Adrian Stobbe
9f4dd3ad21
move attestationconfigapi to public
2024-09-10 11:55:32 +02:00
Moritz Sanft
eab9aca26f
terraform-provider-constellation: make kubeconfig output fine-grained ( #3334 )
2024-09-03 16:26:08 +02:00
Daniel Weiße
d7bdfccdd7
terraform: tidy files ( #3333 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-09-03 09:57:05 +02:00
Moritz Sanft
8555bd00a9
terraform-provider: document MAA patching more prominently ( #3330 )
2024-08-29 15:50:26 +02:00
renovate[bot]
6e6ea1a9d5
deps: update Kubernetes versions ( #3325 )
...
* deps: update Kubernetes versions
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-08-26 13:46:46 +02:00
renovate[bot]
cf5d9c2f12
deps: update Kubernetes versions ( #3298 )
...
* deps: update Kubernetes versions
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-08-26 09:18:56 +02:00
renovate[bot]
e881705f73
deps: update Terraform constellation to v2 ( #3306 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-08 16:34:04 +02:00
Thomas Tendyck
399376d3e3
Make SEV-SNP the default attestation variant on GCP ( #3267 )
...
* Make SNP the default on GCP
* fixup! Make SNP
* fixup! Make SNP
2024-07-22 13:29:27 +02:00
Markus Rudy
807bbbfd16
cli: annotate CoreDNS resources for Helm ( #3236 )
2024-07-12 12:01:49 +02:00
Adrian Stobbe
051cb20b09
ci: fix TF attestation version assertion in integration test ( #3237 )
2024-07-10 09:56:36 +02:00
Moritz Sanft
74e0f44230
chore: v2.17.0 post-release ( #3229 )
...
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-07-04 11:17:55 +02:00
renovate[bot]
bdfb74f6ca
deps: update Terraform dependencies ( #3200 )
...
* deps: update Terraform dependencies
* upgrade random provider
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2024-06-27 09:14:10 +02:00
Daniel Weiße
d67d0ac9df
Enable upload of TDX reports to Constellation CDN
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-27 09:09:13 +02:00
Daniel Weiße
9159b60331
Implement support for "latest" placeholders for Azure TDX
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-27 09:09:13 +02:00
Daniel Weiße
a34493caa6
Enable versions API to handle TDX versions
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-27 09:09:13 +02:00
Daniel Weiße
cd4c90af7e
Rename apifetcher methods
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-27 09:09:13 +02:00
Markus Rudy
c911eb4e3a
versions: default to k8s v1.29, support k8s v1.30, EOL v1.27 ( #3173 )
...
* versions: remove k8s 1.27 and patch-upgrade the others
* versions: add support for k8s 1.30.2
* versions: upgrade cloud provider images
2024-06-19 17:34:34 +02:00
renovate[bot]
aa910cfc25
deps: update Kubernetes versions ( #3102 )
...
* deps: update Kubernetes versions
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-06-03 15:08:09 +02:00
renovate[bot]
fffc9db2b5
deps: update Kubernetes versions ( #3072 )
...
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-05-09 13:38:01 +02:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP ( #3011 )
...
* terraform: enable creation of SEV-SNP VMs on GCP
* variant: add SEV-SNP attestation variant
* config: add SEV-SNP config options for GCP
* measurements: add GCP SEV-SNP measurements
* gcp: separate package for SEV-ES
* attestation: add GCP SEV-SNP attestation logic
* gcp: factor out common logic
* choose: add GCP SEV-SNP
* cli: add TF variable passthrough for GCP SEV-SNP variables
* cli: support GCP SEV-SNP for `constellation verify`
* Adjust usage of GCP SEV-SNP throughout codebase
* ci: add GCP SEV-SNP
* terraform-provider: support GCP SEV-SNP
* docs: add GCP SEV-SNP reference
* linter fixes
* gcp: only run test with TPM simulator
* gcp: remove nonsense test
* Update cli/internal/cmd/verify.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update docs/docs/overview/clouds.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* linter fixes
* terraform_provider: correctly pass down CC technology
* config: mark attestationconfigapi as unimplemented
* gcp: fix comments and typos
* snp: use nonce and PK hash in SNP report
* snp: ensure we never use ARK supplied by Issuer (#3025 )
* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* attestationconfigapi: add GCP to uploading
* snp: use correct cert
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP
* linter fixes
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2024-04-16 18:13:47 +02:00
Daniel Weiße
dc86a30988
provider: Add build tag for Terraform provider ( #2992 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-18 14:30:56 +01:00
Malte Poll
d69673fab7
terraform-provider: Add support for STACKIT / OpenStack
2024-03-11 15:59:23 +01:00
Malte Poll
f94c6ca0d4
misc: skip message about community license with marketplace image
2024-03-04 18:17:26 +01:00
Daniel Weiße
d5b3d4fd6f
ci: use collision resistant name for Terraform e2e test ( #2967 )
...
* Use collision resistant name for Terraform e2e test
* Remove test suffix from Terraform provider examples
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-04 13:48:30 +01:00
Malte Poll
65903459a0
chore: fix unused parameter lint in new golangcilint version
2024-02-21 17:54:07 +01:00
miampf
54cce77bab
deps: convert zap to slog ( #2825 )
2024-02-08 14:20:01 +00:00
Moritz Sanft
dde3430da8
terraform: support AWS marketplace images ( #2888 )
...
* terraform: support AWS marketplace images
* terraform-provider: support AWS marketplace images
* docs: add instructions on AWS marketplace images
* ci: adapt marketplace image test for AWS
* Update internal/config/config.go
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
* docs: update config
* Update docs/docs/getting-started/marketplaces.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* docs: update license information
* docs: use CSP tabs for marketplace overview
* Update docs/docs/getting-started/marketplaces.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update docs/docs/getting-started/marketplaces.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update docs/docs/getting-started/marketplaces.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
---------
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-02-06 12:13:59 +01:00
Daniel Weiße
64c32c2236
ci: make instance type configurable for provider sample ( #2893 )
...
* Make default instance type configurable for provider sample
* Set TDX instance type when running TDX provider e2e test
* Fix missing attestation variant when setting up stub config in provider e2e test
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-05 15:46:57 +01:00
Adrian Stobbe
5ecc5ed9c9
terraform-provider: fix integration test ( #2882 )
2024-01-31 18:24:05 +01:00
Adrian Stobbe
9b547bced0
ci: v2.15 post-release cleanup ( #2881 )
...
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2024-01-31 16:45:20 +01:00
Adrian Stobbe
7ce5caae24
terraform-provider: only print license warning once in provider ( #2865 )
...
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-01-29 15:21:30 +01:00
Daniel Weiße
78b9b0fc96
terraform-provider: enable Azure TDX ( #2854 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 15:46:21 +01:00
Moritz Sanft
5faa374ede
terraform-provider: validate pod ip cidr only on gcp ( #2838 )
2024-01-23 09:08:23 +01:00
Adrian Stobbe
60a0a6020e
ci: add upgrade to provider example test ( #2775 )
2024-01-13 13:13:10 +01:00
Adrian Stobbe
9a814f91b1
terraform-provider: validate microservice and image version during plan ( #2814 )
2024-01-11 12:04:21 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 ( #2803 )
...
undefined
2024-01-08 16:53:12 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images ( #2792 )
...
* cli: support GCP marketplace images
* ci: support GCP marketplace images
* docs: support GCP marketplace images
* bazel: generate
* ci: allow GCP for mpi e2e test
* Update docs/docs/overview/license.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* terraform-provider: allow GCP MPIs
* terraform-provider: fix error message
---------
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-01-08 15:51:39 +01:00
Daniel Weiße
7d778d1b5b
Add required kubernetes_version attribute to example
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:52:55 +01:00
Daniel Weiße
90f3336c8e
deps: remove go.mod
files from submodules ( #2769 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:19:38 +01:00
Adrian Stobbe
f41ce43919
terraform-provider: require kubernetes and microservice version ( #2791 )
2024-01-04 16:25:24 +01:00
Adrian Stobbe
8730e72319
ci: e2e test for Terraform provider examples ( #2745 )
2024-01-04 10:00:21 +01:00
3u13r
2f10223682
terraform-provider: fix parsing api_server_cert_sans
( #2758 )
...
* tf: don't double quote cert sans
* tf: improve provider examples
2023-12-27 17:04:35 +01:00
renovate[bot]
c8fc04d991
deps: update Kubernetes versions ( #2762 )
...
* deps: update Kubernetes versions
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-22 14:10:39 +01:00
Adrian Stobbe
436e7c6d3b
terraform-provider: validate image and microservice version ( #2766 )
2023-12-22 10:24:13 +01:00
Daniel Weiße
519efe637d
constellation-lib: run license check in Terraform provider and refactor code ( #2740 )
...
* Clean up license checker code
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Create license check depending on init/upgrade actions
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Run license check in Terraform provider
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* fix license integration test action
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Run tests with enterprise tag
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Allow b64 encoding for license ID
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Update checker_enterprise.go
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-22 10:16:36 +01:00
Markus Rudy
837b24bf54
versions: generate k8s image patches (incl etcd) ( #2764 )
...
* versions: generate k8s image patches (incl etcd)
2023-12-21 20:56:55 +01:00
renovate[bot]
37ec431fab
deps: update K8s dependencies ( #2763 )
...
* deps: update K8s dependencies
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-12-21 12:42:04 +01:00
renovate[bot]
4f374fbeb2
deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5 ( #2748 )
...
* deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-20 15:58:55 +01:00
Moritz Sanft
82e2875927
terraform-provider: add input validation ( #2744 )
...
* terraform-provider: add validation for `constellation_image`
* terraform-provider: add validation for `constellation_cluster`
* image: accept short path versions
* terraform-provider: correct error statement
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* terraform-provider: remove superfluous log statements
* terraform-provider: fix error assertion casing
* terraform-provider: remove superfluous semver check
* Update terraform-provider-constellation/internal/provider/shared_attributes.go
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-12-20 15:56:48 +01:00
renovate[bot]
6c5170da79
deps: update module golang.org/x/crypto to v0.17.0 [SECURITY] ( #2736 )
...
* deps: update module golang.org/x/crypto to v0.17.0 [SECURITY]
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-19 08:53:15 +01:00