Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-31 18:36:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,560 Commits 139 Branches 49 Tags 92 MiB
d5fa614df1
Commit Graph

542 Commits

Author SHA1 Message Date
Daniel Weiße
d7a2ddd939
config: add separate option for handling attestation parameters (#1623) 
* Add attestation options to config

* Add join-config migration path for clusters with old measurement format

* Always create MAA provider for Azure SNP clusters

* Remove confidential VM option from provider in favor of attestation options

* cli: add config migrate command to handle config migration (#1678)

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-03 11:11:53 +02:00
renovate[bot]
e9103cad0a
deps: update Constellation containers to v2.7.0-pre.0.20230405123345-6bf3c63115a5 (#1563) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-05-02 15:04:31 +02:00
edgelessci
1ea060e873
image: update measurements and image version (#1700) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-04-28 08:02:19 +02:00
renovate[bot]
84c7550f37
deps: update Kubernetes versions (#1688) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-27 18:04:01 +02:00
3u13r
1bdf410b52
bazel: allow custom container_prefix (#1693) 
* build: allow custom container registry

* build: fix .bazeloverwriterc import
 2023-04-27 11:52:02 +02:00
Paul Meyer
bf051174f6 ci: update measurements and image version 
on scheduled build

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-27 10:20:27 +02:00
Malte Poll
c11a3f4460
cli: configurable state disk type on OpenStack (#1686) 2023-04-27 09:08:43 +02:00
Malte Poll
9dfad32e33 cli: use Bazel container images 2023-04-18 15:35:15 +02:00
Moritz Sanft
1d0ee796e8
cli: add Terraform log support (#1620) 
* add Terraform logging

* add TF logging to CLI

* fix path

* only create file if logging is enabled

* update bazel files

* register persistent flags manually

* clidocgen

* move logging code to separate file

* reword yes flag parsing error

* update bazel buildfile

* factor out log level setting
 2023-04-14 14:15:07 +02:00
Daniel Weiße
ec01c57661
internal: use config to create attestation validators (#1561) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-04-06 17:00:56 +02:00
Malte Poll
69de06dd1f
image: OpenStack vTPM (#1616) 
* cli: allow vpc traffic between nodes on OpenStack
* image: enable vTPM on OpenStack
* cli: add create tests for OpenStack
 2023-04-05 16:49:03 +02:00
renovate[bot]
a2ae53d229
deps: update dependency kubernetes-sigs/cri-tools to v1.26.1 (#1600) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-04-05 11:37:15 +02:00
Malte Poll
2ca2dbae22
versionsapi: fix list command by allowing empty set of patch versions for a given minor version (#1609) 2023-04-04 12:10:07 +02:00
Paul Meyer
58b405d04c
license: remove check for Azure.ConfidentialVM (#1602) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-03 19:19:54 +02:00
Malte Poll
d15968bed7
bootstrapper: make Azure auth method configurable on cluster init (#1346) 
* bootstrapper: make Azure auth method configurable on cluster init
* azure: convert uami resource ID to clientID


Co-authored-by: 3u13r <lc@edgeless.systems>
 2023-04-03 15:01:25 +02:00
Moritz Sanft
46f5b1734e
cli: show available cli upgrades on upgrade check command (#1394) 
* cli: upgrade check show cli upgrades

* only check compatibility for valid upgrades

* use semver.Sort

* extend unit tests

* add unit test for new compatible cli versions

* adapt to feedback

* fix rebase

* rework output

* minor -> major

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* minor -> major

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* dynamic major version

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* remove currentK8sVer argument

* bazel gen & tidy

* bazel update

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
 2023-04-03 14:31:17 +02:00
Otto Bittner
c8c2953d7b cli: add status cmd 
The new command allows checking the status of an upgrade
and which versions are installed.
Also remove the unused restclient.
And make GetConstellationVersion a function.
 2023-04-03 12:03:41 +02:00
Moritz Sanft
2d41a19fbf
internal: semver support for pseudoversions (#1564) 
* support for prerelease tag / pseudoversion

* build version first

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* use strings.Cut

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-04-03 10:48:28 +02:00
Daniel Weiße
62c165750f
config: remove deprecated upgradeConfig and require name and microserviceVersion fields (#1541) 
* Remove deprecated fields

* Remove warning for not setting attestationVariant

* Dont write attestationVariant to config

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-31 19:19:10 +02:00
3u13r
efe4681214
add version.txt step to release pipeline (#1493) 
* add version.txt step to release pipeline

* refresh git status

* make minicon e2e test less flaky
 2023-03-31 12:41:32 +02:00
renovate[bot]
8ffd1dcf3f
deps: update bazel_gazelle digest to 4dfcb75 (#1516) 
* deps: update gazelle and rules_go
* variant: remove renamed go_library label
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2023-03-31 10:43:07 +02:00
renovate[bot]
786d9c86ad
deps: update Constellation containers (#1543) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-30 18:43:28 +02:00
Paul Meyer
d7fafb92b7 bazel: improve script template resilience 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-29 12:51:40 -04:00
Paul Meyer
909bfb9274 bazel: add go generate to //:generate target 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-29 12:51:40 -04:00
Nils Hanke
eaa5949e31 versionsapi: Split GCP image URI to extract the image name 2023-03-29 17:26:03 +02:00
Daniel Weiße
fc0efb6309
config: deprecate confidentialVM option for Azure clusters in favor of using attestationVariant option (#1539) 
* Remove confidentialVM option from azure provider config

* Fix cloudcmd creator test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-29 14:04:37 +02:00
Nils Hanke
1b832ac959
atls: fix link in README.md (#1545) 
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-03-29 13:33:19 +02:00
Thomas Tendyck
091fe3e2d7 measurements: compare to constants for clarity 2023-03-29 12:03:29 +02:00
renovate[bot]
83e6b4d64d
deps: update Constellation containers (#1504) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-29 11:31:26 +02:00
Daniel Weiße
b57413cfa7
cli: set cluster's initial measurements from user's config using Helm (#1540) 
* Remove using measurements from the initial control-plane node for the cluster's initial measurements

* Add using measurements from the user's config for the cluster's initial measurements to align behavior with upgrade command

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-29 11:16:56 +02:00
Daniel Weiße
99b12e4035
internal: refactor oid package to variant package (#1538) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-29 09:30:13 +02:00
Daniel Weiße
db5660e3d6
attestation: add context to Issue and Validate methods (#1532) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-29 09:06:10 +02:00
3u13r
c21b32d440
fix measurement generator (#1510) 2023-03-23 17:44:30 +01:00
Otto Bittner
cac43a1dd0 ci: add e2e-upgrade test 
The test is implemented as a go test.
It can be executed as a bazel target.
The general workflow is to setup a cluster,
point the test to the workspace in which to
find the kubeconfig and the constellation config
and specify a target image, k8s and
service version. The test will succeed
if it detects all target versions in the cluster
within the configured timeout.
The CI automates the above steps.
A separate workflow is introduced as there
are multiple input fields to the test.
Adding all of these to the manual e2e test
seemed confusing.

Co-authored-by: Fabian Kammel <fk@edgeless.systems>
 2023-03-23 14:57:38 +01:00
Leonard Cohnen
b2df6ba07a bump enterprise miniconstellation image 2023-03-23 14:55:29 +01:00
renovate[bot]
090d071993
deps: update Constellation containers to v2.7.0-pre.0.20230322165747-0a190c2bf672 (#1491) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-03-22 18:30:59 +01:00
renovate[bot]
57f1c8f139
deps: update Kubernetes versions (#1473) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-22 14:27:07 +01:00
Paul Meyer
02fc3dc635
measurements: refactor validation option (#1462) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-22 11:47:39 +01:00
renovate[bot]
2d1ffaea4f
deps: update K8s constrained Azure versions (#1408) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-22 10:23:44 +01:00
renovate[bot]
7a0cbe39f4
deps: update Constellation containers to v2.7.0-pre.0.20230321165012-cab6044f6910 (#1484) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-21 20:21:42 +01:00
renovate[bot]
248dbb5927
deps: update Constellation containers (#1464) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-21 17:37:06 +01:00
Daniel Weiße
5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257) 
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
 2023-03-21 12:46:49 +01:00
Malte Poll
67f5625f99 versions: add OpenStack CCM image 2023-03-21 10:51:09 +01:00
Malte Poll
071628c6a0 config: add OpenStack in-cluster authentication settings 2023-03-21 10:51:09 +01:00
Malte Poll
f785ae560b openstack: implement account key for cluster-internal authentication 2023-03-21 10:51:09 +01:00
Malte Poll
1b2a927b84 openstack: implement api client UID, InitSecretHash and GetLoadBalancerEndpoint 2023-03-21 10:51:09 +01:00
Otto Bittner
1b12147d83
cli: minor restructuring for loading helm charts (#1441) 
Use one loadRelease function instead of one function for each
release.
 2023-03-20 17:05:58 +01:00
renovate[bot]
b3b1809251
deps: update K8s version independent containers to v0.1.2 (#1376) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-20 16:35:26 +01:00
Daniel Weiße
1a0e05c3fb
Set Azure-SEV-SNP as default azure attestation variant (#1461) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-20 14:40:27 +01:00
Paul Meyer
bad05321a0 go: remove redefinitions of builtins 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-20 08:41:01 -04:00