tking/bascule-workspace
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bascule-workspace/bascule-agent
History
Tyler J King 47a5484614 feat(bascule-agent): replace soft-mode attestation with ConfigMap posture reader 
Replace hardcoded posture return in AttestationHandler (Shellstream
namespace 0x0005) with PostureReader that reads the posture-current
ConfigMap written by the substrate-operator's posture evaluator.

Data pipeline is now end-to-end:
  Keylime verifier -> posture evaluator -> ConfigMap -> bascule-agent

Behavior:
- posture_source='config': reads posture-current ConfigMap, maps
  level to PostureLevel, caches with configurable TTL (default 30s)
- posture_source='static' or dev_mode: returns configured static
  level and wire value (replaces hardcoded string for clarity)
- Graceful fallback: missing ConfigMap -> PostureLevel::Lockdown
  (fail-closed) + warning log

New dependencies: kube, k8s-openapi, governance-types (via path).
Does NOT add keylime-client — reads ConfigMap JSON directly.

Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
2026-04-15 10:17:00 -04:00
..
src feat(bascule-agent): replace soft-mode attestation with ConfigMap posture reader 2026-04-15 10:17:00 -04:00
tests initial: bascule v0.1.0 2026-03-18 16:40:48 -04:00
Cargo.toml feat(bascule-agent): replace soft-mode attestation with ConfigMap posture reader 2026-04-15 10:17:00 -04:00
Dockerfile initial: bascule v0.1.0 2026-03-18 16:40:48 -04:00