search

edgelesssys / constellation

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
GNU Affero General Public License v3.0
939 stars 48 forks source link

api: make attestationconfigapi public #3337

Closed elchead closed 2 weeks ago

elchead commented 4 weeks ago

Context

The continuum project relies also relies on the attestationconfigapi. So far, the code was duplicated. As agreed upon in chat, the package should be made public to be reused in other projects.

Proposed change(s)

Additional info

Checklist

netlify[bot] commented 4 weeks ago

Deploy Preview for constellation-docs canceled.

Name Link
Latest commit e4bc426dc212cf5fb7989d347eb981167b996596
Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/66e038310bb0f80008e200d7
elchead commented 3 weeks ago

Testing e2e verify: https://github.com/edgelesssys/constellation/actions/runs/10788448192

msanft commented 3 weeks ago

I'm kind of thinking that this should actually be in its very own repo. If we keep "lending" packages around our projects, it will get messy (circular) at some point.

elchead commented 3 weeks ago

I'm kind of thinking that this should actually be in its very own repo. If we keep "lending" packages around our projects, it will get messy (circular) at some point.

In the long term yes, but I'm not sure if we should start this for one tiny library now.

github-actions[bot] commented 3 weeks ago

Coverage report

Package Old New Trend
api/attestationconfig 0.00% 45.00% :new:
api/attestationconfig/internal/cli 0.00% 0.00% :new:
api/attestationconfig/internal/cli/client 0.00% 7.10% :new:
cli/internal/cmd 41.10% 41.10% :construction:
debugd/internal/cdbg/cmd 0.00% 0.00% :construction:
hack/gocoverage 59.20% 59.20% :left_right_arrow:
hack/image-fetch 0.70% 0.70% :construction:
internal/config 67.00% 67.00% :left_right_arrow:
internal/verify 7.90% 7.90% :construction:
terraform-provider-constellation/internal/provider 3.50% 3.50% :construction:
katexochen commented 3 weeks ago

What are the stability guarantees the new public API will provide?

elchead commented 3 weeks ago

What are the stability guarantees the new public API will provide?

The API is backed by an S3 bucket that is versioned (v1). Older SDK versions should always remain compatible with the v1 S3 bucket. Any breaking changes, for newer SDK versions, would be stored in a v2 subpath of the bucket. wdyt?

elchead commented 2 weeks ago

We decided to not do this and instead copy the code if needed.