constellation

mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00

Author	SHA1	Message	Date
Otto Bittner	cdc91b50bc	verify: move CSP-specific code to internal/verify With the introduction of SNP-based attestation on AWS some of the information in the report (MAAToken) is not applicable to all attestation reports anymore. Thus, make verify cmd CSP-agnostic and move CSP-specific logic to internal/verify. Also make internal/attestation/snp CSP aware.	2023-11-24 15:49:48 +01:00
Otto Bittner	59b096e279	cli: use new instance info struct in verify This ensure that issuer and verify (as consumer) use the same types for marshalling/unmarshalling.	2023-11-24 15:49:48 +01:00
Moritz Sanft	968cdc1a38	cli: move `cli/internal` libraries (#2623 ) * cli: move internal packages Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: fix buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bazel: fix exclude dir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: move back libraries that will not be used by TF provider Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-11-22 14:52:56 +01:00
Moritz Sanft	744a605602	cli: state file validation (#2523 ) * re-use `ReadFromFile` in `CreateOrRead` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [wip]: add constraints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [wip] error formatting Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * formatted error messages Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * state file validation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * allow overriding the constraints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * dont validate on read Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add pre-create constraints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [wip] Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * finish pre-init validation test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * finish post-init validation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use state file validation in CLI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix apply tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/validation/errors.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * use transformator for tests * tidy * use empty check directly Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update cli/internal/state/state.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/state/state.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/state/state.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/state/state.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * conditional validation per CSP Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix rebase Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add default case Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * validate state-file as last input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>	2023-11-03 15:47:03 +01:00
Adrian Stobbe	5819a11d25	api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429 )	2023-10-17 17:36:50 +02:00
Daniel Weiße	c52086c5ff	cli: refactor flag parsing code (#2425 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-10-16 15:05:29 +02:00
Moritz Sanft	005e865a13	cli: use state file on init and upgrade (#2395 ) * [wip] use state file in CLI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use state file in CLI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> take clusterConfig from IDFile for compat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> various fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> wip Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add GCP-specific values in Helm loader test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary pointer Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * write ClusterValues in one step Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * move stub to test file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove mention of id-file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * move output to `migrateTerraform` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unconditional assignments converting from idFile Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * move require block in go modules file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fall back to id file on upgrade Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add notice to remove Terraform state check on manual migration Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add `name` field Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> fix name tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * return early if no Terraform diff Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * return infrastructure state even if no diff exists Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add TODO to remove comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use state-file in miniconstellation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: remove id-file (#2402) * remove id-file from `constellation create` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add file renaming to handler * rename id-file after upgrade * use idFile on `constellation init` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `constellation verify` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `constellation mini` * remove id-file from `constellation recover` * linter fixes * remove id-file from `constellation terminate` * fix initSecret type * fix recover argument precedence * fix terminate test * generate * add TODO to remove id-file removal * Update cli/internal/cmd/init.go Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com> * fix verify arg parse logic Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add version test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from docs * add file not found log * use state-file in miniconstellation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `constellation iam destroy` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove id-file from `cdbg deploy` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com> * use state-file in CI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update orchestration docs --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>	2023-10-09 13:04:29 +02:00
Adrian Stobbe	fdd47b7a00	cli: new flag for Azure JSON output of `constellation verify` (#2391 )	2023-10-07 16:24:29 +02:00
Moritz Sanft	3ed001fa8a	attestation: use `go-sev-guest` library (#2269 ) * wip: switch to attestation * add extra comments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * MAA checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use provided functions to parse report / cert chain Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * replace `CommitedTCB` check with `LaunchTCB` check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove debug check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `LaunchTCB` == `CommitedTCB` check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * custom IdKeyDigests check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * basic test of report parsing from instance info Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * retrieve VCEK from AMD KDS Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove VCEK from `azureInstanceInfo` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `go-sev-guest` TCB version type Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validation parsing test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix error message * fix comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove certificate chain from `instanceInfo` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test for idkeydigest check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: update tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] debug prints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: fix tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: fix tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix tests, do some clean-up Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test case for fetching error Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * correct `hack` dependency Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix id key check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] comment out wip unit tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing newline Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * switch to released version of `go-sev-guest` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add constructor test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add VMPL check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test assertions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * switch to pseudoversion Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use fork with windows fix Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use data from THIM Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update embeds Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * verify against ARK in config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * invalid ASK Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: 3u13r <lc@edgeless.systems> * Update internal/attestation/azure/snp/validator.go Co-authored-by: 3u13r <lc@edgeless.systems> * nits Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * refactoring Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * use upstream library with pseudoversion Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * simplify control flow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix return error Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix VCEK test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * revert unintentional changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use new upstream release Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix removed AuthorKeyEn field Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix verification report printing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-09-21 14:08:00 +02:00
Daniel Weiße	9765003298	cli: print ordered measurements list during `constellation verify` (#2302 ) * Print measurements as ordered list during verify * Fix missing safety check in AWS attestation validation --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-09-08 08:08:09 +02:00
Daniel Weiße	311da4c082	cli: correctly trim white spaces for certificates in `verify` (#2299 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-09-04 08:30:18 +02:00
3u13r	bb654ba1ab	cli: fix incorrect actual values for constellation verify on AWS (#2265 ) * cli: fix aws pcr index	2023-08-21 13:50:00 +02:00
Daniel Weiße	c2bb884a04	cli: fix incorrect file path for master secret during upgrades when using workspace flag (#2249 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-16 15:38:40 +02:00
Daniel Weiße	89b342900f	Move workspace path functions to sub-package of cmd Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-09 15:42:24 +02:00
Paul Meyer	e97b2afc14	cli: print maa token in verify Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-08 11:50:26 +02:00
Daniel Weiße	d1ace13713	cli: add `--workspace` flag to set base directory for Constellation workspace (#2148 ) * Remove `--config` and `--master-secret` falgs * Add `--workspace` flag * In CLI, only work on files with paths created from `cli/internal/cmd` * Properly print values for GCP on IAM create when not directly updating the config --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-04 13:53:51 +02:00
Paul Meyer	372aa0fc08	verify: print formatted SNP report Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-31 08:18:50 +02:00
Paul Meyer	c8b1765e1d	verify: use helper function for format writing Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-31 08:18:50 +02:00
Paul Meyer	8e7f4cd046	verify: print VCEK extension values Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-31 08:18:50 +02:00
Thomas Tendyck	274fed0990	cli: fix/improve some user-facing strings	2023-07-06 09:05:17 +02:00
Adrian Stobbe	4284f892ce	api: rename /api/versions to versionsapi and /api/attestationcfig to attestationconfigapi (#1876 ) * rename to attestationconfigapi + put client and fetcher inside pkg * rename api/version to versionsapi and put fetcher + client inside pkg * rename AttestationConfigAPIFetcher to Fetcher	2023-06-07 16:16:32 +02:00
Otto Bittner	30f2b332b3	api: restructure api pkg (#1851 ) * api: rename AttestationVersionRepo to Client * api: move client into separate subpkg for clearer import paths. * api: rename configapi -> attestationconfig * api: rename versionsapi -> versions * api: rename sut to client * api: split versionsapi client and make it public * api: split versionapi fetcher and make it public * config: move attestationversion type to config * api: fix attestationconfig client test Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>	2023-06-02 09:19:23 +02:00
Adrian Stobbe	b51cc52945	config: sign Azure versions on upload & verify on fetch (#1836 ) * add SignContent() + integrate into configAPI * use static client for upload versions tool; fix staticupload calleeReference bug * use version to get proper cosign pub key. * mock fetcher in CLI tests * only provide config.New constructor with fetcher Co-authored-by: Otto Bittner <cobittner@posteo.net> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>	2023-06-01 13:55:46 +02:00
Nils Hanke	c507bd7d95	cli: Generalize PCRs to Measurements in preparation for TDX	2023-05-17 11:37:26 +02:00
Daniel Weiße	d7a2ddd939	config: add separate option for handling attestation parameters (#1623 ) * Add attestation options to config * Add join-config migration path for clusters with old measurement format * Always create MAA provider for Azure SNP clusters * Remove confidential VM option from provider in favor of attestation options * cli: add config migrate command to handle config migration (#1678) --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-05-03 11:11:53 +02:00
Moritz Sanft	e71c33c88d	cli: print attestation document with constellation verify (#1577 ) * wip: verification output * wip: Azure cert parsing * wip: print actual PCRs * wip: use string builder for output formatting * compare PCR expected with actual * tests * change naming * update cli reference * update bazel buildfile * bazel update * change loop signature	2023-04-03 15:06:27 +02:00
Daniel Weiße	db5660e3d6	attestation: add context to Issue and Validate methods (#1532 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-29 09:06:10 +02:00
Daniel Weiße	5a0234b3f2	attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257 ) * Convert enforceIDKeyDigest setting to enum * Use MAA fallback in Azure SNP attestation * Only create MAA provider if MAA fallback is enabled --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems>	2023-03-21 12:46:49 +01:00
Paul Meyer	0036b24266	go: remove unused parameters Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-20 08:41:01 -04:00
Daniel Weiße	6ea5588bdc	config: add attestation variant (#1413 ) * Add attestation type to config (optional for now) * Get attestation variant from config in CLI * Set attestation variant for Constellation services in helm deployments * Remove AzureCVM variable from helm deployments --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-14 11:46:27 +01:00
Daniel Weiße	19507677c1	cli: attestation validator debug output (#1262 ) * Wrote->Written * Add Validator info logs to debug output --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-03 16:50:25 +01:00
Paul Meyer	12c866bcb9	deps: replace multierr with native errors.Join Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-20 12:08:24 -05:00
Otto Bittner	c275464634	cli: change upgrade-plan to upgrade-check Upgrade check is used to find updates for the current cluster. Optionally the found upgrades can be persisted to the config for consumption by the upgrade-execute cmd. The old `upgrade execute` in this commit does not work with the new `upgrade plan`. The current versions are read from the cluster. Supported versions are read from the cli and the versionsapi. Adds a new config field MicroserviceVersion that will be used by `upgrade execute` to update the service versions. The field is optional until 2.7 A deprecation warning for the upgrade key is printed during config validation. Kubernetes versions now specify the patch version to make it explicit for users if an upgrade changes the k8s version.	2023-02-08 12:30:01 +01:00
Otto Bittner	f204c24174	cli: add version validation and force flag Version validation checks that the configured versions are not more than one minor version below the CLI's version. The validation can be disabled using --force. This is necessary for now during development as the CLI does not have a prerelease version, as our images do.	2023-02-08 12:30:01 +01:00
Nils Hanke	a3db3c8424	cli: debug: various improvements (#995 )	2023-01-18 13:10:24 +01:00
Thomas Tendyck	f0f109a1ea	verify: use fixed user data	2023-01-17 16:14:00 +01:00
Moritz Sanft	286803fb97	AB#2579 Add constellation iam create command (#624 )	2022-12-07 11:48:54 +01:00
Daniel Weiße	1f9b6ba90f	Add debug logging for verify command (#610 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-11-21 17:02:33 +01:00
Fabian Kammel	bb76a4e4c8	AB#2512 Config secrets via env var & config refactoring (#544 ) * refactor measurements to use consistent types and less byte pushing * refactor: only rely on a single multierr dependency * extend config creation with envar support * document changes Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-11-15 15:40:49 +01:00
Fabian Kammel	81a5907f26	consistently use stdout and stderr (#502 ) * consistently use stdout and stderr Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-11-10 10:27:24 +01:00
katexochen	1556e239ca	Remove state file	2022-10-13 15:29:29 +02:00
katexochen	ba6e41ed5c	Upgrade go module to v2	2022-09-22 09:10:19 +02:00
Thomas Tendyck	d83a5f8693	cli verify: remove ownerid	2022-09-12 08:50:36 +02:00
Thomas Tendyck	53560ca6c5	cli verify: revert flow change to print correct errors again	2022-09-12 08:50:36 +02:00
Nils Hanke	ce0edc8c80	Purge provider argument from constellation create and verify	2022-09-08 13:38:24 +02:00
Thomas Tendyck	bd63aa3c6b	add license headers sed -i '1i/\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w .	2022-09-05 09:17:25 +02:00
katexochen	7bbcc564bb	Refactor id file interaction * Use IP instead of endpoint in clusterIDsFile * Move and rename validateEnpoint to addPortIfMissing * Refactor clusterIDsFile handling in verify cmd	2022-08-23 18:11:20 +02:00
Daniel Weiße	ba4471a228	AB#2316 Configurable enforced PCRs (#361 ) * Add warnings for non enforced, untrusted PCRs * Fix global state in Config PCR map Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-08-12 15:59:45 +02:00
Daniel Weiße	8f5f84deb5	AB#2305 Fix missing atls verifier in init call (#352 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-08-09 14:04:40 +02:00
Daniel Weiße	a3a85b31cf	Remove mentions of unique ID (#311 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-07-27 16:10:50 +02:00

1 2

65 Commits