constellation/CONTRIBUTING.md
2022-09-02 11:52:42 +02:00

7.8 KiB

First steps

Thank you for getting involved! Before you start, please familiarize yourself with the documentation.

Please follow our Code of Conduct when interacting with this project.

If you want to support our development:

Constellation is licensed under the AGPL. When contributing, you also need to agree to our Contributor License Agreement.

Development guidelines

Adhere to the style and best practices described in Effective Go. Read Common Review Comments for further information.

Pull request process

Submissions should remain focused in scope and avoid containing unrelated commits. For pull requests, we employ the following workflow:

  1. Fork the repository to your own GitHub account
  2. Create a branch locally with a descriptive name
  3. Commit changes to the branch
  4. Write your code according to our development guidelines
  5. Push changes to your fork
  6. Clean up your commit history
  7. Open a PR in our repository and summarize the changes in the description

Reporting issues and bugs, asking questions

This project uses the GitHub issue tracker. Please check the existing issues before submitting to avoid duplicates.

To report a security issue, contact security@edgeless.systems.

Your bug report should cover the following points:

  • A quick summary and/or background of the issue
  • Steps to reproduce (be specific, e.g., provide sample code)
  • What you expected would happen
  • What actually happens
  • Further notes:
    • Thoughts on possible causes
    • Tested workarounds or fixes

Major changes and feature requests

You should discuss larger changes and feature requests with the maintainers. Please open an issue describing your plans.

Run CI e2e tests

Repository Layout

Core components:

  • access_manager: Contains the access-manager pod used to persist SSH users based on a K8s ConfigMap
  • cli: The CLI is used to manage a Constellation cluster
  • bootstrapper: The bootstrapper is a node agent whose most important task is to bootstrap a node
  • image: Build files for the Constellation disk image
  • kms: Constellation's key management client and server
  • mount: Package used by CSI plugins to create and mount encrypted block devices
  • state: Contains the disk-mapper that maps the encrypted node data disk during boot

Development components:

  • 3rdparty: Contains the third party dependencies used by Constellation
  • conformance: Kubernetes conformance tests
  • debugd: Debug daemon and client
  • hack: Development tools
  • proto: Proto files generator
  • terraform: Infrastructure management using terraform (instead of constellation create/destroy)
    • libvirt: Deploy local cluster using terraform, libvirt and QEMU

Additional repositories:

Build

Prerequisites:

  • Go 1.18

  • Docker

  • Packages on Ubuntu:

    sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev
    
  • Packages on Fedora:

    sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel
    
mkdir build
cd build
cmake ..
make -j`nproc`

Testing

You can run all integration and unitttests like this:

ctest -j `nproc`

Debug Images

⚠️ These images are not safe to use in production environments. ⚠️

As described in debugd, it is possible to use a CoreOS image targeted at dev environments. This image allows to upload any bootstrapper using cdbg.

To enable the upload, an additional unsecured port (4000) is opened which accepts any binary to be run on target machine. Make sure that this machine is not exposed to the internet.

Cloud credentials

Using the CLI requires the user to make authorized API calls to the CSP API. See the docs for configuration.

Deploying a locally compiled bootstrapper binary

By default, constellation create ... will spawn cloud provider instances with a pre-baked bootstrapper binary. For testing, you can use the constellation debug daemon (debugd) to upload your local bootstrapper binary to running instances and to obtain SSH access. Follow this introduction on how to install and setup cdbg

Development Guides

Deployment Guides

Linting

This projects uses golangci-lint for linting. You can install golangci-lint locally, but there is also a CI action to ensure compliance.

To locally run all configured linters, execute

golangci-lint run ./...

It is also recommended to use golangci-lint (and gofumpt as formatter) in your IDE, by adding the recommended VS Code Settings or by configuring it yourself

Nested Go modules

As this project contains nested Go modules, it is recommended to create a local Go workspace, so your IDE can lint multiple modules at once.

go 1.18

use (
 .
 ./hack
 ./operators/constellation-node-operator
)

You can find an introduction in the Go workspace tutorial.

If you have changed dependencies within a module and have run go mod tidy, you can use go work sync to sync versions of the same dependency of the different modules.

The following can be added to your personal settings.json, but it is recommended to add it to the <REPOSITORY>/.vscode/settings.json repo, so the settings will only affect this repository.

    // Use gofumpt as formatter.
    "gopls": {
      "formatting.gofumpt": true,
    },
    // Use golangci-lint as linter. Make sure you've installed it.
    "go.lintTool":"golangci-lint",
    "go.lintFlags": ["--fast"],
    // You can easily show Go test coverage by running a package test.
    "go.coverageOptions": "showUncoveredCodeOnly",
    // Executing unit tests with race detection.
    // You can add preferences like "-v" or "-count=1"
    "go.testFlags": ["-race"],
    // Enable language features for files with build tags.
    // Attention! This leads to integration test being executed when
    // running a package test within a package containing integration
    // tests.
    "go.buildTags": "integration",

Naming convention

Network

IP addresses:

  • ip: numeric IP address
  • host: either IP address or hostname
  • endpoint: host+port

Keys

  • key: symmetric key
  • pubKey: public key
  • privKey: private key