Commit Graph

70 Commits

Author SHA1 Message Date
Daniel Weiße
aa3ac82408
Add a bit more logging to attestation and join-service on error (#1076)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-01-26 11:24:29 +01:00
Paul Meyer
94c0184e4d ci: add workflow for proto code generation check
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-23 12:20:37 +01:00
Paul Meyer
a8cbfd848f
keyservice: use dash in container name (#1016)
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-01-20 18:51:06 +01:00
Daniel Weiße
690b50b29d
dev-docs: Go package docs (#958)
* Remove unused package

* Add Go package docs to most packages

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-01-19 15:57:50 +01:00
Otto Bittner
90b88e1cf9 kms: rename kms to keyservice
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
2023-01-16 11:56:34 +01:00
Paul Meyer
d0e9f427d1
deps: update Go to v1.19.5 (#949)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-12 13:36:17 +01:00
renovate[bot]
78fd2abc5f
Update gcr.io/distroless/static Docker digest to ea2ed73 (#920)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-10 07:59:58 +01:00
Leonard Cohnen
3637909a46 internal: move components into their own package 2023-01-09 12:16:54 +01:00
renovate[bot]
200a7e7b92
Update gcr.io/distroless/static Docker digest to be8c71d (#892)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 14:34:48 +01:00
renovate[bot]
3c2dd8f3cd
Update gcr.io/distroless/static Docker digest to 764a31e (#873)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 12:08:24 +01:00
3u13r
f14af0c3eb
upgrade: support Kubernetes components (#839)
* upgrade: add Kubernetes components to NodeVersion

* update rfc
2023-01-03 12:09:53 +01:00
3u13r
0297aed1ea
join: deprecate components migration fallback (#833) 2022-12-29 14:51:26 +01:00
renovate[bot]
67459128c8
Update gcr.io/distroless/static Docker digest to 5b2fa76 (#824)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-28 14:54:05 +01:00
3u13r
d1195d1d5f
join: make Azure instance names k8s compliant (#807)
join: make Azure instance names k8s compliant
2022-12-23 18:59:15 +01:00
renovate[bot]
868d911918
Update fedora:37 Docker digest to 99aa891 (#797)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-14 10:38:00 +01:00
3u13r
c993cd6800
join: synchronize control plane joining (#776)
* join: synchronize control plane joining
2022-12-09 18:30:20 +01:00
Leonard Cohnen
a1161ae05d k8supdates: label nodes with k8s component hash 2022-12-08 11:19:22 +01:00
Paul Meyer
3cc2a714a4
dependencies: upgrade to Go v1.19.4 (#732)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-07 14:27:43 +01:00
Leonard Cohnen
0c71cc77f6 joinservice: use configmap for k8s components 2022-12-02 14:34:38 +01:00
Otto Bittner
6b2d9d16f8 Remove obsolote revive comments 2022-11-23 08:35:12 +01:00
Otto Bittner
1362e40f53
Surpress argument-limit errors and add TODO. (#603) 2022-11-21 17:31:01 +01:00
Malte Poll
9d4172002c Upgrade container images to Fedora 37 2022-11-18 10:37:45 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code (#504)
* Rename Metadata->Cloud

* Remove unused methods, functions, and variables

* More privacy for testing stubs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API (#477)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 09:08:18 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency (#533)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-14 09:02:56 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. (#475)
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API (#387)
* Refactor GCP metadata/cloud API

* Remove cloud controller manager from metadata package

* Remove PublicIP

* Move shared cloud packages

* Remove dead code

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-09 14:43:48 +01:00
Leonard Cohnen
152978045c docker: cache go compiler 2022-11-07 16:17:28 +01:00
renovate[bot]
da3fe3de94
Update gcr.io/distroless/static Docker digest to ebd8cc3 (#448)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 11:52:06 +01:00
renovate[bot]
44b1a92d6b
Update fedora Docker digest to 455fec9 (#447)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Nirusu <Nirusu@users.noreply.github.com>
2022-11-04 11:49:41 +01:00
Leonard Cohnen
3aa0177333 join-service: add AWS attestation 2022-11-02 23:29:04 +01:00
Nils Hanke
6d2ec109d0 Update to Go 1.19.3 2022-11-02 11:53:52 +01:00
Leonard Cohnen
7a6a0766e8 undefine more -v flags due to glog 2022-10-30 22:13:58 +01:00
Leonard Cohnen
477a06789f update grpc 2022-10-21 13:28:03 +02:00
Malte Poll
743f5fa627 Remove all traces of CoreOS from the codebase 2022-10-21 11:04:25 +02:00
renovate[bot]
5a95fbee0e
Update gcr.io/distroless/static Docker digest to f6ba6e4 (#243)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-17 14:58:02 +02:00
katexochen
39341e5f6b Fix CLI version injection in cmake 2022-10-12 11:04:07 +02:00
Nils Hanke
803209b12b
Update Go to 1.19.2 (#219) 2022-10-06 19:31:12 +02:00
katexochen
53c8c9e9a6 Update proto files to v2 2022-09-22 09:10:19 +02:00
katexochen
ba6e41ed5c Upgrade go module to v2 2022-09-22 09:10:19 +02:00
Nils Hanke
c51dec6d00 Use distroless images for JoinService & KMS 2022-09-09 18:11:33 +02:00
Nils Hanke
0949393dbb Update build environment to Fedora 36 & Go 1.19.1 2022-09-09 18:11:33 +02:00
Nils Hanke
9bedaf20ea Use CMake project version across all places & remove obsolete build tags 2022-09-09 15:33:16 +02:00
Malte Poll
38f461fdee join-service: do not check if kubernetes version is valid
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Malte Poll
57e77ee53f kubernetes version: rename latest -> default
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Otto Bittner
405db3286e AB#2386: TrustedLaunch support for azure attestation
* There are now two attestation packages on azure.
The issuer on the server side is created base on successfully
querying the idkeydigest from the TPM. Fallback on err: Trusted Launch.
* The bootstrapper's issuer choice is validated by the CLI's validator,
which is created based on the local config.
* Add "azureCVM" field to new "internal-config" cm.
This field is populated by the bootstrapper.
* Group attestation OIDs by CSP (#42)
* Bootstrapper now uses IssuerWrapper type to pass
the issuer (and some context info) to the initserver.
* Introduce VMType package akin to cloudprovider. Used by
IssuerWrapper.
* Extend unittests.
* Remove CSP specific attestation integration tests

Co-authored-by: <dw@edgeless.systems>
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-05 12:03:48 +02:00
Thomas Tendyck
bd63aa3c6b add license headers
sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'`
gofumpt -w .
2022-09-05 09:17:25 +02:00
katexochen
5d63150bed Silence wget output 2022-09-02 15:20:25 +02:00
Moritz Eckert
b95f3dbc91
Add docs to repo (#38) 2022-09-02 11:52:42 +02:00
Otto Bittner
7c5556864b AB#2333: Add AMD SNP-based attestation
Currently only available on Azure CVMs.

* Get the public attestation key from the TPM.
* Get the snp report from the TPM.
* Get the VCEK and ASK certificate from the metadata api.
* Verify VCEK using hardcoded root key (ARK)
* Verify SNP report using VCEK
* Verify HCLAkPub using SNP report by comparing
AK with runtimeData
* Extend unittest

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:29:33 +02:00