Commit Graph

214 Commits

Author SHA1 Message Date
Daniel Weiße
dd2da25ebe attestation: tdx issuer/validator (#1265)
* Add TDX validator

* Add TDX issuer

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
renovate[bot]
53758e65ad
deps: update module github.com/siderolabs/talos/pkg/machinery to v1.4.4 (#1764)
* deps: update module github.com/siderolabs/talos/pkg/machinery to v1.4.4

* deps: tidy all modules

* update pseudo version tool

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 22:19:16 +02:00
renovate[bot]
230ea79bcc
deps: update Google SDK (#1748)
* deps: update Google SDK

* deps: fix grpc_testing import

* deps: update pseudo version tool hashes

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 18:13:17 +02:00
renovate[bot]
cd28b3a39f
deps: update module github.com/docker/docker to v23.0.3+incompatible [SECURITY] (#1762)
* deps: update module github.com/docker/docker to v23.0.3+incompatible [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-12 18:07:20 +02:00
renovate[bot]
fe115bdb16
deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY] (#1729)
* deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY]

* deps: bump oras

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-11 17:23:17 +02:00
renovate[bot]
0db7f68093
deps: update Azure SDK (#1747)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 15:12:25 +02:00
Malte Poll
ee91d8b1cc image: implement idempotent upload of os images 2023-05-05 12:06:44 +02:00
renovate[bot]
4cfa7a0306
deps: update golang.org/x/exp digest to 47ecfdc (#1690)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 17:51:46 +02:00
renovate[bot]
1ae39703d1
deps: update module golang.org/x/tools to v0.8.0 (#1642)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-12 17:31:48 +02:00
renovate[bot]
326460c037
deps: update module golang.org/x/mod to v0.10.0 (#1640)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-12 16:48:50 +02:00
renovate[bot]
44dc127036
deps: update module github.com/spf13/cobra to v1.7.0 (#1638)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-12 16:46:16 +02:00
renovate[bot]
ee7ca3428a
deps: update module golang.org/x/crypto to v0.8.0 (#1639)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-12 15:41:01 +02:00
renovate[bot]
aa3b49aced
deps: update module github.com/hashicorp/terraform-exec to v0.18.1 (#1615)
* deps: update module github.com/hashicorp/terraform-exec to v0.18.1

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-04-06 10:45:25 +02:00
renovate[bot]
509b3d5d58
deps: update module github.com/docker/docker to v20.10.24+incompatible [SECURITY] (#1614)
* deps: update module github.com/docker/docker to v20.10.24+incompatible [SECURITY]
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-04-05 12:14:19 +02:00
renovate[bot]
13365d7272
deps: update module github.com/mattn/go-isatty to v0.0.18 (#1601)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-03 21:15:59 +02:00
renovate[bot]
7a8c4727f5
deps: update AWS SDK (#1594)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-03 18:36:53 +02:00
renovate[bot]
d3587a34d7
deps: update github.com/gophercloud/utils digest to 5bd5e1d (#1586)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 17:42:01 +02:00
renovate[bot]
d260007672
deps: update module github.com/docker/docker to v20.10.23+incompatible (#1589)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 17:01:48 +02:00
renovate[bot]
661cf922ec
deps: update module helm.sh/helm/v3 to v3.11.2 (#1590)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 16:40:49 +02:00
renovate[bot]
33d0b8f59d
deps: update golang.org/x/exp digest to 10a5072 (#1587)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 14:28:53 +02:00
Malte Poll
827c4f548d
bazel: deps mirror (#1522)
bazel-deps-mirror is an internal tools used to upload external dependencies
that are referenced in the Bazel WORKSPACE to the Edgeless Systems' mirror.

It also normalizes deps rules.

* hack: add tool to mirror Bazel dependencies
* hack: bazel-deps-mirror tests
* bazel: add deps mirror commands
* ci: upload Bazel dependencies on renovate PRs
* update go mod
* run deps_mirror_upload


Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 09:41:56 +02:00
renovate[bot]
b12858660e
deps: update github.com/gophercloud/utils digest to 05e9e7f (#1549)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 15:42:34 +02:00
renovate[bot]
52e85862b0
deps: update AWS SDK (#1508)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 18:40:06 +01:00
Paul Meyer
aa6dac684e
go: update submodules to Go 1.20 (#1503)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 09:51:17 +01:00
renovate[bot]
dc52038dbc
deps: update Azure SDK (#1498)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 09:50:09 +01:00
renovate[bot]
3f35a6c904
deps: update K8s dependencies (#1496)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 08:53:06 +01:00
renovate[bot]
be94710f5b
deps: update Google SDK (#1500)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 08:16:52 +01:00
renovate[bot]
7d899d7aa5
deps: update module github.com/schollz/progressbar/v3 to v3.13.1 (#1497)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 18:11:50 +01:00
renovate[bot]
e95d79f97e
deps: update github.com/gophercloud/utils digest to e15d7ee (#1486)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 10:33:43 +01:00
Daniel Weiße
5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257)
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-21 12:46:49 +01:00
Malte Poll
c7fdeb4637 deps: go mod tidy 2023-03-21 10:51:09 +01:00
Moritz Sanft
f2ce9518a3
cli: support custom attestation policies for maa (#1375)
* create and update maa attestation policy

* use interface to allow unit testing

* fix test csp

* http request for policy patch

* go mod tidy

* remove hyphen

* go mod tidy

* wip: adapt to feedback

* linting fixes

* remove csp from tf call

* fix type assertion

* Add MAA URL to instance tags (#1409)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* conditionally create maa provider

* only set instance tag when maa is created

* fix azure unit test

* bazel tidy

* remove AzureCVM const

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* encode policy at runtime

* remove policy arg

* fix unit test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-03-20 13:33:04 +01:00
renovate[bot]
a6021be714
deps: update K8s dependencies (#1401)
* deps: update K8s dependencies
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-03-17 15:55:44 +01:00
renovate[bot]
cb2d2b0b89
deps: update module github.com/spf13/afero to v1.9.5 (#1396)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-10 18:40:17 +01:00
Paul Meyer
593253e090
ci: ignore replaced ghsa (#1392)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-10 11:13:05 +01:00
Daniel Weiße
83d10b0e70
hack: remove unused tools (#1387)
* Remove unused pcr-compare tool
* Remove unused pcr-reader tool
* Remove obsolete image-measurement tool

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-09 16:59:33 +01:00
Malte Poll
bdba9d8ba6
bazel: add build files for go (#1186)
* build: correct toolchain order
* build: gazelle-update-repos
* build: use pregenerated proto for dependencies
* update bazeldnf
* deps: tpm simulator
* Update Google trillian module
* cli: add stamping as alternative build info source
* bazel: add go_test wrappers, mark special tests and select testing deps
* deps: add libvirt deps
* deps: go-libvirt patches
* deps: cloudflare circl patches
* bazel: add go_test wrappers, mark special tests and select testing deps
* bazel: keep gazelle overrides
* bazel: cleanup bazelrc
* bazel: switch CMakeLists.txt to use bazel
* bazel: fix injection of version information via stamping
* bazel: commit all build files
* dev-docs: document bazel usage
* deps: upgrade zig-cc for go 1.20
* bazel: update Perl for macOS arm64 & Linux arm64 support
* bazel: use static perl toolchain for OpenSSL
* bazel: use static protobuf (protoc) toolchain
* deps: add git and go to nix deps

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-09 15:23:42 +01:00
Otto Bittner
441eef294a
deps: fix dependabot security warnings (#1337) 2023-03-03 15:41:19 +01:00
Daniel Weiße
5eb73706f5
internal: refactor storage credentials (#1071)
* Move storage clients to separate packages

* Allow setting of client credentials for AWS S3

* Use managed identity client secret or default credentials for Azure Blob Storage

* Use credentials file to authorize GCS client

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-02 15:08:31 +01:00
renovate[bot]
21ccd861ae
deps: update K8s dependencies (#1314)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-01 14:52:19 +01:00
renovate[bot]
33958b2ad7
deps: update module github.com/leodido/go-urn to v1.2.2 (#1301)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-28 17:32:53 +01:00
renovate[bot]
af8c6e70ad
deps: update module github.com/sigstore/sigstore to v1.6.0 (#1306)
* deps: update module github.com/sigstore/sigstore to v1.6.0
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-02-28 15:47:08 +01:00
renovate[bot]
6b37f2049f
deps: update module github.com/zclconf/go-cty to v1.13.0 (#1307)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-28 15:18:51 +01:00
renovate[bot]
46672ff039
deps: update module github.com/shopspring/decimal to v1.3.1 (#1305)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-28 15:17:21 +01:00
renovate[bot]
c61e117b8c
deps: update module github.com/acomagu/bufpipe to v1.0.4 (#1302)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-28 13:42:23 +01:00
renovate[bot]
800acdeb3f
deps: update module github.com/rivo/uniseg to v0.4.4 (#1304)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-28 13:40:00 +01:00
renovate[bot]
9ee92ba7c8
deps: update module github.com/go-git/go-billy/v5 to v5.4.1 (#1303)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-28 13:25:47 +01:00
renovate[bot]
0664c83c73
deps: update module github.com/hashicorp/go-retryablehttp to v0.7.2 (#1295)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-28 12:00:31 +01:00
renovate[bot]
2c6cc2247e
deps: update module github.com/go-playground/validator/v10 to v10.11.2 (#1294)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-28 11:19:26 +01:00
renovate[bot]
f91575a739
deps: update module github.com/google/trillian to v1.5.1 (#1291)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-28 10:51:23 +01:00