Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 08:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,554 Commits 131 Branches 43 Tags 105 MiB
1180b376fa
Commit Graph

585 Commits

Author SHA1 Message Date
Fabian Kammel
050e8fdc4a AB#2159 Feat/cli/fetch measurements (#301) 
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-08-01 09:37:05 +02:00
Daniel Weiße
7baf98f014 Add test vectors for key derivation functions (#320) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-08-01 09:11:13 +02:00
Daniel Weiße
9a3bd38912 Generate random salt for key derivation on init (#309) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-07-29 09:52:47 +02:00
Daniel Weiße
a3a85b31cf Remove mentions of unique ID (#311) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-07-27 16:10:50 +02:00
Moritz Eckert
ad02249b9a Add VerifyService port to GCP LB (#291) 
* Add VerifyService port to GCP LB

* cli verify command: Use verify service port by default

Co-authored-by: Malte Poll <mp@edgeless.systems>
 2022-07-26 16:35:14 +02:00
Daniel Weiße
db79784045 AB#2200 Merge Owner and Cluster ID (#282) 
* Merge Owner and Cluster ID into single value

* Remove aTLS from KMS, as it is no longer used for cluster external communication

* Update verify command to use cluster-id instead of unique-id flag

* Remove owner ID from init output

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-07-26 10:58:39 +02:00
Otto Bittner
c743398a23 AB#2181: retry k8s downloads (#286) 
Generalize retrier:
* Generalize Do to use a supplied 'retriable' function
* Make clock an optional argument in NewIntervalRetrier
* Move grpc/retrier to interal package
* Update existing unittests to not use retry feature

Add retryDownloadToTempDir:
* Wrap downloadToTempDir with retrier.
* Retry if TCP connection is reset.
* Abort by canceling the context.
* Use a mock server in the unit test that serves responses
depending on the state received through a state channel.

Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2022-07-21 15:20:12 +02:00
Fabian Kammel
ba5a3aefe3 fix ci-lint issues (#287) 
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-07-20 16:44:41 +02:00
Otto Bittner
a68ee817ff AB#2074: Choosable K8S Version (#277) 
AB#2074: Add configurable k8s version

Configurable version flow:
* cli config holds/validates k8sVersion
* InitCluster receive a k8sVersion arg
* InitCluster creates CM "k8s-version"
* kubeadm's InitConfiguration receives k8sVersion
* joinservice spec mounts/reads k8s-version CM
* joinservice supplies k8sVersion via JoinTicketResponse
Other changes:
* Remove unused test code (FakeK8SClient)
* move VersionConfig map to /internal/versions
* installk8sComponents is now a function instead of a method
 2022-07-18 12:28:02 +02:00
Fabian Kammel
a931f6692f Fix/bootstrapper regressions (#274) 
* remove wireguard from e2e tests, conformance docs & config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-07-15 11:53:14 +02:00
Malte Poll
260d2571c1 Only upload kubeadm certs if key is rotated 
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
 2022-07-14 17:25:18 +02:00
Malte Poll
5d54ce689b Print kubeadm init/join output on success 2022-07-14 17:25:18 +02:00
katexochen
66b573ea5d Bootstrapper 2022-07-14 17:25:18 +02:00
katexochen
dea23604fb Bootstrapper 2022-07-14 17:25:18 +02:00
katexochen
916e5d6b55 Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
Malte Poll
3280ed200c Test IntervalRetrier 2022-07-14 17:25:18 +02:00
katexochen
f79674cbb8 Bootstrapper 2022-07-14 17:25:18 +02:00
katexochen
32f1f5fd3e Delete Coordinator core and apis 2022-07-14 17:25:18 +02:00
Nils Hanke
14a15e131a Modify accepted list of Azure VM types (#250) 
* Add more instances types for Azure (with commented out entries)

* Remove commented out entries

* Only AMD VMs

* Comment out CVMs (not supported yet)

* Adjust comments
 2022-07-10 13:27:05 +02:00
Fabian Kammel
b4fd4fbacd Fix/add verify grpc port to lb (#262) 
* Add verify port to lb
* Use correct health probe
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-07-08 18:18:23 +02:00
Nils Hanke
bc5471e9b3 Delete cluster IDs file on terminate 2022-07-05 14:41:58 +02:00
Nils Hanke
259c88fa1a IDsFilename -> ClusterIDsFilename 2022-07-05 14:41:58 +02:00
Thomas Tendyck
70efb92adc cli: fix vale lint errors in verify description 2022-07-04 12:19:38 +02:00
cm
3177b2fdb7 AB#2032 Write IDs to disk and read when verifying (#212) 
* AB#2032 Write IDs to disk and read when verifying

* Update CHANGELOG.md

* update changelog

* update changelog

* cli verify: prefer flag values

* Rename fid file

Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
 2022-07-01 10:57:29 +02:00
Otto Bittner
7cada2c9e8 Add goleak to all tests (#227) 
* Run goleak as part of all tests
We are already using goleak in various tests.
This commit adds a TestMain to all remaining tests
and calls goleak.VerifyTestMain in them.
* Add goleak to debugd/deploy package and fix bug.
* Run go mod tidy
* Fix integration tests
* Move goleak invocation for mount integration test
* Ignore leak in state integration tests

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
 2022-06-30 15:24:36 +02:00
Daniel Weiße
f9a581f329 Add aTLS endpoint to KMS (#236) 
* Move file watcher and validator to internal

* Add aTLS endpoint to KMS for Kubernetes external requests

* Update Go version in Dockerfiles

* Move most KMS packages to internal

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-06-29 16:13:01 +02:00
Daniel Weiße
042f668d20 AB#2190 Verification service (#232) 
* Add verification service

* Update verify command to use new Constellation verification service

* Deploy verification service on cluster init

* Update pcr-reader to use verification service

* Add verification service build workflow

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-06-28 17:03:28 +02:00
Nils Hanke
e3f78a5bff Remove passing context seperately to initialize 2022-06-28 13:55:50 +02:00
Leonard Cohnen
e13f4d84c3 add gcp loadbalancer 2022-06-23 14:00:20 +02:00
Christoph Meyer
1e11188dac AB#2033 User-friendly wrap and reword errors 
fix: readOrGenerated function signature
 2022-06-22 12:02:10 +01:00
Christoph Meyer
9441e46e4b AB#2033 Remove redundant "failed" in error wrapping 
Remove "failed" from wrapped errors
Where appropriate rephrase "unable to/could not" to "failed" in root
errors
Start error log messages with "Failed"
 2022-06-22 12:02:10 +01:00
Fabian Kammel
0c9ca50be8 Feat/more version info (#224) 2022-06-21 15:12:27 +02:00
Fabian Kammel
392ad7fe45 Create Application Insights early so they are ready when VM needs them. (#213) 2022-06-15 12:19:41 +02:00
Daniel Weiße
1e19e64fbc Dynamic grpc client credentials (#204) 
* Add an aTLS wrapper for grpc credentials

* Move grpc dialers to internal and use aTLS grpc credentials

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-06-13 11:40:27 +02:00
Fabian Kammel
84552ca8f7 AB#2104 Feat/azure logging (#198) 
implementation for azure early boot logging
 2022-06-10 13:18:30 +02:00
Daniel Weiße
691ab84326 Update version variable 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-06-08 17:17:06 +02:00
Daniel Weiße
3467df6b69 Move attestation, atls and oid packages to internal directory 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-06-08 17:17:06 +02:00
katexochen
b3a51cca64 Move cli/status to internal/statuswaiter 2022-06-08 11:59:23 +02:00
katexochen
0627b14445 Move cli/cloud/cloudcmd into cli/internal 2022-06-08 11:59:23 +02:00
katexochen
b308db03fe Move cli/cloud/cloudtypes into /internal 2022-06-08 11:59:23 +02:00
katexochen
c3ebd3d3cd Move cli/cmd into cli/internal 2022-06-08 11:59:23 +02:00
katexochen
d71e97a940 Move ScalingGroup to cloudtypes 2022-06-08 11:59:23 +02:00
katexochen
6a9419e89c Remove cli/ec2 2022-06-08 11:59:23 +02:00
katexochen
064151a956 Move cli/azure to cli/internal/azure 2022-06-08 11:59:23 +02:00
katexochen
180d7872dd Separate shared azure code 2022-06-08 11:59:23 +02:00
katexochen
6cd93e4179 Move cli/gcp to cli/internal/gcp 2022-06-08 11:53:55 +02:00
katexochen
48b4f10207 Separate shared gcp code 2022-06-08 11:53:55 +02:00
katexochen
21127a4cdc Remove azure instances 2022-06-08 11:53:55 +02:00
katexochen
3562345da4 Remove gcp instances 2022-06-08 11:53:55 +02:00
katexochen
4b30dd21c8 Remove cli/qemu, use cloudtypes instead 2022-06-08 11:53:55 +02:00
katexochen
f9b471e3c0 Create general cloudtypes instances 2022-06-08 11:53:55 +02:00
katexochen
4912ab0195 Move command sorting setting into cli/cmd 2022-06-08 11:53:55 +02:00
katexochen
67b25d2771 Move cli/cloudprovider into internal/cloud 2022-06-08 11:53:55 +02:00
katexochen
aee4d44b45 Create cli/internal package 2022-06-08 11:53:55 +02:00
Leonard Cohnen
791d5564ba replace flannel with cilium 2022-06-02 13:08:25 +02:00
katexochen
aaa5d2ab66 Replace deprecated strings.Title 2022-06-01 12:12:33 +02:00
Christoph Meyer
db5468a886 Deploy KMS server image in Constellation 
Add image pull secret for ghcr.io
 2022-05-31 11:13:26 +02:00
Thomas Tendyck
42fc497477 cli: fix and tweak config file wording 2022-05-27 16:53:04 +02:00
Thomas Tendyck
9f0c751f1b cli: fix command order and minor wording tweaks in config cmd 2022-05-27 16:53:04 +02:00
Daniel Weiße
869448c3e1 Add mutual aTLS support (#176) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-24 16:33:44 +02:00
Malte Poll
5d7bf86b30 GCP create: Embed constellation role in instance templates to allow role detection prior to node activation 2022-05-24 10:37:02 +02:00
Thomas Tendyck
2ba3c153de AB#2117 cli: validate config (#170) 
* AB#2117 cli: validate config

* update hack/go.mod
 2022-05-23 15:01:39 +02:00
Fabian Kammel
daf356d88e fixed wording (#162) 2022-05-18 19:01:11 +02:00
Fabian Kammel
7c2d1c3490 AB#2094 cloud provider specific configs (#151) 
add argument to generate cloud specific configuration file
 2022-05-18 11:39:14 +02:00
Fabian Kammel
cfad36720b Cloned UserKey struct to config so it can be documented. Added examples. (#149) 2022-05-17 10:52:37 +02:00
Fabian Kammel
b905c28515 AB#2061 Self Documenting Config File (#143) 
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
 2022-05-16 18:54:25 +02:00
Nils Hanke
68092f27dd AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133) 
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config

Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
 2022-05-16 17:32:00 +02:00
Malte Poll
3b30291360 QEMU CSP Config: PCRs -> Measurements 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-13 13:36:03 +02:00
Malte Poll
c679526bae Remove ConstellationPort from config file 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-13 13:36:03 +02:00
Fabian Kammel
83857b142c AB#2064 Feat/config/dev config to config (#139) 
Renamed dev-config to config, additionally changed cdbg config to yaml.
 2022-05-13 11:56:43 +02:00
Thomas Tendyck
fde7304d78 Update validargs.go 2022-05-13 11:43:48 +02:00
Fabian Kammel
094a8b7659 Feat/config/generate (#136) 
Implement config command & generate verb to write default configuration to file or stdout.
 2022-05-12 15:14:52 +02:00
Fabian Kammel
14103e4f89 Fix/config/measurements in yaml (#135) 
Custom type & marshal implementation for measurements to write base64 instead of single bytes
 2022-05-12 10:15:00 +02:00
Fabian Kammel
b8d1cc2b75 converted config file from JSON to YAML. (#132) 
converted config file from JSON to YAML
 2022-05-11 13:53:02 +02:00
Thomas Tendyck
d76703061b cli: add minimal doc generator (#129) 
* cli: add minimal doc generator

* fixup! cli: add
 2022-05-11 09:20:37 +02:00
Malte Poll
748eb0f96b Create GCP images in "constellation-images" project 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-10 13:58:10 +02:00
Thomas Tendyck
9575d01ed3 cli: sort CSPs in create cmd 2022-05-10 13:53:57 +02:00
Thomas Tendyck
69d0ecd26d cli: show instance types on help and usage 2022-05-10 12:59:42 +02:00
cm
c63d7126e7 AB#1943 Extract KMS package (#56) 
* Extract kmsapi from coordinator

* Add kmsapi cmd server
 2022-05-10 12:35:17 +02:00
Nils Hanke
2a6b1e2277 Display usage when args are defined in an invalid way 2022-05-10 12:33:49 +02:00
Nils Hanke
4459766b58 Set defaults to 0 2022-05-10 12:33:49 +02:00
Thomas Tendyck
bbfd84729d cli: minor wording tweaks 2022-05-09 17:16:36 +02:00
Thomas Tendyck
1872d52a49 cli: add default value to master-secret flag in recover 2022-05-09 16:54:17 +02:00
Thomas Tendyck
19bd097864 cli: format UI strings as suggested by cobra 2022-05-09 16:54:17 +02:00
Daniel Weiße
a953df60b6 Rename in config: PCRs->Measurements 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-09 08:24:21 +02:00
Thomas Tendyck
3318126363 cli: unify verify/recover endpoint flag 2022-05-08 16:45:20 +02:00
katexochen
0e63ee0c4a Use 'Constellation cluster' in UI 2022-05-04 17:14:03 +02:00
katexochen
1189078c5a Replace mutiple args with flags 
AB#1955
 2022-05-04 17:14:03 +02:00
katexochen
469b2ff46c Rename to contol plane/workers 
AB#1954
 2022-05-04 17:14:03 +02:00
Daniel Weiße
8444d5c515 Add qemu cloudprovider for activation calls 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-04 08:57:43 +02:00
Daniel Weiße
f2305b3ce6 Regenerate cloudprovider strings 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-04 08:57:43 +02:00
Daniel Weiße
29206ac845 Use any instead of interface 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-04 08:48:31 +02:00
Malte Poll
e13ec3f914 "constellation recover" CLI command 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-05-04 08:41:32 +02:00
katexochen
9d31c9637b Replace bytes.BufferString with bytes.Buffer 2022-05-04 08:07:14 +02:00
Thomas Tendyck
1408b36db7 cli: minor cleanup in root cmd init 2022-05-03 08:40:26 +02:00
Thomas Tendyck
8d73aab0ce cli: sort cmds by workflow instead of alphabetically 2022-05-03 08:40:26 +02:00
Daniel Weiße
10e9faab10 Remove GCP non CVMs 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-05-02 16:03:36 +02:00
katexochen
d5c7bb6078 Fix error that occured in e2e test 2022-04-27 18:31:31 +02:00
katexochen
1317fc2bb2 Refactor verify command 2022-04-27 13:25:18 +02:00
katexochen
019003337f Add getState to protoClient 2022-04-27 13:25:18 +02:00
katexochen
c08787ce80 Update proto client naming 2022-04-27 13:25:18 +02:00
Daniel Weiße
ddf94c7373 Error when no validators provided on status waiter initialization 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-04-27 08:41:16 +02:00
datosh
2a766a3ab5 Feat/conformity test (#79) 
* Added files required to request conformance with kubernetes
* Extended firewall implementation to allow port ranges
* Added default nodeport range to vpc network config
 2022-04-26 17:09:03 +02:00
datosh
51068abc27 Ref/want err from err expected (#82) 
consistent naming for test values using 'want' instead of 'expect/ed'
 2022-04-26 16:54:05 +02:00
katexochen
482f675dac Capitalize Kubernetes 2022-04-26 12:02:17 +02:00
katexochen
0518e6ff0a Delete CLI Readme 2022-04-26 12:02:17 +02:00
Benedict Schlueter
49def1e97f cli: add support for multiple coordinators 
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
 2022-04-25 17:39:18 +02:00
katexochen
4e29c38027 Move validators to cloudcmd 2022-04-21 09:06:35 +02:00
katexochen
dad9a97ee2 Rename provider 2022-04-21 09:06:35 +02:00
katexochen
4496755c64 Fix PCR handling 2022-04-21 09:06:35 +02:00
katexochen
de52bf14da Split cmd package 2022-04-21 09:06:35 +02:00
katexochen
63898c42bf Move rollback out of cmd 2022-04-21 09:06:35 +02:00
katexochen
1a9b33d738 Restructure config and constants 2022-04-21 09:06:35 +02:00
katexochen
66bb632a69 Generalized arg validation 2022-04-21 09:06:35 +02:00
Benedict
f0e35a43d4 peer: save PublicIP instead of publicEndpoint / add multi-coord gRPCs 2022-04-13 14:05:20 +02:00
Malte Poll
e10a47f255 file handler: Add "mkdirAll" flag 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-04-13 13:07:10 +02:00
3u13r
1c0f52e04e refactor cli vpn config (#46) 
* refactor cli vpn config

Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2022-04-12 14:20:46 +02:00
Thomas Tendyck
b30101aba6 AB#1898 cli: fix create aws node count 2022-04-07 14:14:26 +02:00
Thomas Tendyck
f0dc48e3c7 AB#1898 cli: fix create aws arg validation 2022-04-07 11:09:40 +02:00
Thomas Tendyck
393c1f7dd1 cli: fix coordinator/node count order 2022-04-06 14:20:19 +02:00
Leonard Cohnen
8b7bafb482 add coordinator count to cli 2022-04-06 11:24:22 +02:00
Thomas Tendyck
dbfbdfe3cd cli: format output in writeOutput 2022-04-05 16:23:48 +02:00
Thomas Tendyck
7315e80374 cli: add output before long-running actions 2022-04-05 16:23:48 +02:00
Malte Poll
daf2280e3f create state disk on constellation create 2022-04-05 15:08:55 +02:00
Thomas Tendyck
c0105a59aa cli: set MTU in wg-quick conf 2022-04-01 09:58:26 +02:00
katexochen
ed45ba2777 Rename things in vpn package 2022-03-31 15:43:25 +02:00
katexochen
66fe34ee32 Write WireGuard config file on init 2022-03-31 15:43:25 +02:00
katexochen
5cf8f83ed8 Remove pubkey flag from init 2022-03-31 15:43:25 +02:00
Malte Poll
7275f318f8 Switch GCP default zone to europe 2022-03-30 18:30:34 +02:00
Daniel Weiße
3282995bda AB#1877 Set location in azure cloud config 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-03-30 09:04:59 +02:00
Malte Poll
f04765dab5 re-enable azure node groups in statefile and send azure scaleset as autoscaling group 2022-03-29 15:13:30 +02:00
Daniel Weiße
eb3411f2c1 Allow waiting for multiple states (#11) 
* Simplify `fetch_pcrs.sh` script

* Allow waiting for multiple states

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-03-29 09:10:22 +02:00
Malte Poll
20811794c2 Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 13:35:21 +02:00
Thomas Tendyck
6bbb783af8 misc lint 2022-03-25 13:35:08 +01:00
Leonard Cohnen
2d8fcd9bf4 monorepo 
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
 2022-03-22 16:09:39 +01:00