Daniel Weiße
f9a581f329
Add aTLS endpoint to KMS ( #236 )
...
* Move file watcher and validator to internal
* Add aTLS endpoint to KMS for Kubernetes external requests
* Update Go version in Dockerfiles
* Move most KMS packages to internal
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:13:01 +02:00
Daniel Weiße
042f668d20
AB#2190 Verification service ( #232 )
...
* Add verification service
* Update verify command to use new Constellation verification service
* Deploy verification service on cluster init
* Update pcr-reader to use verification service
* Add verification service build workflow
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 17:03:28 +02:00
Daniel Weiße
b10b13b173
Replace logging with default logging interface ( #233 )
...
* Add test logger
* Refactor access manager logging
* Refactor activation service logging
* Refactor debugd logging
* Refactor kms server logging
* Refactor disk-mapper logging
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 16:51:30 +02:00
Nils Hanke
e3f78a5bff
Remove passing context seperately to initialize
2022-06-28 13:55:50 +02:00
Nils Hanke
0653c20792
Upgrade to Cobra v1.5.0 & go mod tidy
2022-06-28 13:55:50 +02:00
Fabian Kammel
e97eb1fa52
fix: buildvcs unable to fetch vcs information ( #228 )
2022-06-23 17:52:25 +02:00
Daniel Weiße
1dcb6ed142
Add unified logging interface ( #223 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-23 16:42:33 +02:00
Leonard Cohnen
e13f4d84c3
add gcp loadbalancer
2022-06-23 14:00:20 +02:00
Christoph Meyer
1e11188dac
AB#2033 User-friendly wrap and reword errors
...
fix: readOrGenerated function signature
2022-06-22 12:02:10 +01:00
Christoph Meyer
9441e46e4b
AB#2033 Remove redundant "failed" in error wrapping
...
Remove "failed" from wrapped errors
Where appropriate rephrase "unable to/could not" to "failed" in root
errors
Start error log messages with "Failed"
2022-06-22 12:02:10 +01:00
Fabian Kammel
0c9ca50be8
Feat/more version info ( #224 )
2022-06-21 15:12:27 +02:00
Daniel Weiße
3b92b52611
Fix endless wait if handshake fails
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-21 15:02:20 +02:00
Daniel Weiße
e6b1156849
AB#2169 Implement control-plane activation in activation service ( #217 )
...
* Implement Control Plane activation flow
* Rename Activation RPCs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-21 11:10:32 +02:00
Fabian Kammel
a1103b6da6
Feat/pcr yaml output ( #222 )
...
* remove extra output and provide yaml option
* Add some explanation on how yaml format could be used.
2022-06-20 13:57:25 +02:00
Fabian Kammel
d856b0cd86
Feat/measurements in e2e ( #218 )
...
* Make e2e pipeline use the latest image available.
* Use pcr-reader to read & store measurements.
* buildvcs false in ci
* only notify teams on main
* plain yq syntax, since if already checks for csp
* previous version of yq requires explicit eval
* fix pcr-reader call
* actually pass variable between jobs
* fix typo
* Make order of images consistent.
* read measurements after create
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-20 10:30:59 +02:00
Otto Bittner
3de5fd47b5
Add unittest-hack tests to ctest ( #220 )
...
The CI currently runs the tests in ./hack, but ctest did not.
This commit changes that.
2022-06-17 08:56:23 +02:00
katexochen
b926cf9006
Move aTLS fakes into atls package
2022-06-15 16:31:24 +02:00
katexochen
85ba2657e1
Fix grpc dialer
2022-06-15 16:31:24 +02:00
Daniel Weiße
4842d29aff
AB#2111 Deploy activation service on cluster init ( #205 )
...
* Deploy activation service on cluster init
* Use base image with CA certificates for activation service
* Improve KMS server
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 16:00:48 +02:00
Daniel Weiße
84ca9e3070
Fix container image workflows
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 14:00:21 +02:00
Paul Meyer
86d29a4567
Add concurrency tests for atls connections ( #211 )
2022-06-15 13:04:56 +02:00
Thomas Tendyck
e9916a7d3a
atls: make client cfg reusable
2022-06-15 13:04:56 +02:00
Thomas Tendyck
989c128fa6
atls: rename nonce to clientNonce/serverNonce for clarification
2022-06-15 13:04:56 +02:00
Fabian Kammel
392ad7fe45
Create Application Insights early so they are ready when VM needs them. ( #213 )
2022-06-15 12:19:41 +02:00
Daniel Weiße
1c34792005
Fix variable name
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 11:03:47 +02:00
Daniel Weiße
3d041cab2b
Activation Service and KMS server image build pipeline ( #210 )
...
* AB#2171 Add kms server container image build pipeline
* AB#2172 Add activation service container image build pipeline
* Add manual workflow for building micro-service images
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 10:50:46 +02:00
Leonard Cohnen
766182b7e7
fix cilium WireGuard Pod2Pod connectivity
2022-06-14 14:01:56 +02:00
Fabian Kammel
f7ba87135d
Fix/e2e fail on failure ( #208 )
2022-06-14 12:38:32 +02:00
Nils Hanke
82757ef2c0
Don't include labels in Docker image
2022-06-13 16:35:05 +02:00
Nils Hanke
f0b8412ef8
constellation-access-manager: Persistent SSH as ConfigMap ( #184 )
2022-06-13 16:23:19 +02:00
Daniel Weiße
1e19e64fbc
Dynamic grpc client credentials ( #204 )
...
* Add an aTLS wrapper for grpc credentials
* Move grpc dialers to internal and use aTLS grpc credentials
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-13 11:40:27 +02:00
Daniel Weiße
6e9428a234
Fix gcp debug image command
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-10 15:51:34 +02:00
Fabian Kammel
84552ca8f7
AB#2104 Feat/azure logging ( #198 )
...
implementation for azure early boot logging
2022-06-10 13:18:30 +02:00
Daniel Weiße
963c6f98e5
Create kubernetes CA signed kubelet certificates on activation
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-10 08:34:06 +02:00
katexochen
4d50e4c657
Refactor coordinator run function
2022-06-08 17:33:51 +02:00
Daniel Weiße
691ab84326
Update version variable
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
3467df6b69
Move attestation, atls and oid packages to internal directory
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
b461c40c3a
Implement activation service
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Daniel Weiße
0941ce8c7e
Allow passing nil issuer to not embed attestation
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00
Malte Poll
49d1212cff
debugd README: rename azureConfig to azure and gcpConfig to gcp. Only assign value if key exists. ( #201 )
2022-06-08 15:37:32 +02:00
katexochen
b3a51cca64
Move cli/status to internal/statuswaiter
2022-06-08 11:59:23 +02:00
katexochen
0627b14445
Move cli/cloud/cloudcmd into cli/internal
2022-06-08 11:59:23 +02:00
katexochen
b308db03fe
Move cli/cloud/cloudtypes into /internal
2022-06-08 11:59:23 +02:00
katexochen
c3ebd3d3cd
Move cli/cmd into cli/internal
2022-06-08 11:59:23 +02:00
katexochen
d71e97a940
Move ScalingGroup to cloudtypes
2022-06-08 11:59:23 +02:00
katexochen
87b9203110
Import config as config
2022-06-08 11:59:23 +02:00
katexochen
6a9419e89c
Remove cli/ec2
2022-06-08 11:59:23 +02:00
katexochen
064151a956
Move cli/azure to cli/internal/azure
2022-06-08 11:59:23 +02:00
katexochen
180d7872dd
Separate shared azure code
2022-06-08 11:59:23 +02:00
katexochen
6cd93e4179
Move cli/gcp to cli/internal/gcp
2022-06-08 11:53:55 +02:00