Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,316 Commits 133 Branches 44 Tags 106 MiB
ce2465c3c7
Commit Graph

3316 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Weiße
ce2465c3c7
ci: use West US region for Azure e2e test until problems are resolved (#2414) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-10-06 11:43:02 +02:00
Moritz Sanft
d0fe6c9272
update list of default idkeydigests (#2415) 2023-10-06 11:32:19 +02:00
Otto Bittner
887dcda78b s3proxy: add keyservice integration 
Encrypt each object with a random DEK and attach
the encrypted DEK as object metadata.
Encrpt the DEK with a key from the keyservice.
All objects use the same KEK until a keyrotation
takes place.
 2023-10-06 11:23:32 +02:00
Otto Bittner
a7ceda37ea s3proxy: add intial implementation 
INSECURE!
The proxy intercepts GetObject and PutObject.
A manual deployment guide is included.
The decryption only relies on a hardcoded, static key.
Do not use with sensitive data; testing only.
* Ticket to track ranged GetObject: AB#3466.
 2023-10-06 11:23:32 +02:00
katexochen
957f8ad203 image: update measurements and image version 2023-10-06 08:09:28 +02:00
Paul Meyer
b1d5d13990 github: replace discord with GitHub discussions 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-10-05 16:57:19 +02:00
Paul Meyer
53bfb3b71a github: use new issue forms instead of template 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-10-05 16:57:19 +02:00
Moritz Sanft
2d797874c7
ci: add msanft to list of possible e2e assignees (#2410) 
* add msanft to list of possible e2e assignees

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add msanft to teams card

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2023-10-05 13:54:45 +02:00
3u13r
1452e64675
Refactor Terraform to have all ports in a list (#2409) 
* terraform: aws refactoring

* terraform: gcp refactoring

* terraform: azure refactoring
 2023-10-05 12:34:02 +02:00
Daniel Weiße
f69ae26122
csi: fix concurrent use of cryptmapper package (#2408) 
* Dont error on opening already active devices

* Fix concurrency issues when working with more than one device

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-10-05 11:20:22 +02:00
3u13r
6ba43b03ee
docs: add gcp permissions needed for upgrade (#2378) 2023-10-05 10:28:39 +02:00
Moritz Sanft
13e9359b5c
remove unnecessary link (#2407) 2023-10-05 10:05:45 +02:00
edgelessci
7e899d09c4
image: update measurements and image version (#2405) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2023-10-04 14:24:57 +02:00
Malte Poll
6ea0b38a66 ci: add large runner as allowed label 2023-10-04 13:17:44 +02:00
Malte Poll
69cb70e970 deps: update linux kernel to 6.1.55 2023-10-04 13:17:44 +02:00
Moritz Sanft
0885646034
github: add AB ticket link to PR template (#2397) 
* add Azure DevOps ticket to PR template

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make additional info not optional

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2023-10-04 10:26:10 +02:00
Malte Poll
b4fb8439d0
ci: use larger runners for os image pipeline (#2399) 2023-10-04 10:13:43 +02:00
Moritz Eckert
7c76592a08
docs: add observability page (#2384) 
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2023-10-04 09:37:46 +02:00
renovate[bot]
e938cc5e63
deps: update module golang.org/x/vuln to v1.0.1 (#2365) 
* deps: update module golang.org/x/vuln to v1.0.1

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-09-29 21:45:42 +02:00
Malte Poll
af532f223d
deps: update golang.org/x/tools (#2396) 2023-09-29 15:49:34 +02:00
Moritz Sanft
a5021c52d3
joinservice: cache certificates for Azure SEV-SNP attestation (#2336) 
* add ASK caching in joinservice

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use cached ASK in Azure SEV-SNP attestation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update test charts

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix typ

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make caching mechanism less provider-specific

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add `omitempty` flag

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* frontload certificate getter

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* rename frontloaded function

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* pass cached certificates to constructor

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix race condition

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix marshalling of empty certs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix validator usage

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [wip] add certcache tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add certcache tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix validator test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unused fields in validator

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix certificate precedence

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use separate context

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* linter fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* linter fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Remove unnecessary comment

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* use background context

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Use error format directive

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* `azure` -> `Azure`

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* improve error messages

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add x509 -> PEM util function

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use crypto util functions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix certificate replacement logic

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only require ASK from certcache

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix comment typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2023-09-29 14:29:50 +02:00
Malte Poll
68d8b29335 nix: update flake.lock 2023-09-29 14:09:58 +02:00
Malte Poll
627a4b6cbb ci: enable nix binary cache 2023-09-29 14:09:58 +02:00
Malte Poll
b66fa5aaab hack: remove pseudo-version tool 
The Go implementation is now unused.
Consumers are all switched over to /tools/workspace_status.sh
 2023-09-29 14:09:58 +02:00
Malte Poll
ed4d4d83fd ci: remove dependency on pseudo-version tool 2023-09-29 14:09:58 +02:00
Malte Poll
055fb32918 ci: stop using raw "go run" 2023-09-29 14:09:58 +02:00
3u13r
eebaef9ddd
init: overwrite kubeconfig address (#2393) 2023-09-29 14:01:40 +02:00
Malte Poll
85b4101dc3
deps: update go to 1.21.1 (#2389) 2023-09-28 22:29:14 +02:00
3u13r
c74a2e98df
cli: omitempty infrastructure fields (#2392) 2023-09-28 18:39:52 +02:00
Daniel Weiße
36c8cf2fd8
ci: fix whitespace in url for some tests (#2390) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-09-28 16:31:22 +02:00
Malte Poll
4a66899de8 docs: update attestation section with changes for measured boot 2023-09-27 17:58:19 +02:00
Malte Poll
1da5153627 ci: use nix + mkosi during os image build 2023-09-27 17:58:19 +02:00
Malte Poll
f6d9f91877 image: reimplement and adapt measurement generation in Go 2023-09-27 17:58:19 +02:00
Malte Poll
8e706d6de3 image: update README 2023-09-27 17:58:19 +02:00
Malte Poll
daa5b51904 terraform: disable secure boot for GCP 2023-09-27 17:58:19 +02:00
Malte Poll
4e2b9745bb terraform: disable secure boot for QEMU / MiniConstellation 2023-09-27 17:58:19 +02:00
Malte Poll
3543fe140e image: allow toggling secure boot in image upload 2023-09-27 17:58:19 +02:00
Malte Poll
c6ea596eb9 image: system layer 2023-09-27 17:58:19 +02:00
Malte Poll
4ef3d10be3 image: initrd layer 2023-09-27 17:58:19 +02:00
Malte Poll
d904766b9c image: base layer 2023-09-27 17:58:19 +02:00
Malte Poll
fc1045a4f7 image: remove old mkosi config 2023-09-27 17:58:19 +02:00
Malte Poll
0979a483b4 debugd: package as tar 2023-09-27 17:58:19 +02:00
Malte Poll
274dd9d5d8 upgrade-agent: package as tar 2023-09-27 17:58:19 +02:00
Malte Poll
365a07639c measurement-reader: package as tar 2023-09-27 17:58:19 +02:00
Malte Poll
200fc79e0c bootstrapper: package as tar 2023-09-27 17:58:19 +02:00
Malte Poll
9a5566de21 disk-mapper: package as tar 2023-09-27 17:58:19 +02:00
Malte Poll
825dab0e0b image: add sysroot files 2023-09-27 17:58:19 +02:00
Malte Poll
81c5cc21f8 image: add kernel rpms 2023-09-27 17:58:19 +02:00
Malte Poll
78300ee5b0 use toolchains from nixpkgs (with fallback) 2023-09-27 17:58:19 +02:00
Malte Poll
90967d5bc2 bazel: mkosi_image rule 2023-09-27 17:58:19 +02:00