Adrian Stobbe
161bb37cba
config: improve usage and meaning of validate ( #1975 )
...
* discuss miniup config.Default() usage + discourage usage for Default() in comment
* Update internal/config/config_test.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* add enterprise version check for config.Default
* split config comment lines
* daniel feedback
* featureset.CanUseEmbeddedMeasurmentsAndImage
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-06-28 10:28:48 +02:00
Adrian Stobbe
1edbe962c1
cli: fail fast when CLI and Constellation versions don't match ( #1972 )
...
* fail on version mismatch
* rename to validateCLIandConstellationVersionAreEqual
* fix test
* image version must only be major,minor patch equal (ignore suffix)
* add version support doc
* fix: do not check patch version equality for image and cli
* skip validate on force
2023-06-27 18:24:35 +02:00
Malte Poll
90ffcd17e8
deps: downgrade libvirt to 8.10.0 ( #1971 )
...
Fixes 264b2df
Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2167302 .
Upgrade to Fedora 38 also upgraded libvirt from 8.x to 9.x and introduced the bug.
Since libvirt 9.1 is not yet available for Fedora 38, we downgrade instead.
Introduced by 379c0ce4bfed8733dfbde557c359eecc5474ce38 (379c0ce4bf
).
Will be fixed when upgrading to libvirt 9.1 by 5155ab4b2a704285505dfea6ffee8b980fdaa29e (5155ab4b2a
).
See also https://listman.redhat.com/archives/libvir-list/2023-February/237603.html
2023-06-27 11:34:07 +02:00
Moritz Sanft
fe0b8c1e5b
remove Terraform targets ( #1970 )
2023-06-27 11:27:50 +02:00
Otto Bittner
0a36ce6171
config: validate instance type for aws SNP based on attestation variant ( #1963 )
...
* config: validate instance type for aws SNP
* apply suggestions
2023-06-26 17:05:12 +02:00
Thomas Tendyck
46e144d19b
Use term "attestation variant" consistently
2023-06-26 08:54:11 +02:00
Daniel Weiße
e139eff552
fix: small formating/spelling issues ( #1965 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 08:34:37 +02:00
Otto Bittner
3a7bb52560
attestation: docs and config changes for SNP attestation ( #1959 )
...
* docs: describe SEV-SNP support on AWS
* config: remove launchMeasurement
awsSEVSNP attestation config should not have this value.
It doesn't have a function yet.
2023-06-23 15:38:24 +02:00
Malte Poll
78fb0066e4
ci: add automated tests for reproducible builds ( #1914 )
...
* ci: reproducible builds test
* deps: upgrade actionlint to support macos-13 runners
2023-06-23 12:12:32 +02:00
Malte Poll
92cd9c1dac
terraform: always use uniform role names ( #1960 )
2023-06-23 12:08:30 +02:00
Otto Bittner
114103c46b
ci: download bootlogs in correct aws region ( #1956 )
2023-06-22 17:56:05 +02:00
Otto Bittner
7388240943
Revert "attestation: add SNP-based attestation for aws-sev-snp ( #1916 )" ( #1957 )
...
This reverts commit c7d12055d1
.
2023-06-22 17:08:44 +02:00
Adrian Stobbe
487fa1e397
terraform: azure node groups ( #1955 )
...
* init
* migration working
* make tf variables with default value optional in go through ptr type
* fix CI build
* pr feedback
* add azure targets tf
* skip migration for empty targets
* make instance_count optional
* change role naming to dashed + add validation
* make node_group.zones optional
* Update cli/internal/terraform/terraform/azure/main.tf
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* malte feedback
---------
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-06-22 16:53:40 +02:00
Moritz Sanft
224c74f883
csi: aws csi driver policies ( #1945 )
...
* add required disk permissions
* update worker node policy for ebs
* Revert "update worker node policy for ebs"
This reverts commit 9c24d374e0b30bc8970e00978462fb36ee6acd4f.
* attach aws managed role instead
* add TODO comment
* remove duplicate role attachment
* Update cli/internal/terraform/terraform/iam/aws/main.tf
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-06-22 14:15:05 +02:00
Adrian Stobbe
4546912f11
cli: upgrade apply --force
skips all compatibility checks ( #1940 )
...
* use force to skip compatibility and upgrade in progress check
* update doc
* fix tests
* add force check for helm and k8s
* add no-op check
* fix errors as
2023-06-21 15:49:42 +02:00
Otto Bittner
c7d12055d1
attestation: add SNP-based attestation for aws-sev-snp ( #1916 )
...
* config: move AMD root key to global constant
* attestation: add SNP based attestation for aws
* Always enable SNP, regardless of attestation type.
* Make AWSNitroTPM default again
There exists a bug in AWS SNP implementation where sometimes
a host might not be able to produce valid SNP reports.
Since we have to wait for AWS to fix this we are merging SNP
attestation as opt-in feature.
2023-06-21 14:19:55 +02:00
Moritz Sanft
94b21e11ad
ci: Windows cli tests ( #1859 )
...
* wip: add windows e2e test
* wip: register windows e2e tests
* remove registration
* wip: change CLI artifact name
* basic windows test
* checkout repo
* use correct iam create command
* remove trademarked name
* enable debug logs
* add pwsh liveliness check script
* delimiters
* set kubeconfig env var
* test
* use setx to set env var
* set envvar before liveness probe
* explicitly set kubeconfig
2023-06-21 12:05:04 +02:00
Daniel Weiße
eb1e1502c1
ci: run cdbg with debug verbosity ( #1953 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-21 10:26:22 +02:00
Moritz Sanft
b25228d175
cli: store upgrade files in versioned folders ( #1929 )
...
* upgrade versioning
* dont pass upgrade kind as boolean
* whitespace
* fix godot lint check
* clarify upgrade check directory suffix
* cli: dry-run Terraform migrations on `upgrade check` (#1942 )
* dry-run Terraform migrations on upgrade check
* clean whole upgrade dir
* clean up check workspace after planning
* fix parsing
* extend upgrade check test
* rename unused parameters
* exclude false positives in test
2023-06-21 09:22:32 +02:00
Moritz Sanft
f3c2198a9a
ci: improve pr template ( #1946 )
...
* improve PR template
* Update .github/pull_request_template.md
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
---------
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-06-21 08:59:29 +02:00
renovate[bot]
d2c4cd1785
deps: update aws-actions/configure-aws-credentials action to v2 ( #1950 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 18:59:07 +02:00
renovate[bot]
3f714f538b
deps: update peter-evans/create-pull-request action to v5 ( #1949 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 16:37:01 +02:00
renovate[bot]
684b61ac2b
deps: update docker/build-push-action action to v4 ( #1948 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 13:39:32 +02:00
renovate[bot]
5bf59808e1
deps: update cachix/install-nix-action action to v22 ( #1947 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 13:08:52 +02:00
renovate[bot]
e5bcd36a23
deps: update K8s constrained Azure versions ( #1907 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 12:55:47 +02:00
Malte Poll
0b262a08bc
cloud: fix discovery of GCP nodes across multiple zones ( #1943 )
2023-06-20 12:02:31 +02:00
renovate[bot]
de2c21b555
deps: update Python dependencies ( #1888 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 11:04:48 +02:00
Adrian Stobbe
7dcd8c3dab
dev-docs: refactor and add information for newbies ( #1912 )
...
* refactor dev-docs structure and add information
* improve doc
* Update dev-docs/workflows/create-debug-cluster.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update dev-docs/workflows/create-debug-cluster.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* pr feedback daniel
* Update dev-docs/README.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* move to howto again
* split up dev-setup and pull-request into sep files
* fix backticks
* add writing style convention + testing repo
* remove OSS cluster + reduce plugins vs code
* update bazel pre-pr doc
* ghcr img private hint
* add fetch measurement + provider sub-directory hint
* add label doc + pr title check in template
* add OSS build comment
* Update CONTRIBUTING.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update CONTRIBUTING.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update dev-docs/README.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update dev-docs/workflows/dev-setup.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* thomas feedback
* add go proverb mention
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-06-19 17:39:43 +02:00
Adrian Stobbe
be4a636361
cli: improve user warning / information ( #1933 )
...
* print success
* warn when debug img but !debugCluster
* malte feedback
* rename to IsNamedLikeDebugImage
2023-06-19 16:51:39 +02:00
Malte Poll
2808012c9c
terraform: gcp node groups ( #1941 )
...
* terraform: GCP node groups
* cli: marshal GCP node groups to terraform variables
This does not have any side effects for users.
We still strictly create one control-plane and one worker group.
This is a preparation for enabling customizable node groups in the future.
2023-06-19 13:02:01 +02:00
Malte Poll
5823aa2438
deps: upgrade pseudo version tool
2023-06-16 16:30:47 +02:00
Malte Poll
9b142f9a25
bazel: upgrade rules_go to a pre-release version to get stripped binaries
2023-06-16 16:30:47 +02:00
Malte Poll
18e7bffc67
bazel: upgrade bazeldnf to produce deterministic rpm2tar artifacts
2023-06-16 16:30:47 +02:00
Malte Poll
bd82071dd5
bazel: add test for containers being equal regardless of the target platform
2023-06-16 16:30:47 +02:00
Malte Poll
6c8dade285
bazel: always choose linux / amd64 distroless base image
2023-06-16 16:30:47 +02:00
Malte Poll
537cdbcfad
bazel: trim path to *.pb.go files embedded in go libraries
...
See https://github.com/bazelbuild/rules_go/issues/3581 for context.
2023-06-16 16:30:47 +02:00
renovate[bot]
4908b5f63c
deps: update golangci/golangci-lint to v1.53.2 ( #1924 )
...
* deps: update golangci/golangci-lint to v1.53.2
* deps: tidy all modules
* attestation: silence linter warning
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-16 09:40:08 +02:00
renovate[bot]
ab52e6d4c5
fix: GCP service account creation fails sometimes ( #1935 )
...
* deps: update Terraform google to v4.69.1
* deps: tidy all modules
* add delay for service account
* deps: tidy all modules
* add delay for service account
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-06-16 09:37:31 +02:00
edgelessci
a717cefc26
image: update measurements and image version ( #1939 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-06-16 08:27:45 +02:00
Malte Poll
684cae4706
nix: add python toolchain deps ( #1934 )
2023-06-15 17:37:59 +02:00
Paul Meyer
103a757557
deps: upgrade sonobuoy to v0.56.17 ( #1937 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-15 16:54:38 +02:00
Malte Poll
264b2df902
deps: upgrade to Fedora 38 ( #1909 )
...
* image: upgrade mkosi distro version to Fedora 38
* image: remove downgrade of GCP kernel
* ci: upgrade expected measurements for Fedora 38
* deps: upgrade bazeldnf packages to Fedora 38
* deps: upgrade container images to Fedora 38
2023-06-15 16:50:35 +02:00
Paul Meyer
4d6d2b1fa2
Update codeowners ( #1936 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-15 14:55:38 +02:00
Adrian Stobbe
159d28a2c7
doc: add context to PR template ( #1932 )
...
* add context to PR template
* Update pull_request_template.md
2023-06-15 09:13:47 +02:00
Otto Bittner
c33ab624c1
ci: upgrade fromVersion in e2e-upgrade ( #1931 )
...
We released 2.8 so we need to test that it can upgrade to HEAD.
2023-06-15 07:49:30 +02:00
Adrian Stobbe
07de6482b2
config: drop support for deprecated Azure's service principal authentication ( #1906 )
...
* invalidate app client id field for azure and provide info
* remove TestNewWithDefaultOptions case
* fix test
* remove appClientID field
* remove client secret + rename err
* remove from docs
* otto feedback
* update docs
* delete env test in cfg since no envs set anymore
* Update dev-docs/workflows/github-actions.md
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* WARNING to stderr
* fix check
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-06-14 17:50:57 +02:00
renovate[bot]
d964c74cbb
deps: update dependency io_bazel_rules_go to v0.39.1 ( #1921 )
...
* deps: update dependency io_bazel_rules_go to v0.39.1
* deps: tidy all modules
* deps: remove duplicate urls
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-14 16:35:52 +02:00
Adrian Stobbe
c5f75513b1
fix: Azure SEV-SNP version always gets overwritten by latest API versions ( #1930 )
...
* fix that manual version gets overwritten by latest
* put azure in seperate config file
* otto feedback
2023-06-14 14:17:52 +02:00
Adrian Stobbe
c1f9d86cd3
bazel check: silent env for cleaner output ( #1898 )
...
* explicitly ignore pkgs for cleaner output
* do not ignore but redirect stderr
* silent env var to silent stderr
* add silent env var to vuln,lint,tf
* fix golangci silent
* Update bazel/ci/terraform.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* Update bazel/ci/golicenses.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* Update bazel/ci/govulncheck.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* Update bazel/ci/golangci_lint.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
---------
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-06-14 13:58:21 +02:00
Otto Bittner
7a1c70d7e5
ci: replace katexochen with elchead in assignee list ( #1928 )
...
katexochen is currently working on CoCo and not
involved in active development.
2023-06-14 11:44:45 +02:00