Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secure set manifest endpoint #136

Merged
merged 8 commits into from
Feb 12, 2024
Merged

secure set manifest endpoint #136

merged 8 commits into from
Feb 12, 2024

Conversation

malt3
Copy link
Contributor

@malt3 malt3 commented Feb 8, 2024

Implements rfc 002.

@malt3 malt3 force-pushed the feat/secure-set-manifest-endpoint branch from d91b12b to fc61ae2 Compare February 8, 2024 09:10
@malt3 malt3 marked this pull request as ready for review February 8, 2024 09:58
@malt3 malt3 requested a review from katexochen as a code owner February 8, 2024 09:58
@katexochen katexochen requested a review from 3u13r February 8, 2024 12:12
katexochen
katexochen reviewed Feb 8, 2024
View reviewed changes
Copy link
Member

@katexochen katexochen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job! 🐳

coordinator/coordapi.go Outdated Show resolved Hide resolved
coordinator/coordapi.go Outdated Show resolved Hide resolved
coordinator/coordapi.go Outdated Show resolved Hide resolved
malt3 added 2 commits February 8, 2024 16:04
@malt3
manifest: add workloadOwnerKeys
39f0a7a
@malt3
atls: always request a client cert
680e110 
This allows the use of mTLS with clients that use regular TLS certs and
enables optional TLS verification of selected RPCs.
@malt3 malt3 force-pushed the feat/secure-set-manifest-endpoint branch from fce783c to b8c2199 Compare February 8, 2024 15:11
@malt3
coordapi: secure SetManifest RPC
bbe1914 
Validates client certificate according to the following state machine:

- In the initial state, with no manifest set, cert validation is
  not performed and a client cert is optional
- Afterwards, clients need to send a cert with a public key that is
  included in the manifests list of workload owner keys
- An empty list of workload owner keys in the manifests prevents
  any manifest updates
@malt3 malt3 force-pushed the feat/secure-set-manifest-endpoint branch from b8c2199 to 0ea6f4c Compare February 8, 2024 15:24
@katexochen katexochen force-pushed the main branch 2 times, most recently from 2aaf78e to 5b4eb97 Compare February 9, 2024 13:39
3u13r
3u13r requested changes Feb 9, 2024
View reviewed changes
cli/generate.go Show resolved Hide resolved
cli/generate.go Show resolved Hide resolved
cli/generate.go Show resolved Hide resolved
cli/set.go Show resolved Hide resolved
cli/set.go Outdated Show resolved Hide resolved
coordinator/coordapi_test.go Outdated Show resolved Hide resolved
@malt3 malt3 force-pushed the feat/secure-set-manifest-endpoint branch from 0ea6f4c to 4da3adf Compare February 9, 2024 17:07
@malt3 malt3 requested a review from 3u13r February 12, 2024 07:43
3u13r
3u13r requested changes Feb 12, 2024
View reviewed changes
cli/generate.go Show resolved Hide resolved
@malt3 malt3 force-pushed the feat/secure-set-manifest-endpoint branch from 4da3adf to 49201d7 Compare February 12, 2024 12:23
3u13r
3u13r approved these changes Feb 12, 2024
View reviewed changes
Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@malt3 malt3 merged commit 606e2c2 into main Feb 12, 2024
5 checks passed
@malt3 malt3 deleted the feat/secure-set-manifest-endpoint branch February 12, 2024 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katexochen katexochen katexochen approved these changes

@3u13r 3u13r 3u13r approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@malt3 @3u13r @katexochen