Commit Graph

565 Commits

Author SHA1 Message Date
Moritz Sanft
c69e6777bd
cli: Terraform migrations on upgrade (#1685)
* add terraform planning

* overwrite terraform files in upgrade workspace

* Revert "overwrite terraform files in upgrade workspace"

This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0.

* prepare terraform workspace

* test upgrade integration

* print upgrade abort

* rename plan file

* write output to file

* add show plan test

* add upgrade tf workdir

* fix workspace preparing

* squash to 1 command

* test

* bazel build

* plan test

* register flag manually

* bazel tidy

* fix linter

* remove MAA variable

* fix workdir

* accept tf variables

* variable fetching

* fix resource indices

* accept Terraform targets

* refactor upgrade command

* Terraform migration apply unit test

* pass down image fetcher to test

* use new flags in e2e test

* move file name to constant

* update buildfiles

* fix version constant

* conditionally create MAA

* move interface down

* upgrade dir

* update buildfiles

* fix interface

* fix createMAA check

* fix imports

* update buildfiles

* wip: workspace backup

* copy utils

* backup upgrade workspace

* remove debug print

* replace old state after upgrade

* check if flag exists

* prepare test workspace

* remove prefix

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* respect file permissions

* refactor tf upgrader

* check workspace before upgrades

* remove temp upgrade dir after completion

* clean up workspace after abortion

* fix upgrade apply test

* fix linter

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-05-22 13:31:20 +02:00
edgelessci
87b9d85669
image: update measurements and image version (#1798)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-19 18:17:53 +02:00
edgelessci
2754d7817d
image: update measurements and image version (#1795)
Co-authored-by: 3u13r <3u13r@users.noreply.github.com>
2023-05-17 19:39:32 +02:00
Adrian Stobbe
f99e06b63b
cli: new flag to set the attestation type for config generate (#1769)
* add attestation flag to specify type in config
2023-05-17 16:53:56 +02:00
Moritz Eckert
6252193879 cli: deploy cinder as OpenStack CSI plugin 2023-05-17 15:20:39 +02:00
Daniel Weiße
1d5af5f0f4 Rebase fixes
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Nils Hanke
e80474ff7f oid: add missing String() for QEMUTDX 2023-05-17 11:37:26 +02:00
Daniel Weiße
c478df36fa Add TDX bazel files
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Nils Hanke
9e987778e0 measurements: Add length field for WithAllBytes 2023-05-17 11:37:26 +02:00
Nils Hanke
fe3622d982 cli/attestation: use const for PCR/TDX lengths 2023-05-17 11:37:26 +02:00
Daniel Weiße
dd2da25ebe attestation: tdx issuer/validator (#1265)
* Add TDX validator

* Add TDX issuer

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
renovate[bot]
230ea79bcc
deps: update Google SDK (#1748)
* deps: update Google SDK

* deps: fix grpc_testing import

* deps: update pseudo version tool hashes

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 18:13:17 +02:00
Malte Poll
f596a13188
image: include stream in gcp image name (#1768) 2023-05-16 12:38:38 +02:00
Daniel Weiße
c834911be1
config: fix migration for v2.7 idkeydigest enforcement format (#1770)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-16 10:32:01 +02:00
edgelessci
f30e0c9bdd
image: update measurements and image version (#1756)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-12 18:51:47 +02:00
renovate[bot]
a1fddd312c
deps: update K8s constrained GCP versions (#1565)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-05 14:30:48 +02:00
renovate[bot]
5301534aee
deps: update K8s constrained Azure versions (#1687)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-05 13:58:50 +02:00
Paul Meyer
30cd024076
deps: add Kubernetes v1.27, remove Kubernetes v1.24 (#1669)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:22:53 +02:00
Paul Meyer
b48866a756
ci: fix measurement generation on scheduled build (#1741)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:13:51 +02:00
Malte Poll
653bf3621d image: replicate AWS images to eu-west-1 and eu-west-3 2023-05-05 12:06:44 +02:00
Malte Poll
ad8a3eec4a versionsapi: increase cloudfront cache invalidation timeout 2023-05-05 12:06:44 +02:00
Malte Poll
ee91d8b1cc image: implement idempotent upload of os images 2023-05-05 12:06:44 +02:00
Malte Poll
56635c3993 cli: deploy yawol as OpenStack loadbalancer 2023-05-03 21:45:59 +02:00
Daniel Weiße
d7a2ddd939
config: add separate option for handling attestation parameters (#1623)
* Add attestation options to config

* Add join-config migration path for clusters with old measurement format

* Always create MAA provider for Azure SNP clusters

* Remove confidential VM option from provider in favor of attestation options

* cli: add config migrate command to handle config migration (#1678)

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-03 11:11:53 +02:00
renovate[bot]
e9103cad0a
deps: update Constellation containers to v2.7.0-pre.0.20230405123345-6bf3c63115a5 (#1563)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-02 15:04:31 +02:00
edgelessci
1ea060e873
image: update measurements and image version (#1700)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-28 08:02:19 +02:00
renovate[bot]
84c7550f37
deps: update Kubernetes versions (#1688)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 18:04:01 +02:00
3u13r
1bdf410b52
bazel: allow custom container_prefix (#1693)
* build: allow custom container registry

* build: fix .bazeloverwriterc import
2023-04-27 11:52:02 +02:00
Paul Meyer
bf051174f6 ci: update measurements and image version
on scheduled build

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 10:20:27 +02:00
Malte Poll
c11a3f4460
cli: configurable state disk type on OpenStack (#1686) 2023-04-27 09:08:43 +02:00
Malte Poll
9dfad32e33 cli: use Bazel container images 2023-04-18 15:35:15 +02:00
Moritz Sanft
1d0ee796e8
cli: add Terraform log support (#1620)
* add Terraform logging

* add TF logging to CLI

* fix path

* only create file if logging is enabled

* update bazel files

* register persistent flags manually

* clidocgen

* move logging code to separate file

* reword yes flag parsing error

* update bazel buildfile

* factor out log level setting
2023-04-14 14:15:07 +02:00
Daniel Weiße
ec01c57661
internal: use config to create attestation validators (#1561)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-04-06 17:00:56 +02:00
Malte Poll
69de06dd1f
image: OpenStack vTPM (#1616)
* cli: allow vpc traffic between nodes on OpenStack
* image: enable vTPM on OpenStack
* cli: add create tests for OpenStack
2023-04-05 16:49:03 +02:00
renovate[bot]
a2ae53d229
deps: update dependency kubernetes-sigs/cri-tools to v1.26.1 (#1600)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-05 11:37:15 +02:00
Malte Poll
2ca2dbae22
versionsapi: fix list command by allowing empty set of patch versions for a given minor version (#1609) 2023-04-04 12:10:07 +02:00
Paul Meyer
58b405d04c
license: remove check for Azure.ConfidentialVM (#1602)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 19:19:54 +02:00
Malte Poll
d15968bed7
bootstrapper: make Azure auth method configurable on cluster init (#1346)
* bootstrapper: make Azure auth method configurable on cluster init
* azure: convert uami resource ID to clientID


Co-authored-by: 3u13r <lc@edgeless.systems>
2023-04-03 15:01:25 +02:00
Moritz Sanft
46f5b1734e
cli: show available cli upgrades on upgrade check command (#1394)
* cli: upgrade check show cli upgrades

* only check compatibility for valid upgrades

* use semver.Sort

* extend unit tests

* add unit test for new compatible cli versions

* adapt to feedback

* fix rebase

* rework output

* minor -> major

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* minor -> major

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* dynamic major version

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* remove currentK8sVer argument

* bazel gen & tidy

* bazel update

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-04-03 14:31:17 +02:00
Otto Bittner
c8c2953d7b cli: add status cmd
The new command allows checking the status of an upgrade
and which versions are installed.
Also remove the unused restclient.
And make GetConstellationVersion a function.
2023-04-03 12:03:41 +02:00
Moritz Sanft
2d41a19fbf
internal: semver support for pseudoversions (#1564)
* support for prerelease tag / pseudoversion

* build version first

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* use strings.Cut

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-04-03 10:48:28 +02:00
Daniel Weiße
62c165750f
config: remove deprecated upgradeConfig and require name and microserviceVersion fields (#1541)
* Remove deprecated fields

* Remove warning for not setting attestationVariant

* Dont write attestationVariant to config

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-31 19:19:10 +02:00
3u13r
efe4681214
add version.txt step to release pipeline (#1493)
* add version.txt step to release pipeline

* refresh git status

* make minicon e2e test less flaky
2023-03-31 12:41:32 +02:00
renovate[bot]
8ffd1dcf3f
deps: update bazel_gazelle digest to 4dfcb75 (#1516)
* deps: update gazelle and rules_go
* variant: remove renamed go_library label
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-03-31 10:43:07 +02:00
renovate[bot]
786d9c86ad
deps: update Constellation containers (#1543)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 18:43:28 +02:00
Paul Meyer
d7fafb92b7 bazel: improve script template resilience
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
909bfb9274 bazel: add go generate to //:generate target
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Nils Hanke
eaa5949e31 versionsapi: Split GCP image URI to extract the image name 2023-03-29 17:26:03 +02:00
Daniel Weiße
fc0efb6309
config: deprecate confidentialVM option for Azure clusters in favor of using attestationVariant option (#1539)
* Remove confidentialVM option from azure provider config

* Fix cloudcmd creator test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 14:04:37 +02:00
Nils Hanke
1b832ac959
atls: fix link in README.md (#1545)
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-03-29 13:33:19 +02:00