Commit Graph

1508 Commits

Author SHA1 Message Date
Nils Hanke
bc5471e9b3 Delete cluster IDs file on terminate 2022-07-05 14:41:58 +02:00
Nils Hanke
259c88fa1a IDsFilename -> ClusterIDsFilename 2022-07-05 14:41:58 +02:00
Daniel Weiße
24cba8d91a Use Constellation KMS instead of deprecated vpn API for requesting keys (#248)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-05 09:48:47 +02:00
Daniel Weiße
4be29b04dc AB#1915 Local PCR calculation (#243)
* Add QEMU cloud-logging

* Add QEMU metadata endpoints to collect logs during cluster boot

* Send PCRs to QEMU metadata if boot fails on Azure or GCP

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-04 12:59:43 +02:00
Thomas Tendyck
70efb92adc cli: fix vale lint errors in verify description 2022-07-04 12:19:38 +02:00
Fabian Kammel
8383077a9b Sign CLI & create release on v* tag (#241)
* Sign CLI & create release on v* tag
* Extended description to mention new feature in this action

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-07-04 12:16:11 +02:00
Daniel Weiße
0a874496b3 Add verbosity flag to all services (#244)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-01 16:17:06 +02:00
cm
3177b2fdb7 AB#2032 Write IDs to disk and read when verifying (#212)
* AB#2032 Write IDs to disk and read when verifying

* Update CHANGELOG.md

* update changelog

* update changelog

* cli verify: prefer flag values

* Rename fid file

Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2022-07-01 10:57:29 +02:00
Otto Bittner
7cada2c9e8 Add goleak to all tests (#227)
* Run goleak as part of all tests
We are already using goleak in various tests.
This commit adds a TestMain to all remaining tests
and calls goleak.VerifyTestMain in them.
* Add goleak to debugd/deploy package and fix bug.
* Run go mod tidy
* Fix integration tests
* Move goleak invocation for mount integration test
* Ignore leak in state integration tests

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 15:24:36 +02:00
Otto Bittner
6949678ead Invoke tests through ctest (#230)
Currently we define how tests should be executed in two places:
CMakeLists.txt and the CI related files.
With this commit the CI will invoke tests by calling ctest,
thus making it necessary to add and define testcases in cmake first.
As all tests starting with "integration-" or "unit-" are run,
new tests don't have to added to the CI, unless you want to define
a new category of test.
Also remove the etcd store test workflow as it's part of
test-integration now.

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 13:26:21 +02:00
Otto Bittner
5d293e355d Build-as-a-Test & Abortable Workflows (#231)
* build cli on every PR
* build coordinator on every PR,
  while only triggering image builds on main.
* abort previous runs of workflows if new commits are pushed
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 11:27:23 +02:00
Daniel Weiße
040e498b42 AB#2114 Add QEMU metadata API (#237)
* Add QEMU metadata API

* API server is started automatically when using terraform to deploy a QEMU cluster

* Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-30 11:14:26 +02:00
Daniel Weiße
b0aafd0c2a Fix Docker builds (#239)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:40:43 +02:00
Daniel Weiße
f9a581f329 Add aTLS endpoint to KMS (#236)
* Move file watcher and validator to internal

* Add aTLS endpoint to KMS for Kubernetes external requests

* Update Go version in Dockerfiles

* Move most KMS packages to internal

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:13:01 +02:00
Daniel Weiße
042f668d20 AB#2190 Verification service (#232)
* Add verification service

* Update verify command to use new Constellation verification service

* Deploy verification service on cluster init

* Update pcr-reader to use verification service

* Add verification service build workflow

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 17:03:28 +02:00
Daniel Weiße
b10b13b173 Replace logging with default logging interface (#233)
* Add test logger

* Refactor access manager logging

* Refactor activation service logging

* Refactor debugd logging

* Refactor kms server logging

* Refactor disk-mapper logging

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 16:51:30 +02:00
Nils Hanke
e3f78a5bff Remove passing context seperately to initialize 2022-06-28 13:55:50 +02:00
Nils Hanke
0653c20792 Upgrade to Cobra v1.5.0 & go mod tidy 2022-06-28 13:55:50 +02:00
Fabian Kammel
e97eb1fa52 fix: buildvcs unable to fetch vcs information (#228) 2022-06-23 17:52:25 +02:00
Daniel Weiße
1dcb6ed142 Add unified logging interface (#223)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-23 16:42:33 +02:00
Leonard Cohnen
e13f4d84c3 add gcp loadbalancer 2022-06-23 14:00:20 +02:00
Christoph Meyer
1e11188dac AB#2033 User-friendly wrap and reword errors
fix: readOrGenerated function signature
2022-06-22 12:02:10 +01:00
Christoph Meyer
9441e46e4b AB#2033 Remove redundant "failed" in error wrapping
Remove "failed" from wrapped errors
Where appropriate rephrase "unable to/could not" to "failed" in root
errors
Start error log messages with "Failed"
2022-06-22 12:02:10 +01:00
Fabian Kammel
0c9ca50be8 Feat/more version info (#224) 2022-06-21 15:12:27 +02:00
Daniel Weiße
3b92b52611 Fix endless wait if handshake fails
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-21 15:02:20 +02:00
Daniel Weiße
e6b1156849 AB#2169 Implement control-plane activation in activation service (#217)
* Implement Control Plane activation flow

* Rename Activation RPCs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-21 11:10:32 +02:00
Fabian Kammel
a1103b6da6 Feat/pcr yaml output (#222)
* remove extra output and provide yaml option
* Add some explanation on how yaml format could be used.
2022-06-20 13:57:25 +02:00
Fabian Kammel
d856b0cd86 Feat/measurements in e2e (#218)
* Make e2e pipeline use the latest image available.

* Use pcr-reader to read & store measurements.

* buildvcs false in ci

* only notify teams on main

* plain yq syntax, since if already checks for csp

* previous version of yq requires explicit eval

* fix pcr-reader call

* actually pass variable between jobs

* fix typo

* Make order of images consistent.

* read measurements after create

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-20 10:30:59 +02:00
Otto Bittner
3de5fd47b5 Add unittest-hack tests to ctest (#220)
The CI currently runs the tests in ./hack, but ctest did not.
This commit changes that.
2022-06-17 08:56:23 +02:00
katexochen
b926cf9006 Move aTLS fakes into atls package 2022-06-15 16:31:24 +02:00
katexochen
85ba2657e1 Fix grpc dialer 2022-06-15 16:31:24 +02:00
Daniel Weiße
4842d29aff AB#2111 Deploy activation service on cluster init (#205)
* Deploy activation service on cluster init

* Use base image with CA certificates for activation service

* Improve KMS server 

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 16:00:48 +02:00
Daniel Weiße
84ca9e3070 Fix container image workflows
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 14:00:21 +02:00
Paul Meyer
86d29a4567 Add concurrency tests for atls connections (#211) 2022-06-15 13:04:56 +02:00
Thomas Tendyck
e9916a7d3a atls: make client cfg reusable 2022-06-15 13:04:56 +02:00
Thomas Tendyck
989c128fa6 atls: rename nonce to clientNonce/serverNonce for clarification 2022-06-15 13:04:56 +02:00
Fabian Kammel
392ad7fe45 Create Application Insights early so they are ready when VM needs them. (#213) 2022-06-15 12:19:41 +02:00
Daniel Weiße
1c34792005 Fix variable name
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 11:03:47 +02:00
Daniel Weiße
3d041cab2b Activation Service and KMS server image build pipeline (#210)
* AB#2171 Add kms server container image build pipeline

* AB#2172 Add activation service container image  build pipeline

* Add manual workflow for building micro-service images

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 10:50:46 +02:00
Leonard Cohnen
766182b7e7 fix cilium WireGuard Pod2Pod connectivity 2022-06-14 14:01:56 +02:00
Fabian Kammel
f7ba87135d Fix/e2e fail on failure (#208) 2022-06-14 12:38:32 +02:00
Nils Hanke
82757ef2c0 Don't include labels in Docker image 2022-06-13 16:35:05 +02:00
Nils Hanke
f0b8412ef8 constellation-access-manager: Persistent SSH as ConfigMap (#184) 2022-06-13 16:23:19 +02:00
Daniel Weiße
1e19e64fbc Dynamic grpc client credentials (#204)
* Add an aTLS wrapper for grpc credentials

* Move grpc dialers to internal and use aTLS grpc credentials

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-13 11:40:27 +02:00
Daniel Weiße
6e9428a234 Fix gcp debug image command
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-10 15:51:34 +02:00
Fabian Kammel
84552ca8f7 AB#2104 Feat/azure logging (#198)
implementation for azure early boot logging
2022-06-10 13:18:30 +02:00
Daniel Weiße
963c6f98e5 Create kubernetes CA signed kubelet certificates on activation
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-10 08:34:06 +02:00
katexochen
4d50e4c657 Refactor coordinator run function 2022-06-08 17:33:51 +02:00
Daniel Weiße
691ab84326 Update version variable
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
3467df6b69 Move attestation, atls and oid packages to internal directory
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00