This keeps the report in focus for PRs with longer discussion and
repeated pushes.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* wip: switch to attestation
* add extra comments
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* MAA checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use provided functions to parse report / cert chain
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* replace `CommitedTCB` check with `LaunchTCB` check
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove debug check
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove `LaunchTCB` == `CommitedTCB` check
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* custom IdKeyDigests check
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* basic test of report parsing from instance info
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* retrieve VCEK from AMD KDS
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove VCEK from `azureInstanceInfo`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use `go-sev-guest` TCB version type
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix validation parsing test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix error message
* fix comment
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove certificate chain from `instanceInfo`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add test for idkeydigest check
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* wip: update tests
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* [remove] debug prints
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* wip: fix tests
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* wip: fix tests
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix tests, do some clean-up
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add test case for fetching error
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* correct `hack` dependency
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix id key check
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* [remove] comment out wip unit tests
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add missing newline
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* switch to released version of `go-sev-guest`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add constructor test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add VMPL check
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add test assertions
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* switch to pseudoversion
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use fork with windows fix
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use data from THIM
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update embeds
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* verify against ARK in config
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* invalid ASK
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: 3u13r <lc@edgeless.systems>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: 3u13r <lc@edgeless.systems>
* nits
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove unnecessary checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* refactoring
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* use upstream library with pseudoversion
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* Update internal/attestation/azure/snp/validator.go
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* simplify control flow
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix return error
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix VCEK test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* tidy
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* revert unintentional changes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use new upstream release
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix removed AuthorKeyEn field
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix verification report printing
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* increase ASG timeout
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* make timeout dependent on SEV-SNP option
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* malicious node join test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add e2e build tag
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add namespaces to job apply
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix image and workflow
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* build instructions in Dockerfile
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* only print important flags
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use `malicious-join` namespace
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* build with bazel
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* order imports
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* test cases
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* various fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add missing quotes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix typo
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update e2e/malicious-join/malicious-join.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update e2e/malicious-join/malicious-join.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* use switch case
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update image version
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter checks
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* wip
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* various fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use workdir
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add required permissions
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove permissions
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove packages: write permission at step
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* login to registry
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix typo
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix log
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* source base lib
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix sourcing order
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* export after definition
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix script header
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* dont exit after -e flag has been set
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* perform upgrades in-place in terraform workspace
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add iam upgrade apply test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* make config fetcher stubbable
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* change workspace restoring behaviour
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* allow overwriting existing Terraform files
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* allow overwrites of TF variables
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix iam upgrade apply
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix embed directive
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* make loader test less brittle
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* pass upgrade ID to user
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* naming nit
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use upgradeDir
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* tidy
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Check chart versions against target in users config
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Cleaner cli-config version support checking
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Return InvalidUpgradeError
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Print measurements as ordered list during verify
* Fix missing safety check in AWS attestation validation
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>