Commit Graph

4074 Commits

Author SHA1 Message Date
Daniel Weiße
86c45d1d5f
deps: update to Go 1.22.3 (#3069)
* Update renovate syntax
* Update to Go 1.22.3

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-08 11:34:31 +02:00
Daniel Weiße
a15cf54477
ci: use 7zip for creating archives (#3068)
* Use 7zip for creating and processing encrypted archives
* Switch to .7z file extension
* Fix shell check issues
* Fix tfstate update logic

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-08 10:34:10 +02:00
Daniel Weiße
edc0c7068e
ci: fix delete artifact conditional (#3067)
* Fix state exists check
* Dont fail if folder to remove does not exist

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-07 08:48:38 +02:00
Thomas Tendyck
012937740f
Update action.yml 2024-05-07 01:52:35 +02:00
3u13r
ecebd607c5
terraform: Allow nodes to join the cluster when using a jump host by removing the constellation-uid tag (#3064)
* terraform: remove constellation-uid tag from jump-host
2024-05-06 12:25:52 +02:00
edgelessci
3241e5a126
image: update locked rpms (#3065)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-05-05 17:25:51 +02:00
miampf
bd26cb592d
ci: correctly clean up failed windows e2e tests (#3059) 2024-05-03 10:54:08 +00:00
Daniel Weiße
f6999084c9
terraform: set empty default value for additional_tags (#3052)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 10:27:46 +02:00
Daniel Weiße
47fbbd42a9
Fix tool not generating measurements for gcp-sev-snp (#3061)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 09:52:57 +02:00
edgelessci
96b71b0205
image: update measurements and image version (#3060)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-05-03 09:28:57 +02:00
Daniel Weiße
35bd805bec
ci: enable gcp-sev-snp for daily tests (#3058)
* Run gcp-sev-snp debug e2e test in daily
* Fix verify e2e test not creating json file for gcp-sev-snp

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 08:18:21 +02:00
Daniel Weiße
259e85d9c1
ci: reduce noise from warnings (#3055)
* Fix whitespace errors
* Remove usage of external action to URI encode component
* Upgrade Azure login action to v2.1
* Remove GitHub actions warning when running e2e test with NOP payload
* Only try to upload updated tf state if it exists
* Upgrade out of date aws credential actions

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 08:17:40 +02:00
edgelessci
3d2a023ccf
image: update measurements and image version (#3057)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-05-02 08:20:51 +02:00
Felix Schuster
7d46d0f7d6
Small changes in docs/README (#3050)
* Change concept image

* Add sentence to "first steps"
2024-04-30 16:01:56 +02:00
Moritz Sanft
002c6fa5a4
snp: don't print warning if no ASK is present (#3048)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-04-29 14:38:34 +02:00
renovate[bot]
c1740b17d9
deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20240314 (#3042)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-29 11:01:21 +02:00
Markus Rudy
9101417ef8
dev-docs: howto generate kubeconfigs (#3047) 2024-04-26 14:58:38 +02:00
Malte Poll
5ec1b1f488
deps: upgrade terraform provider stackit to 0.16.0 (#3046) 2024-04-26 14:02:35 +02:00
miampf
0c0d87aa4c
ci: Delete e2e terraform state (#2874) 2024-04-26 10:06:01 +00:00
Daniel Weiße
46994b7ee0
terraform: simplify additional tagging logic to ensure they are always applied (#3045)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-26 11:53:25 +02:00
Daniel Weiße
680d3318af
ci: ensure --tags flag is only set if the CLI supports it (#3044)
* Use github.run_id to correctly tag resources with the run id
* Ensure `--tags` flag is only set if CLI supports it

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-26 09:34:21 +02:00
edgelessci
0df26c0e9b
image: update measurements and image version (#3043)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-26 08:05:44 +02:00
renovate[bot]
3ea0e3a487
deps: update K8s constrained AWS versions (#2938)
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-25 15:49:50 +02:00
renovate[bot]
0f6491f3c7
deps: update K8s constrained Azure versions (#2941)
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-25 15:48:46 +02:00
renovate[bot]
f00890ab1e
deps: update module k8s.io/kubernetes to v1.29.4 [SECURITY] (#3039)
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-25 14:03:24 +02:00
miampf
3f7a4e4313
ci: tag resources created by e2e tests with the run name (#3035) 2024-04-25 12:02:23 +00:00
edgelessci
591aba99fd
image: update measurements and image version (#3040)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-24 08:16:45 +02:00
Daniel Weiße
056f991f58
ci: add missing permission for e2e-windows test in weekly run (#3037)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-22 15:21:56 +02:00
Daniel Weiße
4635a6c8b1
attestation: dont set a default for TDX MRSEAM (#3038)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-22 14:07:24 +02:00
edgelessci
a7451fbe1c
image: update locked rpms (#3036)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-04-22 09:39:09 +02:00
miampf
b187966581
cli: allow tagging cloud resources with custom tags (#3033) 2024-04-19 09:07:57 +00:00
edgelessci
f60c133724
image: update measurements and image version (#3034)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-19 08:30:06 +02:00
Markus Rudy
9b52ec403b
deps: auto-assign reviewer for deps PRs (#3032)
* deps: auto-assign reviewer for deps PRs

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2024-04-17 20:38:32 +02:00
Moritz Sanft
35e19a45bb
ci: disable SEV-SNP tests that need stable images (#3031) 2024-04-17 09:12:52 +02:00
edgelessci
ea17af3dcc
image: update measurements and image version (#3030)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-17 08:18:39 +02:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP (#3011)
* terraform: enable creation of SEV-SNP VMs on GCP

* variant: add SEV-SNP attestation variant

* config: add SEV-SNP config options for GCP

* measurements: add GCP SEV-SNP measurements

* gcp: separate package for SEV-ES

* attestation: add GCP SEV-SNP attestation logic

* gcp: factor out common logic

* choose: add GCP SEV-SNP

* cli: add TF variable passthrough for GCP SEV-SNP variables

* cli: support GCP SEV-SNP for `constellation verify`

* Adjust usage of GCP SEV-SNP throughout codebase

* ci: add GCP SEV-SNP

* terraform-provider: support GCP SEV-SNP

* docs: add GCP SEV-SNP reference

* linter fixes

* gcp: only run test with TPM simulator

* gcp: remove nonsense test

* Update cli/internal/cmd/verify.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/overview/clouds.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* linter fixes

* terraform_provider: correctly pass down CC technology

* config: mark attestationconfigapi as unimplemented

* gcp: fix comments and typos

* snp: use nonce and PK hash in SNP report

* snp: ensure we never use ARK supplied by Issuer (#3025)

* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* attestationconfigapi: add GCP to uploading

* snp: use correct cert

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP

* linter fixes

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2024-04-16 18:13:47 +02:00
Daniel Weiße
485ebb151e
kubecmd: retry any k8s errors in CLI and Terraform (#3028)
* Retry any k8s errors in CLI and Terraform
* Use structured logging in `kubecmd` package

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-16 15:12:42 +02:00
Markus Rudy
f189aa186f
dev-docs: document security advisory process (#3024)
* dev-docs: document security advisory process
2024-04-15 11:49:23 +02:00
edgelessci
456279c896
image: update locked rpms (#3026)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-04-15 07:44:24 +02:00
edgelessci
41e4f144ed
image: update measurements and image version (#3023)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-12 08:24:28 +02:00
davidweisse
e89d8e4d72
ci: add error handling to e2e windows liveness probe (#3018)
* workflows: add error handling to e2e windows liveness probe

* update retry condition in last iteration

* Update liveness probe to check for correct number of nodes

* ci: fix Windows e2e test not pushing required container images (#3021)

* More output when waiting for nodes to get ready
* Create unique resource group name for Windows e2e test
* Push container images on windows CLI build to fix e2e test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix resource group naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2024-04-11 11:27:12 +02:00
Markus Rudy
f6dfea2a79
helm: unbreak helm test after Cilium version bump (#3022) 2024-04-11 09:38:15 +02:00
Markus Rudy
550798279a
Merge pull request from GHSA-g8fc-vrcg-8vjg
* helm: firewall pods

* helm: bump cilium chart version

---------

Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-04-10 13:48:32 +02:00
Daniel Weiße
6e31223ff9
ci: suppress license check on windows e2e (#3020)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-10 10:51:09 +02:00
edgelessci
7bdd4c2449
image: update measurements and image version (#3019)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-10 08:25:16 +02:00
Daniel Weiße
cddbba1898
ci: bump fromVersion for e2e tests to v2.16.2 (#3016)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-08 11:13:44 +02:00
Moritz Eckert
c3eae84fbb
docs: update images with inter font (#2995) 2024-04-08 07:28:01 +02:00
edgelessci
2c70867bc2
image: update locked rpms (#3017)
Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com>
2024-04-07 10:30:01 +02:00
Daniel Weiße
a2737e8f61
ci: bump slsa-verifier to v2.5.1 (#3015)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-05 21:00:33 +02:00
edgelessci
249148abe2
image: update measurements and image version (#3013)
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
2024-04-05 15:23:44 +02:00