Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-23 07:20:37 -04:00
Code Issues Projects Releases Packages Wiki Activity
4721 commits 147 branches 55 tags 113 MiB
Commit graph

29 commits

Author SHA1 Message Date
renovate[bot]
f62d2528ef
deps: update Terraform dependencies (#3803) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-05-06 08:45:28 +02:00
renovate[bot]
66de14b9a4
deps: update Terraform dependencies (#3769) 
* deps: update Terraform dependencies

* terraform: fix provider lock file entries

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
 2025-04-23 10:43:14 +02:00
renovate[bot]
db63cd1659
deps: update Terraform dependencies (#3749) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-10 11:45:21 +02:00
renovate[bot]
ebc962ad68
deps: update Terraform dependencies (#3732) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-02 13:19:18 +02:00
renovate[bot]
4dab6759bb
deps: update Terraform dependencies (#3716) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-03-27 21:34:15 +01:00
Leonard Cohnen
66815a4a47
gcp: support projects with no default permissions (#3656) 
* helm/gcp: use service account in operator and joinservice

* helm: format operator testdata

* terraform/iam: create additional service account for VMs

This service account is used in the following commits and is attached to the VMs

* config: pass VM service account from iam create to cluster create via config

* cli/iamcreate: limit name prefix length

* docs: add minimal gcp IAM permissions
 2025-03-25 14:13:38 +01:00
miampf
3cc930fa97
feat: implement RFC 16 to allow emergency node access (#3557) 2025-03-25 11:28:48 +00:00
renovate[bot]
60604fdc5e
deps: update Terraform dependencies (#3665) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-28 09:38:28 +01:00
renovate[bot]
148cb1e150
deps: update Terraform dependencies (#3637) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-21 11:33:25 +01:00
renovate[bot]
3f702ecda9
deps: update Terraform google to v6.17.0 (#3614) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-22 08:49:30 +01:00
renovate[bot]
f10376fd44
deps: update Terraform dependencies (#3580) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-16 14:21:35 +01:00
renovate[bot]
b652baa9c2
deps: update Terraform dependencies (#3510) 
* deps: update Terraform dependencies

* Update terraform lock files

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Print module path for lockfile to be generated

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
 2024-12-02 12:04:15 +01:00
Markus Rudy
96ac7124e3
terraform: upgrade hashicorp/google to 6.7.0 (#3440) 2024-10-21 10:41:33 +02:00
3u13r
2854136192
Allow upgrades on azure without Terraform changes on LBs created from within Kubernetes (#3257) 
* k8s: use separate lb for K8s services on azure

* terraform: introduce local revision variable and data resource

* terraform: azure: dont expose full nodeport range

* docs: add Azure load balancer migration
 2024-10-09 11:31:17 +02:00
Moritz Sanft
d2cbc0adef
terraform: enable serial console by default (#3360) 2024-09-17 15:01:33 +02:00
renovate[bot]
c2b720ca56
deps: update Terraform dependencies (#3209) 
Co-authored-by: Markus Rudy <mr@edgeless.systems>
 2024-07-12 10:30:37 +02:00
renovate[bot]
bdfb74f6ca
deps: update Terraform dependencies (#3200) 
* deps: update Terraform dependencies

* upgrade random provider

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-06-27 09:14:10 +02:00
Daniel Weiße
8219005587
terraform: only set confidential_instance_type if cc_technology is SEV_SNP (#3085) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-05-14 16:02:30 +02:00
3u13r
ecebd607c5
terraform: Allow nodes to join the cluster when using a jump host by removing the constellation-uid tag (#3064) 
* terraform: remove constellation-uid tag from jump-host
 2024-05-06 12:25:52 +02:00
Daniel Weiße
f6999084c9
terraform: set empty default value for additional_tags (#3052) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-05-03 10:27:46 +02:00
Daniel Weiße
46994b7ee0
terraform: simplify additional tagging logic to ensure they are always applied (#3045) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-04-26 11:53:25 +02:00
miampf
b187966581
cli: allow tagging cloud resources with custom tags (#3033) 2024-04-19 09:07:57 +00:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP (#3011) 
* terraform: enable creation of SEV-SNP VMs on GCP

* variant: add SEV-SNP attestation variant

* config: add SEV-SNP config options for GCP

* measurements: add GCP SEV-SNP measurements

* gcp: separate package for SEV-ES

* attestation: add GCP SEV-SNP attestation logic

* gcp: factor out common logic

* choose: add GCP SEV-SNP

* cli: add TF variable passthrough for GCP SEV-SNP variables

* cli: support GCP SEV-SNP for `constellation verify`

* Adjust usage of GCP SEV-SNP throughout codebase

* ci: add GCP SEV-SNP

* terraform-provider: support GCP SEV-SNP

* docs: add GCP SEV-SNP reference

* linter fixes

* gcp: only run test with TPM simulator

* gcp: remove nonsense test

* Update cli/internal/cmd/verify.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/overview/clouds.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* linter fixes

* terraform_provider: correctly pass down CC technology

* config: mark attestationconfigapi as unimplemented

* gcp: fix comments and typos

* snp: use nonce and PK hash in SNP report

* snp: ensure we never use ARK supplied by Issuer (#3025)

* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* attestationconfigapi: add GCP to uploading

* snp: use correct cert

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP

* linter fixes

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
 2024-04-16 18:13:47 +02:00
Malte Poll
7bc4ad5728 deps: update all terraform providers 2024-02-26 13:38:33 +01:00
Moritz Sanft
901edd420b
terraform: remove cloud loggers (#2892) 
* terraform: remove cloud logging apps

* internal/cloud: remove loggers

* bootstrapper: remove logging

* qemu-metadata-api: remove logging endpoint

* docs: add instructions on how to get boot logs

* bazel: tidy

* docs: fix typo

* cloud: remove unused types

* Update go.mod

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* bazel: tidy

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: elaborate on how to get boot logs

* bazel: tidy

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 14:27:30 +01:00
Moritz Sanft
2140fa5452
deps: update GCP to 5.13.0 (#2872) 2024-01-31 15:29:59 +01:00
Adrian Stobbe
9667dfff58
terraform: align infrastructure module attributes (#2703) 
* all vars have snail_case

* make iam schema consistent

* infrastructure schema

* terraform: update AWS infrastructure module

* fix ci

* terraform: update AWS infrastructure module

* terraform: update AWS IAM module

* terraform: update Azure Infrastructure module inputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update Azure IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update OpenStack Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update QEMU Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-module: fix input name

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: tidy

* cli: ignore whitespace in Terraform variable tests

* terraform-module: fix AWS output names

* terraform-module: fix output references

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: rename `api_server_cert_sans`

* Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* fix self-managed

* terraform: revert AWS modules output file renaming

* terraform: remove duplicate varable declaration

* terraform: rename Azure location field

* ci: adjust output name in self-managed e2e test

* e2e: continuously print output in upgrade test

* e2e: write to output variables

* cli: migrate IAM variable names

* cli: make `location` field optional

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-12-15 10:36:58 +01:00
Moritz Sanft
0a593bec18
terraform: upgrade random provider to v3.6.0 (#2704) 
* terraform: upgrade `random` provider to `v3.6.0`

* terraform: update lockfiles

* ci: fix Terraform lock exclude directories
 2023-12-12 16:00:16 +01:00
Adrian Stobbe
cea6204b37
terraform: Terraform module for AWS (#2503) 2023-11-08 19:10:01 +01:00