* Clean up license checker code
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Create license check depending on init/upgrade actions
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Run license check in Terraform provider
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* fix license integration test action
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Run tests with enterprise tag
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Allow b64 encoding for license ID
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Update checker_enterprise.go
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Reduce external dependencies of kubecmd package
* Add kubecmd wrapper to constellation-lib
* Update CLI code to use constellation-lib
* Move kubecmd package to subpackage of constellation-lib
* Initialise helm and kubecmd clients when kubeConfig is set
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* constellation-lib: refactor init RPC
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* constellation-lib: pass io.Writer for collecting logs
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* constellation-lib: add init test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* constellation-lib: bin dialer to struct
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* constellation-lib: set service CIDR on init
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* cli: move internal packages
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* cli: fix buildfiles
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* bazel: fix exclude dir
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* cli: move back libraries that will not be used by TF provider
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Allow creation of Constellation clusters using `apply` command
* Add auto-completion for `--skip-phases` flag
* Deprecate create command
* Replace all doc references to create command with apply
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* re-use `ReadFromFile` in `CreateOrRead`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* [wip]: add constraints
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* [wip] error formatting
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* wip
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* formatted error messages
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* state file validation
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* linter fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* allow overriding the constraints
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* dont validate on read
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add pre-create constraints
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* [wip]
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* finish pre-init validation test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* finish post-init validation
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use state file validation in CLI
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix apply tests
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update internal/validation/errors.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* use transformator for tests
* tidy
* use empty check directly
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* Update cli/internal/state/state.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update cli/internal/state/state.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update cli/internal/state/state.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update cli/internal/state/state.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* conditional validation per CSP
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* tidy
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix rebase
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add default case
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* validate state-file as last input
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Use common 'apply' backend for init and upgrades
* Move unit tests to new apply backend
* Only perform Terraform migrations if state exists in cwd (#2457)
* Rework skipPhases logic
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* [wip] use state file in CLI
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
tidy
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use state file in CLI
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
take clusterConfig from IDFile for compat
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
various fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
wip
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add GCP-specific values in Helm loader test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove unnecessary pointer
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* write ClusterValues in one step
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* move stub to test file
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove mention of id-file
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* move output to `migrateTerraform`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* unconditional assignments converting from idFile
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* move require block in go modules file
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fall back to id file on upgrade
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* tidy
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* fix linter check
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add notice to remove Terraform state check on manual migration
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add `name` field
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
fix name tests
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* return early if no Terraform diff
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* tidy
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* return infrastructure state even if no diff exists
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add TODO to remove comment
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* use state-file in miniconstellation
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* cli: remove id-file (#2402)
* remove id-file from `constellation create`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add file renaming to handler
* rename id-file after upgrade
* use idFile on `constellation init`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove id-file from `constellation verify`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* linter fixes
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove id-file from `constellation mini`
* remove id-file from `constellation recover`
* linter fixes
* remove id-file from `constellation terminate`
* fix initSecret type
* fix recover argument precedence
* fix terminate test
* generate
* add TODO to remove id-file removal
* Update cli/internal/cmd/init.go
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* fix verify arg parse logic
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* add version test
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove id-file from docs
* add file not found log
* use state-file in miniconstellation
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove id-file from `constellation iam destroy`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* remove id-file from `cdbg deploy`
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* use state-file in CI
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* update orchestration docs
---------
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* Replace UpdateAttestationConfig with ApplyJoinConfig
* Dont set up join-config over Helm, it is now only managed by our CLI directly during init and upgrade
* Remove measurementSalt and attestationConfig parsing from helm, they were only needed for the JoinConfig
* Add migration step to remove join-config from Helm management
* Update attestation config trouble shooting tip
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Remove `--config` and `--master-secret` falgs
* Add `--workspace` flag
* In CLI, only work on files with paths created from `cli/internal/cmd`
* Properly print values for GCP on IAM create when not directly updating the config
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Fix missing init parameters in mini up
* Remove redundant passing of file.Handler in init functions
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* fail on version mismatch
* rename to validateCLIandConstellationVersionAreEqual
* fix test
* image version must only be major,minor patch equal (ignore suffix)
* add version support doc
* fix: do not check patch version equality for image and cli
* skip validate on force
* invalidate app client id field for azure and provide info
* remove TestNewWithDefaultOptions case
* fix test
* remove appClientID field
* remove client secret + rename err
* remove from docs
* otto feedback
* update docs
* delete env test in cfg since no envs set anymore
* Update dev-docs/workflows/github-actions.md
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* WARNING to stderr
* fix check
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP
For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
* client supports delete version
* rename to new attestation / fetcher naming
* add delete command to upload tool
* test client delete
* bazel update
* use general client in attestation client
* Update hack/configapi/cmd/delete.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* daniel feedback
* unit test azure sev upload
* Update hack/configapi/cmd/delete.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* add client integration test
* new client cmds use apiObject
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* add SignContent() + integrate into configAPI
* use static client for upload versions tool; fix staticupload calleeReference bug
* use version to get proper cosign pub key.
* mock fetcher in CLI tests
* only provide config.New constructor with fetcher
Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Add attestation options to config
* Add join-config migration path for clusters with old measurement format
* Always create MAA provider for Azure SNP clusters
* Remove confidential VM option from provider in favor of attestation options
* cli: add config migrate command to handle config migration (#1678)
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
