Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prepare for 0.7.2 #685

Merged
merged 27 commits into from
Jan 22, 2019
Merged

Prepare for 0.7.2 #685

merged 27 commits into from
Jan 22, 2019

Commits on Jan 22, 2019

  1. Bump to 0.7.2-dev 

    Signed-off-by: Evan Gilman <[email protected]>
    @evan2645
    evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    d2c77c0 View commit details
    Browse the repository at this point in the history

  2. Add go-modules to build system 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    05aa15b View commit details
    Browse the repository at this point in the history

  3. Removing dep-related commands and files 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    77f79a0 View commit details
    Browse the repository at this point in the history

  4. incorrect syntax for aws_iid resolver example in docs 

    updated example
from: arn:aws:iam::123456789012:instance-profile/Blog
to: iamrole:arn:aws:iam::123456789012:instance-profile/Blog

Signed-off-by: David Gervais <[email protected]>
    @dgervais @evan2645
    dgervais authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    b408737 View commit details
    Browse the repository at this point in the history

  5. deprecate use of github.com/satori/go.uuid for github.com/gofrs/uuid 

    Gopkg.toml version of [email protected] did not include non-random uuid fix:
satori/go.uuid#73

also, deprecation notice for satori/go.uuid posted via issue:
satori/go.uuid#84

community recommended replacement is available at github.com/gofrs/uuid

* updated Gopkg.toml to use github.com/gofrs/uuid @ 3.1.2
* rebuilt Gopkg.lock
* incorporate symmantics of uuid.NewV4() can return error

Signed-off-by: David Gervais <[email protected]>
    @dgervais @evan2645
    dgervais authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    bbcd670 View commit details
    Browse the repository at this point in the history

  6. Makefile refactor, adding help target 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    acf0492 View commit details
    Browse the repository at this point in the history

  7. Updating documentation 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    395fe58 View commit details
    Browse the repository at this point in the history

  8. Updating gofrs to use modules 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    26702ea View commit details
    Browse the repository at this point in the history

  9. Removing missing dep references 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    afbfea1 View commit details
    Browse the repository at this point in the history

  10. Dont allow agents to specify X509-SVID Subject 

    Currently, SPIRE server signs certificates using the subject specified
in the CSR. Since SPIRE has no way of actually validating this
information, it should not be included.

The agent generates CSRs with a hardcoded Subject. As a quick fix, this
commit uses the same hardcoded Subject except it is set on the server
side directly.

Signed-off-by: Evan Gilman <[email protected]>
    @evan2645
    evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    e6e639b View commit details
    Browse the repository at this point in the history

  11. Adding new module for tools/utils 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    955c7d4 View commit details
    Browse the repository at this point in the history

  12. registration API auth via SPIFFE 

    - added "admin" flag to registration entries
- updated CLI to support "admin" flag
- refactored registration handler tests to unify code and remove mocking

Signed-off-by: Andrew Harding <[email protected]>
    @azdagron @evan2645
    azdagron authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    cd962b6 View commit details
    Browse the repository at this point in the history

  13. Move utils to tools folder (recommended name) 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    d01f0fd View commit details
    Browse the repository at this point in the history

  14. Run 'go mod tidy' in tools module 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    8ba3a12 View commit details
    Browse the repository at this point in the history

  15. refactor to require handler to handle authorization 

    Signed-off-by: Andrew Harding <[email protected]>
    @azdagron @evan2645
    azdagron authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    b69a8c6 View commit details
    Browse the repository at this point in the history

  16. additional error info when no auth implemented 

    Signed-off-by: Andrew Harding <[email protected]>
    @azdagron @evan2645
    azdagron authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    c496148 View commit details
    Browse the repository at this point in the history

  17. Selecting node resolver based on attestation type 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    5f0d8b4 View commit details
    Browse the repository at this point in the history

  18. Improve test cases based on PR comments 

    Signed-off-by: Marcos G. Yedro <[email protected]>
    @marcosy @evan2645
    marcosy authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    6bf97a9 View commit details
    Browse the repository at this point in the history

  19. Fix debug message formatting in node resolver 

    Signed-off-by: Scott Emmons <[email protected]>
    @evan2645
    Scott Emmons authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    c84765c View commit details
    Browse the repository at this point in the history

  20. proto/agent/keymanager: Add StorePrivateKey to plugin API 

    Signed-off-by: R. Tyler Julian <[email protected]>
    @evan2645
    R. Tyler Julian authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    1d8c5b1 View commit details
    Browse the repository at this point in the history

  21. pkg/agent: Update KeyManager implementations and svid rotator logic 

    Signed-off-by: R. Tyler Julian <[email protected]>
    @evan2645
    R. Tyler Julian authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    8f0ea4e View commit details
    Browse the repository at this point in the history

  22. agent/svid: Refactor key storage, add atomic disk writes 

    Signed-off-by: R. Tyler Julian <[email protected]>
    @evan2645
    R. Tyler Julian authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    bee8f6f View commit details
    Browse the repository at this point in the history

  23. Fixup protobuf docs 

    Signed-off-by: R. Tyler Julian <[email protected]>
    @evan2645
    R. Tyler Julian authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    ed378c6 View commit details
    Browse the repository at this point in the history

  24. Fix agent keymanager protobuf generation 

    Signed-off-by: R. Tyler Julian <[email protected]>
    @evan2645
    R. Tyler Julian authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    9ad67c8 View commit details
    Browse the repository at this point in the history

  25. agent/nodeattestor/gcp: Use FQDN to find metadata server 

    In GCP node attestation, we request the instance identity token using
the `metadata` DNS record. This uses `/etc/resolv.conf` to expand into
`metadata.google.internal`; however, this means that node attestation
has a dependency on GCP's default resolution, which makes it difficult
for consumers with custom DNS resolvers.

```
$ cat /etc/resolv.conf
domain foo.internal
search foo.internal. google.internal.
nameserver 169.254.169.254
```

This change removes the dependency on `/etc/resolv.conf` by querying the
metadata server using its FQDN `metadata.google.internal`.

Signed-off-by: R. Tyler Julian <[email protected]>
    @evan2645
    R. Tyler Julian authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    c03b9c5 View commit details
    Browse the repository at this point in the history

  26. agent/common/cgroups: Move cgroup logic from k8s attestor to common 

    This change moves cgroup-related logic in the k8s plugin to a shared
agentutil package, since workload attestation using other docker-based
orchestration platforms needs to do similar cgroup lookups.

Signed-off-by: R. Tyler Julian <[email protected]>
    @evan2645
    R. Tyler Julian authored and evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    1adef15 View commit details
    Browse the repository at this point in the history

  27. Fix node api handler test following conflict resolution 

    Looks like I flubbed some of the conflict resolution when cherry-picking
from master. This small commit corrects the error and pulls the node api
handler tests up to equal the contents in master.

Signed-off-by: Evan Gilman <[email protected]>
    @evan2645
    evan2645 committed Jan 22, 2019
    Configuration menu
    Copy the full SHA
    3be05dc View commit details
    Browse the repository at this point in the history