Commit Graph

2790 Commits

Author SHA1 Message Date
Malte Poll
264b2df902
deps: upgrade to Fedora 38 (#1909)
* image: upgrade mkosi distro version to Fedora 38
* image: remove downgrade of GCP kernel
* ci: upgrade expected measurements for Fedora 38
* deps: upgrade bazeldnf packages to Fedora 38
* deps: upgrade container images to Fedora 38
2023-06-15 16:50:35 +02:00
Paul Meyer
4d6d2b1fa2
Update codeowners (#1936)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-15 14:55:38 +02:00
Adrian Stobbe
159d28a2c7
doc: add context to PR template (#1932)
* add context to PR template

* Update pull_request_template.md
2023-06-15 09:13:47 +02:00
Otto Bittner
c33ab624c1
ci: upgrade fromVersion in e2e-upgrade (#1931)
We released 2.8 so we need to test that it can upgrade to HEAD.
2023-06-15 07:49:30 +02:00
Adrian Stobbe
07de6482b2
config: drop support for deprecated Azure's service principal authentication (#1906)
* invalidate app client id field for azure and provide info

* remove TestNewWithDefaultOptions case

* fix test

* remove appClientID field

* remove client secret + rename err

* remove from docs

* otto feedback

* update docs

* delete env test in cfg since no envs set anymore

* Update dev-docs/workflows/github-actions.md

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* WARNING to stderr

* fix check

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-06-14 17:50:57 +02:00
renovate[bot]
d964c74cbb
deps: update dependency io_bazel_rules_go to v0.39.1 (#1921)
* deps: update dependency io_bazel_rules_go to v0.39.1
* deps: tidy all modules
* deps: remove duplicate urls

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-14 16:35:52 +02:00
Adrian Stobbe
c5f75513b1
fix: Azure SEV-SNP version always gets overwritten by latest API versions (#1930)
* fix that manual version gets overwritten by latest

* put azure in seperate config file

* otto feedback
2023-06-14 14:17:52 +02:00
Adrian Stobbe
c1f9d86cd3
bazel check: silent env for cleaner output (#1898)
* explicitly ignore pkgs for cleaner output

* do not ignore but redirect stderr

* silent env var to silent stderr

* add silent env var to vuln,lint,tf

* fix golangci silent

* Update bazel/ci/terraform.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/golicenses.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/govulncheck.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/golangci_lint.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

---------

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-06-14 13:58:21 +02:00
Otto Bittner
7a1c70d7e5
ci: replace katexochen with elchead in assignee list (#1928)
katexochen is currently working on CoCo and not
involved in active development.
2023-06-14 11:44:45 +02:00
Malte Poll
ee77e3922a
ci: explicitly add CLI signature as release artifact (#1917) 2023-06-14 09:56:11 +02:00
edgelessci
8910e9bac4
image: update measurements and image version (#1927)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-06-14 08:31:30 +02:00
renovate[bot]
520571c3d1
deps: update dependency com_github_bazelbuild_buildtools to v6 (#1925)
* deps: update dependency com_github_bazelbuild_buildtools to v6
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:33:49 +02:00
renovate[bot]
16621b5d15
deps: update dependency rules_pkg to v0.9.1 (#1923)
* deps: update dependency rules_pkg to v0.9.1
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:31:19 +02:00
renovate[bot]
42735ae1b1
deps: update bufbuild/buf to v1.21.0 (#1922)
* deps: update bufbuild/buf to v1.21.0
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:20:44 +02:00
renovate[bot]
5442e86150
deps: update dependency bazel_gazelle to v0.31.1 (#1919)
* deps: update dependency bazel_gazelle to v0.31.1
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:18:50 +02:00
renovate[bot]
053b371e93
deps: update dependency bazel_skylib to v1.4.2 (#1920)
* deps: update dependency bazel_skylib to v1.4.2
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:03:40 +02:00
renovate[bot]
56d0575459
deps: update dependency bazel to v6.2.1 (#1918)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 17:50:24 +02:00
3u13r
a2c98eb1d5
Correctly deploy the AWS CCM (#1853)
* aws: stop using the imds api for tags

* aws: disable tags in imds api

* aws: only tag instances with non-lecagy tag

* bootstrapper: always let coredns run before cilium

* debugd: make debugd less noisy

* fixup fix aws imds test

* fixup unsued context

* move getting instance id to readInstanceTag
2023-06-13 09:58:39 +02:00
Adrian Stobbe
4f63481b7d
config: fix fetcher parse azure sev-snp version (#1911) 2023-06-12 16:04:54 +02:00
Daniel Weiße
ab74730fd7
Update go-tpm-tools fork (#1910)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-12 15:59:40 +02:00
Adrian Stobbe
e738f15f0f
cdbg: make endpoint deployment failure more transparent (#1883)
* add retry + timeout + intercept grpc logs

* LogStateChanges inside grplog pkg

* remove retry and tj/assert

* rename nit

* Update debugd/internal/cdbg/cmd/deploy.go

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* Update debugd/internal/cdbg/cmd/deploy.go

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* paul feedback

* return waitFn instead of WaitGroup

* Revert "return waitFn instead of WaitGroup"

This reverts commit 45700f30e341ce3af509b687febbc0125f7ddb38.

* log routine inside debugd constructor

* test doubles names

* Update debugd/internal/cdbg/cmd/deploy.go

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* fix newDebugClient closeFn

---------

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-12 13:45:34 +02:00
renovate[bot]
167052d443
deps: update dependency hermetic_cc_toolchain to v2.0.0 (#1860)
* deps: update dependency hermetic_cc_toolchain to v2.0.0
* deps: tidy all modules
* bazel: target glibc 2.23 to enable rbe

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-09 17:39:30 +02:00
3u13r
b71b5103ae
ci: migrate e2e lb test to bazel (#1892)
* ci: migrate lb e2e test to bazel
* ci: disable shared bazel cache on github runners
2023-06-09 16:59:19 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP as new variant (#1900)
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP

For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
2023-06-09 15:41:02 +02:00
Thomas Tendyck
947d0cb20a cli: hide --insecure of config fetch-measurements 2023-06-09 15:07:31 +02:00
Adrian Stobbe
3fde118b33
config: enable azure snp version fetcher again + minimum age for latest version (#1899)
* fetch latest version when older than 2 weeks

* extend hack upload tool to pass an upload date

* Revert "config: disable user-facing version Azure SEV SNP fetch for v2.8  (#1882)"

This reverts commit c7b22d314a.

* fix tests

* use NewAzureSEVSNPVersionList for type guarantees

* Revert "use NewAzureSEVSNPVersionList for type guarantees"

This reverts commit 942566453f4b4a2b6dc16f8689248abf1dc47db4.

* assure list is sorted

* improve root.go style

* daniel feedback
2023-06-09 12:48:12 +02:00
Moritz Sanft
72e168e653
bazel: pseudo version tool freshness check (#1869)
* switch to darwin compatible shasum

* add bazel rule

* update shellscript for in-place updates

* Revert "update shellscript for in-place updates"

This reverts commit 87d39b06f7.

* add version tool freshness check

* remove pseudo-version file

* revert to `sha256sum`

* fix workflow indentation
2023-06-09 11:50:51 +02:00
Moritz Sanft
892752a1f8
add necessary permissions (#1905) 2023-06-09 11:50:39 +02:00
Moritz Eckert
9463d6fb27
cli: fix azure config warning message (#1902) 2023-06-09 11:16:54 +02:00
Otto Bittner
3a54ca91a7
deps: bump go patch version (#1903) 2023-06-09 10:53:17 +02:00
Adrian Stobbe
d9c604ed2c
terraform: update aws to v5.1.0 (#1891) 2023-06-09 10:37:25 +02:00
Adrian Stobbe
e0fe8e6ca0
local: fix mac issues in bazel (#1893) 2023-06-09 10:35:52 +02:00
renovate[bot]
7c345f4503
deps: update github.com/gophercloud/utils digest to de873b9 (#1843)
* deps: update github.com/gophercloud/utils digest to de873b9
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-09 10:02:59 +02:00
Malte Poll
8c3617faf0
ci: do not manually clear measurements on verify e2e (#1889) 2023-06-09 09:25:30 +02:00
Otto Bittner
3e583946a1
rfc: specify how to handle launchmeasurements (#1894)
* Describes how to keep the values in the API up-to-date.
* Describes API object structure.
* Describe user config options.

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-06-09 08:45:27 +02:00
Malte Poll
17b583ddc5
misc: start v2.9.0-pre (#1895) 2023-06-08 15:31:47 +02:00
Adrian Stobbe
e9f9337cb9
Revert "ci: fix versionsapi cli container Dockerfile (#1856)" (#1896)
This reverts commit 0fac6a03cc.
2023-06-07 17:18:59 +02:00
Adrian Stobbe
4284f892ce
api: rename /api/versions to versionsapi and /api/attestationcfig to attestationconfigapi (#1876)
* rename to attestationconfigapi + put client and fetcher inside pkg

* rename api/version to versionsapi and put fetcher + client inside pkg

* rename AttestationConfigAPIFetcher to Fetcher
2023-06-07 16:16:32 +02:00
renovate[bot]
25037026e1
deps: update Python dependencies (#1887)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-07 10:36:52 +02:00
edgelessci
f43366ed89
docs: add release v2.8.0 (#1884)
* docs: add release v2.8.0
* docs: mention required AWS IAM permissions for upgrades

---------

Co-authored-by: malt3 <malt3@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-07 10:34:07 +02:00
Adrian Stobbe
51d66b2609
doc: vs code linter issue (#1880) 2023-06-07 10:32:06 +02:00
3u13r
3ad9258a57
deps: bump ginkgo version (#1885) 2023-06-06 18:15:48 +02:00
renovate[bot]
6f7c8999f3
deps: update dependency cryptography to v41 [SECURITY] (#1875)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-06 18:15:26 +02:00
Malte Poll
b3c052e299
operators: cleanup placeholder nodeversion (#1881)
* operators: cleanup placeholder nodeversion
* e2e: improve upgrade test portability
2023-06-06 15:22:06 +02:00
Malte Poll
025d34a259
ci: fix docker-login on macOS runner (#1877) 2023-06-06 12:20:09 +02:00
Adrian Stobbe
c7b22d314a
config: disable user-facing version Azure SEV SNP fetch for v2.8 (#1882)
* config: disable user-facing version fetch for Azure SEV SNP

don't allow "latest" value and disable user-facing version fetcher for Azure SEV SNP

Co-authored-by: @derpsteb

* fix unittests

* attestation: getTrustedKey

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-06-06 10:44:13 +02:00
3u13r
7c07e3be18
Add --insecure to config fetch-measurement (#1879)
* cli: add --insecure to fetch-measurements

* cli: rename fake to stub

* ci: upload measurements for debug images

* fix cli docs
2023-06-06 10:32:22 +02:00
Malte Poll
f7f11c32f8
image: choose unique AWS image names based on the attestation variant (#1868) 2023-06-06 08:35:26 +02:00
Adrian Stobbe
99a88c033c
api: use new signature JSON format (#1872)
* use new impl for client.UploadAzureSEVSNP

* fix: fetcher must parse new signature format

* version-file is not persistentflag

* fix fetcher tests
2023-06-05 16:10:44 +02:00
Otto Bittner
fa01569cc6
staticupload: don't request empty invalidation (#1870)
If no files have been touched, do not initiate an invalidation.
2023-06-05 15:47:33 +02:00