Otto Bittner
4adc19b7f5
AB#2350: Configurably enforce idkeydigest on Azure
...
* Add join-config entry for "enforceIdKeyDigest" bool
* Add join-config entry for "idkeydigest"
* Initially filled with TPM value from bootstrapper
* Add config entries for idkeydigest and enforceIdKeyDigest
* Extend azure attestation validator to check idkeydigest,
if configured.
* Update unittests
* Add logger to NewValidator for all CSPs
* Add csp to Updateable type
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 15:26:04 +02:00
Malte Poll
c84e44913b
Fork node maintenance operator and deploy it on all supported k8s versions
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-31 14:53:06 +02:00
katexochen
84b4519ffd
Add cleanup pre e2e test on Azure
2022-08-31 14:10:08 +02:00
katexochen
7c7a4699bc
Azure e2e tests with manual creds
2022-08-31 14:10:08 +02:00
katexochen
7d402f4e79
Update changelog
2022-08-31 14:10:08 +02:00
katexochen
10e5249631
Manual client secrets on azure
2022-08-31 14:10:08 +02:00
katexochen
1861dc2744
Tag Azure resources with UID
2022-08-31 14:10:08 +02:00
katexochen
69abe17c96
Refactor Azure IMDS client and metadata
2022-08-31 14:10:08 +02:00
katexochen
f15605cb45
Manually manage resource group on Azure
2022-08-31 14:10:08 +02:00
Fabian Kammel
e6ae54a25a
add gh cli commands for release ( #30 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-31 14:00:22 +02:00
Daniel Weiße
f38f85b3bf
Run binary builds in parallel ( #28 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 12:37:18 +02:00
Nils Hanke
fc10b3419d
Build release CLI for Linux arm64 ( #29 )
2022-08-31 12:27:26 +02:00
Nils Hanke
93db978240
Use absolute link to CHANGELOG.md in template
2022-08-31 03:25:50 -07:00
Nils Hanke
1ecc56b69f
Remove cdbg-config.yaml ( #26 )
...
This removes systemd service upload support in cdbg,
but keeps it in the protobuf protocol.
2022-08-31 12:25:27 +02:00
Daniel Weiße
ce02878019
AB#2308 / AB#2317 constellation upgrade plan ( #3 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 11:59:07 +02:00
Daniel Weiße
b27e205399
Use 4 vCPU instances by default ( #24 )
...
* Use 4 vcpu instances by default
* Remove 2 vcpu instance type option
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 10:33:33 +02:00
Thomas Tendyck
2d611e8148
add tooling to obtain Azure ID key digest
2022-08-30 18:10:14 +02:00
Fabian Kammel
66d8c8037b
Release/v0.0.1 ( #20 )
...
* bump images to 0.0.1
* add gh cli commands
* varibale with default value should not be required
* update release docs
* build and upload version manifest as part of release
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 15:54:35 +02:00
Thomas Tendyck
650ab76fe7
Update measurements.go
2022-08-30 15:50:40 +02:00
Fabian Kammel
778952e07c
AB#2287 support community image IDs ( #9 )
...
* support community image IDs
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 15:15:51 +02:00
Fabian Kammel
e0a457b6ff
change default image to new format of public images for next release ( #19 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 13:42:22 +02:00
Nils Hanke
87e68961dd
Add GCP ServiceAccount to E2E test
2022-08-30 04:26:21 -07:00
Malte Poll
07c6c4e190
node operator: retry updating pendingNode deadline on conflict
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-30 10:04:42 +02:00
Malte Poll
5c87913250
Update debugd README
2022-08-30 09:47:38 +02:00
Otto Bittner
2343c91bc7
Update service image versions
2022-08-30 09:42:18 +02:00
Daniel Weiße
7c832273fd
AB#2309 constellation upgrade execute ( #2 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:49:44 +02:00
Otto Bittner
7c5556864b
AB#2333: Add AMD SNP-based attestation
...
Currently only available on Azure CVMs.
* Get the public attestation key from the TPM.
* Get the snp report from the TPM.
* Get the VCEK and ASK certificate from the metadata api.
* Verify VCEK using hardcoded root key (ARK)
* Verify SNP report using VCEK
* Verify HCLAkPub using SNP report by comparing
AK with runtimeData
* Extend unittest
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:29:33 +02:00
Fabian Kammel
0a3a4e9c7f
move util
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-29 16:07:55 +02:00
Fabian Kammel
22c912a56d
move nodestate and role
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-29 16:07:55 +02:00
Malte Poll
26e9c67a00
Move cloud metadata packages and kubernetes resources marshaling to internal
...
Decouples cloud provider metadata packages from kubernetes related code
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-29 16:07:55 +02:00
Nils Hanke
89e3acf6a1
Fix link to CHANGELOG.md in PR template
2022-08-29 04:40:49 -07:00
Nils Hanke
a8cc8a5859
Disable golangci-lint cache
2022-08-29 02:25:04 -07:00
Nils Hanke
6da228758c
GCP: Add more N2D VMs to supported list ( #6 )
2022-08-29 09:50:40 +02:00
Thomas Tendyck
6b6b6df7e1
Update check-licenses.sh
2022-08-28 17:40:49 +02:00
Thomas Tendyck
6b8a2a0063
remove image pull secret
2022-08-28 15:57:08 +02:00
Fabian Kammel
d972f053f9
AB#2287 Public image sharing in Azure ( #350 )
...
Trusted launch VM images in original SIG, additional SIG for community images for CVM
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-26 17:34:46 +02:00
Malte Poll
f5270c6c01
debugd: Allow root login on serial console when using debug image ( #407 )
2022-08-26 14:07:53 +02:00
Simon Röckinghausen
a796c7ee69
added constellation shell animation ( #405 )
2022-08-26 12:59:36 +02:00
Fabian Kammel
5b40e0cc77
AB#2327 move debugd code into internal folder ( #403 )
...
* move debugd code into internal folder
* Fix paths in CMakeLists.txt
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-26 11:58:18 +02:00
Malte Poll
708c6e057e
Remove azure single instance support ( #402 )
2022-08-26 11:45:32 +02:00
Fabian Kammel
9e43701d3c
Remove klog ( #376 )
...
* remove logging altogether
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-25 17:01:54 +02:00
Malte Poll
716ba52588
create on Azure: Allow toggling between CVMs / Trusted Launch VMs ( #401 )
2022-08-25 15:24:31 +02:00
Fabian Kammel
45beec15f5
AB#2360 enterprise build tag ( #397 )
...
* enterprise build switch to disable license checking in default (OSS) version
* remove community license quota
* empty image references on OSS build in config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-25 14:06:29 +02:00
katexochen
6b1c20792a
Use the correct context package
2022-08-24 14:56:30 +02:00
katexochen
35a5d34497
Remove legacy build tags
2022-08-24 14:56:30 +02:00
Paul Meyer
904ea06214
Update golangci-lint workflow ( #396 )
2022-08-24 14:55:55 +02:00
katexochen
409f6fec65
Use function for commands
...
instead of func init() and global var
2022-08-24 14:30:02 +02:00
katexochen
54319e4324
Read cdbg deploy IPs from ID file
2022-08-24 14:30:02 +02:00
dependabot[bot]
a07e3bfaf4
Bump actions/setup-go from 3.2.1 to 3.3.0 ( #399 )
2022-08-24 09:59:35 +00:00
katexochen
e761c9bf97
Manually manage GCP service accounts
2022-08-24 11:44:05 +02:00