Moritz Sanft
c69e6777bd
cli: Terraform migrations on upgrade ( #1685 )
...
* add terraform planning
* overwrite terraform files in upgrade workspace
* Revert "overwrite terraform files in upgrade workspace"
This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0.
* prepare terraform workspace
* test upgrade integration
* print upgrade abort
* rename plan file
* write output to file
* add show plan test
* add upgrade tf workdir
* fix workspace preparing
* squash to 1 command
* test
* bazel build
* plan test
* register flag manually
* bazel tidy
* fix linter
* remove MAA variable
* fix workdir
* accept tf variables
* variable fetching
* fix resource indices
* accept Terraform targets
* refactor upgrade command
* Terraform migration apply unit test
* pass down image fetcher to test
* use new flags in e2e test
* move file name to constant
* update buildfiles
* fix version constant
* conditionally create MAA
* move interface down
* upgrade dir
* update buildfiles
* fix interface
* fix createMAA check
* fix imports
* update buildfiles
* wip: workspace backup
* copy utils
* backup upgrade workspace
* remove debug print
* replace old state after upgrade
* check if flag exists
* prepare test workspace
* remove prefix
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* respect file permissions
* refactor tf upgrader
* check workspace before upgrades
* remove temp upgrade dir after completion
* clean up workspace after abortion
* fix upgrade apply test
* fix linter
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-05-22 13:31:20 +02:00
edgelessci
87b9d85669
image: update measurements and image version ( #1798 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-19 18:17:53 +02:00
edgelessci
2754d7817d
image: update measurements and image version ( #1795 )
...
Co-authored-by: 3u13r <3u13r@users.noreply.github.com>
2023-05-17 19:39:32 +02:00
Adrian Stobbe
f99e06b63b
cli: new flag to set the attestation type for config generate
( #1769 )
...
* add attestation flag to specify type in config
2023-05-17 16:53:56 +02:00
Moritz Eckert
6252193879
cli: deploy cinder as OpenStack CSI plugin
2023-05-17 15:20:39 +02:00
Daniel Weiße
1d5af5f0f4
Rebase fixes
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Nils Hanke
e80474ff7f
oid: add missing String() for QEMUTDX
2023-05-17 11:37:26 +02:00
Daniel Weiße
c478df36fa
Add TDX bazel files
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Nils Hanke
9e987778e0
measurements: Add length field for WithAllBytes
2023-05-17 11:37:26 +02:00
Nils Hanke
fe3622d982
cli/attestation: use const for PCR/TDX lengths
2023-05-17 11:37:26 +02:00
Daniel Weiße
dd2da25ebe
attestation: tdx issuer/validator ( #1265 )
...
* Add TDX validator
* Add TDX issuer
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
renovate[bot]
230ea79bcc
deps: update Google SDK ( #1748 )
...
* deps: update Google SDK
* deps: fix grpc_testing import
* deps: update pseudo version tool hashes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 18:13:17 +02:00
Malte Poll
f596a13188
image: include stream in gcp image name ( #1768 )
2023-05-16 12:38:38 +02:00
Daniel Weiße
c834911be1
config: fix migration for v2.7 idkeydigest enforcement format ( #1770 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-16 10:32:01 +02:00
edgelessci
f30e0c9bdd
image: update measurements and image version ( #1756 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-12 18:51:47 +02:00
renovate[bot]
a1fddd312c
deps: update K8s constrained GCP versions ( #1565 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-05 14:30:48 +02:00
renovate[bot]
5301534aee
deps: update K8s constrained Azure versions ( #1687 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-05 13:58:50 +02:00
Paul Meyer
30cd024076
deps: add Kubernetes v1.27, remove Kubernetes v1.24 ( #1669 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:22:53 +02:00
Paul Meyer
b48866a756
ci: fix measurement generation on scheduled build ( #1741 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:13:51 +02:00
Malte Poll
653bf3621d
image: replicate AWS images to eu-west-1 and eu-west-3
2023-05-05 12:06:44 +02:00
Malte Poll
ad8a3eec4a
versionsapi: increase cloudfront cache invalidation timeout
2023-05-05 12:06:44 +02:00
Malte Poll
ee91d8b1cc
image: implement idempotent upload of os images
2023-05-05 12:06:44 +02:00
Malte Poll
56635c3993
cli: deploy yawol as OpenStack loadbalancer
2023-05-03 21:45:59 +02:00
Daniel Weiße
d7a2ddd939
config: add separate option for handling attestation parameters ( #1623 )
...
* Add attestation options to config
* Add join-config migration path for clusters with old measurement format
* Always create MAA provider for Azure SNP clusters
* Remove confidential VM option from provider in favor of attestation options
* cli: add config migrate command to handle config migration (#1678 )
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-03 11:11:53 +02:00
renovate[bot]
e9103cad0a
deps: update Constellation containers to v2.7.0-pre.0.20230405123345-6bf3c63115a5 ( #1563 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-02 15:04:31 +02:00
edgelessci
1ea060e873
image: update measurements and image version ( #1700 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-28 08:02:19 +02:00
renovate[bot]
84c7550f37
deps: update Kubernetes versions ( #1688 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 18:04:01 +02:00
3u13r
1bdf410b52
bazel: allow custom container_prefix ( #1693 )
...
* build: allow custom container registry
* build: fix .bazeloverwriterc import
2023-04-27 11:52:02 +02:00
Paul Meyer
bf051174f6
ci: update measurements and image version
...
on scheduled build
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 10:20:27 +02:00
Malte Poll
c11a3f4460
cli: configurable state disk type on OpenStack ( #1686 )
2023-04-27 09:08:43 +02:00
Malte Poll
9dfad32e33
cli: use Bazel container images
2023-04-18 15:35:15 +02:00
Moritz Sanft
1d0ee796e8
cli: add Terraform log support ( #1620 )
...
* add Terraform logging
* add TF logging to CLI
* fix path
* only create file if logging is enabled
* update bazel files
* register persistent flags manually
* clidocgen
* move logging code to separate file
* reword yes flag parsing error
* update bazel buildfile
* factor out log level setting
2023-04-14 14:15:07 +02:00
Daniel Weiße
ec01c57661
internal: use config to create attestation validators ( #1561 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-04-06 17:00:56 +02:00
Malte Poll
69de06dd1f
image: OpenStack vTPM ( #1616 )
...
* cli: allow vpc traffic between nodes on OpenStack
* image: enable vTPM on OpenStack
* cli: add create tests for OpenStack
2023-04-05 16:49:03 +02:00
renovate[bot]
a2ae53d229
deps: update dependency kubernetes-sigs/cri-tools to v1.26.1 ( #1600 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-05 11:37:15 +02:00
Malte Poll
2ca2dbae22
versionsapi: fix list command by allowing empty set of patch versions for a given minor version ( #1609 )
2023-04-04 12:10:07 +02:00
Paul Meyer
58b405d04c
license: remove check for Azure.ConfidentialVM ( #1602 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 19:19:54 +02:00
Malte Poll
d15968bed7
bootstrapper: make Azure auth method configurable on cluster init ( #1346 )
...
* bootstrapper: make Azure auth method configurable on cluster init
* azure: convert uami resource ID to clientID
Co-authored-by: 3u13r <lc@edgeless.systems>
2023-04-03 15:01:25 +02:00
Moritz Sanft
46f5b1734e
cli: show available cli upgrades on upgrade check command ( #1394 )
...
* cli: upgrade check show cli upgrades
* only check compatibility for valid upgrades
* use semver.Sort
* extend unit tests
* add unit test for new compatible cli versions
* adapt to feedback
* fix rebase
* rework output
* minor -> major
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* minor -> major
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* dynamic major version
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* remove currentK8sVer argument
* bazel gen & tidy
* bazel update
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-04-03 14:31:17 +02:00
Otto Bittner
c8c2953d7b
cli: add status cmd
...
The new command allows checking the status of an upgrade
and which versions are installed.
Also remove the unused restclient.
And make GetConstellationVersion a function.
2023-04-03 12:03:41 +02:00
Moritz Sanft
2d41a19fbf
internal: semver support for pseudoversions ( #1564 )
...
* support for prerelease tag / pseudoversion
* build version first
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* use strings.Cut
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-04-03 10:48:28 +02:00
Daniel Weiße
62c165750f
config: remove deprecated upgradeConfig and require name and microserviceVersion fields ( #1541 )
...
* Remove deprecated fields
* Remove warning for not setting attestationVariant
* Dont write attestationVariant to config
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-31 19:19:10 +02:00
3u13r
efe4681214
add version.txt step to release pipeline ( #1493 )
...
* add version.txt step to release pipeline
* refresh git status
* make minicon e2e test less flaky
2023-03-31 12:41:32 +02:00
renovate[bot]
8ffd1dcf3f
deps: update bazel_gazelle digest to 4dfcb75 ( #1516 )
...
* deps: update gazelle and rules_go
* variant: remove renamed go_library label
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-03-31 10:43:07 +02:00
renovate[bot]
786d9c86ad
deps: update Constellation containers ( #1543 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 18:43:28 +02:00
Paul Meyer
d7fafb92b7
bazel: improve script template resilience
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
909bfb9274
bazel: add go generate to //:generate target
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Nils Hanke
eaa5949e31
versionsapi: Split GCP image URI to extract the image name
2023-03-29 17:26:03 +02:00
Daniel Weiße
fc0efb6309
config: deprecate confidentialVM option for Azure clusters in favor of using attestationVariant option ( #1539 )
...
* Remove confidentialVM option from azure provider config
* Fix cloudcmd creator test
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 14:04:37 +02:00
Nils Hanke
1b832ac959
atls: fix link in README.md ( #1545 )
...
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-03-29 13:33:19 +02:00