* malicious node join test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add e2e build tag
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add namespaces to job apply
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix image and workflow
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* build instructions in Dockerfile
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* only print important flags
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use `malicious-join` namespace
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* build with bazel
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* order imports
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* test cases
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* various fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add missing quotes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix typo
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update e2e/malicious-join/malicious-join.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update e2e/malicious-join/malicious-join.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* use switch case
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update image version
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* wip
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* various fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use workdir
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add required permissions
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove permissions
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove packages: write permission at step
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* login to registry
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix typo
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix log
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* source base lib
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix sourcing order
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* export after definition
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix script header
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* dont exit after -e flag has been set
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Previously the timeout was not set in the client's constructor, thus the
zero value was used. The client did not wait for invalidation.
To prevent this in the future a warning is logged if wait is disabled.
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Previous output of findvers.sh would be [""] in case no version were
found, now the output is []. Also, GitHub cannot handle empty arrays
in the matrix field, so we add an if and check if the array is empty.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* refactor `debugd` file structure
* create `hack`-tool to deploy logcollection to non-debug clusters
* integrate changes into CI
* update fields
* update workflow input names
* use `working-directory`
* add opensearch creds to upgrade workflow
* make template func generic
* make templating func generic
* linebreaks
* remove magic defaults
* move `os.Exit` to main package
* make logging index configurable
* make templating generic
* remove excess brace
* update fields
* copy fields
* fix flag name
* fix linter warnings
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* remove unused workflow inputs
* remove makefiles
* fix command
* bazel: fix output paths of container
This fixes the output paths of builds within the container by mounting
directories to paths that exist on the host. We also explicitly set the
output path in a .bazelrc to the user specific path. The rc file is
mounted into the container and overrides the host rc.
Also adding automatic stop in case start is called and a containers
is already running.
Sym links like bazel-out and paths bazel outputs should generally work
with this change.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* tabs -> spaces
---------
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
The TCP versions are extracted from the MAA token, that itself is taken
from the verify command output. The configapi is adapted to directly
work on the MAA claims JSON.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
by setting the Azure SNP enforcement policy to equal in the weekly e2e.
The run should fail when there are unexpected ID Key digests used.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
The existingConfig field is always set to true during create, as we use
the IAM create step to generate the config in all cases. Accordingly,
secret injection into config isn't needed anymore in create.
This fixes a bug where other parameters like Kubernetes version and
cluster name wouldn't be injected into the config due to existingConfig
being true.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
