Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,719 Commits 133 Branches 44 Tags 106 MiB
b51cc52945
Commit Graph

125 Commits

Author SHA1 Message Date
Adrian Stobbe
b51cc52945
config: sign Azure versions on upload & verify on fetch (#1836) 
* add SignContent() + integrate into configAPI

* use static client for upload versions tool; fix staticupload calleeReference bug

* use version to get proper cosign pub key.

* mock fetcher in CLI tests

* only provide config.New constructor with fetcher

Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-06-01 13:55:46 +02:00
3u13r
e0285c122e
todo responsibilities and cleanup (#1837) 
* chore: add TODO responsibilities

* chore: remove not needed TODOs

* chore: remove outdated migrations

* chore: remove resolved goleak exception

* chore: remove not needed cosign env

* config: add link to our Azure snp docs
 2023-06-01 12:33:06 +02:00
3u13r
661f084ffa
cli: use uami for in-cluter authentication (#1820) 2023-05-26 11:45:03 +02:00
3u13r
964775c4c2
Add autoscaling and cluster upgrade support for AWS (#1758) 
* aws: autoscaling and upgrades

* docs: update scaling and upgrades for AWS

* deps: pin vuln check against release
 2023-05-19 13:57:31 +02:00
Daniel Weiße
c478df36fa Add TDX bazel files 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-17 11:37:26 +02:00
Daniel Weiße
dd2da25ebe attestation: tdx issuer/validator (#1265) 
* Add TDX validator

* Add TDX issuer

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-17 11:37:26 +02:00
Malte Poll
d104af6e51 image: support intel TDX direct linux boot under TDX OVMF 2023-05-17 11:37:26 +02:00
Malte Poll
79986a2b25 cli: implement qemu direct linux boot 2023-05-17 11:37:26 +02:00
renovate[bot]
fdcb74e171
deps: update Terraform aws to v4.67.0 (#1775) 
* deps: update Terraform aws to v4.67.0

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-05-16 17:39:55 +02:00
renovate[bot]
6c1f7a4758
deps: update Terraform azuread to v2.39.0 (#1776) 
* deps: update Terraform azuread to v2.39.0

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-05-16 17:15:57 +02:00
renovate[bot]
f9b4f1765d
deps: update Terraform azurerm to v3.56.0 (#1777) 
* deps: update Terraform azurerm to v3.56.0

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-05-16 17:15:25 +02:00
renovate[bot]
fd3c93660e
deps: update Terraform google to v4.65.1 (#1778) 
* deps: update Terraform google to v4.65.1

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-05-16 16:07:21 +02:00
renovate[bot]
0ce01cbad3
deps: update Terraform random to v3.5.1 (#1779) 
* deps: update Terraform random to v3.5.1

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-05-16 16:01:47 +02:00
renovate[bot]
780fa9a238
deps: update Terraform google-beta to v4.64.0 (#1767) 
* deps: update Terraform google-beta to v4.64.0

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-05-16 15:26:26 +02:00
renovate[bot]
87bf36d757
deps: update Terraform google to v4.64.0 (#1766) 
* deps: update Terraform google to v4.64.0

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-05-16 15:11:59 +02:00
renovate[bot]
81f79d943a
deps: update Terraform azurerm to v3.55.0 (#1668) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-05-08 13:43:18 +02:00
3u13r
074844d0cb
terraform: fix aws worker node permission (#1683) 2023-04-27 11:52:32 +02:00
Malte Poll
c11a3f4460
cli: configurable state disk type on OpenStack (#1686) 2023-04-27 09:08:43 +02:00
Moritz Sanft
3031d395a9
cli: force-delete Azure resource group (#1667) 
* force-delete Azure resource group

* were not -> weren't

* fix typo
 2023-04-19 08:30:11 +02:00
3u13r
14d26e1af4
terraform: use nat gateway on azure (#1655) 
* terraform: use nat gateway on azure

* docs: add new azure permission
 2023-04-17 11:00:35 +02:00
Malte Poll
69de06dd1f
image: OpenStack vTPM (#1616) 
* cli: allow vpc traffic between nodes on OpenStack
* image: enable vTPM on OpenStack
* cli: add create tests for OpenStack
 2023-04-05 16:49:03 +02:00
Paul Meyer
176d32599f terraform: add missing permission to AWS iam 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-03 07:23:00 -04:00
Paul Meyer
63b07ede8a terraform: sort permissions 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-03 07:23:00 -04:00
3u13r
cf9970c051
terraform: allow for multiple instance groups (#1471) 2023-03-21 22:56:03 +01:00
renovate[bot]
02a389e8c0
deps: update Terraform openstack to v1.51.1 (#1424) 
* deps: update Terraform openstack to v1.51.1
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-03-21 13:36:49 +01:00
Paul Meyer
f638812143
terraform: unique Azure attestation provider name (#1472) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-21 10:41:48 +01:00
Malte Poll
44db16b42e
cli: give Azure uami all perms previously given to app registration (#1334) 
This is the first step for deprecating app registrations on Azure.
The user-assigned managed identity (uami) should first gain all permissions that are currently held by the app registration.

* cli: give Azure uami all permissions previously given to app registratio
* docs: document required owner role for user-assigned managed identity on Azure
 2023-03-21 10:00:13 +01:00
Paul Meyer
05f6d1dc65
terraform: valid Azure attestation provider name (#1465) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-20 17:53:00 +01:00
Moritz Sanft
f2ce9518a3
cli: support custom attestation policies for maa (#1375) 
* create and update maa attestation policy

* use interface to allow unit testing

* fix test csp

* http request for policy patch

* go mod tidy

* remove hyphen

* go mod tidy

* wip: adapt to feedback

* linting fixes

* remove csp from tf call

* fix type assertion

* Add MAA URL to instance tags (#1409)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* conditionally create maa provider

* only set instance tag when maa is created

* fix azure unit test

* bazel tidy

* remove AzureCVM const

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* encode policy at runtime

* remove policy arg

* fix unit test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2023-03-20 13:33:04 +01:00
renovate[bot]
b03ead589f
deps: update Terraform azuread to v2.36.0 (#1421) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-16 14:30:17 +01:00
renovate[bot]
03d2232321
deps: update Terraform google-beta to v4.57.0 (#1423) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-16 13:45:43 +01:00
renovate[bot]
f8f3f00595
deps: update Terraform azurerm to v3.47.0 (#1422) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-16 13:45:08 +01:00
renovate[bot]
95d6618b9d
deps: update Terraform google to v4.57.0 (#1420) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-16 12:06:53 +01:00
renovate[bot]
0db034db5b
deps: update Terraform aws to v4.58.0 (#1419) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-16 11:43:52 +01:00
Paul Meyer
630016d1b3 openstack: use password to authenticate in cluster 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-08 09:04:57 -05:00
Malte Poll
8aa42e30ad
cli: set OpenStack service account credentials (#1328) 2023-03-03 10:10:36 +01:00
Malte Poll
4e202fa483
cli: set constellation uid and role as instance metadata of OpenStack instances (#1311) 2023-03-01 08:48:17 +01:00
Malte Poll
b79f7d0c8c
cli: add basic support for constellation create on OpenStack (#1283) 
* image: support OpenStack image build / upload

* cli: add OpenStack terraform template

* config: add OpenStack as CSP

* versionsapi: add OpenStack as CSP

* cli: add OpenStack as provider for `config generate` and `create`

* disk-mapper: add basic support for boot on OpenStack

* debugd: add placeholder for OpenStack

* image: fix config file sourcing for image upload
 2023-02-27 18:19:52 +01:00
renovate[bot]
66022fa441
deps: update Terraform aws to v4.55.0 (#1195) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-02-24 17:27:11 +01:00
Otto Bittner
c4fd70684f
Revert "deps: update Terraform azurerm to v3.44.1 (#1197)" (#1255) 
This reverts commit 253f833f6c.
 2023-02-22 11:16:05 +01:00
3u13r
ce09b9dae5
iam: assign uami role to base resource group (#1247) 
* iam: assign uami role to base resource group

* fixup: also change app registration
 2023-02-22 09:29:24 +01:00
renovate[bot]
477d667360
deps: update Terraform azuread to v2.34.1 (#1196) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-21 13:53:18 +01:00
renovate[bot]
253f833f6c
deps: update Terraform azurerm to v3.44.1 (#1197) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-21 10:41:04 +01:00
renovate[bot]
3a1e75837f
deps: update Terraform google-beta to v4.53.1 (#1199) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-21 09:22:16 +01:00
renovate[bot]
9a5a7d6852
deps: update Terraform google to v4.53.1 (#1198) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-21 09:21:12 +01:00
Nils Hanke
0331e2dc78 cli: enable jumbo frames for GCP VPCs 2023-02-06 11:07:45 +01:00
renovate[bot]
a85ba96ac4
deps: update Terraform azurerm to v3.41.0 (#1097) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-27 16:33:32 +01:00
renovate[bot]
38e9ab8254
deps: update Terraform aws to v4.52.0 (#1096) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-27 16:14:17 +01:00
renovate[bot]
b47a2f81a2
deps: update Terraform google to v4.50.0 (#1098) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-27 16:13:44 +01:00
3u13r
6ea6e42519
terraform: make control-planes stateful on gcp (#1087) 
* terraform: make control-planes stateful on gcp

* terraform: lock google-beta provider
 2023-01-27 12:59:25 +01:00