3u13r
cf9970c051
terraform: allow for multiple instance groups ( #1471 )
2023-03-21 22:56:03 +01:00
renovate[bot]
02a389e8c0
deps: update Terraform openstack to v1.51.1 ( #1424 )
...
* deps: update Terraform openstack to v1.51.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-03-21 13:36:49 +01:00
Paul Meyer
f638812143
terraform: unique Azure attestation provider name ( #1472 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-21 10:41:48 +01:00
Malte Poll
44db16b42e
cli: give Azure uami all perms previously given to app registration ( #1334 )
...
This is the first step for deprecating app registrations on Azure.
The user-assigned managed identity (uami) should first gain all permissions that are currently held by the app registration.
* cli: give Azure uami all permissions previously given to app registratio
* docs: document required owner role for user-assigned managed identity on Azure
2023-03-21 10:00:13 +01:00
Paul Meyer
05f6d1dc65
terraform: valid Azure attestation provider name ( #1465 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 17:53:00 +01:00
Paul Meyer
658cac046f
go: remove redundant if-err check
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 08:41:01 -04:00
Moritz Sanft
f2ce9518a3
cli: support custom attestation policies for maa ( #1375 )
...
* create and update maa attestation policy
* use interface to allow unit testing
* fix test csp
* http request for policy patch
* go mod tidy
* remove hyphen
* go mod tidy
* wip: adapt to feedback
* linting fixes
* remove csp from tf call
* fix type assertion
* Add MAA URL to instance tags (#1409 )
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* conditionally create maa provider
* only set instance tag when maa is created
* fix azure unit test
* bazel tidy
* remove AzureCVM const
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* encode policy at runtime
* remove policy arg
* fix unit test
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-03-20 13:33:04 +01:00
renovate[bot]
b03ead589f
deps: update Terraform azuread to v2.36.0 ( #1421 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 14:30:17 +01:00
renovate[bot]
03d2232321
deps: update Terraform google-beta to v4.57.0 ( #1423 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 13:45:43 +01:00
renovate[bot]
f8f3f00595
deps: update Terraform azurerm to v3.47.0 ( #1422 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 13:45:08 +01:00
renovate[bot]
95d6618b9d
deps: update Terraform google to v4.57.0 ( #1420 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 12:06:53 +01:00
renovate[bot]
0db034db5b
deps: update Terraform aws to v4.58.0 ( #1419 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 11:43:52 +01:00
Malte Poll
bdba9d8ba6
bazel: add build files for go ( #1186 )
...
* build: correct toolchain order
* build: gazelle-update-repos
* build: use pregenerated proto for dependencies
* update bazeldnf
* deps: tpm simulator
* Update Google trillian module
* cli: add stamping as alternative build info source
* bazel: add go_test wrappers, mark special tests and select testing deps
* deps: add libvirt deps
* deps: go-libvirt patches
* deps: cloudflare circl patches
* bazel: add go_test wrappers, mark special tests and select testing deps
* bazel: keep gazelle overrides
* bazel: cleanup bazelrc
* bazel: switch CMakeLists.txt to use bazel
* bazel: fix injection of version information via stamping
* bazel: commit all build files
* dev-docs: document bazel usage
* deps: upgrade zig-cc for go 1.20
* bazel: update Perl for macOS arm64 & Linux arm64 support
* bazel: use static perl toolchain for OpenSSL
* bazel: use static protobuf (protoc) toolchain
* deps: add git and go to nix deps
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-09 15:23:42 +01:00
Paul Meyer
630016d1b3
openstack: use password to authenticate in cluster
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 09:04:57 -05:00
Malte Poll
8aa42e30ad
cli: set OpenStack service account credentials ( #1328 )
2023-03-03 10:10:36 +01:00
Malte Poll
4e202fa483
cli: set constellation uid and role as instance metadata of OpenStack instances ( #1311 )
2023-03-01 08:48:17 +01:00
Malte Poll
b79f7d0c8c
cli: add basic support for constellation create
on OpenStack ( #1283 )
...
* image: support OpenStack image build / upload
* cli: add OpenStack terraform template
* config: add OpenStack as CSP
* versionsapi: add OpenStack as CSP
* cli: add OpenStack as provider for `config generate` and `create`
* disk-mapper: add basic support for boot on OpenStack
* debugd: add placeholder for OpenStack
* image: fix config file sourcing for image upload
2023-02-27 18:19:52 +01:00
renovate[bot]
66022fa441
deps: update Terraform aws to v4.55.0 ( #1195 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-24 17:27:11 +01:00
miampf
5137e9fa57
cli: iam destroy ( #946 )
2023-02-24 11:36:41 +01:00
Otto Bittner
c4fd70684f
Revert "deps: update Terraform azurerm to v3.44.1 ( #1197 )" ( #1255 )
...
This reverts commit 253f833f6c
.
2023-02-22 11:16:05 +01:00
3u13r
ce09b9dae5
iam: assign uami role to base resource group ( #1247 )
...
* iam: assign uami role to base resource group
* fixup: also change app registration
2023-02-22 09:29:24 +01:00
renovate[bot]
477d667360
deps: update Terraform azuread to v2.34.1 ( #1196 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 13:53:18 +01:00
renovate[bot]
253f833f6c
deps: update Terraform azurerm to v3.44.1 ( #1197 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 10:41:04 +01:00
renovate[bot]
3a1e75837f
deps: update Terraform google-beta to v4.53.1 ( #1199 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 09:22:16 +01:00
renovate[bot]
9a5a7d6852
deps: update Terraform google to v4.53.1 ( #1198 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 09:21:12 +01:00
Paul Meyer
12c866bcb9
deps: replace multierr with native errors.Join
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-20 12:08:24 -05:00
Moritz Sanft
7410cf8038
cli: fix iam rollback ( #1148 )
...
* AB#2897 rename DestroyCluster
* #AB2897 error if terraform dir exists
* AB#2897 reword DestroyResources
2023-02-13 08:42:54 +01:00
Nils Hanke
0331e2dc78
cli: enable jumbo frames for GCP VPCs
2023-02-06 11:07:45 +01:00
renovate[bot]
a85ba96ac4
deps: update Terraform azurerm to v3.41.0 ( #1097 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:33:32 +01:00
renovate[bot]
38e9ab8254
deps: update Terraform aws to v4.52.0 ( #1096 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:14:17 +01:00
renovate[bot]
b47a2f81a2
deps: update Terraform google to v4.50.0 ( #1098 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:13:44 +01:00
3u13r
6ea6e42519
terraform: make control-planes stateful on gcp ( #1087 )
...
* terraform: make control-planes stateful on gcp
* terraform: lock google-beta provider
2023-01-27 12:59:25 +01:00
Malte Poll
2d326ea3f0
cli: set placeholder uid for QEMU / MiniConstellation ( #1069 )
2023-01-25 14:42:52 +01:00
3u13r
03154c6e64
docs: document terraform support ( #1037 )
2023-01-23 10:37:28 +01:00
Moritz Sanft
b8648261e3
cli: fix Terraform resource group dependencies ( #1048 )
2023-01-20 18:59:59 +01:00
renovate[bot]
d4722b434e
Update Terraform aws to v4.50.0 ( #1015 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 17:09:01 +01:00
Daniel Weiße
690b50b29d
dev-docs: Go package docs ( #958 )
...
* Remove unused package
* Add Go package docs to most packages
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-01-19 15:57:50 +01:00
Moritz Sanft
ae2db08f3a
ci: add e2e test for constellation recover ( #845 )
...
* AB#2256 Add recover e2e test
* AB#2256 move test & fix minor objections
* AB#2256 fix path
* AB#2256 rename hacky filename
2023-01-19 10:41:07 +01:00
renovate[bot]
4577a5886f
Update Terraform google to v4.48.0 ( #929 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-17 16:01:02 +01:00
Malte Poll
7902dc470f
cli: use non-authoritative methods to manage iam policy memberships ( #989 )
...
- google_project_iam_binding -> google_project_iam_member
2023-01-16 18:08:57 +01:00
Nils Hanke
b3c3c2fa8c
qemu: remove registry_auth for Docker Terraform module ( #957 )
2023-01-12 15:47:50 +01:00
Paul Meyer
fa85150f3e
hack: move terraform readmes into cli
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 11:49:00 +01:00
renovate[bot]
3d6b11e7cb
Update Terraform azurerm to v3.38.0 ( #895 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 16:28:04 +01:00
renovate[bot]
19b3d68c8a
Update Terraform aws to v4.49.0 ( #894 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 16:27:40 +01:00
renovate[bot]
ab626ca311
Update Terraform docker to v2.25.0 ( #880 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 15:18:38 +01:00
renovate[bot]
7c017e2b67
Update Terraform azurerm to v3.37.0 ( #849 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-03 14:47:44 +01:00
renovate[bot]
d88f144806
Update Terraform libvirt to v0.7.1 ( #830 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-30 14:24:54 +01:00
renovate[bot]
cbc34b73ec
Update Terraform google to v4.47.0 ( #843 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-30 14:04:00 +01:00
renovate[bot]
320c24e778
Update Terraform aws to v4.48.0 ( #842 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-30 14:02:44 +01:00
renovate[bot]
fd640afe96
Update Terraform google to v4.46.0 ( #798 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-14 19:15:51 +01:00
renovate[bot]
85f9d62a9f
Update Terraform azurerm to v3.35.0 ( #768 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 15:21:13 +01:00
renovate[bot]
4ec2fceeef
Update Terraform aws to v4.46.0 ( #767 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 15:13:09 +01:00
renovate[bot]
9d0d561726
Update Terraform google to v4.45.0 ( #742 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-08 15:59:15 +01:00
Moritz Sanft
286803fb97
AB#2579 Add constellation iam create command ( #624 )
2022-12-07 11:48:54 +01:00
renovate[bot]
364db78420
Update Terraform azurerm to v3.34.0 ( #726 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 13:42:49 +01:00
renovate[bot]
59076b0664
Update Terraform aws to v4.45.0 ( #710 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 16:35:38 +01:00
renovate[bot]
68bf23b760
Update Terraform aws to v4.44.0 ( #702 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 18:46:31 +01:00
Paul Meyer
b93b24e058
debugd: add logcollector
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
renovate[bot]
fe74c937b9
Update Terraform azurerm to v3.33.0 ( #678 )
...
* Update Terraform azurerm to v3.33.0
* [bot] Update HCL lock files
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-30 11:41:31 +01:00
renovate[bot]
7c744c0837
Update Terraform aws to v4.43.0 ( #672 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 11:22:09 +01:00
renovate[bot]
fffd2b79f2
Update Terraform google to v4.44.1 ( #666 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 14:45:07 +01:00
renovate[bot]
9d6d9f0a40
Update Terraform docker to v2.23.1 ( #645 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-29 13:06:36 +01:00
Leonard Cohnen
3b6bc3b28f
initserver: add client verification
2022-11-28 19:34:02 +01:00
renovate[bot]
d8c553207b
Update Terraform google to v4.44.0 ( #622 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 14:30:40 +01:00
renovate[bot]
54ef6d21f4
Update Terraform aws to v4.40.0 ( #586 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 15:41:02 +01:00
renovate[bot]
86b03bf08e
Update Terraform azurerm to v3.32.0 ( #588 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 14:57:34 +01:00
renovate[bot]
b7852665f3
Update Terraform google to v4.43.1 ( #576 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 16:44:33 +01:00
Nils Hanke
6e5895f200
User-friendlier errors
2022-11-17 13:49:34 +01:00
Nils Hanke
e1d8926395
Terraform: Only rollback after we fully created the workspace
2022-11-17 13:49:34 +01:00
Nils Hanke
158dfe0e2b
Remove unused name parameter in CreateCluster
2022-11-17 13:49:34 +01:00
Nils Hanke
b9b618a1f0
Terraform: Try to init before destroy
2022-11-17 13:49:34 +01:00
Nils Hanke
f27af5b588
Terraform: Make variables writing retryable
2022-11-17 13:49:34 +01:00
Nils Hanke
e93527144e
Terraform: Try to use existing files on partially unpacked workspace
2022-11-17 13:49:34 +01:00
Nils Hanke
4a2cba988c
Create separate Terraform workspace directory
2022-11-17 13:49:34 +01:00
Malte Poll
df0cd43f92
Terraform GCP: Always use local account for resource creation ( #571 )
...
* Terraform GCP: Always use local account for resource creation
* Update CHANGELOG
2022-11-17 10:33:36 +01:00
renovate[bot]
5009de823f
Update Terraform aws to v4.39.0 ( #538 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:35:26 +01:00
renovate[bot]
7bcd4b2f73
Update Terraform azurerm to v3.31.0 ( #539 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:34:54 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. ( #475 )
...
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Malte Poll
97bb0f4a91
Update terraform lock files to include hashes for all platforms ( #499 )
...
- linux_arm64
- linux_amd64
- darwin_arm64
- darwin_amd64
- windows_amd64
2022-11-09 14:23:51 +01:00
renovate[bot]
9191f8ac61
Update Terraform docker to v2.23.0 ( #495 )
...
* Update Terraform docker to v2.23.0
* Readd removed terraform lock hashes
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-09 13:35:17 +01:00
renovate[bot]
0e34d35404
Update Terraform google to v4.43.0 ( #484 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 10:30:02 +01:00
renovate[bot]
b8acb5e448
Update Terraform aws to v4.38.0 ( #464 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:34:45 +01:00
Nils Hanke
ee55584b90
AWS: Apply security group to worker nodes
2022-11-08 11:22:06 +01:00
Malte Poll
41668d50c2
Add recovery loadbalancer on AWS
2022-11-08 00:07:04 +01:00
Nils Hanke
759c626e0f
AWS: Don't expose SSH debugging ports on the LB
2022-11-07 13:57:22 +01:00
Malte Poll
fa6dfdff4f
Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime ( #442 )
...
* Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime
* Use correct field for nat gateway
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-07 11:04:10 +01:00
renovate[bot]
b89fae8062
Update Terraform azurerm to v3.30.0 ( #452 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 12:34:03 +01:00
renovate[bot]
f71073a77f
Update Terraform google to v4.42.1 ( #434 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 10:14:13 +01:00
Leonard Cohnen
0d0191ba4d
aws: make CCM work
2022-11-02 23:29:04 +01:00
Leonard Cohnen
be2b38f2ac
terraform: use HTTPS health check for AWS
2022-11-02 23:29:04 +01:00
Leonard Cohnen
7e385c4c86
terraform: use AWS launch templates
2022-11-02 23:29:04 +01:00
Leonard Cohnen
741684843c
terraform: fix azure password constraints
2022-11-02 09:57:54 +01:00
renovate[bot]
c9e6b4c5b6
Update Terraform azurerm to v3.29.1 ( #405 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 10:45:56 +01:00
Daniel Weiße
e66cb84d6e
AB#2532 Dont clean up workspace if rollback fails ( #360 )
...
* Dont clean up workspace if rollback fails
* Remove dependency on CSP from terminate
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-26 15:57:00 +02:00
Malte Poll
2d121d9243
Replace interface{} -> any ( #370 )
2022-10-25 15:51:23 +02:00
Malte Poll
52f140a968
Pin terraform provider hashes ( #361 )
2022-10-25 10:10:46 +02:00
Daniel Weiße
b35b74b772
Use tags for UID and role parsing ( #242 )
...
* Apply tags to all applicable GCP resources
* Move GCP UID and role from VM metadata to labels
* Adjust Azure tags to be in line with GCP and AWS
* Dont rely on resource name to find resources
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-24 16:58:21 +02:00
Nils Hanke
04c4cff9f6
AB#2436: Initial support for create/terminate AWS NitroTPM instances
...
* Add .DS_Store to .gitignore
* Add AWS to config / supported instance types
* Move AWS terraform skeleton to cli/internal/terraform
* Move currently unused IAM to hack/terraform/aws
* Print supported AWS instance types when AWS dev flag is set
* Block everything aTLS related (e.g. init, verify) until AWS attestation is available
* Create/Terminate AWS dev cluster when dev flag is set
* Restrict Nitro instances to NitroTPM supported specifically
* Pin zone for subnets
This is not great for HA, but for now we need to avoid the two subnets
ending up in different zones, causing the load balancer to not be able
to connect to the targets.
Should be replaced later with a better implementation that just uses
multiple subnets within the same region dynamically
based on # of nodes or similar.
* Add AWS/GCP to Terraform TestLoader unit test
* Add uid tag and create log group
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-10-21 12:24:18 +02:00
Malte Poll
f3d78a573f
Disable Azure VM agent and report VM as ready
2022-10-21 11:04:25 +02:00
Malte Poll
ed9acef9d4
Upgrade terraform azure provider to 3.28.0
2022-10-21 11:04:25 +02:00