v0.4.0

Changelog:

• CLI:

  • Add manifest verify command
  • Add manifest log command showing manifest updates
  • Add option to manifest command to show the installed manifest with applied updates
  • Return 1 on errors for better scripting integration
  • Fix installation with Intel's SGX device plugin for Kubernetes

• Coordinator:

  • Refactor storage and state implementation:
    • Use key-value storage interface instead of internal map
    • Keep Coordinator state in storage-backend only
    • Add plugin support for storage-backend
    • Add simple local-disk default storage-backend plugin
  • Add a log for manifest updates
  • Fix and enrich Prometheus metrics
    • Collect and serve Marblerun specific metrics
      • Core metrics: Coordinator state
      • MarbleAPI metrics: Number of Marble activation attempts/successes.
  • Fix lost metadata bug of private certs after restarts

• Marbles:

  • Use cross-signed certificates for Marble's root certificates:
    • Marbles see self-signed root certificate compatible with OpenSSL
    • 3rd-parties see intermediate certificate signed by Marblerun's root certificate
    • Manifest updates replace the intermediate certificate, invalidating old Marbles and notifying clients pinning the intermediate cert
  • Unify Graphene and Occlum premains into a single LibOS premain

• Manifest:

  • Add TTLS support:
    • Allow specifying transparent TLS configurations for EGo Marbles
  • Add RBAC support:
    • Add roles to manifest. Roles whitelist actions on resources.
    • Associate users with roles
  • Allow Coordinator generated certificates to be CA certificates

• Secrets:

  • Allow users to upload and download secrets directly via the Coordinator

• Repository:

  • Add CONTRIBUTION.md and CODE_OF_CONDUCT.md
  • Add Issue and PullRequest templates