* deps: update Go dependencies
* bazel: force Gazelle generation for xDS
xDS has an upstream set of build files that makes Gazelle consider their project a whole new Bazel project, which makes Gazelle not generate any build files, even though the upstream ones aren't valid.
See https://github.com/cncf/xds/issues/104.
* go: update cel.dev/expr for Bazel fixes
cel.dev/expr had some upstream Bazel fixes in v0.16.2 without which Gazelle doesn't work.
* chore: generate
* e2e: remove references to kubeProxyVersion
kubeProxyVersion is deprecated as of KEP-4004. It was never being set to an accurate value before, and we only used it in the e2e test, so removing the additional check should not hurt here.
See https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/4004-deprecate-kube-proxy-version
* constellation-node-operator: use typed rate-limiter
The untyped rate-limiter was deprecated in favor of a generic one that can just be instantiated to `any` to achieve the previous behaviour.
* Advertise ALPN settings in NextProtos required by gRPC
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* atls: add nextProtos
nextProtos (for ALPN) is now required by gRPC, so add it.
* go: add cri-client replace
* deps: tidy all modules
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
* Upgrade Go dependencies
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Group Go dependency upgrades
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Remove usage of deprecated docker types
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Fix usage of invalid validation tags
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Regenerate bazel files
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Keep github.com/bazelbuild/buildtools at old version to not break other dependencies
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* ci: improve constellation_create error message
When we hit a timeout due to nodes not coming up, the actual error
message is hard to make out because it's buried in a group. With the
right formatting, the error message will be highlighted in the UI.
Another improvement is to output the state of nodes, which helps
debugging the cause of nodes not joining or not becoming ready.
* cleanup: use NodeVersionResourceName constant
... instead of literal strings.
* ci: correctly notify on e2e upgrade error
* atls: report cert extension OIDs on mismatch
If the certificate contains an attestation document for SEV-SNP, but the
given validator is for Nitro, verifyEmbeddedReport should not claim that
there is no attestation document, but that there is no _compatible_ one
and what the incompatible ones were.
There used to be three definitions of a Component type, and conversion
routines between the three. Since the use case is always the same, and
the Component semantics are defined by versions.go and the installer, it
seems appropriate to define the Component type there and import it in
the necessary places.
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP
For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
* Add attestation options to config
* Add join-config migration path for clusters with old measurement format
* Always create MAA provider for Azure SNP clusters
* Remove confidential VM option from provider in favor of attestation options
* cli: add config migrate command to handle config migration (#1678)
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Add attestation type to config (optional for now)
* Get attestation variant from config in CLI
* Set attestation variant for Constellation services in helm deployments
* Remove AzureCVM variable from helm deployments
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* build: correct toolchain order
* build: gazelle-update-repos
* build: use pregenerated proto for dependencies
* update bazeldnf
* deps: tpm simulator
* Update Google trillian module
* cli: add stamping as alternative build info source
* bazel: add go_test wrappers, mark special tests and select testing deps
* deps: add libvirt deps
* deps: go-libvirt patches
* deps: cloudflare circl patches
* bazel: add go_test wrappers, mark special tests and select testing deps
* bazel: keep gazelle overrides
* bazel: cleanup bazelrc
* bazel: switch CMakeLists.txt to use bazel
* bazel: fix injection of version information via stamping
* bazel: commit all build files
* dev-docs: document bazel usage
* deps: upgrade zig-cc for go 1.20
* bazel: update Perl for macOS arm64 & Linux arm64 support
* bazel: use static perl toolchain for OpenSSL
* bazel: use static protobuf (protoc) toolchain
* deps: add git and go to nix deps
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
The variable VersionInfo is supposed to be set by `go build -X ...` during link time but should not be modified at runtime.
This change ensures the underlying var is private and can only be accessed by a public getter.
