Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,993 Commits 133 Branches 44 Tags 106 MiB
f60c133724
Commit Graph

346 Commits

Author SHA1 Message Date
edgelessci
f60c133724
image: update measurements and image version (#3034) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-04-19 08:30:06 +02:00
edgelessci
ea17af3dcc
image: update measurements and image version (#3030) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-04-17 08:18:39 +02:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP (#3011) 
* terraform: enable creation of SEV-SNP VMs on GCP

* variant: add SEV-SNP attestation variant

* config: add SEV-SNP config options for GCP

* measurements: add GCP SEV-SNP measurements

* gcp: separate package for SEV-ES

* attestation: add GCP SEV-SNP attestation logic

* gcp: factor out common logic

* choose: add GCP SEV-SNP

* cli: add TF variable passthrough for GCP SEV-SNP variables

* cli: support GCP SEV-SNP for `constellation verify`

* Adjust usage of GCP SEV-SNP throughout codebase

* ci: add GCP SEV-SNP

* terraform-provider: support GCP SEV-SNP

* docs: add GCP SEV-SNP reference

* linter fixes

* gcp: only run test with TPM simulator

* gcp: remove nonsense test

* Update cli/internal/cmd/verify.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/overview/clouds.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* linter fixes

* terraform_provider: correctly pass down CC technology

* config: mark attestationconfigapi as unimplemented

* gcp: fix comments and typos

* snp: use nonce and PK hash in SNP report

* snp: ensure we never use ARK supplied by Issuer (#3025)

* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* attestationconfigapi: add GCP to uploading

* snp: use correct cert

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP

* linter fixes

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
 2024-04-16 18:13:47 +02:00
edgelessci
41e4f144ed
image: update measurements and image version (#3023) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-04-12 08:24:28 +02:00
edgelessci
7bdd4c2449
image: update measurements and image version (#3019) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-04-10 08:25:16 +02:00
edgelessci
249148abe2
image: update measurements and image version (#3013) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-04-05 15:23:44 +02:00
edgelessci
638a94c7c6
image: update measurements and image version (#3008) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-04-03 08:28:45 +02:00
edgelessci
d6ac1967c5
image: update measurements and image version (#3004) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-04-02 08:44:25 +02:00
edgelessci
367b278002
image: update measurements and image version (#3000) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-03-25 08:19:58 +01:00
edgelessci
89f311dac1
image: update measurements and image version (#2996) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-03-20 08:35:26 +01:00
edgelessci
e0bbb447a9
image: update measurements and image version (#2987) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-03-15 07:54:20 +01:00
edgelessci
3b8fa95648
image: update measurements and image version (#2983) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-03-13 09:08:44 +01:00
Malte Poll
c23f17de41 openstack: read credentials from clouds.yaml 2024-03-11 15:59:23 +01:00
edgelessci
483c888a3c
image: update measurements and image version (#2975) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-03-08 08:40:29 +01:00
Malte Poll
8b41bcaecc cli: correct measurements in config generate stackit 2024-03-04 18:17:26 +01:00
Malte Poll
f94c6ca0d4 misc: skip message about community license with marketplace image 2024-03-04 18:17:26 +01:00
Malte Poll
1c8a7e4c22 cli: add STACKIT to constellation config instance-types 2024-03-04 18:17:26 +01:00
edgelessci
d8a8d9b6b9
image: update measurements and image version (#2963) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-03-01 08:31:34 +01:00
Malte Poll
3ce10eb00f terraform: allow STACKIT / OpenStack instance type to be UUID or name 2024-02-28 15:48:53 +01:00
edgelessci
79aaa77b6b
image: update measurements and image version (#2950) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-02-28 10:02:33 +01:00
edgelessci
b2ab5869b3
image: update measurements and image version (#2943) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-02-23 09:33:12 +01:00
3u13r
2a61861a1c
stackit: add k8s api load balancer (#2925) 2024-02-22 17:39:34 +01:00
katexochen
70ff097e12 image: update measurements and image version 2024-02-21 08:49:20 +01:00
Malte Poll
6f9020d527 cli: use pre-uploaded image on OpenStack 
Before, the terraform infrastructure code would upload an image on the fly.
Now, we upload images in advance and specify the image ID instead.
 2024-02-19 18:16:45 +01:00
edgelessci
bc4d514fb1
image: update measurements and image version (#2912) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-16 08:49:16 +01:00
Malte Poll
92589a80e2 helm: update yawol 2024-02-15 12:35:15 +01:00
edgelessci
6829c27178
image: update measurements and image version (#2908) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-14 08:25:10 +01:00
katexochen
a89133ae81 image: update measurements and image version 2024-02-09 08:11:46 +01:00
edgelessci
bd3eed8504
image: update measurements and image version (#2895) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-07 08:19:43 +01:00
Moritz Sanft
dde3430da8
terraform: support AWS marketplace images (#2888) 
* terraform: support AWS marketplace images

* terraform-provider: support AWS marketplace images

* docs: add instructions on AWS marketplace images

* ci: adapt marketplace image test for AWS

* Update internal/config/config.go

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

* docs: update config

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: update license information

* docs: use CSP tabs for marketplace overview

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

---------

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 12:13:59 +01:00
edgelessci
711b53d5c0
image: update measurements and image version (#2886) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-02 09:10:12 +01:00
edgelessci
6d4a8d594e
image: update measurements and image version (#2866) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2024-01-29 11:27:13 +01:00
Daniel Weiße
ecae1c8f9a Fix default instanceType generation 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 17:06:28 +01:00
Daniel Weiße
78b9b0fc96
terraform-provider: enable Azure TDX (#2854) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 15:46:21 +01:00
edgelessci
49a806a874
image: update measurements and image version (#2859) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-26 08:15:43 +01:00
Daniel Weiße
e350ca0f57
attestation: add Azure TDX attestation (#2827) 
* Implement Azure TDX attestation primitives
* Add default measurements and claims for Azure TDX
* Enable Constellation on Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-24 15:10:15 +01:00
edgelessci
6ae59bb986
image: update measurements and image version (#2848) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-24 08:22:48 +01:00
Malte Poll
3a5753045e goleak: ignore rules_go SIGTERM handler 
rules_go added a SIGTERM handler that has a goroutine that survives the scope of the goleak check.
Currently, the best known workaround is to ignore this goroutine.

https://github.com/uber-go/goleak/issues/119
https://github.com/bazelbuild/rules_go/pull/3749
https://github.com/bazelbuild/rules_go/pull/3827#issuecomment-1894002120
 2024-01-22 13:11:58 +01:00
edgelessci
3b02edcc48
image: update measurements and image version (#2833) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-19 09:12:24 +01:00
edgelessci
2acbd10ef7
image: update measurements and image version (#2831) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2024-01-17 18:55:10 +01:00
edgelessci
6259815869
image: update measurements and image version (#2828) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-17 08:11:53 +01:00
Malte Poll
5063b815f1 config: allow Azure TDX instance types 2024-01-16 17:34:44 +01:00
edgelessci
2fea43a320
image: update measurements and image version (#2817) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-12 08:20:15 +01:00
Adrian Stobbe
baad7d8310
aws sev snp resolves latest version values on GetAttestationConfig (#2810) 2024-01-10 13:32:13 +01:00
edgelessci
c61507f220
image: update measurements and image version (#2812) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-10 08:13:30 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images (#2792) 
* cli: support GCP marketplace images

* ci: support GCP marketplace images

* docs: support GCP marketplace images

* bazel: generate

* ci: allow GCP for mpi e2e test

* Update docs/docs/overview/license.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* terraform-provider: allow GCP MPIs

* terraform-provider: fix error message

---------

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-01-08 15:51:39 +01:00
edgelessci
cbf744a095
image: update measurements and image version (#2795) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-05 09:27:11 +01:00
edgelessci
3d8e548dcd
image: update measurements and image version (#2789) 
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2024-01-03 13:08:45 +01:00
Adrian Stobbe
436e7c6d3b
terraform-provider: validate image and microservice version (#2766) 2023-12-22 10:24:13 +01:00
Adrian Stobbe
9667dfff58
terraform: align infrastructure module attributes (#2703) 
* all vars have snail_case

* make iam schema consistent

* infrastructure schema

* terraform: update AWS infrastructure module

* fix ci

* terraform: update AWS infrastructure module

* terraform: update AWS IAM module

* terraform: update Azure Infrastructure module inputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update Azure IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update GCP IAM module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update OpenStack Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: update QEMU Infrastructure module

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-module: fix input name

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: tidy

* cli: ignore whitespace in Terraform variable tests

* terraform-module: fix AWS output names

* terraform-module: fix output references

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: rename `api_server_cert_sans`

* Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* fix self-managed

* terraform: revert AWS modules output file renaming

* terraform: remove duplicate varable declaration

* terraform: rename Azure location field

* ci: adjust output name in self-managed e2e test

* e2e: continuously print output in upgrade test

* e2e: write to output variables

* cli: migrate IAM variable names

* cli: make `location` field optional

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2023-12-15 10:36:58 +01:00