Commit Graph

161 Commits

Author SHA1 Message Date
renovate[bot]
f00890ab1e
deps: update module k8s.io/kubernetes to v1.29.4 [SECURITY] (#3039)
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-25 14:03:24 +02:00
Malte Poll
2a226fd8e9
deps: update Go toolchain to 1.22.2 (#3010)
* deps: update Go toolchain to 1.22.2
* deps: update vulnerable dependencies (govulncheck)
2024-04-05 12:14:48 +02:00
renovate[bot]
4ca9db156b
deps: update module github.com/docker/docker to v25.0.5+incompatible [SECURITY] (#2998)
* deps: update module github.com/docker/docker to v25.0.5+incompatible [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-03-25 09:35:56 +01:00
Malte Poll
281c7c320c deps: update protobuf to v1.33.0 2024-03-06 14:50:01 +01:00
renovate[bot]
ae0e00383b
deps: update module helm.sh/helm/v3 to v3.14.2 [SECURITY] (#2944)
* deps: update module helm.sh/helm/v3 to v3.14.2 [SECURITY]

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-02-23 09:26:36 +01:00
Malte Poll
71c8a27539 deps: replace use of deprecated module azsecrets
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets -> github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets
2024-02-21 18:40:16 +01:00
Malte Poll
6a467e5594 deps: update all Go deps 2024-02-21 18:40:16 +01:00
miampf
96c5980651
cli: collect debug logs in file (#2906) 2024-02-21 15:39:12 +00:00
Malte Poll
c6e0714a42 deps: update go-git 2024-02-20 10:00:38 +01:00
renovate[bot]
7980689e82
deps: update module helm.sh/helm/v3 to v3.14.1 [SECURITY] (#2911)
* deps: update module helm.sh/helm/v3 to v3.14.1 [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-02-15 18:01:36 +01:00
Moritz Sanft
901edd420b
terraform: remove cloud loggers (#2892)
* terraform: remove cloud logging apps

* internal/cloud: remove loggers

* bootstrapper: remove logging

* qemu-metadata-api: remove logging endpoint

* docs: add instructions on how to get boot logs

* bazel: tidy

* docs: fix typo

* cloud: remove unused types

* Update go.mod

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* bazel: tidy

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: elaborate on how to get boot logs

* bazel: tidy

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-02-06 14:27:30 +01:00
Malte Poll
18acd0b12a
deps: update go-uefi and use new authenticode package (#2873) 2024-02-05 12:06:48 +01:00
Markus Rudy
32d3b4e87c
ci: introduce keep-sorted (#2836)
Long lists of items in source code or config can be hard to work with as
a human, most problematic being out-of-order entries in an otherwise
ordered list. This is where keep-sorted comes to the rescue: we can
leave two little comments on every listing we care about, and
keep-sorted ensures that the listing stays in order.

This commit also applied keep-sorted to the CODEOWNERS file, hopefully
demonstrating its usefulness to some extent. I'd expect more uses for
keep-sorted to be discovered organically over time.

keep-sorted is super fast, so it should not be a problem to add it to
the //:tidy target, even if we scan all files in the code base. On my
MacBook:

$ time (find . -not -path "./.git/*" -type f | sort | xargs "${keep_sorted}" --mode fix)

real	0m0.249s
user	0m0.124s
sys	0m0.129s
2024-01-30 14:39:49 +01:00
Daniel Weiße
e350ca0f57
attestation: add Azure TDX attestation (#2827)
* Implement Azure TDX attestation primitives
* Add default measurements and claims for Azure TDX
* Enable Constellation on Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-24 15:10:15 +01:00
renovate[bot]
bacb8ff886
deps: update AWS SDK (#2809)
* deps: update AWS SDK

* deps: fix AWS SDK upgrade breakage

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
2024-01-09 16:18:33 +01:00
Daniel Weiße
90f3336c8e
deps: remove go.mod files from submodules (#2769)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:19:38 +01:00
Markus Rudy
837b24bf54
versions: generate k8s image patches (incl etcd) (#2764)
* versions: generate k8s image patches (incl etcd)
2023-12-21 20:56:55 +01:00
renovate[bot]
37ec431fab
deps: update K8s dependencies (#2763)
* deps: update K8s dependencies

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-12-21 12:42:04 +01:00
renovate[bot]
4f374fbeb2
deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5 (#2748)
* deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-20 15:58:55 +01:00
renovate[bot]
6c5170da79
deps: update module golang.org/x/crypto to v0.17.0 [SECURITY] (#2736)
* deps: update module golang.org/x/crypto to v0.17.0 [SECURITY]
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-19 08:53:15 +01:00
Markus Rudy
ae00b0a198 installer: add support for data URLs
RFC 015 proposes the introduction of data URLs to materialize static
content to files on disk. This commit adds support for data URLs to the
installer. The corresponding content will be added to versions.go in a
subsequent commit.
2023-12-13 09:35:19 +01:00
renovate[bot]
6db0318b2f
deps: update module github.com/docker/docker to v24.0.7+incompatible [SECURITY] (#2541)
* deps: update module github.com/docker/docker to v24.0.7+incompatible [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-12 13:34:28 +01:00
edgelessci
90d92e5b51 deps: tidy all modules 2023-12-08 13:59:51 +01:00
Moritz Sanft
34bf3ad296
terraform-provider: add image datasource (#2642)
* terraform-provider: init

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: add basic docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix build steps

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: extend build process and docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* dev-docs: document provider usage

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: upload aspect lib mirror

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: don't try to create lockfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: fix shellcheck issues

* bazel: separate paths to check

* terraform-provider: clean up old files

* terraform-provider: update provider resource

* terraform-provider: add image data source

* dev-docs: remove unnecessary init

* bazel: adhere to Terraform naming expectations

* terraform-provider: fix expected data type

* terraform-provider: generate docs

* terraform-provider: improve errors

* terraform-provider: add acceptance tests for data source

* terraform-provider: fix dependencies

* bazel: quote var reference

* terraform-provider: make region optional

* terraform-provider: bind imagefetcher to data source

* bazel: tidy

* terraform-provider: remove unused parameter

* terraform-provider: remove unused parameter

* terraform-provider: extend acceptance tests

* terraform-provider: allow tests to be ran without Bazel

* dev-docs: document testing

* terraform-provider: set binary path accordingly

* dev-docs: document docgen process for the provider

* bazel: run acceptance test in writable environment

* bazel: try to write to `$TMPDIR`

* terraform-provider: style nits

* terraform-provider: leave TODO

* bazel: tidy

* terraform-provider: regenerate docs

* terraform-provider: fix comment

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-27 09:00:08 +01:00
Moritz Sanft
9a62657b80
terraform-provider: init provider scaffolding (#2632)
* terraform-provider: init

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: add basic docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix build steps

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: extend build process and docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* dev-docs: document provider usage

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: upload aspect lib mirror

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: add docstring to fix linter

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: don't try to create lockfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: fix shellcheck issues

* bazel: separate paths to check

* bazel: explain what updating lockfiles means

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-24 15:58:21 +01:00
Malte Poll
d3ce6ffcc1
deps: update module github.com/hashicorp/* (#2626) 2023-11-22 09:35:00 +01:00
renovate[bot]
f1edce0413 deps: update bazel (core) 2023-11-14 14:04:16 +01:00
renovate[bot]
5af6ee058c
deps: update module k8s.io/kubernetes to v1.27.5 [SECURITY] (#2548)
* deps: update module k8s.io/kubernetes to v1.27.5 [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-11-13 10:43:12 +01:00
renovate[bot]
7eb28e4f6e
deps: update module github.com/google/go-tpm-tools to v0.4.2 (#2374)
* deps: update module github.com/google/go-tpm-tools to v0.4.2

* deps: tidy all modules

* remove go-tpm-tools replace

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-08 09:09:00 +01:00
renovate[bot]
026ed5b642
deps: update module github.com/google/uuid to v1.4.0 (#2530)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 16:20:37 +02:00
renovate[bot]
c50840dcd8
deps: update module github.com/onsi/ginkgo/v2 to v2.13.0 (#2516)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 13:32:47 +02:00
renovate[bot]
bac7e8b4f9
deps: update module helm.sh/helm/v3 to v3.13.1 (#2521)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 13:31:54 +02:00
renovate[bot]
cd93eb6886
deps: update module google.golang.org/api to v0.148.0 (#2519)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 09:59:26 +02:00
renovate[bot]
fff35bdb2a
deps: update module google.golang.org/grpc to v1.59.0 (#2520)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 16:59:11 +02:00
renovate[bot]
0030280d1b
deps: update module github.com/fsnotify/fsnotify to v1.7.0 (#2518)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 15:33:23 +02:00
renovate[bot]
f9989728f7
deps: update module google.golang.org/grpc to v1.56.3 [SECURITY] (#2514)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:20:40 +02:00
renovate[bot]
936f55f4b0
deps: update module go.uber.org/goleak to v1.3.0 (#2509)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 17:39:41 +02:00
renovate[bot]
15d249092c
deps: update github.com/gophercloud/utils digest to 80377ec (#2495)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-24 15:35:59 +02:00
Adrian Stobbe
5819a11d25
api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429) 2023-10-17 17:36:50 +02:00
Moritz Sanft
a8605d7294
cli: use custom byte-slice marshalling for state file (#2460)
* custom byte slice marshalling

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* byte slice compatibility

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* other byte slice compat test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing dep

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* export byte type alias

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* regenerate exported type

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* test marshal and unmarshal together

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-17 10:35:54 +02:00
3u13r
adfe443b28
bump golang.org/x/net to v0.17.0 (#2456) 2023-10-16 13:22:31 +02:00
renovate[bot]
776d43d5c2
deps: update module github.com/bazelbuild/rules_go to v0.42.0 (#2443)
* deps: update module github.com/bazelbuild/rules_go to v0.42.0

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-10-16 09:53:26 +02:00
renovate[bot]
907b74a31f
deps: update module golang.org/x/tools to v0.14.0 (#2446)
* deps: update module golang.org/x/tools to v0.14.0

* ci: don't error on cleanup

---------

Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-10-12 14:07:59 +02:00
Moritz Sanft
dbad7c2f7a update go-tpm-tools / go-sev-guest 2023-10-10 10:33:54 +02:00
Moritz Sanft
005e865a13
cli: use state file on init and upgrade (#2395)
* [wip] use state file in CLI

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use state file in CLI

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

take clusterConfig from IDFile for compat

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

various fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

wip

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add GCP-specific values in Helm loader test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary pointer

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* write ClusterValues in one step

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* move stub to test file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove mention of id-file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* move output to `migrateTerraform`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* unconditional assignments converting from idFile

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* move require block in go modules file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fall back to id file on upgrade

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter check

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add notice to remove Terraform state check on manual migration

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add `name` field

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

fix name tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* return early if no Terraform diff

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* return infrastructure state even if no diff exists

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add TODO to remove comment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use state-file in miniconstellation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: remove id-file (#2402)

* remove id-file from `constellation create`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add file renaming to handler

* rename id-file after upgrade

* use idFile on `constellation init`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from `constellation verify`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* linter fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from `constellation mini`

* remove id-file from `constellation recover`

* linter fixes

* remove id-file from `constellation terminate`

* fix initSecret type

* fix recover argument precedence

* fix terminate test

* generate

* add TODO to remove id-file removal

* Update cli/internal/cmd/init.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* fix verify arg parse logic

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add version test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from docs

* add file not found log

* use state-file in miniconstellation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from `constellation iam destroy`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from `cdbg deploy`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* use state-file in CI

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update orchestration docs

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-10-09 13:04:29 +02:00
Otto Bittner
887dcda78b s3proxy: add keyservice integration
Encrypt each object with a random DEK and attach
the encrypted DEK as object metadata.
Encrpt the DEK with a key from the keyservice.
All objects use the same KEK until a keyrotation
takes place.
2023-10-06 11:23:32 +02:00
renovate[bot]
e938cc5e63
deps: update module golang.org/x/vuln to v1.0.1 (#2365)
* deps: update module golang.org/x/vuln to v1.0.1

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-09-29 21:45:42 +02:00
Malte Poll
af532f223d
deps: update golang.org/x/tools (#2396) 2023-09-29 15:49:34 +02:00
Malte Poll
b66fa5aaab hack: remove pseudo-version tool
The Go implementation is now unused.
Consumers are all switched over to /tools/workspace_status.sh
2023-09-29 14:09:58 +02:00
Malte Poll
f6d9f91877 image: reimplement and adapt measurement generation in Go 2023-09-27 17:58:19 +02:00