constellation

mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00

Author	SHA1	Message	Date
renovate[bot]	e938cc5e63	deps: update module golang.org/x/vuln to v1.0.1 (#2365 ) * deps: update module golang.org/x/vuln to v1.0.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>	2023-09-29 21:45:42 +02:00
Malte Poll	af532f223d	deps: update golang.org/x/tools (#2396 )	2023-09-29 15:49:34 +02:00
Malte Poll	b66fa5aaab	hack: remove pseudo-version tool The Go implementation is now unused. Consumers are all switched over to /tools/workspace_status.sh	2023-09-29 14:09:58 +02:00
Malte Poll	85b4101dc3	deps: update go to 1.21.1 (#2389 )	2023-09-28 22:29:14 +02:00
Moritz Sanft	f4b2d02194	ci: collect cluster metrics to OpenSearch (#2347 ) * add Metricbeat deployment to debugd Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * set metricbeat debugd image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix k8s deployment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use 2 separate deployments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only deploy via k8s in non-debug-images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing tilde * remove k8s metrics Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unify flag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: fix debugd logcollection (#2355) * add missing keyvault access role Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump logstash image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump filebeat / metricbeat image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * log used image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use debugging image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase wait timeout for image upload * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix template locations in container Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image version typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add filebeat / metricbeat users Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove user additions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update workflow step name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only mount config files Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * document potential rc Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix IAM permissions in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix AWS permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing workflow input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * rename action Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pin image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary workflow inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add refStream input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove inputs.yml dep Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase system metric period Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linkchecker Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-09-27 16:17:31 +02:00
renovate[bot]	090ad7b5b6	deps: update module go.uber.org/zap to v1.26.0 (#2363 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-09-26 11:28:12 +02:00
renovate[bot]	b45c01da9e	deps: update module github.com/spf13/afero to v1.10.0 (#2362 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-09-26 11:04:57 +02:00
Adrian Stobbe	118f789c2f	cli: fix Azure SEV-SNP latest version logic (#2343 )	2023-09-25 11:53:02 +02:00
renovate[bot]	74fe8af8e6	deps: update Terraform google-beta to v4.83.0 new (#2345 ) Co-authored-by: Leonard Cohnen <lc@edgeless.systems>	2023-09-22 10:37:19 +02:00
Moritz Sanft	3ed001fa8a	attestation: use `go-sev-guest` library (#2269 ) * wip: switch to attestation * add extra comments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * MAA checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use provided functions to parse report / cert chain Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * replace `CommitedTCB` check with `LaunchTCB` check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove debug check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `LaunchTCB` == `CommitedTCB` check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * custom IdKeyDigests check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * basic test of report parsing from instance info Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * retrieve VCEK from AMD KDS Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove VCEK from `azureInstanceInfo` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `go-sev-guest` TCB version type Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validation parsing test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix error message * fix comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove certificate chain from `instanceInfo` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test for idkeydigest check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: update tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] debug prints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: fix tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: fix tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix tests, do some clean-up Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test case for fetching error Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * correct `hack` dependency Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix id key check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] comment out wip unit tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing newline Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * switch to released version of `go-sev-guest` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add constructor test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add VMPL check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test assertions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * switch to pseudoversion Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use fork with windows fix Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use data from THIM Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update embeds Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * verify against ARK in config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * invalid ASK Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: 3u13r <lc@edgeless.systems> * Update internal/attestation/azure/snp/validator.go Co-authored-by: 3u13r <lc@edgeless.systems> * nits Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * refactoring Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * use upstream library with pseudoversion Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * simplify control flow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix return error Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix VCEK test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * revert unintentional changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use new upstream release Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix removed AuthorKeyEn field Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix verification report printing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-09-21 14:08:00 +02:00
renovate[bot]	82e561f139	deps: update Terraform google to v4.83.0 (#2344 )	2023-09-19 15:17:21 +02:00
3u13r	95c4294921	deps: bump filepath-securejoin (#2328 )	2023-09-11 10:27:53 +02:00
Otto Bittner	376bc6d39f	api: move hack/configapi into internal/api The tool has an e2e test and is part of our production pipeline.	2023-09-04 11:20:13 +02:00
Otto Bittner	97dc15b1d1	staticupload: correctly set invalidation timeout Previously the timeout was not set in the client's constructor, thus the zero value was used. The client did not wait for invalidation. To prevent this in the future a warning is logged if wait is disabled. Co-authored-by: Daniel Weiße <dw@edgeless.systems>	2023-09-04 11:20:13 +02:00
Otto Bittner	2b19632e09	api: refine signature types Wrapping apiObject does not work as intended as the version field is when fetching objects from the API. Thus we need to insert the target path of the signature directly.	2023-09-04 11:20:13 +02:00
Otto Bittner	7ffa1344e3	Configapi: pipeline to run e2e test for CLI Co-authored-by: Paul Meyer <pm@edgeless.systems>	2023-09-04 11:20:13 +02:00
Otto Bittner	d2071e945a	hack: make bucket/region configurable The is useful for testing the configapi cli.	2023-09-04 11:20:13 +02:00
Daniel Weiße	b25425a9f3	deps: update grpc-middleware to v2 (#2286 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-29 14:07:19 +02:00
Paul Meyer	11efc8d512	ci: comment Go coverage report on PR Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-28 15:44:07 +02:00
renovate[bot]	2da3ae3f09	deps: update Azure SDK (major) (#2253 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-24 07:55:56 +02:00
Moritz Sanft	60bf770e62	ci: logcollection to OpenSearch in non-debug clusters (#2080 ) * refactor `debugd` file structure * create `hack`-tool to deploy logcollection to non-debug clusters * integrate changes into CI * update fields * update workflow input names * use `working-directory` * add opensearch creds to upgrade workflow * make template func generic * make templating func generic * linebreaks * remove magic defaults * move `os.Exit` to main package * make logging index configurable * make templating generic * remove excess brace * update fields * copy fields * fix flag name * fix linter warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * remove unused workflow inputs * remove makefiles * fix command * bazel: fix output paths of container This fixes the output paths of builds within the container by mounting directories to paths that exist on the host. We also explicitly set the output path in a .bazelrc to the user specific path. The rc file is mounted into the container and overrides the host rc. Also adding automatic stop in case start is called and a containers is already running. Sym links like bazel-out and paths bazel outputs should generally work with this change. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * tabs -> spaces --------- Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-21 08:01:33 +02:00
Malte Poll	1f12541a36	bazel: allow "bazel test" to work without cgo dependencies	2023-08-18 16:36:13 +02:00
Paul Meyer	30df225ccc	hack: remove azure-snp-report-verify Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-16 11:41:02 +02:00
Paul Meyer	2fb829294b	configapi: rename files Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-16 11:41:02 +02:00
Paul Meyer	5bfaae2304	configapi: simplify pkg structure Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-16 11:41:02 +02:00
Paul Meyer	f604a8dfd2	e2e: upload TCB versions in verify test The TCP versions are extracted from the MAA token, that itself is taken from the verify command output. The configapi is adapted to directly work on the MAA claims JSON. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-16 11:41:02 +02:00
renovate[bot]	26c41aacd2	deps: update module golang.org/x/vuln to v1 (#2231 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-15 15:12:39 +02:00
renovate[bot]	d82dd6693c	deps: update ubuntu:20.04 Docker digest to 33a5cc2 (#2214 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-11 15:32:39 +02:00
Adrian Stobbe	70861ee8ad	cli: declare mastersecret as immutable and print attestationCfg diff in warning (#2167 )	2023-08-08 13:03:23 +02:00
Paul Meyer	e97b2afc14	cli: print maa token in verify Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-08 11:50:26 +02:00
Thomas Tendyck	122c3c92f8	Update codeowners and remove old tools	2023-08-03 15:29:53 +02:00
renovate[bot]	ef60d00a60	deps: update module github.com/docker/docker to v23.0.6+incompatible (#2070 ) * deps: update module github.com/docker/docker to v23.0.6+incompatible * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>	2023-07-31 09:58:51 +02:00
Malte Poll	8da6a23aa5	bootstrapper: add fallback endpoint and custom endpoint to SAN field (#2108 ) terraform: collect apiserver cert SANs and support custom endpoint constants: add new constants for cluster configuration and custom endpoint cloud: support apiserver cert sans and prepare for endpoint migration on AWS config: add customEndpoint field bootstrapper: use per-CSP apiserver cert SANs cli: route customEndpoint to terraform and add migration for apiserver cert SANs bootstrapper: change interface of GetLoadBalancerEndpoint to return host and port separately	2023-07-21 16:43:51 +02:00
Malte Poll	738b22caba	cli: fix broken "constellation mini up" due to incompatible terraform json (#2081 ) * deps: downgrade terraform-json to v0.15.0 terraform-exec requires a matching version of terraform json. Since the latest released version of terraform-exec still uses terraform-json v0.15.0, we need to stay on that version. * cli: add "--skip-helm-wait" flag for "constellation init" to "constellation mini up"	2023-07-10 15:16:45 +02:00
3u13r	52f4410334	deps: bump go-secure-stdlib/awsutil (#2076 ) * deps: bump go-secure-stdlib/awsutil * deps: tidy after upgrade --------- Co-authored-by: Malte Poll <mp@edgeless.systems>	2023-07-10 10:52:20 +02:00
Adrian Stobbe	344343e40b	fix GHSA-hqxw-f8mx-cpmw	2023-07-07 16:44:31 +02:00
renovate[bot]	ab4b948421	deps: update module google.golang.org/grpc to v1.56.2 (#2057 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-07 14:26:41 +02:00
renovate[bot]	050db3a5d8	deps: update github.com/thomasten/go-tpm digest to f43f8e2 (#2048 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems>	2023-07-07 13:17:58 +02:00
renovate[bot]	aa5105809c	deps: update module google.golang.org/api to v0.130.0 (#2059 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-07 11:27:25 +02:00
renovate[bot]	3a6dc4971a	deps: update K8s dependencies to v0.27.3 (#2051 ) Co-authored-by: Leonard Cohnen <lc@edgeless.systems>	2023-07-07 11:26:14 +02:00
renovate[bot]	859dfc309f	deps: update module github.com/siderolabs/talos/pkg/machinery to v1.4.6 (#2053 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-07 08:41:04 +02:00
renovate[bot]	67e3a8240d	deps: update Google SDK (#2050 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-07 08:11:47 +02:00
renovate[bot]	73d7e1ae5c	deps: update module github.com/go-git/go-git/v5 to v5.7.0 (#2040 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-06 18:23:09 +02:00
renovate[bot]	e9f220092f	deps: update module github.com/googleapis/gax-go/v2 to v2.12.0 (#2041 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-06 17:30:08 +02:00
renovate[bot]	ff729bfc85	deps: update module github.com/hashicorp/terraform-json to v0.17.1 (#2037 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-06 16:51:48 +02:00
renovate[bot]	95e9b771f1	deps: update module github.com/gophercloud/gophercloud to v1.5.0 (#2036 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-06 16:44:32 +02:00
renovate[bot]	49cff0aabb	deps: update module github.com/sigstore/rekor to v1.2.2 (#2033 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-06 15:41:14 +02:00
renovate[bot]	8c03e7e311	deps: update module libvirt.org/go/libvirt to v1.9004.0 (#2042 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-06 15:24:07 +02:00
renovate[bot]	0c53b535ec	deps: update module helm.sh/helm/v3 to v3.12.1 (#2039 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-06 15:13:01 +02:00
renovate[bot]	be23526023	deps: update module github.com/sigstore/sigstore to v1.7.1 (#2034 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-06 13:21:29 +02:00

1 2 3 4 5 ...

493 Commits