Affected by GO-2023-1583 and 2 other vulnerabilities

GO-2023-1583: User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation

GO-2023-1622: Constellation allows Emergency shell access during initramfs boot phase in github.com/edgelesssys/constellation

GO-2024-2727: Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation

initserver

package

v2.4.0-pre Latest Latest Go to latest Published: Dec 12, 2022 License: AGPL-3.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgelesssys/constellation

Documentation ¶

Index ¶

type ClusterInitializer
type IssuerWrapper
- func NewIssuerWrapper(issuer atls.Issuer, vmType vmtype.VMType, idkeydigest []byte) IssuerWrapper
- func (i *IssuerWrapper) IDKeyDigest() []byte
- func (i *IssuerWrapper) VMType() vmtype.VMType
type MetadataAPI
type Server
- func New(ctx context.Context, lock locker, kube ClusterInitializer, ...) (*Server, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClusterInitializer ¶

type ClusterInitializer interface {
	// InitCluster initializes a new Kubernetes cluster.
	InitCluster(
		ctx context.Context,
		cloudServiceAccountURI string,
		k8sVersion string,
		measurementSalt []byte,
		enforcedPcrs []uint32,
		enforceIDKeyDigest bool,
		idKeyDigest []byte,
		azureCVM bool,
		helmDeployments []byte,
		conformanceMode bool,
		kubernetesComponents versions.ComponentVersions,
		log *logger.Logger,
	) ([]byte, error)
}

ClusterInitializer has the ability to initialize a cluster.

type IssuerWrapper ¶

type IssuerWrapper struct {
	atls.Issuer
	// contains filtered or unexported fields
}

IssuerWrapper adds VM type context to an issuer to distinguish between confidential and trusted launch VMs.

func NewIssuerWrapper ¶

func NewIssuerWrapper(issuer atls.Issuer, vmType vmtype.VMType, idkeydigest []byte) IssuerWrapper

NewIssuerWrapper creates a new issuer with VM type context.

func (*IssuerWrapper) IDKeyDigest ¶

func (i *IssuerWrapper) IDKeyDigest() []byte

IDKeyDigest returns the ID key digest.

func (*IssuerWrapper) VMType ¶

func (i *IssuerWrapper) VMType() vmtype.VMType

VMType returns the VM type.

type MetadataAPI ¶ added in v2.3.0

type MetadataAPI interface {
	// InitSecretHash returns the initSecretHash of the instance.
	InitSecretHash(ctx context.Context) ([]byte, error)
}

MetadataAPI provides information about the instances.

type Server ¶

type Server struct {
	initproto.UnimplementedAPIServer
	// contains filtered or unexported fields
}

Server is the initialization server, which is started on each node. The server handles initialization calls from the CLI and initializes the Kubernetes cluster.

func New ¶

func New(ctx context.Context, lock locker, kube ClusterInitializer, issuerWrapper IssuerWrapper, fh file.Handler, metadata MetadataAPI, log *logger.Logger) (*Server, error)

New creates a new initialization server.

func (*Server) Init ¶

func (s *Server) Init(ctx context.Context, req *initproto.InitRequest) (*initproto.InitResponse, error)

Init initializes the cluster.

func (*Server) Serve ¶

func (s *Server) Serve(ip, port string, cleaner cleaner) error

Serve starts the initialization server.

func (*Server) Stop ¶

func (s *Server) Stop()

Stop stops the initialization server gracefully.

Source Files ¶

View all Source files

initserver.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL