Commit Graph

26 Commits

Author SHA1 Message Date
renovate[bot]
adf03ad76c
deps: update GitHub action dependencies (#3070)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-08 14:33:35 +02:00
Daniel Weiße
f6999084c9
terraform: set empty default value for additional_tags (#3052)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 10:27:46 +02:00
miampf
0c0d87aa4c
ci: Delete e2e terraform state (#2874) 2024-04-26 10:06:01 +00:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP (#3011)
* terraform: enable creation of SEV-SNP VMs on GCP

* variant: add SEV-SNP attestation variant

* config: add SEV-SNP config options for GCP

* measurements: add GCP SEV-SNP measurements

* gcp: separate package for SEV-ES

* attestation: add GCP SEV-SNP attestation logic

* gcp: factor out common logic

* choose: add GCP SEV-SNP

* cli: add TF variable passthrough for GCP SEV-SNP variables

* cli: support GCP SEV-SNP for `constellation verify`

* Adjust usage of GCP SEV-SNP throughout codebase

* ci: add GCP SEV-SNP

* terraform-provider: support GCP SEV-SNP

* docs: add GCP SEV-SNP reference

* linter fixes

* gcp: only run test with TPM simulator

* gcp: remove nonsense test

* Update cli/internal/cmd/verify.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/overview/clouds.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* linter fixes

* terraform_provider: correctly pass down CC technology

* config: mark attestationconfigapi as unimplemented

* gcp: fix comments and typos

* snp: use nonce and PK hash in SNP report

* snp: ensure we never use ARK supplied by Issuer (#3025)

* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* attestationconfigapi: add GCP to uploading

* snp: use correct cert

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP

* linter fixes

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2024-04-16 18:13:47 +02:00
Malte Poll
2300a31276 deps: update all 3rdparty github actions 2024-02-21 17:53:53 +01:00
Moritz Sanft
d5e4435e3d
ci: reduce amount of regular tests (#2885)
* .github: add e2e test to pr checklist

* ci: use sonobuoy quick where possible

* ci: run malicious join test on release

* ci: remove self managed infra test

* ci: remove non-example terraform test from weekly

* ci: run Sonobuoy full on the latest k8s version weekly

* ci: run weekly sonobuoy quick on all k8s versions

* ci: don't run double sonobuoy tests on latest k8s version
2024-02-01 15:05:07 +01:00
Daniel Weiße
64e5efb49d Fix evaluation statement
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Daniel Weiße
65d28f913f Allow starting e2e tests based on attestation variant instead of csp
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 (#2803)
undefined
2024-01-08 16:53:12 +01:00
Daniel Weiße
8c1972c335
ci: fix artifact upload in image build pipeline (#2765)
* Fix parameter expansion when uploading multiple files
* On download, ensure target directory exists
* Rename encryption-secret -> encryptionSecret
* Remove incorrect secret access from e2e test action
* Add missing checkout action to workflows using our download action
* Fix spacing
* Fix upload action uploading whole directory structure instead of target files
* Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-21 19:28:18 +01:00
renovate[bot]
dcf1b88a29
deps: update actions/checkout action to v4 (#2752)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 16:10:35 +01:00
miampf
a429ca50e7
ci: encrypt artifacts (#2567) 2023-12-20 14:17:49 +00:00
Daniel Weiße
724ee44466
ci: Terraform provider e2e tests (#2712)
* Refactor selfManagedInfra input to clusterCreation in e2e tests
* Run e2e test using terraform provider
* Allow insecure measurement fetching in Terraform provider
* Run Terraform provider test instead of module test in weekly runs

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-15 10:37:29 +01:00
Moritz Sanft
c15e4efef6
terraform: Azure Marketplace image support (#2651)
* terraform: add Azure marketplace variable

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* config: add Azure marketplace variable

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: use Terraform variables from config

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: pass down marketplace variable

* image: pad Azure images to 1GiB

* terraform: add version attribute to marketplace image

* semver: allow versions to be exported without prefix

* cli: boolean var to use marketplace images

* config: remove dive key

* dev-docs: add instructions on how to use marketplace images

* terraform: fix unit test

* terraform: only fetch image for non-marketplace images

* mpimage: refactor image selection

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] increase minor version for image build

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: ignore changes to source_image_reference on upgrade

* operator: add support for parsing Azure marketplace images

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* upgrade: fix imagefetcher call

* docs: add info about azure marketplace

* image: ensure more than 1GiB in size

* image: test to pad to 2GiB

* version: change back to v2.14.0-pre

* image: GPT-conformant image size padding

* [remove] increase version

* mpimage: inline prefix func

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: add marketplace image e2e test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] register workflow

* ci: fix workflow name

* ci: only allow azure test

* cli: add marketplace image input to interface

* cli: fix argument passing

* version: roll back to v2.14.0

* ci: add force-flag support

* Update docs/docs/overview/license.md

* Update dev-docs/workflows/marketplace-images.md

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-08 14:40:31 +01:00
Daniel Weiße
43f47cc5c5
ci: fix service accounts introduced by merge (#2652)
* Fix service accounts introduced my merge
* Remove GCP_E2E_PROJECT placeholders

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 10:54:58 +01:00
Daniel Weiße
97aea98e77
ci: update GCP service accounts for CI (#2629)
* Update CI to use different GCP project for e2e tests
* Update GCP image project service accounts
* Update default GCP bucket name for image builds

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-27 13:04:41 +01:00
Otto Bittner
46f563c7ca ci: call TCB upload step for AWS 2023-11-24 15:49:48 +01:00
Daniel Weiße
64a05b9dea
ci: correctly clean up resource in self-managed infra tests (#2637)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-23 13:08:39 +01:00
Moritz Sanft
fd72952738
checkout before selecting image (#2598)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-14 10:33:59 +01:00
Moritz Sanft
8e4feb7e2a
terraform: add Terraform module for Azure (#2566)
* add Azure Terraform module

* add maa-patching command to cli

* refactor release process

* factor out image fetching to own action

* add CI

* generate

* fix some unnecessary changes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use `constellation maa-patch` in ci

* insecure flag when using debug image

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only update maa url if existing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make node group zone optional on aws and gcp

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] register updated workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Revert "[remove] register updated workflow"

This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace.

* create MAA

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make maa-patching only run on azure

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add comment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* require node group zone for GCP and AWS

* remove unnecessary bazel action

* stamp version to correct file

* refer to `maa-patch` command in docs

* run Azure test in weekly e2e

* comment / naming improvements

* remove sa_account resource

* disable spellcheck ot use "URL"

* `create_maa` variable

* don't write maa url to config

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* default to nightly image

* use input ref and stream

* fix command check

* don't set region in weekly e2e call

* patch maa if url is not empty

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove `create_maa` variable

* remove binaries

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove undefined input

* replace invalid attestation URL error message

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* fix punctuation

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* skip hidden commands in clidocgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* enable spellcheck before code block

* move spellcheck trigger out of info block

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix workflow dependencies

* let image default to CLI version

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-11-13 18:46:20 +01:00
Otto Bittner
a19227cac9 s3proxy: initial e2e tests and workflows 2023-11-06 10:21:11 +01:00
Malte Poll
76d7d30245
ci: do not upload terraform logs (#2554) 2023-11-04 19:14:29 +01:00
Moritz Sanft
813405f080
ci: share e2e workflow (#2550)
* re-use workflow in internal LB e2e test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add self-managed infra workfloww

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-03 16:27:28 +01:00
Fabian Kammel
a879043f03 E2E Test CronJob (#117)
refactor e2e test into reusable action, so we can have manual & cron jobs. added cron for azure & gcp. failed jobs are reported to MS Teams.
2022-05-09 09:45:59 +02:00
Fabian Kammel
f8f5d20f5b E2E tests on Azure (#109) 2022-05-04 13:52:27 +02:00
Fabian Kammel
b841403f15 e2e test github action implementation. (#100)
e2e test implementation with GitHub actions on GCP
2022-05-03 11:15:53 +02:00