* perform upgrades in-place in terraform workspace
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add iam upgrade apply test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* make config fetcher stubbable
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* change workspace restoring behaviour
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* allow overwriting existing Terraform files
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* allow overwrites of TF variables
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix iam upgrade apply
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix embed directive
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* make loader test less brittle
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* pass upgrade ID to user
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* naming nit
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use upgradeDir
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* tidy
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Check chart versions against target in users config
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Cleaner cli-config version support checking
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Return InvalidUpgradeError
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Print measurements as ordered list during verify
* Fix missing safety check in AWS attestation validation
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
We don't want these options on other CSPs. This is temporary until AWS
fixed some background issues.
We need to set the option we want to set differently on each provider
once per provider as we need to keep some of the options we set with
higher priority.
Previously the timeout was not set in the client's constructor, thus the
zero value was used. The client did not wait for invalidation.
To prevent this in the future a warning is logged if wait is disabled.
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
* Remove signature checks from unittests. Would need to export
signature from client/fetcher (unwanted). Can't figure out a better way.
e2e test completes in ~4sec and runs automatically.
So seems like a acceptable tradeoff.
* list object is now signed, but not verified. If we start to verify the list
we will have to adapt the e2e test to restore the previous list.
Otherwise there could be conflicts between dev and release keys.
Wrapping apiObject does not work as intended as the version field
is when fetching objects from the API. Thus we need to insert
the target path of the signature directly.
Disabling SMT dynamically inside the image creates problems on AWS.
The problem should be fixed by disabling smt through the VMM.
By recommendation from AWS: add idle=poll.
This should improve our launch success rate while they investigate some
upstream issues.
