constellation

mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-16 14:32:11 +00:00

Author	SHA1	Message	Date
Daniel Weiße	c11631ec11	logging: reduce grpc logging noise (#3329 ) * Normalize gRPC logs to print at warn level only * Fix grpcLogger level enablement --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2024-08-29 10:44:22 +02:00
renovate[bot]	fe96153507	deps: update bazel (modules) (#3304 ) * deps: update bazel (modules) * Set std=c++14 * deps: tidy all modules --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: edgelessci <edgelessci@users.noreply.github.com> Co-authored-by: Markus Rudy <mr@edgeless.systems>	2024-08-09 11:00:22 +02:00
renovate[bot]	e71819eb62	deps: update Go dependencies (#3185 ) * deps: update Go dependencies * deps: tidy all modules * Replace deprecated `grpc.DialContext` with `grpc.NewClient` --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci <edgelessci@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems>	2024-06-21 10:05:57 +02:00
Malte Poll	2c8a16294e	bazel: migrate rules_proto to bzlmod	2024-05-23 09:48:04 +02:00
Malte Poll	d960121cba	bazel: update BUILD files for rules_go bzlmod migration	2024-05-23 09:48:04 +02:00
Daniel Weiße	9def35ed06	deps: update all Go dependencies (#3071 ) * Upgrade Go dependencies Signed-off-by: Daniel Weiße <dw@edgeless.systems> * Group Go dependency upgrades Signed-off-by: Daniel Weiße <dw@edgeless.systems> * Remove usage of deprecated docker types Signed-off-by: Daniel Weiße <dw@edgeless.systems> * Fix usage of invalid validation tags Signed-off-by: Daniel Weiße <dw@edgeless.systems> * Regenerate bazel files Signed-off-by: Daniel Weiße <dw@edgeless.systems> * Keep github.com/bazelbuild/buildtools at old version to not break other dependencies Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2024-05-08 17:31:47 +02:00
miampf	840f460bac	logging: unify debug log message format (#2997 )	2024-04-03 13:49:03 +00:00
Malte Poll	281c7c320c	deps: update protobuf to v1.33.0	2024-03-06 14:50:01 +01:00
Malte Poll	522f2858c6	proto: update generated protobuf sources	2024-02-21 18:40:16 +01:00
Malte Poll	65903459a0	chore: fix unused parameter lint in new golangcilint version	2024-02-21 17:54:07 +01:00
miampf	54cce77bab	deps: convert zap to slog (#2825 )	2024-02-08 14:20:01 +00:00
Markus Rudy	c020f7ac20	cleanup: various minor debugging improvements (#2889 ) * ci: improve constellation_create error message When we hit a timeout due to nodes not coming up, the actual error message is hard to make out because it's buried in a group. With the right formatting, the error message will be highlighted in the UI. Another improvement is to output the state of nodes, which helps debugging the cause of nodes not joining or not becoming ready. * cleanup: use NodeVersionResourceName constant ... instead of literal strings. * ci: correctly notify on e2e upgrade error * atls: report cert extension OIDs on mismatch If the certificate contains an attestation document for SEV-SNP, but the given validator is for Nitro, verifyEmbeddedReport should not claim that there is no attestation document, but that there is no _compatible_ one and what the incompatible ones were.	2024-02-02 16:46:28 +01:00
Malte Poll	3a5753045e	goleak: ignore rules_go SIGTERM handler rules_go added a SIGTERM handler that has a goroutine that survives the scope of the goleak check. Currently, the best known workaround is to ignore this goroutine. https://github.com/uber-go/goleak/issues/119 https://github.com/bazelbuild/rules_go/pull/3749 https://github.com/bazelbuild/rules_go/pull/3827#issuecomment-1894002120	2024-01-22 13:11:58 +01:00
renovate[bot]	37ec431fab	deps: update K8s dependencies (#2763 ) * deps: update K8s dependencies --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>	2023-12-21 12:42:04 +01:00
Markus Rudy	a1dbd13f95	versions: consolidate various types of Components There used to be three definitions of a Component type, and conversion routines between the three. Since the use case is always the same, and the Component semantics are defined by versions.go and the installer, it seems appropriate to define the Component type there and import it in the necessary places.	2023-12-11 14:26:54 +01:00
Otto Bittner	07eed0e319	attestation: use SNP-based attestation for AWS SNP	2023-11-24 15:49:48 +01:00
Moritz Sanft	a5021c52d3	joinservice: cache certificates for Azure SEV-SNP attestation (#2336 ) * add ASK caching in joinservice Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use cached ASK in Azure SEV-SNP attestation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update test charts Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix typ Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make caching mechanism less provider-specific Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add `omitempty` flag Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * frontload certificate getter Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * rename frontloaded function Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pass cached certificates to constructor Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix race condition Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix marshalling of empty certs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validator usage Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [wip] add certcache tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add certcache tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validator test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unused fields in validator Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix certificate precedence Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use separate context Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Remove unnecessary comment Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * use background context Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Use error format directive Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * `azure` -> `Azure` Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * improve error messages Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add x509 -> PEM util function Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use crypto util functions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix certificate replacement logic Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only require ASK from certcache Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix comment typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>	2023-09-29 14:29:50 +02:00
Daniel Weiße	2049713620	internal: move watcher package from internal to joinservice (#2212 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-11 15:17:55 +02:00
Otto Bittner	1d5a8283e0	cli: use Semver type to represent microservice versions (#2125 ) Previously we used strings to pass microservice versions. This invited bugs due to missing input validation.	2023-07-25 14:20:25 +02:00
renovate[bot]	49cff0aabb	deps: update module github.com/sigstore/rekor to v1.2.2 (#2033 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-06 15:41:14 +02:00
Malte Poll	6c8dade285	bazel: always choose linux / amd64 distroless base image	2023-06-16 16:30:47 +02:00
Malte Poll	537cdbcfad	bazel: trim path to *.pb.go files embedded in go libraries See https://github.com/bazelbuild/rules_go/issues/3581 for context.	2023-06-16 16:30:47 +02:00
Otto Bittner	8f21972aec	attestation: add `awsSEVSNP` as new variant (#1900 ) * variant: move into internal/attestation * attesation: move aws attesation into subfolder nitrotpm * config: add aws-sev-snp variant * cli: add tf option to enable AWS SNP For now the implementations in aws/nitrotpm and aws/snp are identical. They both contain the aws/nitrotpm impl. A separate commit will add the actual attestation logic.	2023-06-09 15:41:02 +02:00
renovate[bot]	2afddcb0f8	deps: update K8s dependencies (#1599 ) * deps: update K8s dependencies * deps: bump controller runtime * chore: tidy * bump helm and migrate controller runtime * fix helm deprecation --------- Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Leonard Cohnen <lc@edgeless.systems>	2023-05-24 18:57:45 +02:00
renovate[bot]	fe115bdb16	deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY] (#1729 ) * deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY] * deps: bump oras --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Leonard Cohnen <lc@edgeless.systems>	2023-05-11 17:23:17 +02:00
Daniel Weiße	d7a2ddd939	config: add separate option for handling attestation parameters (#1623 ) * Add attestation options to config * Add join-config migration path for clusters with old measurement format * Always create MAA provider for Azure SNP clusters * Remove confidential VM option from provider in favor of attestation options * cli: add config migrate command to handle config migration (#1678) --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-05-03 11:11:53 +02:00
Malte Poll	5145f806ea	bazel: remove apko and Dockerfile where Bazel is used to build container images	2023-04-18 15:35:15 +02:00
Malte Poll	bd889bd6a7	bazel: convert all container images to Bazel	2023-04-18 15:35:15 +02:00
Malte Poll	2b962598bf	deps: update go to 1.20.3 (#1622 )	2023-04-06 16:36:07 +02:00
Paul Meyer	399b052f9e	bazel: add protoc codegen to //:generate target (#1554 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-30 14:47:29 +02:00
renovate[bot]	6013665de1	deps: update gcr.io/distroless/static Docker digest to 8d4cc4a (#1547 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-29 14:56:07 +02:00
Daniel Weiße	99b12e4035	internal: refactor oid package to variant package (#1538 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-29 09:30:13 +02:00
Paul Meyer	e7fc541a57	bazel: add buf as protobuf formatter to //:tidy (#1511 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-23 18:08:49 +01:00
Paul Meyer	0036b24266	go: remove unused parameters Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-20 08:41:01 -04:00
renovate[bot]	4d618a4b99	deps: update fedora:37 Docker digest (#1448 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-17 18:47:36 +01:00
renovate[bot]	a268a37d81	deps: update gcr.io/distroless/static Docker digest to 1268080 (#1449 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-17 18:30:22 +01:00
Daniel Weiße	6ea5588bdc	config: add attestation variant (#1413 ) * Add attestation type to config (optional for now) * Get attestation variant from config in CLI * Set attestation variant for Constellation services in helm deployments * Remove AzureCVM variable from helm deployments --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-14 11:46:27 +01:00
Malte Poll	bdba9d8ba6	bazel: add build files for go (#1186 ) * build: correct toolchain order * build: gazelle-update-repos * build: use pregenerated proto for dependencies * update bazeldnf * deps: tpm simulator * Update Google trillian module * cli: add stamping as alternative build info source * bazel: add go_test wrappers, mark special tests and select testing deps * deps: add libvirt deps * deps: go-libvirt patches * deps: cloudflare circl patches * bazel: add go_test wrappers, mark special tests and select testing deps * bazel: keep gazelle overrides * bazel: cleanup bazelrc * bazel: switch CMakeLists.txt to use bazel * bazel: fix injection of version information via stamping * bazel: commit all build files * dev-docs: document bazel usage * deps: upgrade zig-cc for go 1.20 * bazel: update Perl for macOS arm64 & Linux arm64 support * bazel: use static perl toolchain for OpenSSL * bazel: use static protobuf (protoc) toolchain * deps: add git and go to nix deps Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-09 15:23:42 +01:00
Paul Meyer	ebf7dd8842	openstack: use metadata client where possible Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-08 09:04:57 -05:00
Paul Meyer	74fc6239b2	deps: update to Go 1.20.2 (#1366 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-08 10:05:36 +01:00
renovate[bot]	57786db96b	deps: update gcr.io/distroless/static Docker digest to 20c99e5 (#1360 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-07 18:13:34 +01:00
Malte Poll	fc33a74c78	constants: make VersionInfo readonly (#1316 ) The variable VersionInfo is supposed to be set by `go build -X ...` during link time but should not be modified at runtime. This change ensures the underlying var is private and can only be accessed by a public getter.	2023-03-01 11:55:12 +01:00
renovate[bot]	83bea18a4f	deps: update fedora:37 Docker digest (#1274 ) Co-authored-by: katexochen <katexochen@users.noreply.github.com>	2023-02-24 17:46:17 +01:00
renovate[bot]	2ed1707755	deps: update gcr.io/distroless/static Docker digest to 5b2fa76 (#1235 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-21 13:19:39 +01:00
Paul Meyer	e011a20c49	deps: update to Go 1.20 Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-20 12:08:24 -05:00
renovate[bot]	e600795239	deps: update gcr.io/distroless/static Docker digest to 0511233 (#1193 ) Co-authored-by: katexochen <katexochen@users.noreply.github.com>	2023-02-15 13:34:27 +01:00
renovate[bot]	1732795345	deps: update fedora:37 Docker digest (#1192 ) Co-authored-by: katexochen <katexochen@users.noreply.github.com>	2023-02-15 13:28:53 +01:00
renovate[bot]	d5f466041a	deps: update gcr.io/distroless/static Docker digest to 390b7a3 (#1139 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-03 18:06:21 +01:00
renovate[bot]	99c190a3e8	deps: update gcr.io/distroless/static Docker digest to 2019e0c (#1083 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-26 15:13:29 +01:00
Daniel Weiße	aa3ac82408	Add a bit more logging to attestation and join-service on error (#1076 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-01-26 11:24:29 +01:00

1 2 3

119 Commits