constellation

mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00

Author	SHA1	Message	Date
Daniel Weiße	0bac72261d	ci: fix failure issue creation for Windows e2e test (#2565 ) * Add missing bazel set-up in windows e2e-failure notify * Enable bazel caching for e2e-upgrade test * Remove whitespace --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-08 15:27:40 +01:00
Otto Bittner	a19227cac9	s3proxy: initial e2e tests and workflows	2023-11-06 10:21:11 +01:00
Moritz Sanft	8d08ace0b5	ci: mark self-managed infrastructure tests (#2537 ) * mark self-managed infrastructure tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add TODO --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-10-30 14:33:58 +01:00
Moritz Sanft	402a8834ca	ci: add e2e test for self-managed infrastructure (#2472 ) * add self-managed infra e2e test * self-managed terminatio Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix upgrade test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix indentation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use -r when copying dir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add terraform variable parsing * copy constellation conf Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary line breaks * add missing value Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add image fetching for CSP Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix quoting Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing input to internal lb test * normalize Azure URLs.. Of course * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix expressions * initsecret to hex * update hexdump cmd * add build test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add node / pod cidr outputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * explicitly delete the state file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing license header Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * always write all outputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix list output Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove state-file and admin-conf on destroy * dont use test payload Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] use self managed infra in manual e2e for testing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * init: always skip infrastructure phase * patch maa in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to Constellation-created infra in e2e test --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-10-27 09:37:26 +02:00
renovate[bot]	0563ce7336	deps: update aws-actions/configure-aws-credentials action to v4 (#2510 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-10-26 08:18:37 +02:00
Adrian Stobbe	9c1c876830	pick random azure region (#2483 )	2023-10-20 13:38:08 +02:00
3u13r	0c89f57ac5	Support internal load balancers (#2388 ) * arch: support internal lb on Azure * arch: support internal lb on GCP * helm: remove lb svc from verify deployment * arch: support internal lb on AWS * terraform: add jump hosts for internal lb * cli: expose internalLoadBalancer in config * ci: add e2e-manual-internal * add in-cluster endpoint to terraform output	2023-10-17 15:46:15 +02:00
Daniel Weiße	afb154ceb7	ci: add missing quotation marks for region flag + revert to northeurope (#2459 ) * Add missing quotation marks for region flag * Revert default Azure region to northeurope --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-10-16 16:20:32 +02:00
Malte Poll	e80e6076b4	ci: install nix together with Bazel	2023-10-12 14:42:24 +02:00
Daniel Weiße	ce2465c3c7	ci: use West US region for Azure e2e test until problems are resolved (#2414 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-10-06 11:43:02 +02:00
Moritz Sanft	f4b2d02194	ci: collect cluster metrics to OpenSearch (#2347 ) * add Metricbeat deployment to debugd Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * set metricbeat debugd image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix k8s deployment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use 2 separate deployments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only deploy via k8s in non-debug-images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing tilde * remove k8s metrics Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unify flag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: fix debugd logcollection (#2355) * add missing keyvault access role Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump logstash image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump filebeat / metricbeat image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * log used image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use debugging image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase wait timeout for image upload * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix template locations in container Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image version typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add filebeat / metricbeat users Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove user additions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update workflow step name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only mount config files Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * document potential rc Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix IAM permissions in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix AWS permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing workflow input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * rename action Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pin image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary workflow inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add refStream input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove inputs.yml dep Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase system metric period Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linkchecker Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-09-27 16:17:31 +02:00
Daniel Weiße	7aba42baa5	ci: add more filters to e2e failure OpenSearch links (#2358 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-09-26 13:17:59 +02:00
Moritz Sanft	8f549f0622	add sleep after nop test (#2350 ) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-09-21 10:13:59 +02:00
Moritz Sanft	0a28cdecb2	ci: add malicious join test (#2304 ) * malicious node join test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add e2e build tag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add namespaces to job apply Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image and workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * build instructions in Dockerfile Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only print important flags Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `malicious-join` namespace Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * build with bazel Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * order imports Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * test cases Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * various fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing quotes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update e2e/malicious-join/malicious-join.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update e2e/malicious-join/malicious-join.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * use switch case Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * various fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use workdir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add required permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove packages: write permission at step Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * login to registry Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix log Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * source base lib Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix sourcing order Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * export after definition Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix script header Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * dont exit after -e flag has been set Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-09-15 17:21:42 +02:00
Moritz Sanft	60bf770e62	ci: logcollection to OpenSearch in non-debug clusters (#2080 ) * refactor `debugd` file structure * create `hack`-tool to deploy logcollection to non-debug clusters * integrate changes into CI * update fields * update workflow input names * use `working-directory` * add opensearch creds to upgrade workflow * make template func generic * make templating func generic * linebreaks * remove magic defaults * move `os.Exit` to main package * make logging index configurable * make templating generic * remove excess brace * update fields * copy fields * fix flag name * fix linter warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * remove unused workflow inputs * remove makefiles * fix command * bazel: fix output paths of container This fixes the output paths of builds within the container by mounting directories to paths that exist on the host. We also explicitly set the output path in a .bazelrc to the user specific path. The rc file is mounted into the container and overrides the host rc. Also adding automatic stop in case start is called and a containers is already running. Sym links like bazel-out and paths bazel outputs should generally work with this change. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * tabs -> spaces --------- Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-21 08:01:33 +02:00
Paul Meyer	f604a8dfd2	e2e: upload TCB versions in verify test The TCP versions are extracted from the MAA token, that itself is taken from the verify command output. The configapi is adapted to directly work on the MAA claims JSON. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-16 11:41:02 +02:00
Daniel Weiße	0dd62fc59d	ci: allow setting region/zone for e2e tests (#2205 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-10 12:53:40 +02:00
Paul Meyer	670c20b18c	e2e: cleanup test inputs Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-09 18:42:04 +02:00
Paul Meyer	e466ce2f26	e2e: detect changing idKeyDigests on azure by setting the Azure SNP enforcement policy to equal in the weekly e2e. The run should fail when there are unexpected ID Key digests used. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-09 16:45:42 +02:00
Paul Meyer	29dcb72bea	e2e: remove existingConfig field The existingConfig field is always set to true during create, as we use the IAM create step to generate the config in all cases. Accordingly, secret injection into config isn't needed anymore in create. This fixes a bug where other parameters like Kubernetes version and cluster name wouldn't be injected into the config due to existingConfig being true. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-09 12:36:36 +02:00
Paul Meyer	eb2f3c3021	ci: verify all pods in verify e2e Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-08 18:46:13 +02:00
Adrian Stobbe	9dcad0ed16	fix upgrade test by only setting nodeGroup for >v2.9 (#2176 )	2023-08-07 11:02:00 +02:00
Moritz Sanft	af05e17f49	ci: keep embedded measurements if stable image is used (#2109 ) Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Malte Poll <mp@edgeless.systems>	2023-08-04 09:43:32 +02:00
Otto Bittner	ef404b5839	ci: use us-east-2 for e2e tests (#2091 ) We have much higher quotas there and thus don't need to wait for the increase in eu-west-1.	2023-07-12 10:51:52 +02:00
Daniel Weiße	90dbeae16b	cli: fix duplicate backup creation during `upgrade apply` (#1997 ) * Use CLI to fetch measurements in e2e test * Abort helm service upgrade early if user confirmation is missing * Add container push to CLI build action --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-07-03 15:13:36 +02:00
renovate[bot]	576b48c8b7	deps: update GitHub action dependencies (#1848 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-03 08:19:10 +02:00
Otto Bittner	8f21972aec	attestation: add `awsSEVSNP` as new variant (#1900 ) * variant: move into internal/attestation * attesation: move aws attesation into subfolder nitrotpm * config: add aws-sev-snp variant * cli: add tf option to enable AWS SNP For now the implementations in aws/nitrotpm and aws/snp are identical. They both contain the aws/nitrotpm impl. A separate commit will add the actual attestation logic.	2023-06-09 15:41:02 +02:00
Malte Poll	025d34a259	ci: fix docker-login on macOS runner (#1877 )	2023-06-06 12:20:09 +02:00
3u13r	e0285c122e	todo responsibilities and cleanup (#1837 ) * chore: add TODO responsibilities * chore: remove not needed TODOs * chore: remove outdated migrations * chore: remove resolved goleak exception * chore: remove not needed cosign env * config: add link to our Azure snp docs	2023-06-01 12:33:06 +02:00
Malte Poll	a1ec899171	ci: use enterprise cli for e2e tests	2023-05-31 14:00:00 +02:00
Malte Poll	dc9b3c1937	ci: run e2e tests as last step of release pipeline (#1793 )	2023-05-22 09:22:00 +02:00
Malte Poll	635b98a34f	ci: rename all usages of bazel push target from //:push to //bazel/release:push (#1701 )	2023-04-28 09:26:15 +02:00
Moritz Sanft	261fe611a9	ci: add Terraform logging (#1665 ) * enable Terraform logging * change to debug level * rename artifact * add name suffix * remove blank line	2023-04-27 14:03:49 +02:00
Malte Poll	dc5e6f30a9	ci: login to container registry before pushing containers (#1676 )	2023-04-21 11:05:08 +02:00
Malte Poll	19ff132ee8	ci: upload container images when running e2e tests	2023-04-18 15:35:15 +02:00
Paul Meyer	4020e7840a	ci: always use tee -a instead of redirecting into GITHUB_OUTPUT Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-04-17 12:08:42 +02:00
Paul Meyer	0b3190ea8b	ci: fix naming issues (#1662 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-04-15 19:24:48 +02:00
Paul Meyer	76979136de	ci: refactor artifact and resource naming Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-04-14 13:12:39 +02:00
Moritz Sanft	6ba294e175	ci: separate e2e permissions (#1555 ) * split e2e test iam create / create perms * remove global Azure credentials * remove unnecessary azure actions * use UUID * fix e2e upgrade test * rename create inputs * remove continue-on-error for resource deletion * de-exclude verify test * fix exclude * fix release e2e test --------- Co-authored-by: Nils Hanke <nils.hanke@outlook.com>	2023-04-12 13:24:13 +02:00
Paul Meyer	00efc30e24	ci: fix empty image input of verify e2e on release (#1604 ) * ci: fix empty image input of verify e2e on release * ci: increase parallelism of e2e release workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-04-04 10:47:26 +02:00
Paul Meyer	24f974de66	ci: run e2e test manual on last release Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-23 10:54:59 -04:00
Otto Bittner	cac43a1dd0	ci: add e2e-upgrade test The test is implemented as a go test. It can be executed as a bazel target. The general workflow is to setup a cluster, point the test to the workspace in which to find the kubeconfig and the constellation config and specify a target image, k8s and service version. The test will succeed if it detects all target versions in the cluster within the configured timeout. The CI automates the above steps. A separate workflow is introduced as there are multiple input fields to the test. Adding all of these to the manual e2e test seemed confusing. Co-authored-by: Fabian Kammel <fk@edgeless.systems>	2023-03-23 14:57:38 +01:00
renovate[bot]	9a9688583d	deps: update aws-actions/configure-aws-credentials action to v2 (#1445 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-21 10:56:30 +01:00
Malte Poll	c3c0940adb	bazel: use remote caching (#1456 ) * bazel: add configuration for remote caching * ci: enable bazel remote caching for building binaries * ci: use bazel directly when building go binaries * ci: enable cache for most build steps * dev-docs: document remote caching	2023-03-20 16:05:08 +01:00
Nils Hanke	914eacb4a3	e2e: use macOS for building Linux artifacts and remove caching steps (#1446 )	2023-03-20 11:04:44 +01:00
Malte Poll	3d0ad0b8e1	ci: move aws iam create test to less utilized zone (#1350 )	2023-03-07 09:32:26 +01:00
Moritz Eckert	29664fc481	ci: upload benchmark results to opensearch Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-03 09:43:49 +01:00
Moritz Eckert	6fbca2818f	ci: replace k-bench in e2e-test-manual	2023-03-03 09:43:49 +01:00
Moritz Eckert	0481c039f7	ci: add kubestr and knb based e2e_benchmark action Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-03 09:43:49 +01:00
renovate[bot]	30f53f78d0	deps: update GitHub action dependencies (#1239 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-21 13:49:47 +01:00

1 2

98 Commits