internal/manifest" - "github.com/edgelesssys/nunki/internal/memstore" - "github.com/edgelesssys/nunki/internal/userapi" + "github.com/edgelesssys/contrast/internal/appendable" + "github.com/edgelesssys/contrast/internal/attestation/snp" + "github.com/edgelesssys/contrast/internal/grpc/atlscredentials" + "github.com/edgelesssys/contrast/internal/logger" + "github.com/edgelesssys/contrast/internal/manifest" + "github.com/edgelesssys/contrast/internal/memstore" + "github.com/edgelesssys/contrast/internal/userapi" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" diff --git a/coordinator/userapi_test.go b/coordinator/userapi_test.go index da54018a99..4f274ff36f 100644 --- a/coordinator/userapi_test.go +++ b/coordinator/userapi_test.go @@ -13,10 +13,10 @@ import ( "sync" "testing" - "github.com/edgelesssys/nunki/internal/appendable" - "github.com/edgelesssys/nunki/internal/manifest" - "github.com/edgelesssys/nunki/internal/memstore" - "github.com/edgelesssys/nunki/internal/userapi" + "github.com/edgelesssys/contrast/internal/appendable" + "github.com/edgelesssys/contrast/internal/manifest" + "github.com/edgelesssys/contrast/internal/memstore" + "github.com/edgelesssys/contrast/internal/userapi" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/grpc/credentials" diff --git a/deployments/emojivoto-sm-egress/coordinator.yml b/deployments/emojivoto-sm-egress/coordinator.yml index 2b698f4142..de121a3165 100644 --- a/deployments/emojivoto-sm-egress/coordinator.yml +++ b/deployments/emojivoto-sm-egress/coordinator.yml @@ -13,17 +13,17 @@ spec: labels: app.kubernetes.io/name: coordinator annotations: - nunki.edgeless.systems/pod-role: coordinator + contrast.edgeless.systems/pod-role: coordinator spec: runtimeClassName: kata-cc-isolation containers: - name: coordinator - image: "ghcr.io/edgelesssys/nunki/coordinator:latest" + image: "ghcr.io/edgelesssys/contrast/coordinator:latest" ports: - containerPort: 7777 - containerPort: 1313 env: - - name: NUNKI_LOG_LEVEL + - name: CONTRAST_LOG_LEVEL value: "debug" resources: requests: diff --git a/deployments/emojivoto-sm-egress/emoji.yml b/deployments/emojivoto-sm-egress/emoji.yml index 8da5e46731..64a7a6d736 100644 --- a/deployments/emojivoto-sm-egress/emoji.yml +++ b/deployments/emojivoto-sm-egress/emoji.yml @@ -28,7 +28,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator diff --git a/deployments/emojivoto-sm-egress/portforwarder.yml b/deployments/emojivoto-sm-egress/portforwarder.yml index a5adcf9c36..b145e4e779 100644 --- a/deployments/emojivoto-sm-egress/portforwarder.yml +++ b/deployments/emojivoto-sm-egress/portforwarder.yml @@ -8,7 +8,7 @@ metadata: spec: containers: - name: port-forwarder - image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest" + image: "ghcr.io/edgelesssys/contrast/port-forwarder:latest" env: - name: LISTEN_PORT value: "1313" @@ -38,7 +38,7 @@ metadata: spec: containers: - name: port-forwarder - image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest" + image: "ghcr.io/edgelesssys/contrast/port-forwarder:latest" env: - name: LISTEN_PORT value: "8080" diff --git a/deployments/emojivoto-sm-egress/voting.yml b/deployments/emojivoto-sm-egress/voting.yml index a87963a857..1cbb3da69a 100644 --- a/deployments/emojivoto-sm-egress/voting.yml +++ b/deployments/emojivoto-sm-egress/voting.yml @@ -28,7 +28,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator diff --git a/deployments/emojivoto-sm-egress/web.yml b/deployments/emojivoto-sm-egress/web.yml index 35e35a2a7a..9993344239 100644 --- a/deployments/emojivoto-sm-egress/web.yml +++ b/deployments/emojivoto-sm-egress/web.yml @@ -28,7 +28,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator @@ -38,7 +38,7 @@ spec: serviceAccountName: web containers: - name: sidecar - image: "ghcr.io/edgelesssys/nunki/service-mesh-proxy:latest" + image: "ghcr.io/edgelesssys/contrast/service-mesh-proxy:latest" volumeMounts: - name: tls-certs mountPath: /tls-config diff --git a/deployments/emojivoto/coordinator.yml b/deployments/emojivoto/coordinator.yml index bdd57534c6..555baafd66 100644 --- a/deployments/emojivoto/coordinator.yml +++ b/deployments/emojivoto/coordinator.yml @@ -13,17 +13,17 @@ spec: labels: app.kubernetes.io/name: coordinator annotations: - nunki.edgeless.systems/pod-role: coordinator + contrast.edgeless.systems/pod-role: coordinator spec: runtimeClassName: kata-cc-isolation containers: - name: coordinator - image: "ghcr.io/edgelesssys/nunki/coordinator:latest" + image: "ghcr.io/edgelesssys/contrast/coordinator:latest" ports: - containerPort: 7777 - containerPort: 1313 env: - - name: NUNKI_LOG_LEVEL + - name: CONTRAST_LOG_LEVEL value: "debug" resources: requests: diff --git a/deployments/emojivoto/emoji.yml b/deployments/emojivoto/emoji.yml index 8da5e46731..64a7a6d736 100644 --- a/deployments/emojivoto/emoji.yml +++ b/deployments/emojivoto/emoji.yml @@ -28,7 +28,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator diff --git a/deployments/emojivoto/portforwarder.yml b/deployments/emojivoto/portforwarder.yml index a5adcf9c36..b145e4e779 100644 --- a/deployments/emojivoto/portforwarder.yml +++ b/deployments/emojivoto/portforwarder.yml @@ -8,7 +8,7 @@ metadata: spec: containers: - name: port-forwarder - image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest" + image: "ghcr.io/edgelesssys/contrast/port-forwarder:latest" env: - name: LISTEN_PORT value: "1313" @@ -38,7 +38,7 @@ metadata: spec: containers: - name: port-forwarder - image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest" + image: "ghcr.io/edgelesssys/contrast/port-forwarder:latest" env: - name: LISTEN_PORT value: "8080" diff --git a/deployments/emojivoto/voting.yml b/deployments/emojivoto/voting.yml index a87963a857..1cbb3da69a 100644 --- a/deployments/emojivoto/voting.yml +++ b/deployments/emojivoto/voting.yml @@ -28,7 +28,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator diff --git a/deployments/emojivoto/web.yml b/deployments/emojivoto/web.yml index 40909eb179..c6beba1bcb 100644 --- a/deployments/emojivoto/web.yml +++ b/deployments/emojivoto/web.yml @@ -28,7 +28,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator diff --git a/deployments/openssl/coordinator.yml b/deployments/openssl/coordinator.yml index bdd57534c6..555baafd66 100644 --- a/deployments/openssl/coordinator.yml +++ b/deployments/openssl/coordinator.yml @@ -13,17 +13,17 @@ spec: labels: app.kubernetes.io/name: coordinator annotations: - nunki.edgeless.systems/pod-role: coordinator + contrast.edgeless.systems/pod-role: coordinator spec: runtimeClassName: kata-cc-isolation containers: - name: coordinator - image: "ghcr.io/edgelesssys/nunki/coordinator:latest" + image: "ghcr.io/edgelesssys/contrast/coordinator:latest" ports: - containerPort: 7777 - containerPort: 1313 env: - - name: NUNKI_LOG_LEVEL + - name: CONTRAST_LOG_LEVEL value: "debug" resources: requests: diff --git a/deployments/openssl/openssl-backend.yml b/deployments/openssl/openssl-backend.yml index 050adf8305..a47ae63875 100644 --- a/deployments/openssl/openssl-backend.yml +++ b/deployments/openssl/openssl-backend.yml @@ -16,7 +16,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator @@ -30,7 +30,7 @@ spec: memory: 50Mi containers: - name: openssl-backend - image: ghcr.io/edgelesssys/nunki/openssl:latest + image: ghcr.io/edgelesssys/contrast/openssl:latest command: - /bin/bash - "-c" diff --git a/deployments/openssl/openssl-client.yml b/deployments/openssl/openssl-client.yml index 89f38faed6..37aa0a82b8 100644 --- a/deployments/openssl/openssl-client.yml +++ b/deployments/openssl/openssl-client.yml @@ -16,7 +16,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator @@ -30,7 +30,7 @@ spec: memory: 50Mi containers: - name: openssl-client - image: ghcr.io/edgelesssys/nunki/openssl:latest + image: ghcr.io/edgelesssys/contrast/openssl:latest command: - /bin/bash - "-c" diff --git a/deployments/openssl/openssl-frontend.yml b/deployments/openssl/openssl-frontend.yml index 93a32b808a..ba0b2069c4 100644 --- a/deployments/openssl/openssl-frontend.yml +++ b/deployments/openssl/openssl-frontend.yml @@ -16,7 +16,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator @@ -30,7 +30,7 @@ spec: memory: 50Mi containers: - name: openssl-frontend - image: ghcr.io/edgelesssys/nunki/openssl:latest + image: ghcr.io/edgelesssys/contrast/openssl:latest command: - /bin/bash - "-c" diff --git a/deployments/openssl/portforwarder.yml b/deployments/openssl/portforwarder.yml index 5e943ddf82..a8021696cc 100644 --- a/deployments/openssl/portforwarder.yml +++ b/deployments/openssl/portforwarder.yml @@ -8,7 +8,7 @@ metadata: spec: containers: - name: port-forwarder - image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest" + image: "ghcr.io/edgelesssys/contrast/port-forwarder:latest" env: - name: LISTEN_PORT value: "1313" diff --git a/deployments/simple/coordinator.yml b/deployments/simple/coordinator.yml index bdd57534c6..555baafd66 100644 --- a/deployments/simple/coordinator.yml +++ b/deployments/simple/coordinator.yml @@ -13,17 +13,17 @@ spec: labels: app.kubernetes.io/name: coordinator annotations: - nunki.edgeless.systems/pod-role: coordinator + contrast.edgeless.systems/pod-role: coordinator spec: runtimeClassName: kata-cc-isolation containers: - name: coordinator - image: "ghcr.io/edgelesssys/nunki/coordinator:latest" + image: "ghcr.io/edgelesssys/contrast/coordinator:latest" ports: - containerPort: 7777 - containerPort: 1313 env: - - name: NUNKI_LOG_LEVEL + - name: CONTRAST_LOG_LEVEL value: "debug" resources: requests: diff --git a/deployments/simple/initializer.yml b/deployments/simple/initializer.yml index aa8059c947..5f32ae1516 100644 --- a/deployments/simple/initializer.yml +++ b/deployments/simple/initializer.yml @@ -16,7 +16,7 @@ spec: runtimeClassName: kata-cc-isolation initContainers: - name: initializer - image: "ghcr.io/edgelesssys/nunki/initializer:latest" + image: "ghcr.io/edgelesssys/contrast/initializer:latest" env: - name: COORDINATOR_HOST value: coordinator diff --git a/deployments/simple/portforwarder.yml b/deployments/simple/portforwarder.yml index 5e943ddf82..a8021696cc 100644 --- a/deployments/simple/portforwarder.yml +++ b/deployments/simple/portforwarder.yml @@ -8,7 +8,7 @@ metadata: spec: containers: - name: port-forwarder - image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest" + image: "ghcr.io/edgelesssys/contrast/port-forwarder:latest" env: - name: LISTEN_PORT value: "1313" diff --git a/e2e/internal/kuberesource/parts.go b/e2e/internal/kuberesource/parts.go index 8df4062e6c..b2ab1d6164 100644 --- a/e2e/internal/kuberesource/parts.go +++ b/e2e/internal/kuberesource/parts.go @@ -22,7 +22,7 @@ func PortForwarder(name, namespace string) *PortForwarderConfig { WithContainers( Container(). WithName("port-forwarder"). - WithImage("ghcr.io/edgelesssys/nunki/port-forwarder:latest"). + WithImage("ghcr.io/edgelesssys/contrast/port-forwarder:latest"). WithCommand("/bin/bash", "-c", "echo Starting port-forward with socat; exec socat -d -d TCP-LISTEN:${LISTEN_PORT},fork TCP:${FORWARD_HOST}:${FORWARD_PORT}"). WithResources(ResourceRequirements(). WithMemoryLimitAndRequest(50), @@ -71,15 +71,15 @@ func Coordinator(namespace string) *CoordinatorConfig { ). WithTemplate(PodTemplateSpec(). WithLabels(map[string]string{"app.kubernetes.io/name": "coordinator"}). - WithAnnotations(map[string]string{"nunki.edgeless.systems/pod-role": "coordinator"}). + WithAnnotations(map[string]string{"contrast.edgeless.systems/pod-role": "coordinator"}). WithSpec(PodSpec(). WithRuntimeClassName("kata-cc-isolation"). WithContainers( Container(). WithName("coordinator"). - WithImage("ghcr.io/edgelesssys/nunki/coordinator:latest"). + WithImage("ghcr.io/edgelesssys/contrast/coordinator:latest"). WithEnv( - NewEnvVar("NUNKI_LOG_LEVEL", "debug"), + NewEnvVar("CONTRAST_LOG_LEVEL", "debug"), ). WithPorts( ContainerPort(). @@ -137,7 +137,7 @@ func ServiceForDeployment(d *applyappsv1.DeploymentApplyConfiguration) *applycor func Initializer() *applycorev1.ContainerApplyConfiguration { return applycorev1.Container(). WithName("initializer"). - WithImage("ghcr.io/edgelesssys/nunki/initializer:latest"). + WithImage("ghcr.io/edgelesssys/contrast/initializer:latest"). WithResources(ResourceRequirements(). WithMemoryLimitAndRequest(50), ). diff --git a/e2e/internal/kuberesource/resourcegen/main.go b/e2e/internal/kuberesource/resourcegen/main.go index a98403425d..efa9073513 100644 --- a/e2e/internal/kuberesource/resourcegen/main.go +++ b/e2e/internal/kuberesource/resourcegen/main.go @@ -5,7 +5,7 @@ import ( "os" "path" - "github.com/edgelesssys/nunki/e2e/internal/kuberesource" + "github.com/edgelesssys/contrast/e2e/internal/kuberesource" ) func main() { diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go index 0c4ad65db0..16f70c6d36 100644 --- a/e2e/openssl/openssl_test.go +++ b/e2e/openssl/openssl_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - "github.com/edgelesssys/nunki/e2e/internal/kubeclient" + "github.com/edgelesssys/contrast/e2e/internal/kubeclient" "github.com/stretchr/testify/require" ) diff --git a/flake.nix b/flake.nix index ba852dfdc0..0a51a05c07 100644 --- a/flake.nix +++ b/flake.nix @@ -40,7 +40,7 @@ formatting = treefmtEval.config.build.check self; }; - legacyPackages = (import ./packages { inherit pkgs lib; }) // pkgs; + legacyPackages = pkgs // (import ./packages { inherit pkgs lib; }); }); nixConfig = { diff --git a/go.mod b/go.mod index 2dfb341bc9..e21a7acbfb 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/edgelesssys/nunki +module github.com/edgelesssys/contrast go 1.21 diff --git a/initializer/main.go b/initializer/main.go index c29da91848..d383cdebd9 100644 --- a/initializer/main.go +++ b/initializer/main.go @@ -15,11 +15,11 @@ import ( "os" "time" - "github.com/edgelesssys/nunki/internal/atls" - "github.com/edgelesssys/nunki/internal/attestation/snp" - "github.com/edgelesssys/nunki/internal/grpc/dialer" - "github.com/edgelesssys/nunki/internal/logger" - "github.com/edgelesssys/nunki/internal/meshapi" + "github.com/edgelesssys/contrast/internal/atls" + "github.com/edgelesssys/contrast/internal/attestation/snp" + "github.com/edgelesssys/contrast/internal/grpc/dialer" + "github.com/edgelesssys/contrast/internal/logger" + "github.com/edgelesssys/contrast/internal/meshapi" ) func main() { diff --git a/internal/appendable/appendable_test.go b/internal/appendable/appendable_test.go index 28a1512105..0d2607b68e 100644 --- a/internal/appendable/appendable_test.go +++ b/internal/appendable/appendable_test.go @@ -4,7 +4,7 @@ import ( "sync" "testing" - "github.com/edgelesssys/nunki/internal/appendable" + "github.com/edgelesssys/contrast/internal/appendable" "github.com/stretchr/testify/assert" "go.uber.org/goleak" ) diff --git a/internal/atls/atls.go b/internal/atls/atls.go index 6ad101cba2..10923337e0 100644 --- a/internal/atls/atls.go +++ b/internal/atls/atls.go @@ -24,7 +24,7 @@ import ( "math/big" "time" - "github.com/edgelesssys/nunki/internal/crypto" + "github.com/edgelesssys/contrast/internal/crypto" ) const attestationTimeout = 30 * time.Second diff --git a/internal/attestation/snp/cached_client_test.go b/internal/attestation/snp/cached_client_test.go index 96babc320c..c1bef0b998 100644 --- a/internal/attestation/snp/cached_client_test.go +++ b/internal/attestation/snp/cached_client_test.go @@ -6,7 +6,7 @@ import ( "testing" "time" - "github.com/edgelesssys/nunki/internal/memstore" + "github.com/edgelesssys/contrast/internal/memstore" "github.com/stretchr/testify/assert" "go.uber.org/goleak" testingclock "k8s.io/utils/clock/testing" diff --git a/internal/attestation/snp/extensions.go b/internal/attestation/snp/extensions.go index 53814c1a16..ccc50709e7 100644 --- a/internal/attestation/snp/extensions.go +++ b/internal/attestation/snp/extensions.go @@ -6,7 +6,7 @@ import ( "fmt" "math/big" - "github.com/edgelesssys/nunki/internal/oid" + "github.com/edgelesssys/contrast/internal/oid" "github.com/google/go-sev-guest/abi" "github.com/google/go-sev-guest/kds" "github.com/google/go-sev-guest/proto/sevsnp" diff --git a/internal/attestation/snp/issuer.go b/internal/attestation/snp/issuer.go index 76b056fb7d..87f8de2d0e 100644 --- a/internal/attestation/snp/issuer.go +++ b/internal/attestation/snp/issuer.go @@ -14,7 +14,7 @@ import ( "fmt" "log/slog" - "github.com/edgelesssys/nunki/internal/oid" + "github.com/edgelesssys/contrast/internal/oid" "github.com/google/go-sev-guest/client" ) diff --git a/internal/attestation/snp/validator.go b/internal/attestation/snp/validator.go index 626b664bd8..7c05b9e143 100644 --- a/internal/attestation/snp/validator.go +++ b/internal/attestation/snp/validator.go @@ -14,8 +14,8 @@ import ( "fmt" "log/slog" - "github.com/edgelesssys/nunki/internal/logger" - "github.com/edgelesssys/nunki/internal/oid" + "github.com/edgelesssys/contrast/internal/logger" + "github.com/edgelesssys/contrast/internal/oid" "github.com/google/go-sev-guest/abi" "github.com/google/go-sev-guest/proto/sevsnp" "github.com/google/go-sev-guest/validate" diff --git a/internal/ca/ca.go b/internal/ca/ca.go index e16d067ef8..119ae7e5a9 100644 --- a/internal/ca/ca.go +++ b/internal/ca/ca.go @@ -13,7 +13,7 @@ import ( "sync" "time" - "github.com/edgelesssys/nunki/internal/crypto" + "github.com/edgelesssys/contrast/internal/crypto" ) // CA is a cross-signing certificate authority. diff --git a/internal/embedbin/regular.go b/internal/embedbin/regular.go index 8bcbe26353..6479efebf3 100644 --- a/internal/embedbin/regular.go +++ b/internal/embedbin/regular.go @@ -20,7 +20,7 @@ func (r *RegularInstaller) Install(prefix string, contents []byte) (*RegularInst return nil, err } } - file, err := afero.TempFile(r.fs, prefix, "nunki-embedded-binary-*") + file, err := afero.TempFile(r.fs, prefix, "contrast-embedded-binary-*") if err != nil { return nil, err } diff --git a/internal/grpc/atlscredentials/atlscredentials.go b/internal/grpc/atlscredentials/atlscredentials.go index 3c93d46265..8c81046df2 100644 --- a/internal/grpc/atlscredentials/atlscredentials.go +++ b/internal/grpc/atlscredentials/atlscredentials.go @@ -13,7 +13,7 @@ import ( "errors" "net" - "github.com/edgelesssys/nunki/internal/atls" + "github.com/edgelesssys/contrast/internal/atls" "google.golang.org/grpc/credentials" ) diff --git a/internal/grpc/dialer/dialer.go b/internal/grpc/dialer/dialer.go index 697699703f..659e56e725 100644 --- a/internal/grpc/dialer/dialer.go +++ b/internal/grpc/dialer/dialer.go @@ -13,8 +13,8 @@ import ( "net" "time" - "github.com/edgelesssys/nunki/internal/atls" - "github.com/edgelesssys/nunki/internal/grpc/atlscredentials" + "github.com/edgelesssys/contrast/internal/atls" + "github.com/edgelesssys/contrast/internal/grpc/atlscredentials" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" ) diff --git a/internal/logger/logger.go b/internal/logger/logger.go index 8bda0f2588..e1f764c23c 100644 --- a/internal/logger/logger.go +++ b/internal/logger/logger.go @@ -1,9 +1,9 @@ // Package logger provides a slog.Logger that can be configured via environment variables. -// NUNKI_LOG_LEVEL can be used to set the log level. -// NUNKI_LOG_FORMAT can be used to set the log format. +// CONTRAST_LOG_LEVEL can be used to set the log level. +// CONTRAST_LOG_FORMAT can be used to set the log format. // It also offer a slog.Handler that can be used to enable logging on a per-subsystem basis. -// NUNKI_LOG_SUBSYSTEMS can be used to enable logging for specific subsystems. -// If NUNKI_LOG_SUBSYSTEMS has the special value "*", all subsystems are enabled. +// CONTRAST_LOG_SUBSYSTEMS can be used to enable logging for specific subsystems. +// If CONTRAST_LOG_SUBSYSTEMS has the special value "*", all subsystems are enabled. // Otherwise, a comma-separated list of subsystem names can be specified. package logger @@ -17,11 +17,11 @@ import ( const ( // LogLevel is the environment variable used to set the log level. - LogLevel = "NUNKI_LOG_LEVEL" + LogLevel = "CONTRAST_LOG_LEVEL" // LogFormat is the environment variable used to set the log format. - LogFormat = "NUNKI_LOG_FORMAT" + LogFormat = "CONTRAST_LOG_FORMAT" // LogSubsystems is the environment variable used to enable logging for specific subsystems. - LogSubsystems = "NUNKI_LOG_SUBSYSTEMS" + LogSubsystems = "CONTRAST_LOG_SUBSYSTEMS" ) // Default returns a logger configured via environment variables. diff --git a/internal/memstore/memstore_test.go b/internal/memstore/memstore_test.go index 38b64987f9..ff9c9144d2 100644 --- a/internal/memstore/memstore_test.go +++ b/internal/memstore/memstore_test.go @@ -4,7 +4,7 @@ import ( "sync" "testing" - "github.com/edgelesssys/nunki/internal/memstore" + "github.com/edgelesssys/contrast/internal/memstore" "github.com/stretchr/testify/assert" "go.uber.org/goleak" ) diff --git a/internal/meshapi/meshapi.proto b/internal/meshapi/meshapi.proto index bf1e4d253c..e07f191463 100644 --- a/internal/meshapi/meshapi.proto +++ b/internal/meshapi/meshapi.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package meshapi; -option go_package = "github.com/edgelesssys/nunki/internal/meshapi"; +option go_package = "github.com/edgelesssys/contrast/internal/meshapi"; service MeshAPI { rpc NewMeshCert(NewMeshCertRequest) returns (NewMeshCertResponse); diff --git a/internal/userapi/userapi.proto b/internal/userapi/userapi.proto index 37e1b7cf3f..9f4c1ea236 100644 --- a/internal/userapi/userapi.proto +++ b/internal/userapi/userapi.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package userapi; -option go_package = "github.com/edgelesssys/nunki/internal/userapi"; +option go_package = "github.com/edgelesssys/contrast/internal/userapi"; service UserAPI { rpc SetManifest(SetManifestRequest) returns (SetManifestResponse); diff --git a/justfile b/justfile index 622e9430da..28b3438962 100644 --- a/justfile +++ b/justfile @@ -3,24 +3,24 @@ default target=default_deploy_target cli=default_cli: undeploy coordinator initi # Build the coordinator, containerize and push it. coordinator: - nix run .#containers.push-coordinator -- "$container_registry/nunki/coordinator" + nix run .#containers.push-coordinator -- "$container_registry/contrast/coordinator" # Build the openssl container and push it. openssl: - nix run .#containers.push-openssl -- "$container_registry/nunki/openssl" + nix run .#containers.push-openssl -- "$container_registry/contrast/openssl" # Build the port-forwarder container and push it. port-forwarder: - nix run .#containers.push-port-forwarder -- "$container_registry/nunki/port-forwarder" + nix run .#containers.push-port-forwarder -- "$container_registry/contrast/port-forwarder" service-mesh-proxy: - nix run .#containers.push-service-mesh-proxy -- "$container_registry/nunki/service-mesh-proxy" + nix run .#containers.push-service-mesh-proxy -- "$container_registry/contrast/service-mesh-proxy" # Build the initializer, containerize and push it. initializer: - nix run .#containers.push-initializer -- "$container_registry/nunki/initializer" + nix run .#containers.push-initializer -- "$container_registry/contrast/initializer" -default_cli := "nunki.cli" +default_cli := "contrast.cli" default_deploy_target := "simple" workspace_dir := "workspace" @@ -35,14 +35,14 @@ generate target=default_deploy_target cli=default_cli: rm -rf ./{{ workspace_dir }}/* case {{ target }} in "simple") - nix shell .#nunki --command resourcegen {{ target }} ./{{ workspace_dir }}/deployment/deployment.yml + nix shell .#contrast --command resourcegen {{ target }} ./{{ workspace_dir }}/deployment/deployment.yml ;; *) cp -R ./deployments/{{ target }} ./{{ workspace_dir }}/deployment ;; esac echo "{{ target }}${namespace_suffix-}" > ./{{ workspace_dir }}/just.namespace - nix run .#scripts.patch-nunki-image-hashes -- ./{{ workspace_dir }}/deployment + nix run .#scripts.patch-contrast-image-hashes -- ./{{ workspace_dir }}/deployment nix run .#kypatch images -- ./{{ workspace_dir }}/deployment \ --replace ghcr.io/edgelesssys ${container_registry} nix run .#kypatch namespace -- ./{{ workspace_dir }}/deployment \ @@ -167,8 +167,8 @@ get-credentials: # Load the kubeconfig from the CI AKS cluster. get-credentials-ci: nix run .#azure-cli -- aks get-credentials \ - --resource-group "nunki-ci" \ - --name "nunki-ci" \ + --resource-group "contrast-ci" \ + --name "contrast-ci" \ --admin # Destroy a running AKS cluster. @@ -192,9 +192,9 @@ demodir cli=default_cli: undeploy coordinator initializer d=$(mktemp -d) echo "Creating demo directory at ${d}" nix build .#{{ cli }} - cp ./result-cli/bin/nunki "${d}/nunki" + cp ./result-cli/bin/contrast "${d}/contrast" cp -R ./deployments/emojivoto "${d}/deployment" - nix run .#scripts.patch-nunki-image-hashes -- "${d}/deployment" + nix run .#scripts.patch-contrast-image-hashes -- "${d}/deployment" nix run .#kypatch images -- "${d}/deployment" \ --replace ghcr.io/edgelesssys ${container_registry} echo "Demo directory ready at ${d}" @@ -221,9 +221,9 @@ azure_resource_group="" # Namespace suffix, can be empty. Will be used when patching namespaces. namespace_suffix="" # Cache directory for the CLI. -NUNKI_CACHE_DIR="./workspace.cache" +CONTRAST_CACHE_DIR="./workspace.cache" # Log level for the CLI. -NUNKI_LOG_LEVEL="" +CONTRAST_LOG_LEVEL="" ''' # Developer onboarding. diff --git a/packages/by-name/cli-release/package.nix b/packages/by-name/cli-release/package.nix index b0c1ce2af4..a82a4ad0aa 100644 --- a/packages/by-name/cli-release/package.nix +++ b/packages/by-name/cli-release/package.nix @@ -1,10 +1,10 @@ { lib -, nunki +, contrast , genpolicy-msft , genpolicy ? genpolicy-msft }: -(nunki.overrideAttrs (_finalAttrs: previousAttrs: { +(contrast.overrideAttrs (_finalAttrs: previousAttrs: { prePatch = '' install -D ${lib.getExe genpolicy} cli/cmd/assets/genpolicy install -D ${genpolicy.settings}/genpolicy-settings.json cli/cmd/assets/genpolicy-settings.json diff --git a/packages/by-name/nunki/package.nix b/packages/by-name/contrast/package.nix similarity index 87% rename from packages/by-name/nunki/package.nix rename to packages/by-name/contrast/package.nix index b5e293aa20..572493ce39 100644 --- a/packages/by-name/nunki/package.nix +++ b/packages/by-name/contrast/package.nix @@ -3,12 +3,12 @@ , buildGoTest , genpolicy-msft , genpolicy ? genpolicy-msft -, nunki +, contrast }: let e2e = buildGoTest rec { - inherit (nunki) version src proxyVendor vendorHash prePatch CGO_ENABLED; - pname = "${nunki.pname}-e2e"; + inherit (contrast) version src proxyVendor vendorHash prePatch CGO_ENABLED; + pname = "${contrast.pname}-e2e"; tags = [ "e2e" ]; @@ -21,7 +21,7 @@ let in buildGoModule rec { - pname = "nunki"; + pname = "contrast"; version = builtins.readFile ../../../version.txt; outputs = packageOutputs ++ [ "out" ]; @@ -78,11 +78,11 @@ buildGoModule rec { mv "$out/bin/$sub" "''${!sub}/bin/$sub" done - # rename the cli binary to nunki - mv "$cli/bin/cli" "$cli/bin/nunki" + # rename the cli binary to contrast + mv "$cli/bin/cli" "$cli/bin/contrast" ''; passthru.e2e = e2e; - meta.mainProgram = "nunki"; + meta.mainProgram = "contrast"; } diff --git a/packages/containers.nix b/packages/containers.nix index d0bae24962..6e5f954894 100644 --- a/packages/containers.nix +++ b/packages/containers.nix @@ -18,27 +18,27 @@ let containers = { coordinator = dockerTools.buildImage { name = "coordinator"; - tag = "v${nunki.version}"; + tag = "v${contrast.version}"; copyToRoot = with dockerTools; [ caCertificates ]; config = { - Cmd = [ "${nunki.coordinator}/bin/coordinator" ]; + Cmd = [ "${contrast.coordinator}/bin/coordinator" ]; Env = [ "PATH=/bin" ]; # This is only here for policy generation. }; }; initializer = dockerTools.buildImage { name = "initializer"; - tag = "v${nunki.version}"; + tag = "v${contrast.version}"; copyToRoot = with dockerTools; [ caCertificates ]; config = { - Cmd = [ "${nunki.initializer}/bin/initializer" ]; + Cmd = [ "${contrast.initializer}/bin/initializer" ]; Env = [ "PATH=/bin" ]; # This is only here for policy generation. }; }; openssl = dockerTools.buildImage { name = "openssl"; - tag = "v${nunki.version}"; + tag = "v${contrast.version}"; copyToRoot = [ bash bashInteractive @@ -56,7 +56,7 @@ let port-forwarder = dockerTools.buildImage { name = "port-forwarder"; - tag = "v${nunki.version}"; + tag = "v${contrast.version}"; copyToRoot = [ bash socat ]; }; diff --git a/packages/scripts.nix b/packages/scripts.nix index 60fbcce630..799e31880e 100644 --- a/packages/scripts.nix +++ b/packages/scripts.nix @@ -31,7 +31,7 @@ with pkgs; # All binaries of the local Go module share the same builder, # we only need to update one of them to update the vendorHash # of the builder. - nix-update --version=skip --flake legacyPackages.x86_64-linux.nunki.cli + nix-update --version=skip --flake legacyPackages.x86_64-linux.contrast.cli ''; }; @@ -47,8 +47,8 @@ with pkgs; text = ''golangci-lint "$@"''; }; - patch-nunki-image-hashes = writeShellApplication { - name = "patch-nunki-image-hashes"; + patch-contrast-image-hashes = writeShellApplication { + name = "patch-contrast-image-hashes"; runtimeInputs = [ crane kypatch @@ -72,11 +72,11 @@ with pkgs; serviceMeshProxyHash=$(crane digest --tarball "$tmpdir/service-mesh-proxy.tar") kypatch images "$targetPath" \ - --replace "nunki/coordinator:latest" "nunki/coordinator@$coordHash" \ - --replace "nunki/initializer:latest" "nunki/initializer@$initHash" \ - --replace "nunki/openssl:latest" "nunki/openssl@$opensslHash" \ - --replace "nunki/port-forwarder:latest" "nunki/port-forwarder@$forwarderHash" \ - --replace "nunki/service-mesh-proxy:latest" "nunki/service-mesh-proxy@$serviceMeshProxyHash" + --replace "contrast/coordinator:latest" "contrast/coordinator@$coordHash" \ + --replace "contrast/initializer:latest" "contrast/initializer@$initHash" \ + --replace "contrast/openssl:latest" "contrast/openssl@$opensslHash" \ + --replace "contrast/port-forwarder:latest" "contrast/port-forwarder@$forwarderHash" \ + --replace "contrast/service-mesh-proxy:latest" "contrast/service-mesh-proxy@$serviceMeshProxyHash" ''; }; @@ -141,7 +141,7 @@ with pkgs; ''; }; - # write-coordinator-yaml prints a Nunki Coordinator deployment including the default policy. + # write-coordinator-yaml prints a Contrast Coordinator deployment including the default policy. # It's intended for two purposes: (1) releasing a portable coordinator.yaml and (2) updating the embedded policy hash. write-coordinator-yaml = writeShellApplication { name = "write-coordinator-policy"; diff --git a/service-mesh/go.mod b/service-mesh/go.mod index 48ed11a335..be229a7a18 100644 --- a/service-mesh/go.mod +++ b/service-mesh/go.mod @@ -1,4 +1,4 @@ -module github.com/edgelesssys/nunki/service-mesh +module github.com/edgelesssys/contrast/service-mesh go 1.21 diff --git a/tools/parsesnp.go b/tools/parsesnp.go index e8f6469bac..570ac12729 100644 --- a/tools/parsesnp.go +++ b/tools/parsesnp.go @@ -7,7 +7,7 @@ import ( "io" "os" - "github.com/edgelesssys/nunki/internal/logger" + "github.com/edgelesssys/contrast/internal/logger" "github.com/google/go-sev-guest/abi" )