Moritz Sanft
c69e6777bd
cli: Terraform migrations on upgrade ( #1685 )
...
* add terraform planning
* overwrite terraform files in upgrade workspace
* Revert "overwrite terraform files in upgrade workspace"
This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0.
* prepare terraform workspace
* test upgrade integration
* print upgrade abort
* rename plan file
* write output to file
* add show plan test
* add upgrade tf workdir
* fix workspace preparing
* squash to 1 command
* test
* bazel build
* plan test
* register flag manually
* bazel tidy
* fix linter
* remove MAA variable
* fix workdir
* accept tf variables
* variable fetching
* fix resource indices
* accept Terraform targets
* refactor upgrade command
* Terraform migration apply unit test
* pass down image fetcher to test
* use new flags in e2e test
* move file name to constant
* update buildfiles
* fix version constant
* conditionally create MAA
* move interface down
* upgrade dir
* update buildfiles
* fix interface
* fix createMAA check
* fix imports
* update buildfiles
* wip: workspace backup
* copy utils
* backup upgrade workspace
* remove debug print
* replace old state after upgrade
* check if flag exists
* prepare test workspace
* remove prefix
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* respect file permissions
* refactor tf upgrader
* check workspace before upgrades
* remove temp upgrade dir after completion
* clean up workspace after abortion
* fix upgrade apply test
* fix linter
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-05-22 13:31:20 +02:00
Moritz Sanft
339e750c18
bazel: add Bazel shell completion scripts ( #1804 )
...
* add bazel autocomplete script
* indentation
* shfmt
* shellcheck ignore completion file
* fix shellcheck ignore path
2023-05-22 12:54:38 +02:00
Malte Poll
dc9b3c1937
ci: run e2e tests as last step of release pipeline ( #1793 )
2023-05-22 09:22:00 +02:00
Malte Poll
ab257944f9
bazel: provide semi-hermetic python toolchain ( #1753 )
...
The actual python version used in bazel is hermetic after this PR.
However, we still require a host python toolchain for bootstrapping (this will be fixed soon upstream) and host wide glibc (+ libcrypt.so.1).
2023-05-22 09:10:41 +02:00
edgelessci
87b9d85669
image: update measurements and image version ( #1798 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-19 18:17:53 +02:00
renovate[bot]
4ee4423389
deps: update github.com/gophercloud/utils digest to 6eab72e ( #1791 )
...
* deps: update github.com/gophercloud/utils digest to 6eab72e
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-19 15:34:20 +02:00
renovate[bot]
8bd93680f1
deps: update katexochen/ghh to v0.2.1 ( #1805 )
...
* deps: update katexochen/ghh to v0.2.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-19 14:18:16 +02:00
3u13r
964775c4c2
Add autoscaling and cluster upgrade support for AWS ( #1758 )
...
* aws: autoscaling and upgrades
* docs: update scaling and upgrades for AWS
* deps: pin vuln check against release
2023-05-19 13:57:31 +02:00
renovate[bot]
12ccfea543
deps: update module golang.org/x/tools to v0.9.1 ( #1801 )
...
* deps: update module golang.org/x/tools to v0.9.1
* chore: tidy
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-19 13:18:54 +02:00
renovate[bot]
4c8568963b
deps: update module golang.org/x/crypto to v0.9.0 ( #1799 )
...
* deps: update module golang.org/x/crypto to v0.9.0
* chore: tidy
* deps: bump pseudo version tool
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-19 12:00:25 +02:00
3u13r
3b7bae7535
deps: bump minimum terraform version ( #1797 )
2023-05-18 12:59:10 +02:00
edgelessci
2754d7817d
image: update measurements and image version ( #1795 )
...
Co-authored-by: 3u13r <3u13r@users.noreply.github.com>
2023-05-17 19:39:32 +02:00
Adrian Stobbe
f99e06b63b
cli: new flag to set the attestation type for config generate
( #1769 )
...
* add attestation flag to specify type in config
2023-05-17 16:53:56 +02:00
miampf
e7b7a544f0
docs: add a qemu section ( #1724 )
2023-05-17 13:21:35 +00:00
Moritz Eckert
6252193879
cli: deploy cinder as OpenStack CSI plugin
2023-05-17 15:20:39 +02:00
Moritz Eckert
9607f01510
cli: add cinder csi helm charts
2023-05-17 15:20:39 +02:00
Malte Poll
7b313feaa3
ci: increase mini-e2e waiting timeout for docker daemon to start
2023-05-17 11:37:26 +02:00
Daniel Weiße
ad924181d9
Allow tdx repo in bazel license check
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Daniel Weiße
1d5af5f0f4
Rebase fixes
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Nils Hanke
63d938d9a4
cli: improve error handling for validator
2023-05-17 11:37:26 +02:00
Nils Hanke
e130188ecd
cli: add verify support for TDX
2023-05-17 11:37:26 +02:00
Nils Hanke
e80474ff7f
oid: add missing String() for QEMUTDX
2023-05-17 11:37:26 +02:00
Nils Hanke
c507bd7d95
cli: Generalize PCRs to Measurements in preparation for TDX
2023-05-17 11:37:26 +02:00
Daniel Weiße
7e5e3b9d2e
Add license exception for tdx repo
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Daniel Weiße
c478df36fa
Add TDX bazel files
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Daniel Weiße
bda999d54e
Use TDX device to mark node as initialized ( #1426 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Nils Hanke
9e987778e0
measurements: Add length field for WithAllBytes
2023-05-17 11:37:26 +02:00
Nils Hanke
fe3622d982
cli/attestation: use const for PCR/TDX lengths
2023-05-17 11:37:26 +02:00
Nils Hanke
d58b5f1c06
measurement-reader: unify TPM & TDX sorting
2023-05-17 11:37:26 +02:00
Nils Hanke
253d201ff3
measurement-reader: add support for TDX
2023-05-17 11:37:26 +02:00
Daniel Weiße
dd2da25ebe
attestation: tdx issuer/validator ( #1265 )
...
* Add TDX validator
* Add TDX issuer
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Malte Poll
d104af6e51
image: support intel TDX direct linux boot under TDX OVMF
2023-05-17 11:37:26 +02:00
Malte Poll
79986a2b25
cli: implement qemu direct linux boot
2023-05-17 11:37:26 +02:00
renovate[bot]
daea874b46
deps: update com_github_ash2k_bazel_tools digest to 2add5bb ( #1789 )
...
* deps: update com_github_ash2k_bazel_tools digest to 2add5bb
* deps: set bazel-tools hash
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-05-17 09:43:36 +02:00
renovate[bot]
53758e65ad
deps: update module github.com/siderolabs/talos/pkg/machinery to v1.4.4 ( #1764 )
...
* deps: update module github.com/siderolabs/talos/pkg/machinery to v1.4.4
* deps: tidy all modules
* update pseudo version tool
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 22:19:16 +02:00
renovate[bot]
230ea79bcc
deps: update Google SDK ( #1748 )
...
* deps: update Google SDK
* deps: fix grpc_testing import
* deps: update pseudo version tool hashes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 18:13:17 +02:00
Malte Poll
d7b63bdc37
deps: update bazeldnf digest to v0.5.7 ( #1782 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-16 17:54:25 +02:00
renovate[bot]
fdcb74e171
deps: update Terraform aws to v4.67.0 ( #1775 )
...
* deps: update Terraform aws to v4.67.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 17:39:55 +02:00
renovate[bot]
6c1f7a4758
deps: update Terraform azuread to v2.39.0 ( #1776 )
...
* deps: update Terraform azuread to v2.39.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 17:15:57 +02:00
renovate[bot]
f9b4f1765d
deps: update Terraform azurerm to v3.56.0 ( #1777 )
...
* deps: update Terraform azurerm to v3.56.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 17:15:25 +02:00
renovate[bot]
fd3c93660e
deps: update Terraform google to v4.65.1 ( #1778 )
...
* deps: update Terraform google to v4.65.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 16:07:21 +02:00
renovate[bot]
0ce01cbad3
deps: update Terraform random to v3.5.1 ( #1779 )
...
* deps: update Terraform random to v3.5.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 16:01:47 +02:00
renovate[bot]
780fa9a238
deps: update Terraform google-beta to v4.64.0 ( #1767 )
...
* deps: update Terraform google-beta to v4.64.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 15:26:26 +02:00
renovate[bot]
87bf36d757
deps: update Terraform google to v4.64.0 ( #1766 )
...
* deps: update Terraform google to v4.64.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 15:11:59 +02:00
Moritz Sanft
65e7778955
dont stop check on err ( #1774 )
2023-05-16 14:38:44 +02:00
Malte Poll
f596a13188
image: include stream in gcp image name ( #1768 )
2023-05-16 12:38:38 +02:00
Daniel Weiße
c834911be1
config: fix migration for v2.7 idkeydigest enforcement format ( #1770 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-16 10:32:01 +02:00
Otto Bittner
2dc105224d
ci: set toImage argument in e2e-test-release ( #1722 )
2023-05-16 08:54:12 +02:00
edgelessci
f30e0c9bdd
image: update measurements and image version ( #1756 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-12 18:51:47 +02:00
renovate[bot]
080e0bcaec
deps: update golang:1.20.4 Docker digest to 685a22e ( #1761 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-12 18:18:13 +02:00