Commit Graph

2507 Commits

Author SHA1 Message Date
renovate[bot]
b49ca67add
deps: update alpine Docker tag to v3.17.3 (#1558)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 15:36:57 +02:00
Paul Meyer
399b052f9e
bazel: add protoc codegen to //:generate target (#1554)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 14:47:29 +02:00
Moritz Sanft
1f7acf8dfb
docs: list minimal permissions for Constellation setup (#1442)
* add required Azure perms

* add minimal aws permissions

* add minimal gcp permissions

* [wip] split Azure perms by iam create/create step

* Update docs/docs/getting-started/install.md

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>

* Update docs/docs/getting-started/install.md

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>

* minimal gcp permissions for iam create/create step

* escape footnote bracket

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* active voice

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* link to config step

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* add predefined roles for Azure

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* add AWS and GCP predefined min roles

* add Azure attestationprovider perm

* footnote for attestation mode

* Update docs/docs/getting-started/install.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* accept superset

* fix negation

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>

* update footnote

---------

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-03-30 10:16:57 +02:00
Otto Bittner
ef5d64b170
ci: set correct fromVersion in upgrade test (#1535) 2023-03-30 09:46:41 +02:00
Malte Poll
827c4f548d
bazel: deps mirror (#1522)
bazel-deps-mirror is an internal tools used to upload external dependencies
that are referenced in the Bazel WORKSPACE to the Edgeless Systems' mirror.

It also normalizes deps rules.

* hack: add tool to mirror Bazel dependencies
* hack: bazel-deps-mirror tests
* bazel: add deps mirror commands
* ci: upload Bazel dependencies on renovate PRs
* update go mod
* run deps_mirror_upload


Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 09:41:56 +02:00
Paul Meyer
d3e2f30f7b ci: fix diff check in tidy workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
d7fafb92b7 bazel: improve script template resilience
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
909bfb9274 bazel: add go generate to //:generate target
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
130112688c bazel: add stringer
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
81acdecd22 bazle: manage 3rdparty/node-maintainance-operator
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
8bbadecf2f bazel: add docgen tool
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Nils Hanke
eaa5949e31 versionsapi: Split GCP image URI to extract the image name 2023-03-29 17:26:03 +02:00
renovate[bot]
b99816cc66
deps: update alpine Docker tag to v3.17.2 (#1552)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 15:43:50 +02:00
renovate[bot]
f0fc655365
deps: update golang.org/x/vuln digest to 9550759 (#1550)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 15:43:24 +02:00
renovate[bot]
b12858660e
deps: update github.com/gophercloud/utils digest to 05e9e7f (#1549)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 15:42:34 +02:00
Daniel Weiße
eed533932e
rfc: attestation config options (#1436)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-03-29 14:58:57 +02:00
renovate[bot]
96cdf108e4
deps: update golang:1.20.2 Docker digest to 2101aa9 (#1551)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 14:56:55 +02:00
renovate[bot]
c8625f4672
deps: update gcr.io/distroless/static:nonroot Docker digest to 149531e (#1548)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 14:56:29 +02:00
renovate[bot]
6013665de1
deps: update gcr.io/distroless/static Docker digest to 8d4cc4a (#1547)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 14:56:07 +02:00
miampf
c1dbf0561a
feat: added journald collection package to bootstrapper internal packages 2023-03-29 14:45:13 +02:00
Malte Poll
2a8169dd3b
ci: use bazel repository cache for tidy checks (#1525) 2023-03-29 14:13:51 +02:00
Daniel Weiße
fc0efb6309
config: deprecate confidentialVM option for Azure clusters in favor of using attestationVariant option (#1539)
* Remove confidentialVM option from azure provider config

* Fix cloudcmd creator test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 14:04:37 +02:00
Nils Hanke
1b832ac959
atls: fix link in README.md (#1545)
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-03-29 13:33:19 +02:00
Thomas Tendyck
091fe3e2d7 measurements: compare to constants for clarity 2023-03-29 12:03:29 +02:00
renovate[bot]
83e6b4d64d
deps: update Constellation containers (#1504)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 11:31:26 +02:00
edgelessci
8f21e1d85c
deps: update apk package hashes (#1528)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 11:29:20 +02:00
Daniel Weiße
b57413cfa7
cli: set cluster's initial measurements from user's config using Helm (#1540)
* Remove using measurements from the initial control-plane node for the cluster's initial measurements

* Add using measurements from the user's config for the cluster's initial measurements to align behavior with upgrade command

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 11:16:56 +02:00
Thomas Tendyck
6fabb2a84b docs: rearrange troubleshooting 2023-03-29 10:57:17 +02:00
Otto Bittner
7520d31467
docs: update govulncheck badge to new workflow (#1531)
govulncheck was integrated into the bazel check target
2023-03-29 10:26:45 +02:00
Daniel Weiße
99b12e4035
internal: refactor oid package to variant package (#1538)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 09:30:13 +02:00
Daniel Weiße
db5660e3d6
attestation: add context to Issue and Validate methods (#1532)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 09:06:10 +02:00
Paul Meyer
7c27d67953
go: clean work file (#1537)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-28 18:15:42 +02:00
Nils Hanke
8e8124345b
bootstrapper: return error on context cancel in WaitForCilium (#1534) 2023-03-28 14:41:17 +02:00
Otto Bittner
ccb31c9570
docs: add CDN cache invalidation to release docs (#1536) 2023-03-28 13:50:27 +02:00
3u13r
e934e1cbc8
exclude node modules from shellcheck (#1514) 2023-03-28 13:38:20 +02:00
Paul Meyer
f108ff8539
bazel: add govulncheck to //:check target (#1512)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-27 13:35:51 +02:00
Paul Meyer
00c7611245
bazel: add license checks to //:check target (#1509)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-27 10:42:30 +02:00
Otto Bittner
da4e2521a9
ci: don't statically set PCR 5 (#1521)
This value can't be statically precomputed and leads to
warnings during runtime.
2023-03-24 17:08:39 +01:00
Otto Bittner
861bc84f94
cli: only apply upgrades on gcp/azure (#1518)
The constellation-operator currently doesn't support the
necessary operations for AWS, OpenStack and QEMU.
2023-03-24 17:07:14 +01:00
derpsteb
870182987c docs: update cli reference 2023-03-24 08:47:53 +01:00
renovate[bot]
52e85862b0
deps: update AWS SDK (#1508)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 18:40:06 +01:00
renovate[bot]
9b0ffa2737
deps: update io_bazel_rules_go digest to ea3cc4f (#1488)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-03-23 18:33:55 +01:00
Paul Meyer
e7fc541a57
bazel: add buf as protobuf formatter to //:tidy (#1511)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 18:08:49 +01:00
Otto Bittner
55067b12cd docs: explain how to change cluster measurements
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-23 18:08:18 +01:00
Otto Bittner
bb2b5e1bd1 cli: allow users to only upgrade measurements
In case only measurements are upgrades a confirmation is required.
Alternatively, the `yes` flag can be used.
2023-03-23 18:08:18 +01:00
3u13r
c21b32d440
fix measurement generator (#1510) 2023-03-23 17:44:30 +01:00
Paul Meyer
f7713df833
bazel: add golangci-lint to //:check target (#1494)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 17:27:09 +01:00
Paul Meyer
e92c08be31
bazel: use export_files instead of genrule (#1506)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 17:26:48 +01:00
Paul Meyer
41b966156b deps: update bazel to v6.1.0
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 12:20:36 -04:00
Moritz Eckert
feb23ea3da
ci: add unittests for the benchmark actions (#1466)
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2023-03-23 17:04:55 +01:00