Commit Graph

2802 Commits

Author SHA1 Message Date
Malte Poll
2808012c9c
terraform: gcp node groups (#1941)
* terraform: GCP node groups

* cli: marshal GCP node groups to terraform variables

This does not have any side effects for users.
We still strictly create one control-plane and one worker group.
This is a preparation for enabling customizable node groups in the future.
2023-06-19 13:02:01 +02:00
Malte Poll
5823aa2438 deps: upgrade pseudo version tool 2023-06-16 16:30:47 +02:00
Malte Poll
9b142f9a25 bazel: upgrade rules_go to a pre-release version to get stripped binaries 2023-06-16 16:30:47 +02:00
Malte Poll
18e7bffc67 bazel: upgrade bazeldnf to produce deterministic rpm2tar artifacts 2023-06-16 16:30:47 +02:00
Malte Poll
bd82071dd5 bazel: add test for containers being equal regardless of the target platform 2023-06-16 16:30:47 +02:00
Malte Poll
6c8dade285 bazel: always choose linux / amd64 distroless base image 2023-06-16 16:30:47 +02:00
Malte Poll
537cdbcfad bazel: trim path to *.pb.go files embedded in go libraries
See https://github.com/bazelbuild/rules_go/issues/3581 for context.
2023-06-16 16:30:47 +02:00
renovate[bot]
4908b5f63c
deps: update golangci/golangci-lint to v1.53.2 (#1924)
* deps: update golangci/golangci-lint to v1.53.2
* deps: tidy all modules
* attestation: silence linter warning


---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-16 09:40:08 +02:00
renovate[bot]
ab52e6d4c5
fix: GCP service account creation fails sometimes (#1935)
* deps: update Terraform google to v4.69.1

* deps: tidy all modules

* add delay for service account

* deps: tidy all modules

* add delay for service account

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-06-16 09:37:31 +02:00
edgelessci
a717cefc26
image: update measurements and image version (#1939)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-06-16 08:27:45 +02:00
Malte Poll
684cae4706
nix: add python toolchain deps (#1934) 2023-06-15 17:37:59 +02:00
Paul Meyer
103a757557
deps: upgrade sonobuoy to v0.56.17 (#1937)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-15 16:54:38 +02:00
Malte Poll
264b2df902
deps: upgrade to Fedora 38 (#1909)
* image: upgrade mkosi distro version to Fedora 38
* image: remove downgrade of GCP kernel
* ci: upgrade expected measurements for Fedora 38
* deps: upgrade bazeldnf packages to Fedora 38
* deps: upgrade container images to Fedora 38
2023-06-15 16:50:35 +02:00
Paul Meyer
4d6d2b1fa2
Update codeowners (#1936)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-15 14:55:38 +02:00
Adrian Stobbe
159d28a2c7
doc: add context to PR template (#1932)
* add context to PR template

* Update pull_request_template.md
2023-06-15 09:13:47 +02:00
Otto Bittner
c33ab624c1
ci: upgrade fromVersion in e2e-upgrade (#1931)
We released 2.8 so we need to test that it can upgrade to HEAD.
2023-06-15 07:49:30 +02:00
Adrian Stobbe
07de6482b2
config: drop support for deprecated Azure's service principal authentication (#1906)
* invalidate app client id field for azure and provide info

* remove TestNewWithDefaultOptions case

* fix test

* remove appClientID field

* remove client secret + rename err

* remove from docs

* otto feedback

* update docs

* delete env test in cfg since no envs set anymore

* Update dev-docs/workflows/github-actions.md

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* WARNING to stderr

* fix check

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-06-14 17:50:57 +02:00
renovate[bot]
d964c74cbb
deps: update dependency io_bazel_rules_go to v0.39.1 (#1921)
* deps: update dependency io_bazel_rules_go to v0.39.1
* deps: tidy all modules
* deps: remove duplicate urls

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-14 16:35:52 +02:00
Adrian Stobbe
c5f75513b1
fix: Azure SEV-SNP version always gets overwritten by latest API versions (#1930)
* fix that manual version gets overwritten by latest

* put azure in seperate config file

* otto feedback
2023-06-14 14:17:52 +02:00
Adrian Stobbe
c1f9d86cd3
bazel check: silent env for cleaner output (#1898)
* explicitly ignore pkgs for cleaner output

* do not ignore but redirect stderr

* silent env var to silent stderr

* add silent env var to vuln,lint,tf

* fix golangci silent

* Update bazel/ci/terraform.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/golicenses.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/govulncheck.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/golangci_lint.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

---------

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-06-14 13:58:21 +02:00
Otto Bittner
7a1c70d7e5
ci: replace katexochen with elchead in assignee list (#1928)
katexochen is currently working on CoCo and not
involved in active development.
2023-06-14 11:44:45 +02:00
Malte Poll
ee77e3922a
ci: explicitly add CLI signature as release artifact (#1917) 2023-06-14 09:56:11 +02:00
edgelessci
8910e9bac4
image: update measurements and image version (#1927)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-06-14 08:31:30 +02:00
renovate[bot]
520571c3d1
deps: update dependency com_github_bazelbuild_buildtools to v6 (#1925)
* deps: update dependency com_github_bazelbuild_buildtools to v6
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:33:49 +02:00
renovate[bot]
16621b5d15
deps: update dependency rules_pkg to v0.9.1 (#1923)
* deps: update dependency rules_pkg to v0.9.1
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:31:19 +02:00
renovate[bot]
42735ae1b1
deps: update bufbuild/buf to v1.21.0 (#1922)
* deps: update bufbuild/buf to v1.21.0
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:20:44 +02:00
renovate[bot]
5442e86150
deps: update dependency bazel_gazelle to v0.31.1 (#1919)
* deps: update dependency bazel_gazelle to v0.31.1
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:18:50 +02:00
renovate[bot]
053b371e93
deps: update dependency bazel_skylib to v1.4.2 (#1920)
* deps: update dependency bazel_skylib to v1.4.2
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:03:40 +02:00
renovate[bot]
56d0575459
deps: update dependency bazel to v6.2.1 (#1918)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 17:50:24 +02:00
3u13r
a2c98eb1d5
Correctly deploy the AWS CCM (#1853)
* aws: stop using the imds api for tags

* aws: disable tags in imds api

* aws: only tag instances with non-lecagy tag

* bootstrapper: always let coredns run before cilium

* debugd: make debugd less noisy

* fixup fix aws imds test

* fixup unsued context

* move getting instance id to readInstanceTag
2023-06-13 09:58:39 +02:00
Adrian Stobbe
4f63481b7d
config: fix fetcher parse azure sev-snp version (#1911) 2023-06-12 16:04:54 +02:00
Daniel Weiße
ab74730fd7
Update go-tpm-tools fork (#1910)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-12 15:59:40 +02:00
Adrian Stobbe
e738f15f0f
cdbg: make endpoint deployment failure more transparent (#1883)
* add retry + timeout + intercept grpc logs

* LogStateChanges inside grplog pkg

* remove retry and tj/assert

* rename nit

* Update debugd/internal/cdbg/cmd/deploy.go

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* Update debugd/internal/cdbg/cmd/deploy.go

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* paul feedback

* return waitFn instead of WaitGroup

* Revert "return waitFn instead of WaitGroup"

This reverts commit 45700f30e341ce3af509b687febbc0125f7ddb38.

* log routine inside debugd constructor

* test doubles names

* Update debugd/internal/cdbg/cmd/deploy.go

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* fix newDebugClient closeFn

---------

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-12 13:45:34 +02:00
renovate[bot]
167052d443
deps: update dependency hermetic_cc_toolchain to v2.0.0 (#1860)
* deps: update dependency hermetic_cc_toolchain to v2.0.0
* deps: tidy all modules
* bazel: target glibc 2.23 to enable rbe

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-09 17:39:30 +02:00
3u13r
b71b5103ae
ci: migrate e2e lb test to bazel (#1892)
* ci: migrate lb e2e test to bazel
* ci: disable shared bazel cache on github runners
2023-06-09 16:59:19 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP as new variant (#1900)
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP

For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
2023-06-09 15:41:02 +02:00
Thomas Tendyck
947d0cb20a cli: hide --insecure of config fetch-measurements 2023-06-09 15:07:31 +02:00
Adrian Stobbe
3fde118b33
config: enable azure snp version fetcher again + minimum age for latest version (#1899)
* fetch latest version when older than 2 weeks

* extend hack upload tool to pass an upload date

* Revert "config: disable user-facing version Azure SEV SNP fetch for v2.8  (#1882)"

This reverts commit c7b22d314a.

* fix tests

* use NewAzureSEVSNPVersionList for type guarantees

* Revert "use NewAzureSEVSNPVersionList for type guarantees"

This reverts commit 942566453f4b4a2b6dc16f8689248abf1dc47db4.

* assure list is sorted

* improve root.go style

* daniel feedback
2023-06-09 12:48:12 +02:00
Moritz Sanft
72e168e653
bazel: pseudo version tool freshness check (#1869)
* switch to darwin compatible shasum

* add bazel rule

* update shellscript for in-place updates

* Revert "update shellscript for in-place updates"

This reverts commit 87d39b06f7.

* add version tool freshness check

* remove pseudo-version file

* revert to `sha256sum`

* fix workflow indentation
2023-06-09 11:50:51 +02:00
Moritz Sanft
892752a1f8
add necessary permissions (#1905) 2023-06-09 11:50:39 +02:00
Moritz Eckert
9463d6fb27
cli: fix azure config warning message (#1902) 2023-06-09 11:16:54 +02:00
Otto Bittner
3a54ca91a7
deps: bump go patch version (#1903) 2023-06-09 10:53:17 +02:00
Adrian Stobbe
d9c604ed2c
terraform: update aws to v5.1.0 (#1891) 2023-06-09 10:37:25 +02:00
Adrian Stobbe
e0fe8e6ca0
local: fix mac issues in bazel (#1893) 2023-06-09 10:35:52 +02:00
renovate[bot]
7c345f4503
deps: update github.com/gophercloud/utils digest to de873b9 (#1843)
* deps: update github.com/gophercloud/utils digest to de873b9
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-09 10:02:59 +02:00
Malte Poll
8c3617faf0
ci: do not manually clear measurements on verify e2e (#1889) 2023-06-09 09:25:30 +02:00
Otto Bittner
3e583946a1
rfc: specify how to handle launchmeasurements (#1894)
* Describes how to keep the values in the API up-to-date.
* Describes API object structure.
* Describe user config options.

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-06-09 08:45:27 +02:00
Malte Poll
17b583ddc5
misc: start v2.9.0-pre (#1895) 2023-06-08 15:31:47 +02:00
Adrian Stobbe
e9f9337cb9
Revert "ci: fix versionsapi cli container Dockerfile (#1856)" (#1896)
This reverts commit 0fac6a03cc.
2023-06-07 17:18:59 +02:00
Adrian Stobbe
4284f892ce
api: rename /api/versions to versionsapi and /api/attestationcfig to attestationconfigapi (#1876)
* rename to attestationconfigapi + put client and fetcher inside pkg

* rename api/version to versionsapi and put fetcher + client inside pkg

* rename AttestationConfigAPIFetcher to Fetcher
2023-06-07 16:16:32 +02:00