Malte Poll
264b2df902
deps: upgrade to Fedora 38 ( #1909 )
...
* image: upgrade mkosi distro version to Fedora 38
* image: remove downgrade of GCP kernel
* ci: upgrade expected measurements for Fedora 38
* deps: upgrade bazeldnf packages to Fedora 38
* deps: upgrade container images to Fedora 38
2023-06-15 16:50:35 +02:00
Paul Meyer
4d6d2b1fa2
Update codeowners ( #1936 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-15 14:55:38 +02:00
Adrian Stobbe
159d28a2c7
doc: add context to PR template ( #1932 )
...
* add context to PR template
* Update pull_request_template.md
2023-06-15 09:13:47 +02:00
Otto Bittner
c33ab624c1
ci: upgrade fromVersion in e2e-upgrade ( #1931 )
...
We released 2.8 so we need to test that it can upgrade to HEAD.
2023-06-15 07:49:30 +02:00
Adrian Stobbe
07de6482b2
config: drop support for deprecated Azure's service principal authentication ( #1906 )
...
* invalidate app client id field for azure and provide info
* remove TestNewWithDefaultOptions case
* fix test
* remove appClientID field
* remove client secret + rename err
* remove from docs
* otto feedback
* update docs
* delete env test in cfg since no envs set anymore
* Update dev-docs/workflows/github-actions.md
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* WARNING to stderr
* fix check
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-06-14 17:50:57 +02:00
renovate[bot]
d964c74cbb
deps: update dependency io_bazel_rules_go to v0.39.1 ( #1921 )
...
* deps: update dependency io_bazel_rules_go to v0.39.1
* deps: tidy all modules
* deps: remove duplicate urls
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-14 16:35:52 +02:00
Adrian Stobbe
c5f75513b1
fix: Azure SEV-SNP version always gets overwritten by latest API versions ( #1930 )
...
* fix that manual version gets overwritten by latest
* put azure in seperate config file
* otto feedback
2023-06-14 14:17:52 +02:00
Adrian Stobbe
c1f9d86cd3
bazel check: silent env for cleaner output ( #1898 )
...
* explicitly ignore pkgs for cleaner output
* do not ignore but redirect stderr
* silent env var to silent stderr
* add silent env var to vuln,lint,tf
* fix golangci silent
* Update bazel/ci/terraform.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* Update bazel/ci/golicenses.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* Update bazel/ci/govulncheck.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* Update bazel/ci/golangci_lint.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
---------
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-06-14 13:58:21 +02:00
Otto Bittner
7a1c70d7e5
ci: replace katexochen with elchead in assignee list ( #1928 )
...
katexochen is currently working on CoCo and not
involved in active development.
2023-06-14 11:44:45 +02:00
Malte Poll
ee77e3922a
ci: explicitly add CLI signature as release artifact ( #1917 )
2023-06-14 09:56:11 +02:00
edgelessci
8910e9bac4
image: update measurements and image version ( #1927 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-06-14 08:31:30 +02:00
renovate[bot]
520571c3d1
deps: update dependency com_github_bazelbuild_buildtools to v6 ( #1925 )
...
* deps: update dependency com_github_bazelbuild_buildtools to v6
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:33:49 +02:00
renovate[bot]
16621b5d15
deps: update dependency rules_pkg to v0.9.1 ( #1923 )
...
* deps: update dependency rules_pkg to v0.9.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:31:19 +02:00
renovate[bot]
42735ae1b1
deps: update bufbuild/buf to v1.21.0 ( #1922 )
...
* deps: update bufbuild/buf to v1.21.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:20:44 +02:00
renovate[bot]
5442e86150
deps: update dependency bazel_gazelle to v0.31.1 ( #1919 )
...
* deps: update dependency bazel_gazelle to v0.31.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:18:50 +02:00
renovate[bot]
053b371e93
deps: update dependency bazel_skylib to v1.4.2 ( #1920 )
...
* deps: update dependency bazel_skylib to v1.4.2
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:03:40 +02:00
renovate[bot]
56d0575459
deps: update dependency bazel to v6.2.1 ( #1918 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 17:50:24 +02:00
3u13r
a2c98eb1d5
Correctly deploy the AWS CCM ( #1853 )
...
* aws: stop using the imds api for tags
* aws: disable tags in imds api
* aws: only tag instances with non-lecagy tag
* bootstrapper: always let coredns run before cilium
* debugd: make debugd less noisy
* fixup fix aws imds test
* fixup unsued context
* move getting instance id to readInstanceTag
2023-06-13 09:58:39 +02:00
Adrian Stobbe
4f63481b7d
config: fix fetcher parse azure sev-snp version ( #1911 )
2023-06-12 16:04:54 +02:00
Daniel Weiße
ab74730fd7
Update go-tpm-tools fork ( #1910 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-12 15:59:40 +02:00
Adrian Stobbe
e738f15f0f
cdbg: make endpoint deployment failure more transparent ( #1883 )
...
* add retry + timeout + intercept grpc logs
* LogStateChanges inside grplog pkg
* remove retry and tj/assert
* rename nit
* Update debugd/internal/cdbg/cmd/deploy.go
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* Update debugd/internal/cdbg/cmd/deploy.go
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* paul feedback
* return waitFn instead of WaitGroup
* Revert "return waitFn instead of WaitGroup"
This reverts commit 45700f30e341ce3af509b687febbc0125f7ddb38.
* log routine inside debugd constructor
* test doubles names
* Update debugd/internal/cdbg/cmd/deploy.go
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* fix newDebugClient closeFn
---------
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-12 13:45:34 +02:00
renovate[bot]
167052d443
deps: update dependency hermetic_cc_toolchain to v2.0.0 ( #1860 )
...
* deps: update dependency hermetic_cc_toolchain to v2.0.0
* deps: tidy all modules
* bazel: target glibc 2.23 to enable rbe
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-09 17:39:30 +02:00
3u13r
b71b5103ae
ci: migrate e2e lb test to bazel ( #1892 )
...
* ci: migrate lb e2e test to bazel
* ci: disable shared bazel cache on github runners
2023-06-09 16:59:19 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP
as new variant ( #1900 )
...
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP
For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
2023-06-09 15:41:02 +02:00
Thomas Tendyck
947d0cb20a
cli: hide --insecure of config fetch-measurements
2023-06-09 15:07:31 +02:00
Adrian Stobbe
3fde118b33
config: enable azure snp version fetcher again + minimum age for latest version ( #1899 )
...
* fetch latest version when older than 2 weeks
* extend hack upload tool to pass an upload date
* Revert "config: disable user-facing version Azure SEV SNP fetch for v2.8 (#1882 )"
This reverts commit c7b22d314a
.
* fix tests
* use NewAzureSEVSNPVersionList for type guarantees
* Revert "use NewAzureSEVSNPVersionList for type guarantees"
This reverts commit 942566453f4b4a2b6dc16f8689248abf1dc47db4.
* assure list is sorted
* improve root.go style
* daniel feedback
2023-06-09 12:48:12 +02:00
Moritz Sanft
72e168e653
bazel: pseudo version tool freshness check ( #1869 )
...
* switch to darwin compatible shasum
* add bazel rule
* update shellscript for in-place updates
* Revert "update shellscript for in-place updates"
This reverts commit 87d39b06f7
.
* add version tool freshness check
* remove pseudo-version file
* revert to `sha256sum`
* fix workflow indentation
2023-06-09 11:50:51 +02:00
Moritz Sanft
892752a1f8
add necessary permissions ( #1905 )
2023-06-09 11:50:39 +02:00
Moritz Eckert
9463d6fb27
cli: fix azure config warning message ( #1902 )
2023-06-09 11:16:54 +02:00
Otto Bittner
3a54ca91a7
deps: bump go patch version ( #1903 )
2023-06-09 10:53:17 +02:00
Adrian Stobbe
d9c604ed2c
terraform: update aws to v5.1.0 ( #1891 )
2023-06-09 10:37:25 +02:00
Adrian Stobbe
e0fe8e6ca0
local: fix mac issues in bazel ( #1893 )
2023-06-09 10:35:52 +02:00
renovate[bot]
7c345f4503
deps: update github.com/gophercloud/utils digest to de873b9 ( #1843 )
...
* deps: update github.com/gophercloud/utils digest to de873b9
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-09 10:02:59 +02:00
Malte Poll
8c3617faf0
ci: do not manually clear measurements on verify e2e ( #1889 )
2023-06-09 09:25:30 +02:00
Otto Bittner
3e583946a1
rfc: specify how to handle launchmeasurements ( #1894 )
...
* Describes how to keep the values in the API up-to-date.
* Describes API object structure.
* Describe user config options.
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-06-09 08:45:27 +02:00
Malte Poll
17b583ddc5
misc: start v2.9.0-pre ( #1895 )
2023-06-08 15:31:47 +02:00
Adrian Stobbe
e9f9337cb9
Revert "ci: fix versionsapi cli container Dockerfile ( #1856 )" ( #1896 )
...
This reverts commit 0fac6a03cc
.
2023-06-07 17:18:59 +02:00
Adrian Stobbe
4284f892ce
api: rename /api/versions to versionsapi and /api/attestationcfig to attestationconfigapi ( #1876 )
...
* rename to attestationconfigapi + put client and fetcher inside pkg
* rename api/version to versionsapi and put fetcher + client inside pkg
* rename AttestationConfigAPIFetcher to Fetcher
2023-06-07 16:16:32 +02:00
renovate[bot]
25037026e1
deps: update Python dependencies ( #1887 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-07 10:36:52 +02:00
edgelessci
f43366ed89
docs: add release v2.8.0 ( #1884 )
...
* docs: add release v2.8.0
* docs: mention required AWS IAM permissions for upgrades
---------
Co-authored-by: malt3 <malt3@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-07 10:34:07 +02:00
Adrian Stobbe
51d66b2609
doc: vs code linter issue ( #1880 )
2023-06-07 10:32:06 +02:00
3u13r
3ad9258a57
deps: bump ginkgo version ( #1885 )
2023-06-06 18:15:48 +02:00
renovate[bot]
6f7c8999f3
deps: update dependency cryptography to v41 [SECURITY] ( #1875 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-06 18:15:26 +02:00
Malte Poll
b3c052e299
operators: cleanup placeholder nodeversion ( #1881 )
...
* operators: cleanup placeholder nodeversion
* e2e: improve upgrade test portability
2023-06-06 15:22:06 +02:00
Malte Poll
025d34a259
ci: fix docker-login on macOS runner ( #1877 )
2023-06-06 12:20:09 +02:00
Adrian Stobbe
c7b22d314a
config: disable user-facing version Azure SEV SNP fetch for v2.8 ( #1882 )
...
* config: disable user-facing version fetch for Azure SEV SNP
don't allow "latest" value and disable user-facing version fetcher for Azure SEV SNP
Co-authored-by: @derpsteb
* fix unittests
* attestation: getTrustedKey
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-06-06 10:44:13 +02:00
3u13r
7c07e3be18
Add --insecure to config fetch-measurement ( #1879 )
...
* cli: add --insecure to fetch-measurements
* cli: rename fake to stub
* ci: upload measurements for debug images
* fix cli docs
2023-06-06 10:32:22 +02:00
Malte Poll
f7f11c32f8
image: choose unique AWS image names based on the attestation variant ( #1868 )
2023-06-06 08:35:26 +02:00
Adrian Stobbe
99a88c033c
api: use new signature JSON format ( #1872 )
...
* use new impl for client.UploadAzureSEVSNP
* fix: fetcher must parse new signature format
* version-file is not persistentflag
* fix fetcher tests
2023-06-05 16:10:44 +02:00
Otto Bittner
fa01569cc6
staticupload: don't request empty invalidation ( #1870 )
...
If no files have been touched, do not initiate an invalidation.
2023-06-05 15:47:33 +02:00