Otto Bittner
9f6e924066
cli: fix upgrade apply
for image-only upgrades ( #1468 )
...
This fixes a bug where `upgrade apply` fails if only the image is
upgraded, due to mishandling of an empty configmap.
Making stubStableClient more complex is needed since it is called
with multiple configMaps now.
2023-03-22 11:53:47 +01:00
Paul Meyer
02fc3dc635
measurements: refactor validation option ( #1462 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 11:47:39 +01:00
Nils Hanke
1ab40b7ca6
e2e: install Terraform for macOS runner for boot log collection
2023-03-22 10:36:28 +01:00
renovate[bot]
e95d79f97e
deps: update github.com/gophercloud/utils digest to e15d7ee ( #1486 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 10:33:43 +01:00
renovate[bot]
2d1ffaea4f
deps: update K8s constrained Azure versions ( #1408 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 10:23:44 +01:00
3u13r
cf9970c051
terraform: allow for multiple instance groups ( #1471 )
2023-03-21 22:56:03 +01:00
renovate[bot]
7a0cbe39f4
deps: update Constellation containers to v2.7.0-pre.0.20230321165012-cab6044f6910 ( #1484 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-21 20:21:42 +01:00
Nils Hanke
cab6044f69
debugd: use nanosecond precision for logs
2023-03-21 17:50:12 +01:00
renovate[bot]
248dbb5927
deps: update Constellation containers ( #1464 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-21 17:37:06 +01:00
Malte Poll
b87c0c33bf
bazel: use pure go implementation of netdns for all builds (with or without cgo support) ( #1476 )
2023-03-21 17:02:26 +01:00
Malte Poll
dff2ab6bf1
Revert "deps: update bazel-zig-cc digest to 6d2ee8c ( #1479 )" ( #1482 )
...
This reverts commit 015df546bf
.
2023-03-21 16:27:58 +01:00
renovate[bot]
015df546bf
deps: update bazel-zig-cc digest to 6d2ee8c ( #1479 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-03-21 16:00:19 +01:00
renovate[bot]
ebcba57a61
deps: update bazeldnf digest to 45f5d74 ( #1478 )
...
* deps: update bazeldnf digest to 45f5d74
* bazel: use new bazeldnf feature to write rpm rules in a macro
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-03-21 15:25:00 +01:00
Nils Hanke
093f0f0e28
ci: rename scheduled OS image build action
2023-03-21 14:32:56 +01:00
Malte Poll
9bedb82d66
bazel: upgrade bazel-zig-cc to allow caching of launcher ( #1474 )
2023-03-21 14:29:30 +01:00
renovate[bot]
1f92b29b4d
deps: update bazel_gazelle digest to 97a754c ( #1475 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-03-21 14:28:36 +01:00
renovate[bot]
02a389e8c0
deps: update Terraform openstack to v1.51.1 ( #1424 )
...
* deps: update Terraform openstack to v1.51.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-03-21 13:36:49 +01:00
Daniel Weiße
5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest ( #1257 )
...
* Convert enforceIDKeyDigest setting to enum
* Use MAA fallback in Azure SNP attestation
* Only create MAA provider if MAA fallback is enabled
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-21 12:46:49 +01:00
renovate[bot]
9a9688583d
deps: update aws-actions/configure-aws-credentials action to v2 ( #1445 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-21 10:56:30 +01:00
Malte Poll
c7fdeb4637
deps: go mod tidy
2023-03-21 10:51:09 +01:00
Malte Poll
8559a1ef8b
helm: deploy node operator on OpenStack
2023-03-21 10:51:09 +01:00
Malte Poll
545091cf2f
bootstrapper: insert helm values for OpenStack
2023-03-21 10:51:09 +01:00
Malte Poll
7d4ab07163
helm: add tests for AWS and OpenStack
2023-03-21 10:51:09 +01:00
Malte Poll
e5124d1a97
helm: add OpenStack charts
2023-03-21 10:51:09 +01:00
Malte Poll
67f5625f99
versions: add OpenStack CCM image
2023-03-21 10:51:09 +01:00
Malte Poll
f066416a43
cli: add support for constellation init on OpenStack
2023-03-21 10:51:09 +01:00
Malte Poll
63d5ddfa11
bootstrapper: add support for OpenStack
2023-03-21 10:51:09 +01:00
Malte Poll
071628c6a0
config: add OpenStack in-cluster authentication settings
2023-03-21 10:51:09 +01:00
Malte Poll
33eddc74e1
debugd: add OpenStack support
2023-03-21 10:51:09 +01:00
Malte Poll
f785ae560b
openstack: implement account key for cluster-internal authentication
2023-03-21 10:51:09 +01:00
Malte Poll
1b2a927b84
openstack: implement api client UID, InitSecretHash and GetLoadBalancerEndpoint
2023-03-21 10:51:09 +01:00
Malte Poll
3e73530b4f
image: use dummy attestation for OpenStack
2023-03-21 10:51:09 +01:00
Paul Meyer
f638812143
terraform: unique Azure attestation provider name ( #1472 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-21 10:41:48 +01:00
Nils Hanke
3fceb2207d
debugd: Use very basic JSON regex filter before JSON filter
2023-03-21 10:32:33 +01:00
Malte Poll
6f16e0b6fd
ci: use github actions cache to speedup bazel builds ( #1444 )
...
* ci: use github actions cache to speedup bazel builds
* ci: warm bazel repo cache daily
2023-03-21 10:06:32 +01:00
Otto Bittner
5a82c3cef2
cli: add attestationVariant migration ( #1467 )
...
Temporarily add the attestationVariant key to the service
values during upgrade. Normally this should not be
modified during upgrade. However, since the field is introduced
in v2.7, we need to add the field manually.
2023-03-21 10:04:48 +01:00
Malte Poll
44db16b42e
cli: give Azure uami all perms previously given to app registration ( #1334 )
...
This is the first step for deprecating app registrations on Azure.
The user-assigned managed identity (uami) should first gain all permissions that are currently held by the app registration.
* cli: give Azure uami all permissions previously given to app registratio
* docs: document required owner role for user-assigned managed identity on Azure
2023-03-21 10:00:13 +01:00
3u13r
88340ba4cb
bazel: allow user defined overwrites ( #1470 )
2023-03-20 18:21:47 +01:00
Paul Meyer
05f6d1dc65
terraform: valid Azure attestation provider name ( #1465 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 17:53:00 +01:00
Otto Bittner
1b12147d83
cli: minor restructuring for loading helm charts ( #1441 )
...
Use one loadRelease function instead of one function for each
release.
2023-03-20 17:05:58 +01:00
renovate[bot]
b3b1809251
deps: update K8s version independent containers to v0.1.2 ( #1376 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 16:35:26 +01:00
Paul Meyer
0f6e56badf
bazel: get tfsec as binary download
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00
Paul Meyer
daae4f8746
bazel: get gofumpt as binary download
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00
Paul Meyer
7f3f4ca3c7
bazel: get actionlint as binary download
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00
Paul Meyer
a3b328360d
ci: always run bazel tidy/check/generate workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00
Paul Meyer
9819d71434
bazel: add missing hashes to shellcheck
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00
Paul Meyer
8d3fe6f477
bazel: add terrafrom to //:check and //:generate
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00
Paul Meyer
2693936906
bazel: add target for tfsec
...
but don't include in //:check yet, there are to many false positives.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00
Nils Hanke
cdcc549d68
e2e: extract sonobuoy results to access junit results
2023-03-20 16:16:08 +01:00
Nils Hanke
af91ce2a3c
e2e: only use junit for full tests
2023-03-20 16:16:08 +01:00