Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-03-02 03:40:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,574 Commits 144 Branches 50 Tags
a9d298890c
Commit Graph

805 Commits

Author SHA1 Message Date
Malte Poll
f7f11c32f8
image: choose unique AWS image names based on the attestation variant () 2023-06-06 08:35:26 +02:00
Adrian Stobbe
99a88c033c
api: use new signature JSON format () 
* use new impl for client.UploadAzureSEVSNP

* fix: fetcher must parse new signature format

* version-file is not persistentflag

* fix fetcher tests
 2023-06-05 16:10:44 +02:00
Otto Bittner
fa01569cc6
staticupload: don't request empty invalidation () 
If no files have been touched, do not initiate an invalidation.
 2023-06-05 15:47:33 +02:00
Otto Bittner
06cd750345
config: move all config types into file config.go () 
docgen only includes doc comments from one single file in
it's output. Therefore all config types need to be located in config.go
 2023-06-05 15:46:55 +02:00
Adrian Stobbe
c446f36b0f
config: Azure SNP tool can delete specific version from attestation API () 
* client supports delete version

* rename to new attestation / fetcher naming

* add delete command to upload tool

* test client delete

* bazel update

* use general client in attestation client

* Update hack/configapi/cmd/delete.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* daniel feedback

* unit test azure sev upload

* Update hack/configapi/cmd/delete.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* add client integration test

* new client cmds use apiObject

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-06-05 12:33:22 +02:00
Otto Bittner
315b6c2f01
api: use correct error types in versions/cli () 
Imported wrong error types during refactoring.
 2023-06-05 10:51:05 +02:00
Otto Bittner
6bda62d397
cli: skip k8s upgrade in case of outdated version () 
If an unsupported, outdated k8s patch version is used,
the user should still be able to run upgrade apply.
 2023-06-05 09:13:02 +02:00
edgelessci
b2527d314e
image: update measurements and image version () 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2023-06-02 16:06:34 +02:00
Adrian Stobbe
a813760f96
config: automatically upload new Azure SNP versions to API + sign version with release key () 
* sign version with release key and remove version from fetcher interface
* extend azure-reporter GH action to upload updated version values to the Attestation API
 2023-06-02 12:10:22 +02:00
Malte Poll
e1d3afe8d4
ci: use aws s3 client that invalidates cloudfront cache for places that modify Constellation api () 2023-06-02 11:20:01 +02:00
edgelessci
7ef7f09dda
image: update measurements and image version () 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-06-02 10:13:22 +02:00
Otto Bittner
30f2b332b3
api: restructure api pkg () 
* api: rename AttestationVersionRepo to Client
* api: move client into separate subpkg for
clearer import paths.
* api: rename configapi -> attestationconfig
* api: rename versionsapi -> versions
* api: rename sut to client
* api: split versionsapi client and make it public
* api: split versionapi fetcher and make it public
* config: move attestationversion type to config
* api: fix attestationconfig client test

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
 2023-06-02 09:19:23 +02:00
Adrian Stobbe
b51cc52945
config: sign Azure versions on upload & verify on fetch () 
* add SignContent() + integrate into configAPI

* use static client for upload versions tool; fix staticupload calleeReference bug

* use version to get proper cosign pub key.

* mock fetcher in CLI tests

* only provide config.New constructor with fetcher

Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-06-01 13:55:46 +02:00
3u13r
e0285c122e
todo responsibilities and cleanup () 
* chore: add TODO responsibilities

* chore: remove not needed TODOs

* chore: remove outdated migrations

* chore: remove resolved goleak exception

* chore: remove not needed cosign env

* config: add link to our Azure snp docs
 2023-06-01 12:33:06 +02:00
edgelessci
13ffb93ad8
image: update measurements and image version () 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-06-01 10:45:25 +02:00
Malte Poll
c5e016a8e2 attestation: allow measurement generator to work regardless of build tags 2023-05-31 14:00:00 +02:00
Malte Poll
8a851c8f39 cli: dynamically select signature validation pubkey for release and pre-release artifacts 2023-05-31 14:00:00 +02:00
renovate[bot]
ada66a64a1
deps: update Kubernetes versions () 
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-05-30 16:36:07 +02:00
renovate[bot]
b041344331
deps: update registry.k8s.io/autoscaling/cluster-autoscaler Docker tag to v1.27.2 () 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-05-30 15:10:51 +02:00
renovate[bot]
c50c5e69d9
deps: update K8s constrained Azure versions () 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-05-30 14:36:37 +02:00
Malte Poll
29b93065b3
ci: static file uploader with automatic cache invalidation () 2023-05-30 13:48:29 +02:00
miampf
8686c5e7e2
bootstrapper: collect journald logs on failure () 2023-05-30 11:47:36 +00:00
Moritz Sanft
6d5e7e1f7c
cli: support StackIT provider on config generate () 
* support stackit provider on config generate

* update cli reference

* default config values

* deploy csi driver

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

---------

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
 2023-05-30 09:02:50 +02:00
Moritz Sanft
a0dea7e69b
make imagefetcher visible to all subpackages () 2023-05-26 12:05:02 +02:00
3u13r
661f084ffa
cli: use uami for in-cluter authentication () 2023-05-26 11:45:03 +02:00
renovate[bot]
9502bc8ff4
deps: update K8s constrained GCP versions () 
* deps: update K8s constrained GCP versions

* deps: bump autoscaler image to 1.27

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-05-26 11:24:12 +02:00
Adrian Stobbe
0a6e5ec02e
config: dynamic attestation configuration through S3 backed API () 2023-05-25 17:43:44 +01:00
Malte Poll
217a744606 image: add go code to upload image info and measurements 2023-05-25 15:01:15 +02:00
Malte Poll
b8751f35f9 image: add intermediate "image" verb to upload tool 2023-05-25 15:01:15 +02:00
Malte Poll
0a7349ca41 attestation: merging of ImageMeasurementsV2 2023-05-25 15:01:15 +02:00
Malte Poll
874c4b76cf versionsapi: merging of ImageInfo 2023-05-25 15:01:15 +02:00
Malte Poll
d0e53cbb59 cli: image info (v2) 2023-05-25 15:01:15 +02:00
Malte Poll
cd7b116794 cli: image measurements (v2) 2023-05-25 15:01:15 +02:00
Malte Poll
e5b394db87 cli: image measurements (v2) 2023-05-25 15:01:15 +02:00
Malte Poll
9a1ee8697e osimage: advertise SEV SNP support for gcp images 2023-05-25 15:01:15 +02:00
Leonard Cohnen
c98644df2b ci: use bazel for unittests 2023-05-23 15:11:10 +02:00
Malte Poll
c1dbbf34c3 cryptsetup: Provide implementation without cgo 2023-05-23 13:44:56 +02:00
renovate[bot]
66ff0b0b78
deps: update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.27.1 () 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-05-23 13:30:38 +02:00
3u13r
6062b10035
cli: split image into oss and enterprise () 2023-05-23 10:49:47 +02:00
Adrian Stobbe
cfef384f36
config: support latest as version value for Azure SEVSNP () 
* support latest as version value
 2023-05-23 08:55:49 +01:00
Moritz Sanft
c69e6777bd
cli: Terraform migrations on upgrade () 
* add terraform planning

* overwrite terraform files in upgrade workspace

* Revert "overwrite terraform files in upgrade workspace"

This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0.

* prepare terraform workspace

* test upgrade integration

* print upgrade abort

* rename plan file

* write output to file

* add show plan test

* add upgrade tf workdir

* fix workspace preparing

* squash to 1 command

* test

* bazel build

* plan test

* register flag manually

* bazel tidy

* fix linter

* remove MAA variable

* fix workdir

* accept tf variables

* variable fetching

* fix resource indices

* accept Terraform targets

* refactor upgrade command

* Terraform migration apply unit test

* pass down image fetcher to test

* use new flags in e2e test

* move file name to constant

* update buildfiles

* fix version constant

* conditionally create MAA

* move interface down

* upgrade dir

* update buildfiles

* fix interface

* fix createMAA check

* fix imports

* update buildfiles

* wip: workspace backup

* copy utils

* backup upgrade workspace

* remove debug print

* replace old state after upgrade

* check if flag exists

* prepare test workspace

* remove prefix

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* respect file permissions

* refactor tf upgrader

* check workspace before upgrades

* remove temp upgrade dir after completion

* clean up workspace after abortion

* fix upgrade apply test

* fix linter

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
 2023-05-22 13:31:20 +02:00
edgelessci
87b9d85669
image: update measurements and image version () 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-05-19 18:17:53 +02:00
edgelessci
2754d7817d
image: update measurements and image version () 
Co-authored-by: 3u13r <3u13r@users.noreply.github.com>
 2023-05-17 19:39:32 +02:00
Adrian Stobbe
f99e06b63b
cli: new flag to set the attestation type for config generate () 
* add attestation flag to specify type in config
 2023-05-17 16:53:56 +02:00
Moritz Eckert
6252193879 cli: deploy cinder as OpenStack CSI plugin 2023-05-17 15:20:39 +02:00
Daniel Weiße
1d5af5f0f4 Rebase fixes 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-17 11:37:26 +02:00
Nils Hanke
e80474ff7f oid: add missing String() for QEMUTDX 2023-05-17 11:37:26 +02:00
Daniel Weiße
c478df36fa Add TDX bazel files 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-17 11:37:26 +02:00
Nils Hanke
9e987778e0 measurements: Add length field for WithAllBytes 2023-05-17 11:37:26 +02:00
Nils Hanke
fe3622d982 cli/attestation: use const for PCR/TDX lengths 2023-05-17 11:37:26 +02:00