Commit Graph

537 Commits

Author SHA1 Message Date
Malte Poll
66c0b581b2
ci: update bash on darwin to support newer bash features (#2672) 2023-12-21 18:12:07 +01:00
Daniel Weiße
6e4c0bd8aa
ci: fix artifacts download/upload for release draft workflow (#2759)
* Pin upload and download actions by hash
* Dont expect encrypted artifacts in release pipeline

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-21 15:52:58 +01:00
Daniel Weiße
945152d049
Revert "deps: update actions/download-artifact action to v4 (#2753)" (#2767)
This reverts commit b550c92ac9.
2023-12-21 15:44:40 +01:00
renovate[bot]
b550c92ac9
deps: update actions/download-artifact action to v4 (#2753)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-21 08:44:52 +01:00
renovate[bot]
5999f9e3a1
deps: update cachix/install-nix-action action to v24 (#2757)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-21 08:43:44 +01:00
renovate[bot]
dcf1b88a29
deps: update actions/checkout action to v4 (#2752)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 16:10:35 +01:00
renovate[bot]
ec813b2102
deps: update golang:1.21.5 Docker digest to 1a9d253 (#2750)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 15:59:39 +01:00
miampf
a429ca50e7
ci: encrypt artifacts (#2567) 2023-12-20 14:17:49 +00:00
Markus Rudy
441672cbdc ci: add burgerdev to e2e failure assignees 2023-12-19 19:59:16 +01:00
Markus Rudy
1d05f438ff ci: remove Windows Terraform provider 2023-12-18 17:57:00 +01:00
Daniel Weiße
f2c1bdbf82
ci: remove conditional from AWS login in e2e verify test (#2727)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-18 11:51:50 +01:00
Moritz Sanft
af791bd221
terraform-provider: add usage examples (#2713)
* terraform-provider: add usage example for Azure

* terraform-provider: add usage example for AWS

* terraform-provider: add usage example for GCP

* terraform-provider: update usage example for Azure

* terraform-provider: update generated documentation

* docs: adjust creation on Azure and link to examples

* terraform-provider: unify image in-/output (#2725)

* terraform-provider: check for returned error when converting microservices

* terraform-provider: use state values for outputs after creation

* terraform-provider: ignore invalid upgrades (#2728)

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-18 10:15:54 +01:00
Daniel Weiße
724ee44466
ci: Terraform provider e2e tests (#2712)
* Refactor selfManagedInfra input to clusterCreation in e2e tests
* Run e2e test using terraform provider
* Allow insecure measurement fetching in Terraform provider
* Run Terraform provider test instead of module test in weekly runs

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-15 10:37:29 +01:00
Adrian Stobbe
9667dfff58
terraform: align infrastructure module attributes (#2703)
* all vars have snail_case

* make iam schema consistent

* infrastructure schema

* terraform: update AWS infrastructure module

* fix ci

* terraform: update AWS infrastructure module

* terraform: update AWS IAM module

* terraform: update Azure Infrastructure module inputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update Azure IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update OpenStack Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update QEMU Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-module: fix input name

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: tidy

* cli: ignore whitespace in Terraform variable tests

* terraform-module: fix AWS output names

* terraform-module: fix output references

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: rename `api_server_cert_sans`

* Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* fix self-managed

* terraform: revert AWS modules output file renaming

* terraform: remove duplicate varable declaration

* terraform: rename Azure location field

* ci: adjust output name in self-managed e2e test

* e2e: continuously print output in upgrade test

* e2e: write to output variables

* cli: migrate IAM variable names

* cli: make `location` field optional

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-12-15 10:36:58 +01:00
Adrian Stobbe
37580009fe
terraform-provider: cleanup and improve docs (#2685)
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-12-14 15:47:55 +01:00
Moritz Sanft
60fc73e0e7
terraform-provider: implement constellation_cluster resource (#2691)
* terraform: move module to legacy-directory

* constellation-lib: refactor service account marshalling

* terraform-provider: normalize Azure image URIs

* constellation-lib: refactor Kubeconfig endpoint rewriting

* terraform-provider: add conversion functions for AWS and GCP

* terraform-provider: implement `constellation_cluster` resource

* terraform-provider: refactor conversion

* terraform-provider: implement image and k8s upgrades

* terraform-provider: fix linter checks

* terraform-provider: refactor to bundle init & upgrade method

* constellation-lib: rewrite Kubeconfig endpoint in init

* terraform-provider: bind logger and dialer constructors to struct

* terraform-provider: move applier to function pointer

* terraform-provider: gcp conversion fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix Azure UAMI input

* terraform-provider: rename Kubeconfig variable

* terraform-provider: tidy

* terraform-provider: regenerate docs

* constellation-lib: provide Kubeconfig in testing initserver

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-12-11 15:55:44 +01:00
Daniel Weiße
22dcde86af
terraform-provider: create release in provider repo on Constellation release (#2686)
* Create release in Terraform provider repo with provider binaries
* Set target_commitish to input ref for easier release workflow
* Rename release-cli workflow to draft-release
* Update release guide

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-11 15:00:08 +01:00
Daniel Weiße
a8fb6c5af0
ci: remove invalid input for recover action (#2695)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-11 09:34:17 +01:00
Moritz Sanft
c15e4efef6
terraform: Azure Marketplace image support (#2651)
* terraform: add Azure marketplace variable

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* config: add Azure marketplace variable

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: use Terraform variables from config

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: pass down marketplace variable

* image: pad Azure images to 1GiB

* terraform: add version attribute to marketplace image

* semver: allow versions to be exported without prefix

* cli: boolean var to use marketplace images

* config: remove dive key

* dev-docs: add instructions on how to use marketplace images

* terraform: fix unit test

* terraform: only fetch image for non-marketplace images

* mpimage: refactor image selection

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] increase minor version for image build

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: ignore changes to source_image_reference on upgrade

* operator: add support for parsing Azure marketplace images

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* upgrade: fix imagefetcher call

* docs: add info about azure marketplace

* image: ensure more than 1GiB in size

* image: test to pad to 2GiB

* version: change back to v2.14.0-pre

* image: GPT-conformant image size padding

* [remove] increase version

* mpimage: inline prefix func

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: add marketplace image e2e test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] register workflow

* ci: fix workflow name

* ci: only allow azure test

* cli: add marketplace image input to interface

* cli: fix argument passing

* version: roll back to v2.14.0

* ci: add force-flag support

* Update docs/docs/overview/license.md

* Update dev-docs/workflows/marketplace-images.md

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-08 14:40:31 +01:00
Malte Poll
93d505ef7f
deps: bump Go to 1.21.5 (#2689) 2023-12-08 12:11:31 +01:00
Adrian Stobbe
37cff42bfe
ci: build Terraform binaries action (#2684)
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-12-07 16:32:03 +01:00
3u13r
db49093da7
ci: export constellation with absolute path (#2675) 2023-12-04 13:18:13 +01:00
Malte Poll
ee3ff9ac01 bazel: use patched RPATH in bootstrapper and disk-mapper binaries 2023-12-01 09:35:33 +01:00
Moritz Sanft
03c5692fdd
ci: use given image if set (#2655)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-28 14:34:02 +01:00
Daniel Weiße
ca89a31f46
ci: only run verify with JSON output on v2.14 or newer (#2649)
* Only run verify with JSON output on v2.14 or newer
* Dont upload TCB version for AWS on v2.13
* Remove workaround for CLI not yet support apply to initialize clusters

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 14:31:27 +01:00
Daniel Weiße
3bc25cdd8f
ci: add notify hook to Terraform module test (#2653)
* Enable notification on tf module e2e test failure
* Dont try to change fields with no value

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 14:14:18 +01:00
Daniel Weiße
45f6eec0d0
ci: add missing shell in notify action (#2646)
* Add missing shell
* Remove old teams notify action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-11-28 09:41:01 +01:00
Daniel Weiße
97aea98e77
ci: update GCP service accounts for CI (#2629)
* Update CI to use different GCP project for e2e tests
* Update GCP image project service accounts
* Update default GCP bucket name for image builds

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-27 13:04:41 +01:00
Otto Bittner
46f563c7ca ci: call TCB upload step for AWS 2023-11-24 15:49:48 +01:00
Otto Bittner
5542f9c63c api: refactor attestationcfgapi cli
The cli now takes CSP and object kind as argument.
Also made upload an explicit command and the report
path/version an argument.
Previously the report was a flag. The CSP was hardcoded.
There was only one object kind (snp-report).
2023-11-24 15:49:48 +01:00
Adrian Stobbe
ed22137edb
ci: notify with GH issue + project item on e2e failure (#2607)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-11-22 17:45:50 +01:00
renovate[bot]
71dc5170a7
deps: update golang Docker tag to v1.21.4 (#2587)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-11-21 13:43:26 +01:00
Daniel Weiße
807824bf79
ci: remove dash from create action (#2617)
* remove dash
* fix flags parsing

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-20 15:19:45 +01:00
Daniel Weiße
4c8ce55e5a
cli: enable constellation apply to create new clusters (#2549)
* Allow creation of Constellation clusters using `apply` command
* Add auto-completion for `--skip-phases` flag
* Deprecate create command
* Replace all doc references to create command with apply

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-20 11:17:16 +01:00
Daniel Weiße
5e9e3de1a1
ci: start v2.14-pre window (#2610)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-17 10:34:35 +01:00
Malte Poll
ac8aac0e34
ci: allow jobs to install tools from pinned nixpkgs (#2605) 2023-11-16 14:41:34 +01:00
Daniel Weiße
6d6ef66a31
ci: refactor teams notification action (#2600)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-15 08:48:13 +01:00
Moritz Sanft
8f2f8bdbbd
terraform: allow image to be empty (#2595)
* make image optional in the high level modules

* align azure variable description

* set defaults in convenience modules

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-11-13 20:13:24 +01:00
Moritz Sanft
8e4feb7e2a
terraform: add Terraform module for Azure (#2566)
* add Azure Terraform module

* add maa-patching command to cli

* refactor release process

* factor out image fetching to own action

* add CI

* generate

* fix some unnecessary changes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use `constellation maa-patch` in ci

* insecure flag when using debug image

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only update maa url if existing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make node group zone optional on aws and gcp

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] register updated workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Revert "[remove] register updated workflow"

This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace.

* create MAA

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make maa-patching only run on azure

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add comment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* require node group zone for GCP and AWS

* remove unnecessary bazel action

* stamp version to correct file

* refer to `maa-patch` command in docs

* run Azure test in weekly e2e

* comment / naming improvements

* remove sa_account resource

* disable spellcheck ot use "URL"

* `create_maa` variable

* don't write maa url to config

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* default to nightly image

* use input ref and stream

* fix command check

* don't set region in weekly e2e call

* patch maa if url is not empty

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove `create_maa` variable

* remove binaries

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove undefined input

* replace invalid attestation URL error message

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* fix punctuation

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* skip hidden commands in clidocgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* enable spellcheck before code block

* move spellcheck trigger out of info block

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix workflow dependencies

* let image default to CLI version

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-11-13 18:46:20 +01:00
Daniel Weiße
e8f0c58558
ci: fix maa-patch action for self-managed create (#2578)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-13 16:29:33 +01:00
Moritz Sanft
ae8025cd16
ci: fix path in self managed create test (#2574)
* fix path

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix path in doc

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-13 08:34:54 +01:00
Malte Poll
e11b1a0576 ci: use rbe for unit tests 2023-11-10 18:15:59 +01:00
Adrian Stobbe
22d82a59ed
terraform: Terraform module for GCP (#2553) 2023-11-10 13:32:18 +01:00
Daniel Weiße
e9eb75bb83
ci: dont run SNP version upload on v2.12.0 CLI tests (#2568)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-09 08:26:42 +01:00
Adrian Stobbe
cea6204b37
terraform: Terraform module for AWS (#2503) 2023-11-08 19:10:01 +01:00
Daniel Weiße
0bac72261d
ci: fix failure issue creation for Windows e2e test (#2565)
* Add missing bazel set-up in windows e2e-failure notify
* Enable bazel caching for e2e-upgrade test
* Remove whitespace

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-08 15:27:40 +01:00
Daniel Weiße
273a6ba853
ci: use structured logging for all parts of the malicious-join test (#2557)
* Use structured logging for all parts of the test
* Fix malicious-join image build action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-07 09:02:19 +01:00
Otto Bittner
b0ee39a96d ci: publish s3proxy chart during release 2023-11-06 10:21:11 +01:00
Otto Bittner
8ebd813480 s3proxy: ship as helm chart 2023-11-06 10:21:11 +01:00
Otto Bittner
a19227cac9 s3proxy: initial e2e tests and workflows 2023-11-06 10:21:11 +01:00
Malte Poll
76d7d30245
ci: do not upload terraform logs (#2554) 2023-11-04 19:14:29 +01:00
renovate[bot]
17b0915a10
deps: update docker/build-push-action action to v5 (#2531)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-11-02 10:13:14 +01:00
Daniel Weiße
e8cf0f59bd
ci: force delete files on self-managed destroy (#2538)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-31 12:45:10 +01:00
Moritz Sanft
8d08ace0b5
ci: mark self-managed infrastructure tests (#2537)
* mark self-managed infrastructure tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add TODO

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-30 14:33:58 +01:00
renovate[bot]
b3002d21e3
deps: update dependency Pillow to v10 [SECURITY] (#2400)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 14:22:34 +02:00
Moritz Sanft
402a8834ca
ci: add e2e test for self-managed infrastructure (#2472)
* add self-managed infra e2e test

* self-managed terminatio

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix upgrade test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix indentation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use -r when copying dir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add terraform variable parsing

* copy constellation conf

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary line breaks

* add missing value

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add image fetching for CSP

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix quoting

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing input to internal lb test

* normalize Azure URLs.. Of course

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix expressions

* initsecret to hex

* update hexdump cmd

* add build test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add node / pod cidr outputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* explicitly delete the state file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing license header

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* always write all outputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix list output

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove state-file and admin-conf on destroy

* dont use test payload

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] use self managed infra in manual e2e for testing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* init: always skip infrastructure phase

* patch maa in workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* default to Constellation-created infra in e2e test

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-27 09:37:26 +02:00
Daniel Weiße
149fedb90f
cli: add constellation apply command to replace init and upgrade apply (#2484)
* Add apply command
* Mark init and upgrade apply as deprecated
* Use apply command in CI
* Add skippable phases for attestation config and cert SANs

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-26 15:59:13 +02:00
renovate[bot]
e445dac590
deps: update docker/metadata-action action to v5 (#2512)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:19:55 +02:00
renovate[bot]
0563ce7336
deps: update aws-actions/configure-aws-credentials action to v4 (#2510)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:18:37 +02:00
renovate[bot]
0e7462728a
deps: update docker/login-action action to v3 (#2511)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 17:40:25 +02:00
Adrian Stobbe
9c1c876830
pick random azure region (#2483) 2023-10-20 13:38:08 +02:00
Daniel Weiße
eeaba28d02
ci: remove force flag from CLI commands (#2479)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-20 08:10:26 +02:00
Adrian Stobbe
5819a11d25
api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429) 2023-10-17 17:36:50 +02:00
3u13r
0c89f57ac5
Support internal load balancers (#2388)
* arch: support internal lb on Azure

* arch: support internal lb on GCP

* helm: remove lb svc from verify deployment

* arch: support internal lb on AWS

* terraform: add jump hosts for internal lb

* cli: expose internalLoadBalancer in config

* ci: add e2e-manual-internal

* add in-cluster endpoint to terraform output
2023-10-17 15:46:15 +02:00
renovate[bot]
abbe3853cb
deps: update cachix/install-nix-action action to v23 (#2469)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-17 10:48:52 +02:00
renovate[bot]
4fbf94ceb8
deps: update golang:1.21.3 Docker digest to 24a0937 (#2468)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-17 10:48:38 +02:00
Daniel Weiße
afb154ceb7
ci: add missing quotation marks for region flag + revert to northeurope (#2459)
* Add missing quotation marks for region flag
* Revert default Azure region to northeurope

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-16 16:20:32 +02:00
3u13r
9e1a0c06bf
Deps: bump Go to 1.21.3 (#2450)
* build: override go version to 1.21.3

* build: re-enable cachix

* ci: set $USER if not set
2023-10-12 16:11:02 +02:00
Malte Poll
e80e6076b4 ci: install nix together with Bazel 2023-10-12 14:42:24 +02:00
renovate[bot]
907b74a31f
deps: update module golang.org/x/tools to v0.14.0 (#2446)
* deps: update module golang.org/x/tools to v0.14.0

* ci: don't error on cleanup

---------

Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-10-12 14:07:59 +02:00
renovate[bot]
a1c84cb080
deps: update GitHub action dependencies (#2437)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-11 13:49:50 +02:00
renovate[bot]
117c9c53f8
deps: update golang Docker tag to v1.21.3 (#2436)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-11 13:43:53 +02:00
Adrian Stobbe
b35a042abd
fix verify test (#2424) 2023-10-10 20:47:53 +02:00
Moritz Sanft
005e865a13
cli: use state file on init and upgrade (#2395)
* [wip] use state file in CLI

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use state file in CLI

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

take clusterConfig from IDFile for compat

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

various fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

wip

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add GCP-specific values in Helm loader test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary pointer

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* write ClusterValues in one step

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* move stub to test file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove mention of id-file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* move output to `migrateTerraform`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* unconditional assignments converting from idFile

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* move require block in go modules file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fall back to id file on upgrade

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter check

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add notice to remove Terraform state check on manual migration

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add `name` field

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

fix name tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* return early if no Terraform diff

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* return infrastructure state even if no diff exists

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add TODO to remove comment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use state-file in miniconstellation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: remove id-file (#2402)

* remove id-file from `constellation create`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add file renaming to handler

* rename id-file after upgrade

* use idFile on `constellation init`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from `constellation verify`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* linter fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from `constellation mini`

* remove id-file from `constellation recover`

* linter fixes

* remove id-file from `constellation terminate`

* fix initSecret type

* fix recover argument precedence

* fix terminate test

* generate

* add TODO to remove id-file removal

* Update cli/internal/cmd/init.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* fix verify arg parse logic

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add version test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from docs

* add file not found log

* use state-file in miniconstellation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from `constellation iam destroy`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove id-file from `cdbg deploy`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* use state-file in CI

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update orchestration docs

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-10-09 13:04:29 +02:00
Malte Poll
dbf40d185c
ci: free up disk space on GitHub hosted runners (#2419) 2023-10-09 11:00:22 +02:00
Daniel Weiße
ce2465c3c7
ci: use West US region for Azure e2e test until problems are resolved (#2414)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-06 11:43:02 +02:00
Moritz Sanft
2d797874c7
ci: add msanft to list of possible e2e assignees (#2410)
* add msanft to list of possible e2e assignees

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add msanft to teams card

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-05 13:54:45 +02:00
Malte Poll
ed4d4d83fd ci: remove dependency on pseudo-version tool 2023-09-29 14:09:58 +02:00
Daniel Weiße
36c8cf2fd8
ci: fix whitespace in url for some tests (#2390)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-28 16:31:22 +02:00
Malte Poll
1da5153627 ci: use nix + mkosi during os image build 2023-09-27 17:58:19 +02:00
Moritz Sanft
f4b2d02194
ci: collect cluster metrics to OpenSearch (#2347)
* add Metricbeat deployment to debugd

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* set metricbeat debugd image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix k8s deployment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use 2 separate deployments

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only deploy via k8s in non-debug-images

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing tilde

* remove k8s metrics

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* unify flag

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add cloud metadata processor to filebeat

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: fix debugd logcollection (#2355)

* add missing keyvault access role

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bump logstash image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bump filebeat / metricbeat image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* log used image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use debugging image versions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* increase wait timeout for image upload

* add cloud metadata processor to filebeat

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix template locations in container

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix image version typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add filebeat / metricbeat users

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove user additions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update workflow step name

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only mount config files

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* document potential rc

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix IAM permissions in workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix AWS permissions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing workflow input

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* rename action

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* pin image versions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary workflow inputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add refStream input

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove inputs.yml dep

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* increase system metric period

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linkchecker

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-09-27 16:17:31 +02:00
renovate[bot]
5773bca3bb
deps: update golang Docker tag to v1.21.1 (#2370)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-09-26 13:19:54 +02:00
Daniel Weiße
7aba42baa5
ci: add more filters to e2e failure OpenSearch links (#2358)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-26 13:17:59 +02:00
3u13r
d0e3e494ba
ci: fix kubectl version retrieval (#2356) 2023-09-25 11:59:36 +02:00
Adrian Stobbe
118f789c2f
cli: fix Azure SEV-SNP latest version logic (#2343) 2023-09-25 11:53:02 +02:00
Moritz Sanft
8f549f0622
add sleep after nop test (#2350)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-09-21 10:13:59 +02:00
Moritz Sanft
0a28cdecb2
ci: add malicious join test (#2304)
* malicious node join test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add e2e build tag

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add namespaces to job apply

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix image and workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* build instructions in Dockerfile

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only print important flags

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use `malicious-join` namespace

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* build with bazel

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* order imports

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* test cases

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* various fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing quotes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Update e2e/malicious-join/malicious-join.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update e2e/malicious-join/malicious-join.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* use switch case

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* wip

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* various fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use workdir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add required permissions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove permissions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove packages: write permission at step

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* login to registry

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix log

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* source base lib

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix sourcing order

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* export after definition

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix script header

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* dont exit after -e flag has been set

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-09-15 17:21:42 +02:00
3u13r
a03c686066
ci: bump install helm action (#2337) 2023-09-14 14:29:46 +02:00
3u13r
996542a075
ci: install helm when deploying log collection (#2333) 2023-09-14 12:03:13 +02:00
Malte Poll
f399fe148b
api: rename references to moved hack/configapi (#2329)
Fixes 376bc6d39f
2023-09-11 10:57:32 +02:00
3u13r
6cb506bca7
deps: bump go version (#2318) 2023-09-08 10:19:07 +02:00
Moritz Sanft
224178b936
use updated url (#2308)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-09-06 08:23:05 +02:00
Otto Bittner
376bc6d39f api: move hack/configapi into internal/api
The tool has an e2e test and is part of our production pipeline.
2023-09-04 11:20:13 +02:00
Otto Bittner
7ffa1344e3 Configapi: pipeline to run e2e test for CLI
Co-authored-by: Paul Meyer <pm@edgeless.systems>
2023-09-04 11:20:13 +02:00
Moritz Sanft
a671367794
iamcreate: collect Terraform logs (#2289)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-08-28 09:01:03 +02:00
Paul Meyer
abd5cdf362 ci: fix ccm build when no new version are found
Previous output of findvers.sh would be [""] in case no version were
found, now the output is []. Also, GitHub cannot handle empty arrays
in the matrix field, so we add an if and check if the array is empty.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-23 15:05:22 +02:00
Malte Poll
d6624a472d
bazel: correctly set buildbuddy api key (#2262) 2023-08-21 12:14:47 +02:00
Moritz Sanft
60bf770e62
ci: logcollection to OpenSearch in non-debug clusters (#2080)
* refactor `debugd` file structure

* create `hack`-tool to deploy logcollection to non-debug clusters

* integrate changes into CI

* update fields

* update workflow input names

* use `working-directory`

* add opensearch creds to upgrade workflow

* make template func generic

* make templating func generic

* linebreaks

* remove magic defaults

* move `os.Exit` to main package

* make logging index configurable

* make templating generic

* remove excess brace

* update fields

* copy fields

* fix flag name

* fix linter warnings

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* remove unused workflow inputs

* remove makefiles

* fix command

* bazel: fix output paths of container

This fixes the output paths of builds within the container by mounting
directories to paths that exist on the host. We also explicitly set the
output path in a .bazelrc to the user specific path. The rc file is
mounted into the container and overrides the host rc.
Also adding automatic stop in case start is called and a containers
is already running.
Sym links like bazel-out and paths bazel outputs should generally work
with this change.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* tabs -> spaces

---------

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-21 08:01:33 +02:00
Malte Poll
6c6e2ca2f4 bazel: adopt best practices for bazelrc
Options adapted from https://docs.aspect.build/guides/bazelrc

bazel: adopt best practices for bazelrc

Options adapted from https://docs.aspect.build/guides/bazelrc
2023-08-18 16:36:13 +02:00
3u13r
38dcb3dbab
ci: fix recover wait condition (#2257) 2023-08-18 10:43:51 +02:00