SSH proxy + governance: ShellClass, ceremony, breach, delegation (Rust)
47a5484614
Replace hardcoded posture return in AttestationHandler (Shellstream namespace 0x0005) with PostureReader that reads the posture-current ConfigMap written by the substrate-operator's posture evaluator. Data pipeline is now end-to-end: Keylime verifier -> posture evaluator -> ConfigMap -> bascule-agent Behavior: - posture_source='config': reads posture-current ConfigMap, maps level to PostureLevel, caches with configurable TTL (default 30s) - posture_source='static' or dev_mode: returns configured static level and wire value (replaces hardcoded string for clarity) - Graceful fallback: missing ConfigMap -> PostureLevel::Lockdown (fail-closed) + warning log New dependencies: kube, k8s-openapi, governance-types (via path). Does NOT add keylime-client — reads ConfigMap JSON directly. Signed-off-by: Tyler King <tking@guildhouse.dev> Signed-off-by: Tyler J King <tking727@gmail.com> |
||
|---|---|---|
| bascule-agent | ||
| bascule-core | ||
| bascule-filter-core | ||
| bascule-gateway | ||
| bascule-node-agent | ||
| bascule-proto | ||
| bascule-shell | ||
| bascule-tail | ||
| ceremony-engine | ||
| proto/bascule/v1 | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||