constellation

mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-28 00:49:26 -05:00

Author	SHA1	Message	Date
Malte Poll	60b125cb59	cli: add windows amd64 build target (#1835 )	2023-05-30 12:02:43 +02:00
Moritz Sanft	6d5e7e1f7c	cli: support StackIT provider on config generate (#1803 ) * support stackit provider on config generate * update cli reference * default config values * deploy csi driver Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> --------- Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>	2023-05-30 09:02:50 +02:00
3u13r	661f084ffa	cli: use uami for in-cluter authentication (#1820 )	2023-05-26 11:45:03 +02:00
Adrian Stobbe	0a6e5ec02e	config: dynamic attestation configuration through S3 backed API (#1808 )	2023-05-25 17:43:44 +01:00
Malte Poll	d0e53cbb59	cli: image info (v2)	2023-05-25 15:01:15 +02:00
Malte Poll	cd7b116794	cli: image measurements (v2)	2023-05-25 15:01:15 +02:00
Malte Poll	e5b394db87	cli: image measurements (v2)	2023-05-25 15:01:15 +02:00
Otto Bittner	3b3be85841	cli: fix supportedVersions during upgrade check Previously the service version was always 0.0.0	2023-05-23 07:44:37 +02:00
Moritz Sanft	c69e6777bd	cli: Terraform migrations on upgrade (#1685 ) * add terraform planning * overwrite terraform files in upgrade workspace * Revert "overwrite terraform files in upgrade workspace" This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0. * prepare terraform workspace * test upgrade integration * print upgrade abort * rename plan file * write output to file * add show plan test * add upgrade tf workdir * fix workspace preparing * squash to 1 command * test * bazel build * plan test * register flag manually * bazel tidy * fix linter * remove MAA variable * fix workdir * accept tf variables * variable fetching * fix resource indices * accept Terraform targets * refactor upgrade command * Terraform migration apply unit test * pass down image fetcher to test * use new flags in e2e test * move file name to constant * update buildfiles * fix version constant * conditionally create MAA * move interface down * upgrade dir * update buildfiles * fix interface * fix createMAA check * fix imports * update buildfiles * wip: workspace backup * copy utils * backup upgrade workspace * remove debug print * replace old state after upgrade * check if flag exists * prepare test workspace * remove prefix Co-authored-by: Otto Bittner <cobittner@posteo.net> * respect file permissions * refactor tf upgrader * check workspace before upgrades * remove temp upgrade dir after completion * clean up workspace after abortion * fix upgrade apply test * fix linter --------- Co-authored-by: Otto Bittner <cobittner@posteo.net>	2023-05-22 13:31:20 +02:00
3u13r	964775c4c2	Add autoscaling and cluster upgrade support for AWS (#1758 ) * aws: autoscaling and upgrades * docs: update scaling and upgrades for AWS * deps: pin vuln check against release	2023-05-19 13:57:31 +02:00
Adrian Stobbe	f99e06b63b	cli: new flag to set the attestation type for `config generate` (#1769 ) * add attestation flag to specify type in config	2023-05-17 16:53:56 +02:00
Daniel Weiße	1d5af5f0f4	Rebase fixes Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-05-17 11:37:26 +02:00
Nils Hanke	63d938d9a4	cli: improve error handling for validator	2023-05-17 11:37:26 +02:00
Nils Hanke	c507bd7d95	cli: Generalize PCRs to Measurements in preparation for TDX	2023-05-17 11:37:26 +02:00
Nils Hanke	9e987778e0	measurements: Add length field for WithAllBytes	2023-05-17 11:37:26 +02:00
3u13r	4024b9cf71	ci: fix minicon e2e test (#1763 ) * ci: push containers during minicon e2e * cli: set testing nvram for pre images in minicon	2023-05-12 17:14:32 +02:00
Malte Poll	6694eabebd	cli: allow any well formatted zone in iam create	2023-05-05 12:06:44 +02:00
Malte Poll	653bf3621d	image: replicate AWS images to eu-west-1 and eu-west-3	2023-05-05 12:06:44 +02:00
Malte Poll	56635c3993	cli: deploy yawol as OpenStack loadbalancer	2023-05-03 21:45:59 +02:00
Daniel Weiße	d7a2ddd939	config: add separate option for handling attestation parameters (#1623 ) * Add attestation options to config * Add join-config migration path for clusters with old measurement format * Always create MAA provider for Azure SNP clusters * Remove confidential VM option from provider in favor of attestation options * cli: add config migrate command to handle config migration (#1678) --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-05-03 11:11:53 +02:00
Malte Poll	ded8abeacc	ci: limit prefix length of AWS IAM resources (#1674 )	2023-04-25 13:29:07 +02:00
Moritz Sanft	3031d395a9	cli: force-delete Azure resource group (#1667 ) * force-delete Azure resource group * were not -> weren't * fix typo	2023-04-19 08:30:11 +02:00
Moritz Sanft	1d0ee796e8	cli: add Terraform log support (#1620 ) * add Terraform logging * add TF logging to CLI * fix path * only create file if logging is enabled * update bazel files * register persistent flags manually * clidocgen * move logging code to separate file * reword yes flag parsing error * update bazel buildfile * factor out log level setting	2023-04-14 14:15:07 +02:00
Daniel Weiße	ec01c57661	internal: use config to create attestation validators (#1561 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-04-06 17:00:56 +02:00
renovate[bot]	d95a764b65	deps: update golangci/golangci-lint to v1.52.2 (#1598 ) * deps: update golangci/golangci-lint to v1.52.2 * deps: tidy all modules * fix linting issues --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci <edgelessci@users.noreply.github.com> Co-authored-by: Malte Poll <mp@edgeless.systems>	2023-04-05 18:40:35 +02:00
Moritz Sanft	e71c33c88d	cli: print attestation document with constellation verify (#1577 ) * wip: verification output * wip: Azure cert parsing * wip: print actual PCRs * wip: use string builder for output formatting * compare PCR expected with actual * tests * change naming * update cli reference * update bazel buildfile * bazel update * change loop signature	2023-04-03 15:06:27 +02:00
Malte Poll	d15968bed7	bootstrapper: make Azure auth method configurable on cluster init (#1346 ) * bootstrapper: make Azure auth method configurable on cluster init * azure: convert uami resource ID to clientID Co-authored-by: 3u13r <lc@edgeless.systems>	2023-04-03 15:01:25 +02:00
Moritz Sanft	46f5b1734e	cli: show available cli upgrades on upgrade check command (#1394 ) * cli: upgrade check show cli upgrades * only check compatibility for valid upgrades * use semver.Sort * extend unit tests * add unit test for new compatible cli versions * adapt to feedback * fix rebase * rework output * minor -> major Co-authored-by: Otto Bittner <cobittner@posteo.net> * minor -> major Co-authored-by: Otto Bittner <cobittner@posteo.net> * dynamic major version Co-authored-by: Otto Bittner <cobittner@posteo.net> * remove currentK8sVer argument * bazel gen & tidy * bazel update --------- Co-authored-by: Otto Bittner <cobittner@posteo.net>	2023-04-03 14:31:17 +02:00
Otto Bittner	7c8215e507	cli: add kubernetes pkg to interface with cluster Previously the content of files status and upgrade within the cloudcmd pkg did not fit cloudcmd's pkg description. This patch introduces a separate pkg to fix that.	2023-04-03 12:03:41 +02:00
Otto Bittner	c8c2953d7b	cli: add status cmd The new command allows checking the status of an upgrade and which versions are installed. Also remove the unused restclient. And make GetConstellationVersion a function.	2023-04-03 12:03:41 +02:00
Daniel Weiße	62c165750f	config: remove deprecated upgradeConfig and require name and microserviceVersion fields (#1541 ) * Remove deprecated fields * Remove warning for not setting attestationVariant * Dont write attestationVariant to config --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-31 19:19:10 +02:00
Paul Meyer	b8d6b110b1	cli: add missing -y short flag to iam create (#1572 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-31 17:26:14 +02:00
Paul Meyer	66ee24b5b2	cli: remove duplicated print (#1568 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-31 14:43:39 +02:00
Daniel Weiße	fc0efb6309	config: deprecate confidentialVM option for Azure clusters in favor of using attestationVariant option (#1539 ) * Remove confidentialVM option from azure provider config * Fix cloudcmd creator test --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-29 14:04:37 +02:00
Daniel Weiße	b57413cfa7	cli: set cluster's initial measurements from user's config using Helm (#1540 ) * Remove using measurements from the initial control-plane node for the cluster's initial measurements * Add using measurements from the user's config for the cluster's initial measurements to align behavior with upgrade command --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-29 11:16:56 +02:00
Daniel Weiße	99b12e4035	internal: refactor oid package to variant package (#1538 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-29 09:30:13 +02:00
Daniel Weiße	db5660e3d6	attestation: add context to Issue and Validate methods (#1532 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-29 09:06:10 +02:00
Otto Bittner	861bc84f94	cli: only apply upgrades on gcp/azure (#1518 ) The constellation-operator currently doesn't support the necessary operations for AWS, OpenStack and QEMU.	2023-03-24 17:07:14 +01:00
Otto Bittner	bb2b5e1bd1	cli: allow users to only upgrade measurements In case only measurements are upgrades a confirmation is required. Alternatively, the `yes` flag can be used.	2023-03-23 18:08:18 +01:00
Otto Bittner	cac43a1dd0	ci: add e2e-upgrade test The test is implemented as a go test. It can be executed as a bazel target. The general workflow is to setup a cluster, point the test to the workspace in which to find the kubeconfig and the constellation config and specify a target image, k8s and service version. The test will succeed if it detects all target versions in the cluster within the configured timeout. The CI automates the above steps. A separate workflow is introduced as there are multiple input fields to the test. Adding all of these to the manual e2e test seemed confusing. Co-authored-by: Fabian Kammel <fk@edgeless.systems>	2023-03-23 14:57:38 +01:00
Leonard Cohnen	bb009e6166	remove dublicate log in miniconstellation	2023-03-23 14:55:29 +01:00
Paul Meyer	02fc3dc635	measurements: refactor validation option (#1462 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-22 11:47:39 +01:00
Daniel Weiße	5a0234b3f2	attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257 ) * Convert enforceIDKeyDigest setting to enum * Use MAA fallback in Azure SNP attestation * Only create MAA provider if MAA fallback is enabled --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems>	2023-03-21 12:46:49 +01:00
Malte Poll	f066416a43	cli: add support for constellation init on OpenStack	2023-03-21 10:51:09 +01:00
Nils Hanke	4f37fe38f9	cli: fix typo	2023-03-20 15:30:35 +01:00
Paul Meyer	658cac046f	go: remove redundant if-err check Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-20 08:41:01 -04:00
Paul Meyer	0036b24266	go: remove unused parameters Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-20 08:41:01 -04:00
Nils Hanke	822d7823f8	cli: refuse to retry init once gRPC has reached READY one time	2023-03-20 13:33:46 +01:00
Nils Hanke	77d19eb896	cli: add "Connecting" spinner state for "constellation init"	2023-03-20 13:33:46 +01:00
Daniel Weiße	6ea5588bdc	config: add attestation variant (#1413 ) * Add attestation type to config (optional for now) * Get attestation variant from config in CLI * Set attestation variant for Constellation services in helm deployments * Remove AzureCVM variable from helm deployments --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-14 11:46:27 +01:00

1 2 3 4 5 ...

262 Commits