Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-10 17:09:27 -04:00
Code Issues Projects Releases Packages Wiki Activity
3850 commits 147 branches 55 tags 111 MiB
Commit graph

31 commits

Author SHA1 Message Date
miampf
f16ccf5679
rewrote packages 
keyservice
joinservice
upgrade-agent
measurement-reader
debugd
disk-mapper

rewrote joinservice main

rewrote some unit tests

rewrote upgrade-agent + some grpc functions

rewrote measurement-reader

rewrote debugd

removed unused import

removed forgotten zap reference in measurements reader

rewrote disk-mapper + tests

rewrote packages

verify
disk-mapper
malicious join
bootstrapper
attestationconfigapi
versionapi
internal/cloud/azure
disk-mapper tests
image/upload/internal/cmd

rewrote verify (WIP with loglevel increase)

rewrote forgotten zap references in disk-mapper

rewrote malicious join

rewrote bootstrapper

rewrote parts of internal/

rewrote attestationconfigapi (WIP)

rewrote versionapi cli

rewrote internal/cloud/azure

rewrote disk-mapper tests (untested by me rn)

rewrote image/upload/internal/cmd

removed forgotten zap references in verify/cmd

rewrote packages

hack/oci-pin
hack/qemu-metadata-api
debugd/internal/debugd/deploy
hack/bazel-deps-mirror
cli/internal/cmd
cli-k8s-compatibility

rewrote hack/qemu-metadata-api/server

rewrote debugd/internal/debugd/deploy

rewrote hack/bazel-deps-mirror

rewrote rest of hack/qemu-metadata-api

rewrote forgotten zap references in joinservice server

rewrote cli/internal/cmd

rewrote cli-k8s-compatibility

rewrote packages

internal/staticupload
e2d/internal/upgrade
internal/constellation/helm
internal/attestation/aws/snp
internal/attestation/azure/trustedlaunch
joinservice/internal/certcache/amkds

some missed unit tests

rewrote e2e/internal/upgrade

rewrote internal/constellation/helm

internal/attestation/aws/snp

internal/attestation/azure/trustedlaunch

joinservice/internal/certcache/amkds

search and replace test logging over all left *_test.go
 2024-02-08 13:14:14 +01:00
miampf
48d5a157dd
rewrote doc/description strings in logger 
fixed some stuff I didn't see

replaced forgotten zap reference
removed unneeded dependency
 2024-02-08 13:12:28 +01:00
Otto Bittner
1d5a8283e0
cli: use Semver type to represent microservice versions (#2125) 
Previously we used strings to pass microservice versions. This invited
bugs due to missing input validation.
 2023-07-25 14:20:25 +02:00
Daniel Weiße
6a40c73ff7
disk-mapper: set LUKS2 token to allow reusing unintialized state disks (#2083) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-07-18 16:20:03 +02:00
Daniel Weiße
ac1128d07f
cryptsetup: unify code (#2043) 
* Add common backend for interacting with cryptsetup

* Use common cryptsetup backend in bootstrapper

* Use common cryptsetup backend in disk-mapper

* Use common cryptsetup backend in csi lib

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-07-17 13:55:31 +02:00
Paul Meyer
149820fdce
diskmapper: fix zap.Error without err (#2012) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-05 10:07:05 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP as new variant (#1900) 
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP

For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
 2023-06-09 15:41:02 +02:00
Daniel Weiße
c478df36fa Add TDX bazel files 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-17 11:37:26 +02:00
Daniel Weiße
bda999d54e Use TDX device to mark node as initialized (#1426) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-17 11:37:26 +02:00
Malte Poll
d104af6e51 image: support intel TDX direct linux boot under TDX OVMF 2023-05-17 11:37:26 +02:00
Daniel Weiße
99b12e4035
internal: refactor oid package to variant package (#1538) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-29 09:30:13 +02:00
Daniel Weiße
83d10b0e70
hack: remove unused tools (#1387) 
* Remove unused pcr-compare tool
* Remove unused pcr-reader tool
* Remove obsolete image-measurement tool

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-09 16:59:33 +01:00
Daniel Weiße
5bad5f768b
attestation: create issuer based on kernel cmd line (#1355) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-09 09:47:28 +01:00
Paul Meyer
ebf7dd8842 openstack: use metadata client where possible 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-08 09:04:57 -05:00
Malte Poll
fc33a74c78
constants: make VersionInfo readonly (#1316) 
The variable VersionInfo is supposed to be set by `go build -X ...` during link time but should not be modified at runtime.
This change ensures the underlying var is private and can only be accessed by a public getter.
 2023-03-01 11:55:12 +01:00
Paul Meyer
d0109b833e
disk-mapper: make openstack image bootable (#1312) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-01 10:39:32 +01:00
Daniel Weiße
b3486fc32b
intenal: add logging to attestation issuer (#1264) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-02-28 16:34:18 +01:00
Malte Poll
b79f7d0c8c
cli: add basic support for constellation create on OpenStack (#1283) 
* image: support OpenStack image build / upload

* cli: add OpenStack terraform template

* config: add OpenStack as CSP

* versionsapi: add OpenStack as CSP

* cli: add OpenStack as provider for `config generate` and `create`

* disk-mapper: add basic support for boot on OpenStack

* debugd: add placeholder for OpenStack

* image: fix config file sourcing for image upload
 2023-02-27 18:19:52 +01:00
leongross
efc0cec4e1
image: verbose debugging options (#1159) 2023-02-24 14:25:39 +01:00
Otto Bittner
9a1f52e94e Refactor init/recovery to use kms URI 
So far the masterSecret was sent to the initial bootstrapper
on init/recovery. With this commit this information is encoded
in the kmsURI that is sent during init.
For recover, the communication with the recoveryserver is
changed. Before a streaming gRPC call was used to
exchanges UUID for measurementSecret and state disk key.
Now a standard gRPC is made that includes the same kmsURI &
storageURI that are sent during init.
 2023-01-19 13:14:55 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553) 
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-24 10:57:58 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code (#504) 
* Rename Metadata->Cloud

* Remove unused methods, functions, and variables

* More privacy for testing stubs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API (#477) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-15 09:08:18 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency (#533) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-14 09:02:56 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API (#387) 
* Refactor GCP metadata/cloud API

* Remove cloud controller manager from metadata package

* Remove PublicIP

* Move shared cloud packages

* Remove dead code

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-09 14:43:48 +01:00
Leonard Cohnen
02602716b5 disk-mapper: add AWS attestation 2022-11-02 23:29:04 +01:00
Leonard Cohnen
7a6a0766e8 undefine more -v flags due to glog 2022-10-30 22:13:58 +01:00
Daniel Weiße
c1b4193791
Add support for AWS to disk-mapper (#329) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-10-21 15:04:34 +02:00
katexochen
ba6e41ed5c Upgrade go module to v2 2022-09-22 09:10:19 +02:00
Daniel Weiße
e367e1a68b
AB#2261 Add loadbalancer for control-plane recovery (#151) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-09-14 13:25:42 +02:00
Daniel Weiße
8cb155d5c5
AB#2260 Refactor disk-mapper recovery (#82) 
* Refactor disk-mapper recovery

* Adapt constellation recover command to use new disk-mapper recovery API

* Fix Cilium connectivity on rebooting nodes (#89)

* Lower CoreDNS reschedule timeout to 10 seconds (#93)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-09-08 14:45:27 +02:00
Renamed from state/cmd/main.go (Browse further)