Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let Coordinator serve monotonic counters to Marbles #741

Merged
merged 4 commits into from
Oct 9, 2024
Merged

Let Coordinator serve monotonic counters to Marbles #741

merged 4 commits into from
Oct 9, 2024

Conversation

thomasten
Copy link
Member

This adds monotonic counters managed by the Coordinator, which Marbles can obtain via the client API.
A counter is bound to Marble type and UUID, as well as a name defined by the Marble developer.

Proposed changes

  • Add Marble type as extension to Marble certificate so that the client API can obtain it
  • Add monotonic-counter endpoint to Coordinator
  • Add function to Go API
  • Add EStore example with monotonic counter

@netlify Netlify
Copy link

netlify bot commented Oct 7, 2024
edited
Loading

Deploy Preview for marblerun-docs canceled.

Name Link
🔨 Latest commit c194077
🔍 Latest deploy log https://app.netlify.com/sites/marblerun-docs/deploys/6706427f9fb7c5000864f598

daniel-weisse
daniel-weisse approved these changes Oct 8, 2024
View reviewed changes
coordinator/core/marbleapi.go Outdated
Comment on lines 162 to 168
// Add Coordinator root cert to env so that Marbles can use the Coordinator client API
coordinatorRootCert, err := getCoordinatorRootCertAsPEM(txdata)
if err != nil {
c.log.Error("Couldn't retrieve Coordinator root certificate", zap.Error(err))
return nil, status.Errorf(codes.Internal, "retrieving Coordinator root certificate: %s", err)
}
params.Env[globalconstants.MarbleEnvironmentCoordinatorRootCA] = coordinatorRootCert
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should do this in customizeParameters where we already add other certificates to env variables

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you prefer passing txdata to customizeParameters or passing coordinatorRootCert and moving just the last line into customizeParameters?

Copy link
Member

@daniel-weisse daniel-weisse Oct 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We currently use the reservedSecrets struct to pass around marble and (intermediate) root certificates, lets add it there.
That would also allow us to reference the "true" root certificate in the manifest through {{ .MarbleRun.<certName> }}

not entirely sure what to call the cert yet, since we also reserved RootCA for the Marble Root certificate.
Maybe CoordinatorRoot could work here

samples/estore/README.md Outdated Show resolved Hide resolved
samples/estore/README.md Outdated Show resolved Hide resolved
@thomasten thomasten merged commit f829c77 into master Oct 9, 2024
9 of 10 checks passed
@thomasten thomasten deleted the t/count branch October 9, 2024 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel-weisse daniel-weisse daniel-weisse approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thomasten @daniel-weisse