Commit Graph

18 Commits

Author SHA1 Message Date
renovate[bot]
d2e74133a9
deps: update ghcr.io/edgelesssys/constellation/s3proxy Docker tag to v2.18.0-pre.0.20240716154541-4d13479f9053 (#3258)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-16 16:40:18 +02:00
renovate[bot]
f6d7a33540
deps: update ghcr.io/edgelesssys/constellation/s3proxy Docker tag to v2.18.0-pre.0.20240716132742-505b29458eec (#3245)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-16 16:15:51 +02:00
renovate[bot]
e71819eb62
deps: update Go dependencies (#3185)
* deps: update Go dependencies
* deps: tidy all modules
* Replace deprecated `grpc.DialContext` with `grpc.NewClient`

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2024-06-21 10:05:57 +02:00
Malte Poll
d960121cba bazel: update BUILD files for rules_go bzlmod migration 2024-05-23 09:48:04 +02:00
renovate[bot]
fe65a6da76 deps: update Constellation containers 2024-05-16 13:11:53 +02:00
renovate[bot]
5674d9742a
deps: update Constellation containers (#2936)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-22 09:12:18 +01:00
renovate[bot]
3b2da12781
deps: update Constellation containers (#2919)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-19 16:14:05 +01:00
miampf
54cce77bab
deps: convert zap to slog (#2825) 2024-02-08 14:20:01 +00:00
Malte Poll
3a5753045e goleak: ignore rules_go SIGTERM handler
rules_go added a SIGTERM handler that has a goroutine that survives the scope of the goleak check.
Currently, the best known workaround is to ignore this goroutine.

https://github.com/uber-go/goleak/issues/119
https://github.com/bazelbuild/rules_go/pull/3749
https://github.com/bazelbuild/rules_go/pull/3827#issuecomment-1894002120
2024-01-22 13:11:58 +01:00
renovate[bot]
110bf9103d
deps: update Constellation containers (#2760)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 18:03:44 +01:00
Otto Bittner
8ebd813480 s3proxy: ship as helm chart 2023-11-06 10:21:11 +01:00
Otto Bittner
a19227cac9 s3proxy: initial e2e tests and workflows 2023-11-06 10:21:11 +01:00
Otto Bittner
1e13da3b71
docs: extend filestash example with more regions (#2445) 2023-10-12 14:34:51 +02:00
Thomas Tendyck
f696cb452b s3proxy: remove unnecessary pull secret 2023-10-11 17:57:16 +02:00
Otto Bittner
4ef2e289b2
s3proxy: add new page to documentation (#2417)
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <ts@edgeless.systems>
2023-10-10 15:35:23 +02:00
Otto Bittner
c603b547db
s3proxy: add allow-multipart flag (#2420)
This flag allows users to control wether multipart uploads
are blocked or allowed. At the moment s3proxy doesn't
encrypt multipart uploads, so there is a potential for
inadvertent data leakage. With this flag the default
behavior is changed to a more secure default one: block
multipart uploads. The previous behavior can be enabled
by setting allow-multipart.
2023-10-09 15:18:12 +02:00
Otto Bittner
887dcda78b s3proxy: add keyservice integration
Encrypt each object with a random DEK and attach
the encrypted DEK as object metadata.
Encrpt the DEK with a key from the keyservice.
All objects use the same KEK until a keyrotation
takes place.
2023-10-06 11:23:32 +02:00
Otto Bittner
a7ceda37ea s3proxy: add intial implementation
INSECURE!
The proxy intercepts GetObject and PutObject.
A manual deployment guide is included.
The decryption only relies on a hardcoded, static key.
Do not use with sensitive data; testing only.
* Ticket to track ranged GetObject: AB#3466.
2023-10-06 11:23:32 +02:00