Make SEV-SNP the default attestation variant on GCP (#3267)

* Make SNP the default on GCP * fixup! Make SNP * fixup! Make SNP
2026-01-04 09:15:42 -05:00 · 2024-07-22 13:29:27 +02:00 · 2024-07-22 13:29:27 +02:00 · 399376d3e3
commit 399376d3e3
parent 4573f10884
21 changed files with 72 additions and 57 deletions
--- a/.github/actions/terraform_apply/action.yml
+++ b/.github/actions/terraform_apply/action.yml
@ -26,10 +26,9 @@ runs:
          "gcpSEVES")
            attestationVariant="gcp-sev-es"
            ;;
-          # TODO(msanft): Enable once stable GCP SEV-SNP images exist.
-          # "gcpSEVSNP")
-          #  attestationVariant="gcp-sev-snp"
-          #  ;;
+          "gcpSEVSNP")
+            attestationVariant="gcp-sev-snp"
+            ;;
          *)
            echo "Unknown attestation variant: $(yq '.attestation | keys | .[0]' constellation-conf.yaml)"
            exit 1
--- a/.github/workflows/e2e-test-daily.yml
+++ b/.github/workflows/e2e-test-daily.yml
@ -49,12 +49,6 @@ jobs:
        attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
        refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
        test: ["sonobuoy quick"]
-        exclude:
-          # TODO(v2.18 msanft): Remove exclude rule for GCP SEV-SNP stable once images exist.
-          - kubernetesVersion: "1.28"
-            attestationVariant: "gcp-sev-snp"
-            refStream: "ref/release/stream/stable/?"
-            test: "sonobuoy quick"
    runs-on: ubuntu-22.04
    permissions:
      id-token: write
--- a/.github/workflows/e2e-test-release.yml
+++ b/.github/workflows/e2e-test-release.yml
@ -404,7 +404,7 @@ jobs:
      max-parallel: 1
      matrix:
        fromVersion: ["v2.17.0"]
-        attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
+        attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
    name: Run upgrade tests
    secrets: inherit
    permissions:
--- a/.github/workflows/e2e-test-weekly.yml
+++ b/.github/workflows/e2e-test-weekly.yml
@ -413,7 +413,7 @@ jobs:
      max-parallel: 1
      matrix:
        fromVersion: ["v2.17.0"]
-        attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
+        attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
    name: Run upgrade tests
    secrets: inherit
    permissions:
@ -491,7 +491,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
+        attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
    permissions:
      id-token: write
      contents: read