Adrian Stobbe
a2de1d23ec
terraform-provider: add attestation data source ( #2640 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 17:30:11 +01:00
Moritz Sanft
03c5692fdd
ci: use given image if set ( #2655 )
...
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-28 14:34:02 +01:00
Daniel Weiße
ca89a31f46
ci: only run verify with JSON output on v2.14 or newer ( #2649 )
...
* Only run verify with JSON output on v2.14 or newer
* Dont upload TCB version for AWS on v2.13
* Remove workaround for CLI not yet support apply to initialize clusters
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 14:31:27 +01:00
Thomas Tendyck
960118dc00
config: remove AWS SNP warning
2023-11-28 14:26:40 +01:00
Daniel Weiße
3bc25cdd8f
ci: add notify hook to Terraform module test ( #2653 )
...
* Enable notification on tf module e2e test failure
* Dont try to change fields with no value
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 14:14:18 +01:00
Daniel Weiße
43f47cc5c5
ci: fix service accounts introduced by merge ( #2652 )
...
* Fix service accounts introduced my merge
* Remove GCP_E2E_PROJECT placeholders
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 10:54:58 +01:00
Daniel Weiße
45f6eec0d0
ci: add missing shell in notify action ( #2646 )
...
* Add missing shell
* Remove old teams notify action
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-11-28 09:41:01 +01:00
Daniel Weiße
97aea98e77
ci: update GCP service accounts for CI ( #2629 )
...
* Update CI to use different GCP project for e2e tests
* Update GCP image project service accounts
* Update default GCP bucket name for image builds
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-27 13:04:41 +01:00
Adrian Stobbe
98673b0983
ci: only generate lock files where provider is used ( #2636 )
2023-11-27 12:16:45 +01:00
derpsteb
bff65d563b
image: update measurements and image version
2023-11-27 10:57:21 +01:00
edgelessci
2fc82874b7
image: update locked rpms ( #2645 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-11-27 09:01:16 +01:00
Moritz Sanft
34bf3ad296
terraform-provider: add image datasource ( #2642 )
...
* terraform-provider: init
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: add basic docgen
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: fix build steps
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: extend build process and docgen
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* dev-docs: document provider usage
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* bazel: upload aspect lib mirror
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: don't try to create lockfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* bazel: fix shellcheck issues
* bazel: separate paths to check
* terraform-provider: clean up old files
* terraform-provider: update provider resource
* terraform-provider: add image data source
* dev-docs: remove unnecessary init
* bazel: adhere to Terraform naming expectations
* terraform-provider: fix expected data type
* terraform-provider: generate docs
* terraform-provider: improve errors
* terraform-provider: add acceptance tests for data source
* terraform-provider: fix dependencies
* bazel: quote var reference
* terraform-provider: make region optional
* terraform-provider: bind imagefetcher to data source
* bazel: tidy
* terraform-provider: remove unused parameter
* terraform-provider: remove unused parameter
* terraform-provider: extend acceptance tests
* terraform-provider: allow tests to be ran without Bazel
* dev-docs: document testing
* terraform-provider: set binary path accordingly
* dev-docs: document docgen process for the provider
* bazel: run acceptance test in writable environment
* bazel: try to write to `$TMPDIR`
* terraform-provider: style nits
* terraform-provider: leave TODO
* bazel: tidy
* terraform-provider: regenerate docs
* terraform-provider: fix comment
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-27 09:00:08 +01:00
Markus Rudy
42f0aa8eb1
state: fix whitespace issue in generated docs
2023-11-27 08:35:54 +01:00
Moritz Sanft
9a62657b80
terraform-provider: init provider scaffolding ( #2632 )
...
* terraform-provider: init
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: add basic docgen
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: fix build steps
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: extend build process and docgen
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* dev-docs: document provider usage
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* bazel: upload aspect lib mirror
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* bazel: add docstring to fix linter
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: don't try to create lockfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* bazel: fix shellcheck issues
* bazel: separate paths to check
* bazel: explain what updating lockfiles means
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: fix linter checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-24 15:58:21 +01:00
Otto Bittner
2b199fd9b1
docs: explain config options for AWS SNP
2023-11-24 15:49:48 +01:00
Otto Bittner
46f563c7ca
ci: call TCB upload step for AWS
2023-11-24 15:49:48 +01:00
Otto Bittner
257eb5370f
config: only fetch TCB values from api if wanted
...
If no TCB value is set to `latest`, the fetcher is now no
longer called.
2023-11-24 15:49:48 +01:00
Otto Bittner
67348792dc
api: add support to upload AWS TCB values
...
The attestationconfig api CLI now uploads SNP TCB
versions for AWS.
2023-11-24 15:49:48 +01:00
Otto Bittner
4813fcfdb6
config: fetch latest AWS TCB values
2023-11-24 15:49:48 +01:00
Otto Bittner
350397923f
api: refactor attestationconfigapi client/fetcher
...
There is now one SEVSNPVersions type that has a variant
property. That property is used to build the correct JSON
path. The surrounding methods handling the version objects
are also updated to receive a variant argument and work
for multiple variants. This simplifies adding AWS support.
2023-11-24 15:49:48 +01:00
Otto Bittner
5542f9c63c
api: refactor attestationcfgapi cli
...
The cli now takes CSP and object kind as argument.
Also made upload an explicit command and the report
path/version an argument.
Previously the report was a flag. The CSP was hardcoded.
There was only one object kind (snp-report).
2023-11-24 15:49:48 +01:00
Otto Bittner
84d8bd8110
verify: query vlek ASK from KDS if not set
...
The user can choose to supply an intermediate
certificate through the config, like they can
for the root key. If none is supplied,
the KDS is queried for a valid ASK.
2023-11-24 15:49:48 +01:00
Otto Bittner
07eed0e319
attestation: use SNP-based attestation for AWS SNP
2023-11-24 15:49:48 +01:00
Otto Bittner
cdc91b50bc
verify: move CSP-specific code to internal/verify
...
With the introduction of SNP-based attestation on AWS
some of the information in the report (MAAToken) is not
applicable to all attestation reports anymore.
Thus, make verify cmd CSP-agnostic and move
CSP-specific logic to internal/verify.
Also make internal/attestation/snp CSP aware.
2023-11-24 15:49:48 +01:00
Otto Bittner
59b096e279
cli: use new instance info struct in verify
...
This ensure that issuer and verify (as consumer)
use the same types for marshalling/unmarshalling.
2023-11-24 15:49:48 +01:00
Otto Bittner
5ce55e3449
attestation: add snp package
...
The package holds code shared between SNP-based
attestation implementations on AWS and Azure .
2023-11-24 15:49:48 +01:00
3u13r
635a5d2c0a
Fix Konnectivity migration ( #2633 )
...
* helm: let cilium upgrade jump minor versions
* cli: reconcile kubeadm cm to not have konnectivity
2023-11-24 12:28:37 +01:00
katexochen
949186e5d7
image: update measurements and image version
2023-11-24 12:06:03 +01:00
Thomas Tendyck
b94a971d8e
docs: fix deploy preview and some links
2023-11-23 22:43:10 +01:00
Markus Rudy
d3b542d781
rfc: add numeric ids to existing RFCs ( #2638 )
...
* rfc: add numeric ids to existing RFCs
2023-11-23 17:53:38 +01:00
3u13r
0564e4ebb4
dev-docs: add on-prem terraform to vpn setup ( #2619 )
...
* vpn: add fake-on-prem infra
* dev-docs: move vpn helm
2023-11-23 16:13:37 +01:00
Moritz Sanft
c922864f30
fetcher: respect HTTP(S)_PROXY environment variable ( #2635 )
2023-11-23 14:42:13 +01:00
Markus Rudy
d599b80b2a
license: enable Bazel-based integration testing
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-11-23 13:48:54 +01:00
Markus Rudy
b0702cd033
ci: execute integration tests with Bazel, where possible
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-11-23 13:48:54 +01:00
Markus Rudy
6cfc80454a
license: dedicated module for integration test
...
The integration test for the license module depends on network
connectivity and should be Bazel-tagged as such. Since the unit tests do
not have a network dependency, we should not apply the tag to those. The
easiest way to do this in a Gazelle-compliant way is to move the
integration test into its own module.
2023-11-23 13:48:54 +01:00
Daniel Weiße
64a05b9dea
ci: correctly clean up resource in self-managed infra tests ( #2637 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-23 13:08:39 +01:00
Moritz Sanft
310960fb4d
rfc: Terraform provider ( #2613 )
...
* rfc: Terraform provider
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix typo
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* rfc: annotate fields that force recreation
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* reword "cluster applying"
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* rfc: resembles -> declares
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* rfc: connect dangling sentence
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* rfc: indicate sensitive state
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* rfc: warn about PVs on recreation
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* rfc: idempotent -> nilpotent
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* rfc: reword deletion
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* rfc: mention resource outputs
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-11-23 10:58:26 +01:00
Adrian Stobbe
ed22137edb
ci: notify with GH issue + project item on e2e failure ( #2607 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-11-22 17:45:50 +01:00
Markus Rudy
284c7e99d1
docs: add Helm chart for VPN connectivity ( #2577 )
...
Co-authored-by: 3u13r <lc@edgeless.systems>
2023-11-22 15:08:11 +01:00
Moritz Sanft
968cdc1a38
cli: move cli/internal
libraries ( #2623 )
...
* cli: move internal packages
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* cli: fix buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* bazel: fix exclude dir
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* cli: move back libraries that will not be used by TF provider
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-22 14:52:56 +01:00
Malte Poll
d3ce6ffcc1
deps: update module github.com/hashicorp/* ( #2626 )
2023-11-22 09:35:00 +01:00
Adrian Stobbe
9af514d08e
fix panic in status cmd ( #2625 )
2023-11-22 08:31:37 +01:00
Adrian Stobbe
0c1e6e97e4
fix unsupported qemu in tests on mac ( #2627 )
2023-11-22 08:30:52 +01:00
Daniel Weiße
a6cf387a24
docs: update screencasts to use apply command ( #2624 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-21 16:03:11 +01:00
renovate[bot]
71dc5170a7
deps: update golang Docker tag to v1.21.4 ( #2587 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-11-21 13:43:26 +01:00
renovate[bot]
6b2e41fcde
deps: update Terraform aws to v5.26.0 ( #2579 )
...
* deps: update Terraform aws to v5.26.0
* deps: tidy all modules
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-11-21 11:24:31 +01:00
Malte Poll
73eba88c70
Revert "deps: update rules_oci to 1.4.2 ( #2616 )" ( #2618 )
...
This reverts commit 52f7afe6e5
.
2023-11-20 16:18:15 +01:00
Daniel Weiße
807824bf79
ci: remove dash from create action ( #2617 )
...
* remove dash
* fix flags parsing
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-20 15:19:45 +01:00
edgelessci
60921fcc14
image: update locked rpms ( #2614 )
...
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-11-20 14:19:26 +01:00
Malte Poll
52f7afe6e5
deps: update rules_oci to 1.4.2 ( #2616 )
2023-11-20 14:19:05 +01:00