Commit graph

4580 commits

Author SHA1 Message Date
miampf
f386dbc95f
move key derivation to joinservice instead of joinclient 2025-01-30 12:21:07 +01:00
miampf
19181af13d
implemented suggestions 2025-01-30 12:21:07 +01:00
miampf
ea94ebd236
check return value of fh.Write in ssh_test.go 2025-01-30 12:21:07 +01:00
miampf
b5fddcd254
wrote test for ssh subcommand 2025-01-30 12:21:07 +01:00
miampf
bee3f6c159
added test for CA generation + use SeedSize constant
Previously, I just hard coded 256 as the key length that seeds the key
generation since it worked. Now, it uses ed25519.SeedSize (32) instead.
2025-01-30 12:21:07 +01:00
miampf
0be301fa3a
please CI 2025-01-30 12:21:06 +01:00
miampf
241d0cd88d
refactoring 2025-01-30 12:21:06 +01:00
miampf
d336d06480
also derive the key on the control plane nodes 2025-01-30 12:21:06 +01:00
miampf
6ec18eb7ca
make key path a constant 2025-01-30 12:21:06 +01:00
miampf
5053c4581d
fixed tests 2025-01-30 12:21:05 +01:00
miampf
570b735e09
regenerated protobuf definitions 2025-01-30 12:21:05 +01:00
miampf
23b23d8ed4
adjusted key derivation logic to happen in the join client 2025-01-30 12:21:05 +01:00
miampf
9363206662
use suffix for emergency ssh DEK key 2025-01-30 12:21:05 +01:00
miampf
2a7408bc16
check if directory constellation-terraform exists 2025-01-30 12:21:04 +01:00
miampf
52792e2cde
use existing MasterSecret type + fix autoformatting 2025-01-30 12:21:04 +01:00
miampf
53b84d8398
add sensible error messages to CLI 2025-01-30 12:21:04 +01:00
miampf
60c3ec4b01
write CA key to file in joinclient 2025-01-30 12:21:04 +01:00
miampf
5a357eb454
added clarifying comment in ssh command code 2025-01-30 12:21:04 +01:00
miampf
53a9af82e0
adjusted client side key derivation 2025-01-30 12:21:03 +01:00
miampf
a8ace9cd23
implemented keyservice key derivation logic 2025-01-30 12:21:03 +01:00
miampf
15e270e5ca
generated docs 2025-01-30 12:21:03 +01:00
miampf
e9414a13cc
adjusted keyservice proto + regenerated go code 2025-01-30 12:21:02 +01:00
miampf
80aa1d6454
added emergency_ca_key parameter to IssueJoinTicketResponse 2025-01-30 12:21:02 +01:00
miampf
1850d4b327
add ssh subcommand 2025-01-30 12:21:02 +01:00
renovate[bot]
e6048e093b
deps: update dependency aspect_bazel_lib to v2.13.0 (#3627)
* deps: update dependency aspect_bazel_lib to v2.13.0

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-30 11:45:03 +01:00
renovate[bot]
1faf2dd1b8
deps: update dependency gazelle to v0.42.0 (#3626)
* deps: update dependency gazelle to v0.42.0

* deps: tidy all modules

* ci: ignore GO-2025-3408

The vulnerability does not have a patch and is a denial-of-service.

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
2025-01-30 11:00:18 +01:00
renovate[bot]
bb994d5a01
deps: update Go dependencies (#3623)
* deps: update Go dependencies

* deps: tidy all modules

* keep cloud.google.com/go/storage at v1.49.0

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2025-01-29 16:31:16 +01:00
edgelessci
7242a1eb74
image: update measurements and image version (#3625)
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-29 16:31:07 +01:00
miampf
8da08bec8d
e2e: downgrade vale version to 3.9.3 (#3624) 2025-01-28 13:12:50 +00:00
renovate[bot]
8e8c44e35a
deps: update dependency buildifier_prebuilt to v8.0.1 (#3621)
* deps: update dependency buildifier_prebuilt to v8.0.1

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-24 13:36:58 +01:00
renovate[bot]
148b82e32c
deps: update dependency prism-react-renderer to v2.4.1 (#3619)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-24 08:06:24 +01:00
edgelessci
e44adf85d4
image: update measurements and image version (#3620)
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-24 08:06:12 +01:00
renovate[bot]
3af498fbfe
deps: update dependency numpy to v2.2.2 (#3618)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-22 12:26:18 +01:00
renovate[bot]
bda3d802dc
deps: update dependency asciinema-player to v3.8.2 (#3616)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-22 12:21:19 +01:00
renovate[bot]
808631f530
deps: update dependency buildifier_prebuilt to v8 (#3615)
* deps: update dependency buildifier_prebuilt to v8

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-22 11:53:19 +01:00
renovate[bot]
3f702ecda9
deps: update Terraform google to v6.17.0 (#3614)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-22 08:49:30 +01:00
renovate[bot]
12cfd7006b
deps: update registry.k8s.io/sig-storage/snapshot-controller Docker tag to v8.2.0 (#3612)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-22 08:27:02 +01:00
edgelessci
caa80783eb
image: update measurements and image version (#3613)
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-22 08:13:32 +01:00
renovate[bot]
501d1779ed
deps: update Go dependencies (#3603)
* deps: update Go dependencies
* hold back cloud.google.com/go/storage dependency
* keep fork replacement at consistent version

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2025-01-21 16:23:10 +01:00
Daniel Weiße
bea2f33efc
renovate: reformat config file for json5 (#3610)
* renovate: include replace directives in Go deps upgrade
* renovate: replace deprecated regexManagers with customManagers
* renovate: rewrite config in proper json5

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-01-21 13:26:42 +01:00
renovate[bot]
92d7fc5385
deps: update module k8s.io/cri-client to v0.32.1 (#3608)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-21 11:03:48 +01:00
renovate[bot]
e9a6513346
deps: update actions/setup-go action to v5.3.0 (#3605)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-21 10:28:03 +01:00
renovate[bot]
ebbe61727c
deps: update dependency DeterminateSystems/nix-installer to v0.34.0 (#3607)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-21 10:06:09 +01:00
renovate[bot]
44e898e187
deps: update Terraform dependencies (#3604)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-21 10:05:01 +01:00
renovate[bot]
f048ebb8e8
deps: update rhysd/actionlint to v1.7.7 (#3602)
* deps: update rhysd/actionlint to v1.7.7

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-21 10:04:32 +01:00
renovate[bot]
f789b8efc7
deps: update bufbuild/buf to v1.50.0 (#3606)
* deps: update bufbuild/buf to v1.50.0

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-21 10:04:07 +01:00
renovate[bot]
c6db8bd46b
deps: update aquasecurity/tfsec to v1.28.13 (#3600)
* deps: update aquasecurity/tfsec to v1.28.13

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-21 09:05:04 +01:00
renovate[bot]
2216098a9b
deps: update registry.k8s.io/sig-storage/snapshot-validation-webhook Docker tag to v8.1.1 (#3601)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-01-21 08:51:04 +01:00
renovate[bot]
679edd79d4
deps: update Go dependencies (#3586)
* deps: update Go dependencies

* keep cloud.google.com/go/storage at v1.49.0

This is required to avoid issues with a broken
google.golang.org/grpc/stats/opentelemetry import
See https://github.com/googleapis/google-cloud-go/issues/11455

* deps: tidy all modules

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-20 16:15:42 +01:00
renovate[bot]
22d093cc6f
deps: update bazel (core) (#3581)
* deps: update bazel (core)

* bazel: depset -> list

To comply with some breaking changes in rules_go v0.51, we explicitly
need to type-cast the depsets to lists here.

* bazel: migrate deprecated GoLibrary usage

In rules_go v0.51.0, `GoLibrary` was deprecated and replaced by
`GoInfo`. This adjusts our `protoc-gen-go` rule to use the new `GoInfo`.

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-01-20 15:17:05 +01:00