Commit Graph

92 Commits

Author SHA1 Message Date
Daniel Weiße
afb154ceb7
ci: add missing quotation marks for region flag + revert to northeurope (#2459)
* Add missing quotation marks for region flag
* Revert default Azure region to northeurope

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-16 16:20:32 +02:00
Malte Poll
e80e6076b4 ci: install nix together with Bazel 2023-10-12 14:42:24 +02:00
Daniel Weiße
ce2465c3c7
ci: use West US region for Azure e2e test until problems are resolved (#2414)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-06 11:43:02 +02:00
Moritz Sanft
f4b2d02194
ci: collect cluster metrics to OpenSearch (#2347)
* add Metricbeat deployment to debugd

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* set metricbeat debugd image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix k8s deployment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use 2 separate deployments

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only deploy via k8s in non-debug-images

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing tilde

* remove k8s metrics

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* unify flag

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add cloud metadata processor to filebeat

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: fix debugd logcollection (#2355)

* add missing keyvault access role

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bump logstash image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bump filebeat / metricbeat image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* log used image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use debugging image versions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* increase wait timeout for image upload

* add cloud metadata processor to filebeat

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix template locations in container

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix image version typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add filebeat / metricbeat users

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove user additions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update workflow step name

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only mount config files

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* document potential rc

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix IAM permissions in workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix AWS permissions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing workflow input

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* rename action

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* pin image versions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary workflow inputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add refStream input

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove inputs.yml dep

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* increase system metric period

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linkchecker

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-09-27 16:17:31 +02:00
Daniel Weiße
7aba42baa5
ci: add more filters to e2e failure OpenSearch links (#2358)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-26 13:17:59 +02:00
Moritz Sanft
8f549f0622
add sleep after nop test (#2350)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-09-21 10:13:59 +02:00
Moritz Sanft
0a28cdecb2
ci: add malicious join test (#2304)
* malicious node join test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add e2e build tag

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add namespaces to job apply

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix image and workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* build instructions in Dockerfile

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only print important flags

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use `malicious-join` namespace

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* build with bazel

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* order imports

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* test cases

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* various fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing quotes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Update e2e/malicious-join/malicious-join.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update e2e/malicious-join/malicious-join.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* use switch case

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* wip

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* various fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use workdir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add required permissions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove permissions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove packages: write permission at step

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* login to registry

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix log

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* source base lib

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix sourcing order

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* export after definition

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix script header

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* dont exit after -e flag has been set

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-09-15 17:21:42 +02:00
Moritz Sanft
60bf770e62
ci: logcollection to OpenSearch in non-debug clusters (#2080)
* refactor `debugd` file structure

* create `hack`-tool to deploy logcollection to non-debug clusters

* integrate changes into CI

* update fields

* update workflow input names

* use `working-directory`

* add opensearch creds to upgrade workflow

* make template func generic

* make templating func generic

* linebreaks

* remove magic defaults

* move `os.Exit` to main package

* make logging index configurable

* make templating generic

* remove excess brace

* update fields

* copy fields

* fix flag name

* fix linter warnings

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* remove unused workflow inputs

* remove makefiles

* fix command

* bazel: fix output paths of container

This fixes the output paths of builds within the container by mounting
directories to paths that exist on the host. We also explicitly set the
output path in a .bazelrc to the user specific path. The rc file is
mounted into the container and overrides the host rc.
Also adding automatic stop in case start is called and a containers
is already running.
Sym links like bazel-out and paths bazel outputs should generally work
with this change.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* tabs -> spaces

---------

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-21 08:01:33 +02:00
Paul Meyer
f604a8dfd2 e2e: upload TCB versions in verify test
The TCP versions are extracted from the MAA token, that itself is taken
from the verify command output. The configapi is adapted to directly
work on the MAA claims JSON.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-16 11:41:02 +02:00
Daniel Weiße
0dd62fc59d
ci: allow setting region/zone for e2e tests (#2205)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-10 12:53:40 +02:00
Paul Meyer
670c20b18c e2e: cleanup test inputs
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-09 18:42:04 +02:00
Paul Meyer
e466ce2f26 e2e: detect changing idKeyDigests on azure
by setting the Azure SNP enforcement policy to equal in the weekly e2e.
The run should fail when there are unexpected ID Key digests used.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-09 16:45:42 +02:00
Paul Meyer
29dcb72bea e2e: remove existingConfig field
The existingConfig field is always set to true during create, as we use
the IAM create step to generate the config in all cases. Accordingly,
secret injection into config isn't needed anymore in create.
This fixes a bug where other parameters like Kubernetes version and
cluster name wouldn't be injected into the config due to existingConfig
being true.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-09 12:36:36 +02:00
Paul Meyer
eb2f3c3021 ci: verify all pods in verify e2e
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-08 18:46:13 +02:00
Adrian Stobbe
9dcad0ed16
fix upgrade test by only setting nodeGroup for >v2.9 (#2176) 2023-08-07 11:02:00 +02:00
Moritz Sanft
af05e17f49
ci: keep embedded measurements if stable image is used (#2109)
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-08-04 09:43:32 +02:00
Otto Bittner
ef404b5839
ci: use us-east-2 for e2e tests (#2091)
We have much higher quotas there and thus don't need to wait for
the increase in eu-west-1.
2023-07-12 10:51:52 +02:00
Daniel Weiße
90dbeae16b
cli: fix duplicate backup creation during upgrade apply (#1997)
* Use CLI to fetch measurements in e2e test

* Abort helm service upgrade early if user confirmation is missing

* Add container push to CLI build action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-03 15:13:36 +02:00
renovate[bot]
576b48c8b7
deps: update GitHub action dependencies (#1848)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-03 08:19:10 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP as new variant (#1900)
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP

For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
2023-06-09 15:41:02 +02:00
Malte Poll
025d34a259
ci: fix docker-login on macOS runner (#1877) 2023-06-06 12:20:09 +02:00
3u13r
e0285c122e
todo responsibilities and cleanup (#1837)
* chore: add TODO responsibilities

* chore: remove not needed TODOs

* chore: remove outdated migrations

* chore: remove resolved goleak exception

* chore: remove not needed cosign env

* config: add link to our Azure snp docs
2023-06-01 12:33:06 +02:00
Malte Poll
a1ec899171 ci: use enterprise cli for e2e tests 2023-05-31 14:00:00 +02:00
Malte Poll
dc9b3c1937
ci: run e2e tests as last step of release pipeline (#1793) 2023-05-22 09:22:00 +02:00
Malte Poll
635b98a34f
ci: rename all usages of bazel push target from //:push to //bazel/release:push (#1701) 2023-04-28 09:26:15 +02:00
Moritz Sanft
261fe611a9
ci: add Terraform logging (#1665)
* enable Terraform logging

* change to debug level

* rename artifact

* add name suffix

* remove blank line
2023-04-27 14:03:49 +02:00
Malte Poll
dc5e6f30a9
ci: login to container registry before pushing containers (#1676) 2023-04-21 11:05:08 +02:00
Malte Poll
19ff132ee8 ci: upload container images when running e2e tests 2023-04-18 15:35:15 +02:00
Paul Meyer
4020e7840a ci: always use tee -a instead of redirecting
into GITHUB_OUTPUT

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 12:08:42 +02:00
Paul Meyer
0b3190ea8b
ci: fix naming issues (#1662)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-15 19:24:48 +02:00
Paul Meyer
76979136de ci: refactor artifact and resource naming
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-14 13:12:39 +02:00
Paul Meyer
dea41bd1ed
ci: refactor e2e test failure notifications (#1625)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-12 16:06:26 +02:00
Moritz Sanft
6ba294e175
ci: separate e2e permissions (#1555)
* split e2e test iam create / create perms

* remove global Azure credentials

* remove unnecessary azure actions

* use UUID

* fix e2e upgrade test

* rename create inputs

* remove continue-on-error for resource deletion

* de-exclude verify test

* fix exclude

* fix release e2e test

---------

Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2023-04-12 13:24:13 +02:00
Paul Meyer
00efc30e24
ci: fix empty image input of verify e2e on release (#1604)
* ci: fix empty image input of verify e2e on release
* ci: increase parallelism of e2e release workflow

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-04 10:47:26 +02:00
Paul Meyer
24f974de66 ci: run e2e test manual on last release
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 10:54:59 -04:00
Otto Bittner
cac43a1dd0 ci: add e2e-upgrade test
The test is implemented as a go test.
It can be executed as a bazel target.
The general workflow is to setup a cluster,
point the test to the workspace in which to
find the kubeconfig and the constellation config
and specify a target image, k8s and
service version. The test will succeed
if it detects all target versions in the cluster
within the configured timeout.
The CI automates the above steps.
A separate workflow is introduced as there
are multiple input fields to the test.
Adding all of these to the manual e2e test
seemed confusing.

Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-03-23 14:57:38 +01:00
renovate[bot]
9a9688583d
deps: update aws-actions/configure-aws-credentials action to v2 (#1445)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-21 10:56:30 +01:00
Malte Poll
c3c0940adb
bazel: use remote caching (#1456)
* bazel: add configuration for remote caching
* ci: enable bazel remote caching for building binaries
* ci: use bazel directly when building go binaries
* ci: enable cache for most build steps
* dev-docs: document remote caching
2023-03-20 16:05:08 +01:00
Nils Hanke
914eacb4a3
e2e: use macOS for building Linux artifacts and remove caching steps (#1446) 2023-03-20 11:04:44 +01:00
Malte Poll
3d0ad0b8e1
ci: move aws iam create test to less utilized zone (#1350) 2023-03-07 09:32:26 +01:00
Moritz Eckert
29664fc481 ci: upload benchmark results to opensearch
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-03 09:43:49 +01:00
Moritz Eckert
6fbca2818f ci: replace k-bench in e2e-test-manual 2023-03-03 09:43:49 +01:00
Moritz Eckert
0481c039f7 ci: add kubestr and knb based e2e_benchmark action
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-03 09:43:49 +01:00
renovate[bot]
30f53f78d0
deps: update GitHub action dependencies (#1239)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 13:49:47 +01:00
Moritz Sanft
0ba810240f
ci: integrate automatic iam creation in e2e test (#1158)
* integrate automatic iam creation in e2e test

* fix typo

* break long line comments

* fix semvers

* correct bracing
2023-02-21 12:47:14 +01:00
renovate[bot]
7500112d37
deps: update GitHub action dependencies (#1201)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-15 14:47:42 +01:00
renovate[bot]
bec82c2328
deps: update GitHub action dependencies (#1112)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:38:44 +01:00
Moritz Sanft
cb894e5df5
ci: fix Constellation recover e2e test (#1081)
* AB#2859 wait for cp to recover

* AB#2859 remove unnecessary inputs & echo
2023-01-27 15:53:53 +01:00
Malte Poll
ee869eaf9c ci: prepare upgrade-agent for upload in e2e tests 2023-01-25 09:58:56 +01:00
Moritz Sanft
ae2db08f3a
ci: add e2e test for constellation recover (#845)
* AB#2256 Add recover e2e test

* AB#2256 move test & fix minor objections

* AB#2256 fix path

* AB#2256 rename hacky filename
2023-01-19 10:41:07 +01:00