Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add explicit trust establishment #383

Merged
merged 29 commits into from
Oct 8, 2024
Merged

Add explicit trust establishment #383

merged 29 commits into from
Oct 8, 2024

Commits on Oct 4, 2024

  1. go: Use latest dependencies 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    8e0920d View commit details
    Browse the repository at this point in the history

  2. service: Add EFF wordlist 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    3f9ca3a View commit details
    Browse the repository at this point in the history

  3. api/session: Add session API endpoints 

    The session API endpoints allow the local microcloud client to start a new session by
connecting to the local unix socket and establishing a websocket connection.

Remote systems that want to join the current cluster use the join endpoint whose intents
are getting relayed into the websocket connection.

Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    f04787b View commit details
    Browse the repository at this point in the history

  4. service: Add session concept 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    3a98ec7 View commit details
    Browse the repository at this point in the history

  5. client: Add the WebsocketGateway 

    This wrapper allows to easily consume and write messages from and to an active websocket connection

Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    21abafb View commit details
    Browse the repository at this point in the history

  6. api/services: Use the authHandlerMTLS func 

    Use the renamed auth handler and make sure to never allow untrusted requests.

Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    8445749 View commit details
    Browse the repository at this point in the history

  7. api/auth: Allow temporary trust store and HMAC authentication 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    a100d4d View commit details
    Browse the repository at this point in the history

  8. client: Replace secret with HMAC 

    Allow authenticating to a remote using an HMAC in two stages:
* unverified mTLS: both sides don't know each other
* partially verified mTLS: one side knows the other

Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    9030f3f View commit details
    Browse the repository at this point in the history

  9. client: Add new StartSession and JoinIntent client functions 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    8174d83 View commit details
    Browse the repository at this point in the history

  10. mdns: Lookup only a single system and increase the version number 

    This reworks the mDNS code to support looking up only a single system over the configured
lookup interface which matches the one used by the local MicroCloud's listen address.
It has the added effect that we can also get rid of the Interface field in the ServerInfo struct.

In addition the broadcast version number is increased to prevent collissions with earlier versions of MicroCloud.

Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    237829d View commit details
    Browse the repository at this point in the history

  11. service: Remove secret 

    This removes the secret used for client calls and puts the temporary trust store
certificate into place for pre-init request scenarios.

In addition this ensures that some of the methods like RemoteClusterMembers
can be invoked both during pre-init and after joining the cluster in case
a custom remote certificate is provided.
After pre-init is required for adding services to MicroCloud.

Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    7c413f2 View commit details
    Browse the repository at this point in the history

  12. service: Add session concept and remove service level mDNS 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    8c79d86 View commit details
    Browse the repository at this point in the history

  13. cmd/microcloud: Add join and preseed subcommands 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    61751b6 View commit details
    Browse the repository at this point in the history

  14. cmd/microcloud: Add ask utilities and replace secret in client calls 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    0f54bba View commit details
    Browse the repository at this point in the history

  15. cmd/microcloud: Use session concept for init 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    a2ef02f View commit details
    Browse the repository at this point in the history

  16. cmd/microcloud: Use session concept for add 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    cd814e2 View commit details
    Browse the repository at this point in the history

  17. cmd/microcloud: Add join subcommand 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    147355f View commit details
    Browse the repository at this point in the history

Commits on Oct 7, 2024

  1. cmd/microcloud: Move preseed code into its own subcommand 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    e29abc8 View commit details
    Browse the repository at this point in the history

  2. cmd/microcloud/preseed: Update test 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    276dd98 View commit details
    Browse the repository at this point in the history

  3. cmd/microcloud: Add initiating and joining session handlers for the CLI 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    c8dafac View commit details
    Browse the repository at this point in the history

  4. cmd/microcloudd: Remove secret and mDNS from daemon 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    61a25f4 View commit details
    Browse the repository at this point in the history

  5. doc: Apply trust establishment changes to the init, add and preseed docs 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    6e6a1a4 View commit details
    Browse the repository at this point in the history

  6. test/includes: Add capture_and_join 

    This new func allows extracting the passphrase from the stdout of 'microcloud init'
and running multiple 'microcloud join' using this passphrase in interactive mode.

Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    d347a7d View commit details
    Browse the repository at this point in the history

  7. test/suites: Rework preseed to work with explicit trust establishment 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    459ff56 View commit details
    Browse the repository at this point in the history

  8. test/suites: Rework add to work with explicit trust establishment 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    91e2452 View commit details
    Browse the repository at this point in the history

  9. test/suites: Rework recover to work with explicit trust establishment 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    c522ff0 View commit details
    Browse the repository at this point in the history

  10. test/suites: Rework basic to work with explicit trust establishment 

    Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    f9322a3 View commit details
    Browse the repository at this point in the history

  11. cmd/microcloud: Always join the MicroCloud microcluster first 

    Also move the join message out of waitForJoin to not indicate a join
if not all of the peers clusters are joined.

Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    aa54fb6 View commit details
    Browse the repository at this point in the history

  12. test/suites/basic: Use openvswitch bridge driver for IPv6 tests 

    This ensures the mDNS multicast traffic flowing between the nodes isn't interrupted as
this behavior was observed on the GitHub runners.

Signed-off-by: Julian Pelizäus <[email protected]>
    @roosterfish
    roosterfish committed Oct 7, 2024
    Configuration menu
    Copy the full SHA
    46fd760 View commit details
    Browse the repository at this point in the history