* .github: add e2e test to pr checklist
* ci: use sonobuoy quick where possible
* ci: run malicious join test on release
* ci: remove self managed infra test
* ci: remove non-example terraform test from weekly
* ci: run Sonobuoy full on the latest k8s version weekly
* ci: run weekly sonobuoy quick on all k8s versions
* ci: don't run double sonobuoy tests on latest k8s version
* Add attestation variant to notify hooks
* Quote all inputs in OpenSearch URL
* Add clusterCreation field to OpenSearch URL
* Omit empty fields in OpenSearch URL
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Refactor selfManagedInfra input to clusterCreation in e2e tests
* Run e2e test using terraform provider
* Allow insecure measurement fetching in Terraform provider
* Run Terraform provider test instead of module test in weekly runs
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Add missing shell
* Remove old teams notify action
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* Update CI to use different GCP project for e2e tests
* Update GCP image project service accounts
* Update default GCP bucket name for image builds
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* add Azure Terraform module
* add maa-patching command to cli
* refactor release process
* factor out image fetching to own action
* add CI
* generate
* fix some unnecessary changes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use `constellation maa-patch` in ci
* insecure flag when using debug image
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* only update maa url if existing
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* make node group zone optional on aws and gcp
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* [remove] register updated workflow
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Revert "[remove] register updated workflow"
This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace.
* create MAA
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* make maa-patching only run on azure
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add comment
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* require node group zone for GCP and AWS
* remove unnecessary bazel action
* stamp version to correct file
* refer to `maa-patch` command in docs
* run Azure test in weekly e2e
* comment / naming improvements
* remove sa_account resource
* disable spellcheck ot use "URL"
* `create_maa` variable
* don't write maa url to config
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* default to nightly image
* use input ref and stream
* fix command check
* don't set region in weekly e2e call
* patch maa if url is not empty
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove `create_maa` variable
* remove binaries
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove undefined input
* replace invalid attestation URL error message
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* fix punctuation
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* skip hidden commands in clidocgen
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* enable spellcheck before code block
* move spellcheck trigger out of info block
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix workflow dependencies
* let image default to CLI version
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* mark self-managed infrastructure tests
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add TODO
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add self-managed infra e2e test
* self-managed terminatio
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix upgrade test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix indentation
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use -r when copying dir
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add terraform variable parsing
* copy constellation conf
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove unnecessary line breaks
* add missing value
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add image fetching for CSP
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix quoting
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add missing input to internal lb test
* normalize Azure URLs.. Of course
* tidy
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix expressions
* initsecret to hex
* update hexdump cmd
* add build test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add node / pod cidr outputs
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* explicitly delete the state file
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add missing license header
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* always write all outputs
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix list output
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove state-file and admin-conf on destroy
* dont use test payload
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* [remove] use self managed infra in manual e2e for testing
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* init: always skip infrastructure phase
* patch maa in workflow
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* default to Constellation-created infra in e2e test
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* malicious node join test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add e2e build tag
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add namespaces to job apply
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix image and workflow
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* build instructions in Dockerfile
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* only print important flags
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use `malicious-join` namespace
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* build with bazel
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* order imports
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* test cases
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* various fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add missing quotes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix typo
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update e2e/malicious-join/malicious-join.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update e2e/malicious-join/malicious-join.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* use switch case
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update image version
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* wip
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* various fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use workdir
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add required permissions
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove permissions
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove packages: write permission at step
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* login to registry
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix typo
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix log
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* source base lib
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix sourcing order
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* export after definition
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix script header
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* dont exit after -e flag has been set
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
The TCP versions are extracted from the MAA token, that itself is taken
from the verify command output. The configapi is adapted to directly
work on the MAA claims JSON.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
by setting the Azure SNP enforcement policy to equal in the weekly e2e.
The run should fail when there are unexpected ID Key digests used.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Runners sometimes fail because they run out of disk space.
One reason this happens is a change in the setup-go action@v4:
> The V4 edition of the action offers: Enabled caching by default
To combat this, we now disable the cache if it was not enabled explicitly before.
Additionally, we remove setup-go where it is no longer needed.