Commit Graph

520 Commits

Author SHA1 Message Date
Paul Meyer
d7fafb92b7 bazel: improve script template resilience
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
909bfb9274 bazel: add go generate to //:generate target
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Nils Hanke
eaa5949e31 versionsapi: Split GCP image URI to extract the image name 2023-03-29 17:26:03 +02:00
Daniel Weiße
fc0efb6309
config: deprecate confidentialVM option for Azure clusters in favor of using attestationVariant option (#1539)
* Remove confidentialVM option from azure provider config

* Fix cloudcmd creator test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 14:04:37 +02:00
Nils Hanke
1b832ac959
atls: fix link in README.md (#1545)
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-03-29 13:33:19 +02:00
Thomas Tendyck
091fe3e2d7 measurements: compare to constants for clarity 2023-03-29 12:03:29 +02:00
renovate[bot]
83e6b4d64d
deps: update Constellation containers (#1504)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 11:31:26 +02:00
Daniel Weiße
b57413cfa7
cli: set cluster's initial measurements from user's config using Helm (#1540)
* Remove using measurements from the initial control-plane node for the cluster's initial measurements

* Add using measurements from the user's config for the cluster's initial measurements to align behavior with upgrade command

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 11:16:56 +02:00
Daniel Weiße
99b12e4035
internal: refactor oid package to variant package (#1538)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 09:30:13 +02:00
Daniel Weiße
db5660e3d6
attestation: add context to Issue and Validate methods (#1532)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 09:06:10 +02:00
3u13r
c21b32d440
fix measurement generator (#1510) 2023-03-23 17:44:30 +01:00
Otto Bittner
cac43a1dd0 ci: add e2e-upgrade test
The test is implemented as a go test.
It can be executed as a bazel target.
The general workflow is to setup a cluster,
point the test to the workspace in which to
find the kubeconfig and the constellation config
and specify a target image, k8s and
service version. The test will succeed
if it detects all target versions in the cluster
within the configured timeout.
The CI automates the above steps.
A separate workflow is introduced as there
are multiple input fields to the test.
Adding all of these to the manual e2e test
seemed confusing.

Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-03-23 14:57:38 +01:00
Leonard Cohnen
b2df6ba07a bump enterprise miniconstellation image 2023-03-23 14:55:29 +01:00
renovate[bot]
090d071993
deps: update Constellation containers to v2.7.0-pre.0.20230322165747-0a190c2bf672 (#1491)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-03-22 18:30:59 +01:00
renovate[bot]
57f1c8f139
deps: update Kubernetes versions (#1473)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 14:27:07 +01:00
Paul Meyer
02fc3dc635
measurements: refactor validation option (#1462)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 11:47:39 +01:00
renovate[bot]
2d1ffaea4f
deps: update K8s constrained Azure versions (#1408)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 10:23:44 +01:00
renovate[bot]
7a0cbe39f4
deps: update Constellation containers to v2.7.0-pre.0.20230321165012-cab6044f6910 (#1484)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-21 20:21:42 +01:00
renovate[bot]
248dbb5927
deps: update Constellation containers (#1464)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-21 17:37:06 +01:00
Daniel Weiße
5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257)
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-21 12:46:49 +01:00
Malte Poll
67f5625f99 versions: add OpenStack CCM image 2023-03-21 10:51:09 +01:00
Malte Poll
071628c6a0 config: add OpenStack in-cluster authentication settings 2023-03-21 10:51:09 +01:00
Malte Poll
f785ae560b openstack: implement account key for cluster-internal authentication 2023-03-21 10:51:09 +01:00
Malte Poll
1b2a927b84 openstack: implement api client UID, InitSecretHash and GetLoadBalancerEndpoint 2023-03-21 10:51:09 +01:00
Otto Bittner
1b12147d83
cli: minor restructuring for loading helm charts (#1441)
Use one loadRelease function instead of one function for each
release.
2023-03-20 17:05:58 +01:00
renovate[bot]
b3b1809251
deps: update K8s version independent containers to v0.1.2 (#1376)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 16:35:26 +01:00
Daniel Weiße
1a0e05c3fb
Set Azure-SEV-SNP as default azure attestation variant (#1461)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-20 14:40:27 +01:00
Paul Meyer
bad05321a0 go: remove redefinitions of builtins
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 08:41:01 -04:00
Paul Meyer
0036b24266 go: remove unused parameters
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 08:41:01 -04:00
Moritz Sanft
f2ce9518a3
cli: support custom attestation policies for maa (#1375)
* create and update maa attestation policy

* use interface to allow unit testing

* fix test csp

* http request for policy patch

* go mod tidy

* remove hyphen

* go mod tidy

* wip: adapt to feedback

* linting fixes

* remove csp from tf call

* fix type assertion

* Add MAA URL to instance tags (#1409)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* conditionally create maa provider

* only set instance tag when maa is created

* fix azure unit test

* bazel tidy

* remove AzureCVM const

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* encode policy at runtime

* remove policy arg

* fix unit test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-03-20 13:33:04 +01:00
renovate[bot]
540978bc98
deps: update Constellation containers (#1417)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-03-17 07:48:19 +01:00
Daniel Weiße
6ea5588bdc
config: add attestation variant (#1413)
* Add attestation type to config (optional for now)

* Get attestation variant from config in CLI

* Set attestation variant for Constellation services in helm deployments

* Remove AzureCVM variable from helm deployments

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-14 11:46:27 +01:00
renovate[bot]
fb83c1dbc4
deps: update Constellation containers to v2.7.0-pre.0.20230313143044-114ac53872c6 (#1333)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-13 18:49:59 +01:00
Paul Meyer
bab76e8a9a
deps: update containers to v2.7.0-pre (#1407)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-13 13:19:36 +01:00
renovate[bot]
e2ad11320a
deps: update registry.k8s.io/provider-aws/cloud-controller-manager Docker tag to v1.26.1 (#1383)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-13 11:12:50 +01:00
Paul Meyer
a658368d40
deps: update GCP guest agent image (#1400)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-13 10:35:57 +01:00
Paul Meyer
50c4ea9be6 deps: update libvirt container to v2.7.0-pre
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-10 10:46:46 -05:00
Thomas Tendyck
64e1f553d1 cli: remove Edition in version command, which contains duplicate info 2023-03-10 11:36:44 +01:00
Moritz Sanft
01705feb51
ci: upload cli version list (#1377)
* upload cli version list

* fix flag

* name

* allow cli kind for listing

* [remove] update vapi cli

* allow cli kind

* use latest versionsapi image version

* fix kind parsing

* use workflow calls in on_release action

* [remove] update container tag

* change back to latest tag
2023-03-10 10:21:58 +01:00
Nils Hanke
dc4769d0a0 constants: use "Enterprise" for enterprise build 2023-03-09 17:32:50 +01:00
Malte Poll
bdba9d8ba6
bazel: add build files for go (#1186)
* build: correct toolchain order
* build: gazelle-update-repos
* build: use pregenerated proto for dependencies
* update bazeldnf
* deps: tpm simulator
* Update Google trillian module
* cli: add stamping as alternative build info source
* bazel: add go_test wrappers, mark special tests and select testing deps
* deps: add libvirt deps
* deps: go-libvirt patches
* deps: cloudflare circl patches
* bazel: add go_test wrappers, mark special tests and select testing deps
* bazel: keep gazelle overrides
* bazel: cleanup bazelrc
* bazel: switch CMakeLists.txt to use bazel
* bazel: fix injection of version information via stamping
* bazel: commit all build files
* dev-docs: document bazel usage
* deps: upgrade zig-cc for go 1.20
* bazel: update Perl for macOS arm64 & Linux arm64 support
* bazel: use static perl toolchain for OpenSSL
* bazel: use static protobuf (protoc) toolchain
* deps: add git and go to nix deps

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-09 15:23:42 +01:00
Daniel Weiße
8c87bba755
Add measurement reader (#1381)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-09 11:22:58 +01:00
Daniel Weiße
5bad5f768b
attestation: create issuer based on kernel cmd line (#1355)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-09 09:47:28 +01:00
Paul Meyer
acbd70c741 openstack: implement api client and metadata list
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 09:04:57 -05:00
Paul Meyer
418f08bf40 openstack: implement imds and metadata self
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 09:04:57 -05:00
Paul Meyer
630016d1b3 openstack: use password to authenticate in cluster
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 09:04:57 -05:00
Paul Meyer
64fc43f276
use any instead of interface{} (#1354)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 10:31:20 +01:00
Malte Poll
62ea224d36
attestation: remove PCR[0] and PCR[10] from enterprise measurements (#1348)
This will help the measurement generation done as part of internal/attestation/measurements/measurement-generator.
It can currently replace measurements but not reformat the code (in cases where the number of measurements differs).
2023-03-06 17:11:14 +01:00
Thomas Tendyck
c94d1db76d attestation: remove PCR 0 and 10 on GCP 2023-03-06 13:09:57 +01:00
Thomas Tendyck
0a344e4cf6 attestation: validate GCP machine state 2023-03-06 13:09:57 +01:00