Compare commits
25 Commits
d3c5635660
...
534a3237ca
Author | SHA1 | Date |
---|---|---|
renovate[bot] | 534a3237ca | |
Malte Poll | 1c0c7d6227 | |
renovate[bot] | adf03ad76c | |
Daniel Weiße | 86c45d1d5f | |
Daniel Weiße | a15cf54477 | |
Daniel Weiße | edc0c7068e | |
Thomas Tendyck | 012937740f | |
3u13r | ecebd607c5 | |
edgelessci | 3241e5a126 | |
miampf | bd26cb592d | |
Daniel Weiße | f6999084c9 | |
Daniel Weiße | 47fbbd42a9 | |
edgelessci | 96b71b0205 | |
Daniel Weiße | 35bd805bec | |
Daniel Weiße | 259e85d9c1 | |
edgelessci | 3d2a023ccf | |
Felix Schuster | 7d46d0f7d6 | |
Moritz Sanft | 002c6fa5a4 | |
renovate[bot] | c1740b17d9 | |
Markus Rudy | 9101417ef8 | |
Malte Poll | 5ec1b1f488 | |
miampf | 0c0d87aa4c | |
Daniel Weiße | 46994b7ee0 | |
Daniel Weiße | 680d3318af | |
renovate[bot] | 49e7840275 |
|
@ -7,6 +7,7 @@ function get_artifact_id {
|
|||
artifact_id="$(gh api \
|
||||
-H "Accept: application/vnd.github+json" \
|
||||
-H "X-GitHub-Api-Version: 2022-11-28" \
|
||||
--paginate \
|
||||
"/repos/edgelesssys/constellation/actions/runs/$1/artifacts" --jq ".artifacts |= map(select(.name==\"$2\")) | .artifacts[0].id" || exit 1)"
|
||||
echo "$artifact_id"
|
||||
}
|
||||
|
|
|
@ -16,11 +16,11 @@ inputs:
|
|||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Install unzip
|
||||
- name: Install 7zip
|
||||
uses: ./.github/actions/setup_bazel_nix
|
||||
with:
|
||||
nixTools: |
|
||||
unzip
|
||||
_7zz
|
||||
|
||||
- name: Create temporary directory
|
||||
id: tempdir
|
||||
|
@ -28,7 +28,7 @@ runs:
|
|||
run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Download the artifact
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: ${{ inputs.name }}
|
||||
path: ${{ steps.tempdir.outputs.directory }}
|
||||
|
@ -37,4 +37,4 @@ runs:
|
|||
shell: bash
|
||||
run: |
|
||||
mkdir -p ${{ inputs.path }}
|
||||
unzip -P '${{ inputs.encryptionSecret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip
|
||||
7zz x -p'${{ inputs.encryptionSecret }}' -t7z -o"${{ inputs.path }}" ${{ steps.tempdir.outputs.directory }}/archive.7z
|
||||
|
|
|
@ -14,15 +14,19 @@ inputs:
|
|||
encryptionSecret:
|
||||
description: 'The secret to use for encrypting the files.'
|
||||
required: true
|
||||
overwrite:
|
||||
description: 'Overwrite an artifact with the same name.'
|
||||
default: false
|
||||
required: false
|
||||
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Install zip
|
||||
- name: Install 7zip
|
||||
uses: ./.github/actions/setup_bazel_nix
|
||||
with:
|
||||
nixTools: |
|
||||
zip
|
||||
_7zz
|
||||
|
||||
- name: Create temporary directory
|
||||
id: tempdir
|
||||
|
@ -33,10 +37,8 @@ runs:
|
|||
shell: bash
|
||||
run: |
|
||||
shopt -s extglob
|
||||
|
||||
paths="${{ inputs.path }}"
|
||||
paths=${paths%$'\n'} # Remove trailing newline
|
||||
|
||||
# Check if any file matches the given pattern(s).
|
||||
something_exists=false
|
||||
for pattern in ${paths}
|
||||
|
@ -45,7 +47,6 @@ runs:
|
|||
something_exists=true
|
||||
fi
|
||||
done
|
||||
|
||||
# Create an archive if files exist.
|
||||
# Don't create an archive file if no files are found
|
||||
# and warn.
|
||||
|
@ -54,18 +55,18 @@ runs:
|
|||
echo "::warning:: No files/directories found with the provided path(s): ${paths}. No artifact will be uploaded."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
for target in ${paths}
|
||||
do
|
||||
pushd "$(dirname "${target}")" || exit 1
|
||||
zip -e -P '${{ inputs.encryptionSecret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")"
|
||||
7zz a -p'${{ inputs.encryptionSecret }}' -t7z -ms=on -mhe=on "${{ steps.tempdir.outputs.directory }}/archive.7z" "$(basename "${target}")"
|
||||
popd || exit 1
|
||||
done
|
||||
|
||||
- name: Upload archive as artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: ${{ inputs.name }}
|
||||
path: ${{ steps.tempdir.outputs.directory }}/archive.zip
|
||||
path: ${{ steps.tempdir.outputs.directory }}/archive.7z
|
||||
retention-days: ${{ inputs.retention-days }}
|
||||
if-no-files-found: ignore
|
||||
overwrite: ${{ inputs.overwrite }}
|
||||
|
|
|
@ -79,7 +79,7 @@ runs:
|
|||
# once it has the functionality
|
||||
- name: Install Cosign
|
||||
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
|
||||
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
|
||||
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
|
||||
|
||||
- name: Install Rekor
|
||||
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
|
||||
|
|
|
@ -62,7 +62,7 @@ runs:
|
|||
|
||||
- name: Build and push container image
|
||||
id: build-micro-service
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
|
||||
with:
|
||||
context: .
|
||||
file: ${{ inputs.dockerfile }}
|
||||
|
|
|
@ -262,7 +262,7 @@ runs:
|
|||
mkdir to-zip
|
||||
cp -r constellation-terraform to-zip
|
||||
cp -r constellation-iam-terraform to-zip
|
||||
rm to-zip/constellation-terraform/plan.zip
|
||||
rm -f to-zip/constellation-terraform/plan.zip
|
||||
rm -rf to-zip/constellation-terraform/.terraform to-zip/constellation-iam-terraform/.terraform
|
||||
|
||||
- name: Upload terraform state
|
||||
|
|
|
@ -52,8 +52,14 @@ runs:
|
|||
kubernetesFlag="--kubernetes=${{ inputs.kubernetesVersion }}"
|
||||
fi
|
||||
|
||||
# TODO(v2.17): Remove this fallback and always use --tags flag
|
||||
tagsFlag=""
|
||||
if constellation config generate --help | grep -q -- --tags; then
|
||||
tagsFlag="--tags=\"${{ inputs.additionalTags }}\""
|
||||
fi
|
||||
|
||||
echo "flag=--update-config" | tee -a "$GITHUB_OUTPUT"
|
||||
constellation config generate ${{ inputs.cloudProvider }} ${kubernetesFlag} --attestation ${{ inputs.attestationVariant }} --tags ${{ inputs.additionalTags }}
|
||||
constellation config generate ${{ inputs.cloudProvider }} ${kubernetesFlag} --attestation ${{ inputs.attestationVariant }} ${tagsFlag}
|
||||
|
||||
- name: Constellation iam create aws
|
||||
shell: bash
|
||||
|
|
|
@ -17,7 +17,7 @@ runs:
|
|||
steps:
|
||||
- name: Use docker for logging in
|
||||
if: runner.os != 'macOS'
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
|
||||
with:
|
||||
registry: ${{ inputs.registry }}
|
||||
username: ${{ inputs.username }}
|
||||
|
|
|
@ -19,7 +19,7 @@ runs:
|
|||
steps:
|
||||
- name: Install Cosign
|
||||
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
|
||||
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
|
||||
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
|
||||
|
||||
- name: Download Syft & Grype
|
||||
uses: ./.github/actions/install_syft_grype
|
||||
|
|
|
@ -67,7 +67,7 @@ runs:
|
|||
# Make sure that helm is installed
|
||||
# This is not always the case, e.g. on MacOS runners
|
||||
- name: Install Helm
|
||||
uses: azure/setup-helm@29960d0f5f19214b88e1d9ba750a9914ab0f1a2f # v4.0.0
|
||||
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
|
||||
with:
|
||||
version: v3.9.0
|
||||
|
||||
|
|
|
@ -5,51 +5,51 @@ runs:
|
|||
using: "composite"
|
||||
steps:
|
||||
- name: Download CLI binaries darwin-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-darwin-amd64
|
||||
|
||||
- name: Download CLI binaries darwin-arm64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-darwin-arm64
|
||||
|
||||
- name: Download CLI binaries linux-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-linux-amd64
|
||||
|
||||
- name: Download CLI binaries linux-arm64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-linux-arm64
|
||||
|
||||
- name: Download CLI binaries windows-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-windows-amd64
|
||||
|
||||
- name: Download Terraform module
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-module
|
||||
|
||||
- name: Download Terraform provider binary darwin-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-provider-constellation-darwin-amd64
|
||||
|
||||
- name: Download Terraform provider binary darwin-arm64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-provider-constellation-darwin-arm64
|
||||
|
||||
- name: Download Terraform provider binary linux-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-provider-constellation-linux-amd64
|
||||
|
||||
- name: Download Terraform provider binary linux-arm64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-provider-constellation-linux-arm64
|
||||
|
|
|
@ -33,7 +33,7 @@ runs:
|
|||
|
||||
steps:
|
||||
- name: Setup python
|
||||
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
|
||||
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
|
||||
with:
|
||||
python-version: "3.10"
|
||||
|
||||
|
@ -49,7 +49,7 @@ runs:
|
|||
install kubestr /usr/local/bin
|
||||
|
||||
- name: Checkout k8s-bench-suite
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
repository: "edgelesssys/k8s-bench-suite"
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
name: E2E cleanup over timeframe
|
||||
description: Clean up old terraform resources of E2E tests
|
||||
|
||||
inputs:
|
||||
ghToken:
|
||||
description: 'The github token that is used with the github CLI.'
|
||||
required: true
|
||||
encryptionSecret:
|
||||
description: 'The secret to use for decrypting the artifacts.'
|
||||
required: true
|
||||
azure_credentials:
|
||||
description: "Credentials authorized to create Constellation on Azure."
|
||||
required: true
|
||||
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Authenticate AWS
|
||||
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
|
||||
with:
|
||||
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EDestroy
|
||||
aws-region: eu-central-1
|
||||
|
||||
- name: Authenticate Azure
|
||||
uses: ./.github/actions/login_azure
|
||||
with:
|
||||
azure_credentials: ${{ inputs.azure_credentials }}
|
||||
|
||||
- name: Authenticate GCP
|
||||
uses: ./.github/actions/login_gcp
|
||||
with:
|
||||
service_account: "destroy-e2e@constellation-e2e.iam.gserviceaccount.com"
|
||||
|
||||
- name: Install 7zip
|
||||
uses: ./.github/actions/setup_bazel_nix
|
||||
with:
|
||||
nixTools: |
|
||||
_7zz
|
||||
- name: Run cleanup
|
||||
run: ./.github/actions/e2e_cleanup_timeframe/e2e-cleanup.sh
|
||||
shell: bash
|
||||
env:
|
||||
GH_TOKEN: ${{ inputs.ghToken }}
|
||||
ENCRYPTION_SECRET: ${{ inputs.encryptionSecret }}
|
|
@ -0,0 +1,97 @@
|
|||
#!/bin/bash
|
||||
|
||||
# get_e2e_test_ids_on_date gets all workflow IDs of workflows that contain "e2e" on a specific date.
|
||||
function get_e2e_test_ids_on_date {
|
||||
ids="$(gh run list --created "$1" --status failure --json createdAt,workflowName,databaseId --jq '.[] | select(.workflowName | contains("e2e") and (contains("MiniConstellation") | not)) | .databaseId' -L1000 -R edgelesssys/constellation || exit 1)"
|
||||
echo "${ids}"
|
||||
}
|
||||
|
||||
# download_tfstate_artifact downloads all artifacts matching the pattern terraform-state-* from a given workflow ID.
|
||||
function download_tfstate_artifact {
|
||||
gh run download "$1" -p "terraform-state-*" -R edgelesssys/constellation > /dev/null
|
||||
}
|
||||
|
||||
# delete_resources runs terraform destroy on the constellation-terraform subfolder of a given folder.
|
||||
function delete_resources {
|
||||
if [[ -d "$1/constellation-terraform" ]]; then
|
||||
cd "$1/constellation-terraform" || exit 1
|
||||
terraform init > /dev/null || exit 1 # first, install plugins
|
||||
terraform destroy -auto-approve || exit 1
|
||||
cd ../../ || exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# delete_iam_config runs terraform destroy on the constellation-iam-terraform subfolder of a given folder.
|
||||
function delete_iam_config {
|
||||
if [[ -d "$1/constellation-iam-terraform" ]]; then
|
||||
cd "$1/constellation-iam-terraform" || exit 1
|
||||
terraform init > /dev/null || exit 1 # first, install plugins
|
||||
terraform destroy -auto-approve || exit 1
|
||||
cd ../../ || exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# check if the password for artifact decryption was given
|
||||
if [[ -z ${ENCRYPTION_SECRET} ]]; then
|
||||
echo "ENCRYPTION_SECRET is not set. Please set an environment variable with that secret."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
artifact_pwd=${ENCRYPTION_SECRET}
|
||||
|
||||
shopt -s nullglob
|
||||
|
||||
start_date=$(date "+%Y-%m-%d")
|
||||
end_date=$(date --date "-7 day" "+%Y-%m-%d")
|
||||
dates_to_clean=()
|
||||
|
||||
# get all dates of the last week
|
||||
while [[ ${end_date} != "${start_date}" ]]; do
|
||||
dates_to_clean+=("${end_date}")
|
||||
end_date=$(date --date "${end_date} +1 day" "+%Y-%m-%d")
|
||||
done
|
||||
|
||||
echo "[*] retrieving run IDs for cleanup"
|
||||
database_ids=()
|
||||
for d in "${dates_to_clean[@]}"; do
|
||||
echo " retrieving run IDs from $d"
|
||||
mapfile -td " " tmp < <(get_e2e_test_ids_on_date "$d")
|
||||
database_ids+=("${tmp[*]}")
|
||||
done
|
||||
|
||||
# cleanup database_ids
|
||||
mapfile -t database_ids < <(echo "${database_ids[@]}")
|
||||
mapfile -td " " database_ids < <(echo "${database_ids[@]}")
|
||||
|
||||
echo "[*] downloading terraform state artifacts"
|
||||
for id in "${database_ids[@]}"; do
|
||||
if [[ ${id} == *[^[:space:]]* ]]; then
|
||||
echo " downloading from workflow ${id}"
|
||||
download_tfstate_artifact "${id}"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "[*] extracting artifacts"
|
||||
for directory in ./terraform-state-*; do
|
||||
echo " extracting ${directory}"
|
||||
|
||||
# extract and decrypt the artifact
|
||||
7zz x -t7z -p"${artifact_pwd}" -o"${directory}" "${directory}/archive.7z" > /dev/null || exit 1
|
||||
done
|
||||
|
||||
# create terraform caching directory
|
||||
mkdir "${HOME}/tf_plugin_cache"
|
||||
export TF_PLUGIN_CACHE_DIR="${HOME}/tf_plugin_cache"
|
||||
echo "[*] created terraform cache directory ${TF_PLUGIN_CACHE_DIR}"
|
||||
|
||||
echo "[*] deleting resources"
|
||||
for directory in ./terraform-state-*; do
|
||||
echo " deleting resources in ${directory}"
|
||||
delete_resources "${directory}"
|
||||
echo " deleting IAM configuration in ${directory}"
|
||||
delete_iam_config "${directory}"
|
||||
echo " deleting directory ${directory}"
|
||||
rm -rf "${directory}"
|
||||
done
|
||||
|
||||
exit 0
|
|
@ -25,7 +25,7 @@ runs:
|
|||
using: "composite"
|
||||
steps:
|
||||
- name: Install terraform
|
||||
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
|
||||
uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
|
||||
with:
|
||||
terraform_wrapper: false
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ runs:
|
|||
|
||||
- name: Publish test results
|
||||
if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e')
|
||||
uses: mikepenz/action-junit-report@5f47764eec0e1c1f19f40c8e60a5ba47e47015c5 # v4.1.0
|
||||
uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1
|
||||
with:
|
||||
report_paths: "**/junit_01.xml"
|
||||
fail_on_failure: true
|
||||
|
|
|
@ -258,7 +258,7 @@ runs:
|
|||
gcpProjectID: ${{ inputs.gcpProject }}
|
||||
gcpZone: ${{ inputs.regionZone || 'europe-west3-b' }}
|
||||
kubernetesVersion: ${{ inputs.kubernetesVersion }}
|
||||
additionalTags: "workflow=${{ github.workflow }}"
|
||||
additionalTags: "workflow=${{ github.run_id }}"
|
||||
|
||||
- name: Login to GCP (Cluster service account)
|
||||
if: inputs.cloudProvider == 'gcp'
|
||||
|
@ -330,7 +330,7 @@ runs:
|
|||
if: (inputs.test == 'nop') || (inputs.test == 'upgrade')
|
||||
shell: bash
|
||||
run: |
|
||||
echo "::warning::This test has a nop payload. It doesn't run any tests."
|
||||
echo "This test has a nop payload. It doesn't run any tests."
|
||||
echo "Sleeping for 30 seconds to allow logs to propagate to the log collection service."
|
||||
sleep 30
|
||||
|
||||
|
|
|
@ -66,12 +66,16 @@ runs:
|
|||
forwarderPID=$!
|
||||
sleep 5
|
||||
|
||||
if [[ ${{ inputs.attestationVariant }} == "azure-sev-snp" ]] || [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]]; then
|
||||
echo "Extracting TCB versions for API update"
|
||||
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
|
||||
else
|
||||
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090
|
||||
fi
|
||||
case "${{ inputs.attestationVariant }}"
|
||||
in
|
||||
"azure-sev-snp"|"aws-sev-snp"|"gcp-sev-snp")
|
||||
echo "Extracting TCB versions for API update"
|
||||
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
|
||||
;;
|
||||
*)
|
||||
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090
|
||||
;;
|
||||
esac
|
||||
|
||||
kill $forwarderPID
|
||||
done
|
||||
|
@ -90,11 +94,6 @@ runs:
|
|||
COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
|
||||
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
|
||||
run: |
|
||||
if [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]] && constellation version | grep -q "v2.13."; then
|
||||
echo "Skipping TCB upload for AWS on CLI v2.13"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
reports=(snp-report-*.json)
|
||||
if [ -z ${#reports[@]} ]; then
|
||||
exit 1
|
||||
|
|
|
@ -26,13 +26,13 @@ runs:
|
|||
steps:
|
||||
- name: Checkout head
|
||||
if: inputs.imageVersion == '' && inputs.git-ref == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.imageVersion == '' && inputs.git-ref != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.git-ref }}
|
||||
|
||||
|
|
|
@ -10,6 +10,6 @@ runs:
|
|||
# As described at:
|
||||
# https://github.com/Azure/login#configure-deployment-credentials
|
||||
- name: Login to Azure
|
||||
uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
|
||||
uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0
|
||||
with:
|
||||
creds: ${{ inputs.azure_credentials }}
|
||||
|
|
|
@ -20,7 +20,7 @@ runs:
|
|||
echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Authorize GCP access
|
||||
uses: google-github-actions/auth@a6e2e39c0a0331da29f7fd2c2a20a427e8d3ad1f # v2.1.1
|
||||
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
|
||||
with:
|
||||
workload_identity_provider: projects/796962942582/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider
|
||||
service_account: ${{ inputs.service_account }}
|
||||
|
|
|
@ -36,12 +36,6 @@ runs:
|
|||
shell: bash
|
||||
run: echo "CURRENT_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV
|
||||
|
||||
- name: Encode URI component
|
||||
uses: Ablestor/encode-uri-component-action@790ea01bcf2d5ca4d0dbe8c15351a87b47f22f61 # v1.3
|
||||
id: encode-uri-component
|
||||
with:
|
||||
string: ${{ inputs.test }}
|
||||
|
||||
- name: Create body template
|
||||
id: body-template
|
||||
shell: bash
|
||||
|
@ -69,13 +63,15 @@ runs:
|
|||
fi
|
||||
}
|
||||
|
||||
e2eTestPayload=$(echo "${{ inputs.test }}" | jq -R -r @uri)
|
||||
|
||||
q=$(echo "(filters:!(
|
||||
$(queryGen cloud.provider "${{ inputs.provider }}")
|
||||
$(queryGen metadata.github.ref-stream "${{ inputs.refStream }}")
|
||||
$(queryGen metadata.github.kubernetes-version "${{ inputs.kubernetesVersion }}")
|
||||
$(queryGen metadata.github.attestation-variant "${{ inputs.attestationVariant }}")
|
||||
$(queryGen metadata.github.cluster-creation "${{ inputs.clusterCreation }}")
|
||||
$(queryGen metadata.github.e2e-test-payload "${{ steps.encode-uri-component.outputs.string }}")
|
||||
$(queryGen metadata.github.e2e-test-payload "${e2eTestPayload}")
|
||||
(query:(match_phrase:(metadata.github.run-id:${{ github.run_id }})))
|
||||
))" | tr -d "\t\n ")
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ runs:
|
|||
using: "composite"
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: edgelesssys/helm
|
||||
ref: main
|
||||
|
@ -29,7 +29,7 @@ runs:
|
|||
echo version=$(yq eval ".version" ${{ inputs.chartPath }}/Chart.yaml) | tee -a $GITHUB_OUTPUT
|
||||
|
||||
- name: Create pull request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
path: helm
|
||||
branch: "release/s3proxy/${{ steps.update-chart-version.outputs.version }}"
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
name: Update TFState
|
||||
description: "Update the terraform state artifact. We use this to either delete an artifact if the e2e test was cleaned up successfully or to update the artifact with the latest terraform state."
|
||||
|
||||
inputs:
|
||||
name:
|
||||
description: "The name of the artifact that contains the tfstate."
|
||||
required: true
|
||||
runID:
|
||||
description: "The ID of your current run (github.run_id)."
|
||||
required: true
|
||||
encryptionSecret:
|
||||
description: "The encryption secret for the artifacts."
|
||||
required: true
|
||||
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Check if uploaded tfstate can be deleted
|
||||
if: always()
|
||||
shell: bash
|
||||
run: |
|
||||
if [[ ! -d constellation-terraform ]] && [[ ! -d constellation-iam-terraform ]]; then
|
||||
echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"
|
||||
else
|
||||
echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
|
||||
fi
|
||||
|
||||
- name: Delete tfstate artifact if necessary
|
||||
if: always() && env.DELETE_TF_STATE == 'true'
|
||||
uses: ./.github/actions/artifact_delete
|
||||
with:
|
||||
name: ${{ inputs.name }}
|
||||
workflowID: ${{ inputs.runID }}
|
||||
|
||||
- name: Prepare left over terraform state folders
|
||||
if: always() && env.DELETE_TF_STATE == 'false'
|
||||
shell: bash
|
||||
run: |
|
||||
rm -rf to-zip/*
|
||||
mkdir -p to-zip
|
||||
|
||||
to_upload=""
|
||||
if [[ -d constellation-terraform ]]; then
|
||||
cp -r constellation-terraform to-zip
|
||||
rm -f to-zip/constellation-terraform/plan.zip
|
||||
rm -rf to-zip/constellation-terraform/.terraform
|
||||
to_upload+="to-zip/constellation-terraform"
|
||||
fi
|
||||
if [[ -d constellation-iam-terraform ]]; then
|
||||
cp -r constellation-iam-terraform to-zip
|
||||
rm -rf to-zip/constellation-iam-terraform/.terraform
|
||||
to_upload+=" to-zip/constellation-iam-terraform"
|
||||
fi
|
||||
echo "TO_UPLOAD=$to_upload" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Update tfstate
|
||||
if: always() && env.TO_UPLOAD != ''
|
||||
uses: ./.github/actions/artifact_upload
|
||||
with:
|
||||
name: ${{ inputs.name }}
|
||||
path: >
|
||||
${{ env.TO_UPLOAD }}
|
||||
encryptionSecret: ${{ inputs.encryptionSecret }}
|
||||
overwrite: true
|
|
@ -15,7 +15,7 @@ runs:
|
|||
zip -r terraform-module.zip terraform-module
|
||||
|
||||
- name: Upload artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: terraform-module
|
||||
path: terraform-module.zip
|
||||
|
@ -23,4 +23,4 @@ runs:
|
|||
- name: Cleanup Terraform module dir
|
||||
shell: bash
|
||||
run: |
|
||||
rm -r terraform-module terraform-module.zip
|
||||
rm -f terraform-module terraform-module.zip
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM golang:1.22.2@sha256:c4fb952e712efd8f787bcd8e53fd66d1d83b7dc26adabc218e9eac1dbf776bdf as builder
|
||||
FROM golang:1.22.3@sha256:b1e05e2c918f52c59d39ce7d5844f73b2f4511f7734add8bb98c9ecdd4443365 as builder
|
||||
|
||||
# Download project root dependencies
|
||||
WORKDIR /workspace
|
||||
|
|
|
@ -12,7 +12,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event.label.name == 'dependencies'}}
|
||||
steps:
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
- name: Pick assignee
|
||||
id: pick-assignee
|
||||
uses: ./.github/actions/pick_assignee
|
||||
|
|
|
@ -11,7 +11,7 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
path: constellation
|
||||
|
@ -27,7 +27,7 @@ jobs:
|
|||
|
||||
- name: Download Firmware release
|
||||
id: download-firmware
|
||||
uses: robinraju/release-downloader@368754b9c6f47c345fcfbf42bcb577c2f0f5f395 # v1.9
|
||||
uses: robinraju/release-downloader@c39a3b234af58f0cf85888573d361fb6fa281534 # v1.10
|
||||
with:
|
||||
repository: aws/uefi
|
||||
latest: true
|
||||
|
@ -50,7 +50,7 @@ jobs:
|
|||
echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT"
|
||||
popd || exit 1
|
||||
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: virtee/sev-snp-measure-go.git
|
||||
ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8
|
||||
|
|
|
@ -22,7 +22,7 @@ jobs:
|
|||
runs-on: [arc-runner-set]
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -19,19 +19,19 @@ jobs:
|
|||
latest: ${{ steps.find-latest.outputs.latest }}
|
||||
steps:
|
||||
- name: Checkout Constellation
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Checkout kubernetes/cloud-provider-gcp
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: "kubernetes/cloud-provider-gcp"
|
||||
path: "cloud-provider-gcp"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: false
|
||||
|
||||
- name: Install Crane
|
||||
|
@ -65,10 +65,10 @@ jobs:
|
|||
version: ${{ fromJson(needs.find-ccm-versions.outputs.versions) }}
|
||||
steps:
|
||||
- name: Checkout Constellation
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Checkout kubernetes/cloud-provider-gcp
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: "kubernetes/cloud-provider-gcp"
|
||||
path: "cloud-provider-gcp"
|
||||
|
@ -113,7 +113,7 @@ jobs:
|
|||
|
||||
- name: Build and push container image
|
||||
id: build
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
|
||||
with:
|
||||
context: ./cloud-provider-gcp
|
||||
push: ${{ github.ref_name == 'main' }}
|
||||
|
|
|
@ -69,7 +69,7 @@ jobs:
|
|||
|
||||
- name: Checkout GoogleCloudPlatform/guest-agent
|
||||
if: steps.needs-build.outputs.out == 'true'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: "GoogleCloudPlatform/guest-agent"
|
||||
ref: refs/tags/${{ steps.latest-release.outputs.latest }}
|
||||
|
@ -77,7 +77,7 @@ jobs:
|
|||
|
||||
- name: Checkout Constellation
|
||||
if: steps.needs-build.outputs.out == 'true'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
path: "constellation"
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
@ -114,7 +114,7 @@ jobs:
|
|||
- name: Build and push container image
|
||||
if: steps.needs-build.outputs.out == 'true'
|
||||
id: build
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
|
||||
with:
|
||||
context: ./guest-agent
|
||||
file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile
|
||||
|
|
|
@ -19,7 +19,7 @@ jobs:
|
|||
packages: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Setup bazel
|
||||
uses: ./.github/actions/setup_bazel_nix
|
||||
|
|
|
@ -20,7 +20,7 @@ jobs:
|
|||
steps:
|
||||
- name: Check out repository
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -62,14 +62,14 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: false
|
||||
|
||||
- name: Determine version
|
||||
|
@ -99,7 +99,7 @@ jobs:
|
|||
run: rm -f internal/attestation/measurements/measurement-generator/generate
|
||||
|
||||
- name: Create pull request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
branch: "image/automated/update-measurements-${{ github.run_number }}"
|
||||
base: main
|
||||
|
@ -121,7 +121,7 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
|
||||
|
|
|
@ -59,7 +59,7 @@ jobs:
|
|||
cliApiBasePath: ${{ steps.image-version.outputs.cliApiBasePath }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -138,7 +138,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ jobs:
|
|||
steps:
|
||||
- name: Check out repository
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -20,12 +20,12 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Link Checker
|
||||
uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3
|
||||
uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0
|
||||
with:
|
||||
args: "--config ./.lychee.toml './**/*.md' './**/*.html'"
|
||||
fail: true
|
||||
|
|
|
@ -34,17 +34,17 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Setup Go environment
|
||||
if: matrix.language == 'go'
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: false
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
|
||||
uses: github/codeql-action/init@ceaec5c11a131e0d282ff3b6f095917d234caace # v2.25.3
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
|
||||
|
@ -63,6 +63,6 @@ jobs:
|
|||
echo "::endgroup::"
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
|
||||
uses: github/codeql-action/analyze@ceaec5c11a131e0d282ff3b6f095917d234caace # v2.25.3
|
||||
with:
|
||||
category: "/language:${{ matrix.language }}"
|
||||
|
|
|
@ -16,12 +16,12 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Vale
|
||||
uses: errata-ai/vale-action@3f7188c866bcb3259339a09f517d7c4a8838303c # tag=reviewdog
|
||||
uses: errata-ai/vale-action@38bf078c328061f59879b347ca344a718a736018 # tag=reviewdog
|
||||
with:
|
||||
files: docs/docs
|
||||
fail_on_error: true
|
||||
|
|
|
@ -72,7 +72,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -92,7 +92,7 @@ jobs:
|
|||
cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|
||||
|
||||
- name: Upload CLI as artifact (unix)
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
if : ${{ matrix.os != 'windows' }}
|
||||
with:
|
||||
name: constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
@ -101,7 +101,7 @@ jobs:
|
|||
build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig
|
||||
|
||||
- name: Upload CLI as artifact (windows)
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
if : ${{ matrix.os == 'windows' }}
|
||||
with:
|
||||
name: constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
@ -133,7 +133,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -149,7 +149,7 @@ jobs:
|
|||
targetArch: ${{ matrix.arch }}
|
||||
|
||||
- name: Upload Terraform Provider Binary as artifact (unix)
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
if : ${{ matrix.os != 'windows' }}
|
||||
with:
|
||||
name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
@ -157,7 +157,7 @@ jobs:
|
|||
build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
||||
- name: Upload Terraform Provider Binary as artifact (windows)
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
if : ${{ matrix.os == 'windows' }}
|
||||
with:
|
||||
name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
@ -169,7 +169,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -187,7 +187,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -219,7 +219,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -227,7 +227,7 @@ jobs:
|
|||
uses: ./.github/actions/download_release_binaries
|
||||
|
||||
- name: Download CLI SBOM
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
|
||||
|
@ -256,12 +256,12 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
- name: Install Cosign
|
||||
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
|
||||
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
|
||||
|
||||
- name: Download Syft & Grype
|
||||
uses: ./.github/actions/install_syft_grype
|
||||
|
@ -296,13 +296,13 @@ jobs:
|
|||
COSIGN_PASSWORD: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|
||||
|
||||
- name: Upload Constellation CLI SBOM
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
path: constellation.spdx.sbom
|
||||
|
||||
- name: Upload Constellation CLI SBOM's signature
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: constellation.spdx.sbom.sig
|
||||
path: constellation.spdx.sbom.sig
|
||||
|
@ -332,7 +332,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -340,7 +340,7 @@ jobs:
|
|||
uses: ./.github/actions/download_release_binaries
|
||||
|
||||
- name: Download CLI SBOM
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
|
||||
|
@ -407,7 +407,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -420,12 +420,12 @@ jobs:
|
|||
uses: ./.github/actions/download_release_binaries
|
||||
|
||||
- name: Download CLI SBOM
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
|
||||
- name: Download Constellation CLI SBOM's signature
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation.spdx.sbom.sig
|
||||
|
||||
|
|
|
@ -10,11 +10,6 @@ on:
|
|||
- "internal/api/**"
|
||||
- ".github/workflows/e2e-attestationconfigapi.yml"
|
||||
- "go.mod"
|
||||
pull_request:
|
||||
paths:
|
||||
- "internal/api/**"
|
||||
- ".github/workflows/e2e-attestationconfigapi.yml"
|
||||
- "go.mod"
|
||||
|
||||
jobs:
|
||||
e2e-api:
|
||||
|
@ -31,7 +26,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
# Don't trigger in forks, use head on pull requests, use default otherwise.
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }}
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
name: e2e weekly cleanup
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 0 * * 0" # At 00:00 every Sunday UTC
|
||||
workflow_dispatch:
|
||||
|
||||
|
||||
jobs:
|
||||
cleanup:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Cleanup
|
||||
uses: ./.github/actions/e2e_cleanup_timeframe
|
||||
with:
|
||||
ghToken: ${{ secrets.GITHUB_TOKEN }}
|
||||
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
|
||||
azure_credentials: ${{ secrets.AZURE_E2E_DESTROY_CREDENTIALS }}
|
|
@ -29,7 +29,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }}
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ jobs:
|
|||
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -46,20 +46,26 @@ jobs:
|
|||
max-parallel: 5
|
||||
matrix:
|
||||
kubernetesVersion: ["1.28"] # should be default
|
||||
# TODO(msanft): Enable GCP SEV-SNP once stable GCP SEV-SNP images exist.
|
||||
attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
|
||||
attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
|
||||
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
|
||||
test: ["sonobuoy quick"]
|
||||
exclude:
|
||||
# TODO(v2.18 msanft): Remove exclude rule for GCP SEV-SNP stable once images exist.
|
||||
- kubernetesVersion: "1.28"
|
||||
attestationVariant: "gcp-sev-snp"
|
||||
refStream: "ref/release/stream/stable/?"
|
||||
test: "sonobuoy quick"
|
||||
runs-on: ubuntu-22.04
|
||||
permissions:
|
||||
id-token: write
|
||||
checks: write
|
||||
contents: read
|
||||
packages: write
|
||||
actions: write
|
||||
needs: [find-latest-image]
|
||||
steps:
|
||||
- name: Check out repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
@ -122,6 +128,16 @@ jobs:
|
|||
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
||||
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
|
||||
|
||||
- name: Update tfstate
|
||||
if: always()
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
uses: ./.github/actions/update_tfstate
|
||||
with:
|
||||
name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
|
||||
runID: ${{ github.run_id }}
|
||||
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
|
||||
|
||||
- name: Notify about failure
|
||||
if: |
|
||||
failure() &&
|
||||
|
@ -149,7 +165,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -156,7 +156,7 @@ jobs:
|
|||
|
||||
- name: Login to AWS (IAM + Cluster role)
|
||||
if: steps.determine.outputs.cloudProvider == 'aws'
|
||||
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
|
||||
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
|
||||
with:
|
||||
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform
|
||||
aws-region: eu-central-1
|
||||
|
|
|
@ -303,6 +303,7 @@ jobs:
|
|||
checks: write
|
||||
contents: read
|
||||
packages: write
|
||||
actions: write
|
||||
steps:
|
||||
- name: Install the basics tools (macOS)
|
||||
if: runner.os == 'macOS'
|
||||
|
@ -310,7 +311,7 @@ jobs:
|
|||
run: brew install coreutils kubectl bash
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
@ -378,6 +379,16 @@ jobs:
|
|||
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
||||
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
|
||||
|
||||
- name: Update tfstate
|
||||
if: always()
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
uses: ./.github/actions/update_tfstate
|
||||
with:
|
||||
name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
|
||||
runID: ${{ github.run_id }}
|
||||
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
|
||||
|
||||
e2e-upgrade:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
|
@ -392,6 +403,7 @@ jobs:
|
|||
contents: read
|
||||
checks: write
|
||||
packages: write
|
||||
actions: write
|
||||
uses: ./.github/workflows/e2e-upgrade.yml
|
||||
with:
|
||||
fromVersion: ${{ matrix.fromVersion }}
|
||||
|
|
|
@ -22,7 +22,7 @@ jobs:
|
|||
image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -309,10 +309,11 @@ jobs:
|
|||
checks: write
|
||||
contents: read
|
||||
packages: write
|
||||
actions: write
|
||||
needs: [find-latest-image]
|
||||
steps:
|
||||
- name: Check out repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
@ -378,6 +379,16 @@ jobs:
|
|||
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
||||
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
|
||||
|
||||
- name: Update tfstate
|
||||
if: always()
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
uses: ./.github/actions/update_tfstate
|
||||
with:
|
||||
name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
|
||||
runID: ${{ github.run_id }}
|
||||
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
|
||||
|
||||
- name: Notify about failure
|
||||
if: |
|
||||
failure() &&
|
||||
|
@ -408,6 +419,7 @@ jobs:
|
|||
checks: write
|
||||
contents: read
|
||||
packages: write
|
||||
actions: write
|
||||
uses: ./.github/workflows/e2e-upgrade.yml
|
||||
with:
|
||||
fromVersion: ${{ matrix.fromVersion }}
|
||||
|
@ -426,7 +438,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -464,9 +476,9 @@ jobs:
|
|||
name: Run Windows E2E test
|
||||
permissions:
|
||||
id-token: write
|
||||
checks: write
|
||||
contents: read
|
||||
packages: write
|
||||
checks: write
|
||||
secrets: inherit
|
||||
uses: ./.github/workflows/e2e-windows.yml
|
||||
with:
|
||||
|
|
|
@ -174,13 +174,13 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout head
|
||||
if: inputs.git-ref == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.git-ref != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.git-ref }}
|
||||
|
||||
|
@ -200,6 +200,7 @@ jobs:
|
|||
checks: write
|
||||
contents: read
|
||||
packages: write
|
||||
actions: write
|
||||
needs: [find-latest-image, generate-input-parameters]
|
||||
if: always() && !cancelled()
|
||||
steps:
|
||||
|
@ -210,13 +211,13 @@ jobs:
|
|||
|
||||
- name: Checkout head
|
||||
if: inputs.git-ref == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.git-ref != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.git-ref }}
|
||||
|
||||
|
@ -278,3 +279,13 @@ jobs:
|
|||
cloudProvider: ${{ needs.generate-input-parameters.outputs.cloudProvider }}
|
||||
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
||||
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
|
||||
|
||||
- name: Update tfstate
|
||||
if: always()
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
uses: ./.github/actions/update_tfstate
|
||||
with:
|
||||
name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
|
||||
runID: ${{ github.run_id }}
|
||||
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
|
||||
|
|
|
@ -135,14 +135,14 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
if: inputs.gitRef == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.gitRef != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.gitRef }}
|
||||
|
@ -173,7 +173,7 @@ jobs:
|
|||
push: true
|
||||
|
||||
- name: Upload CLI binary
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: constellation-upgrade-${{ inputs.attestationVariant }}
|
||||
path: build/constellation
|
||||
|
@ -189,17 +189,18 @@ jobs:
|
|||
needs: [generate-input-parameters]
|
||||
outputs:
|
||||
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
|
||||
e2e-name-prefix: ${{ steps.e2e_test.outputs.namePrefix }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
if: inputs.gitRef == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.gitRef != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.gitRef }}
|
||||
|
@ -280,14 +281,14 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
if: inputs.gitRef == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.gitRef != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.gitRef }}
|
||||
|
@ -335,7 +336,7 @@ jobs:
|
|||
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
||||
|
||||
- name: Download CLI
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-upgrade-${{ inputs.attestationVariant }}
|
||||
path: build
|
||||
|
@ -441,25 +442,26 @@ jobs:
|
|||
checks: write
|
||||
contents: read
|
||||
packages: write
|
||||
actions: write
|
||||
if: always()
|
||||
needs: [generate-input-parameters, create-cluster, e2e-upgrade]
|
||||
steps:
|
||||
- name: Checkout
|
||||
if: inputs.gitRef == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.gitRef != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.gitRef }}
|
||||
|
||||
- name: Download CLI
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-upgrade-${{ inputs.attestationVariant }}
|
||||
path: build
|
||||
|
@ -505,6 +507,17 @@ jobs:
|
|||
constellation-version.yaml
|
||||
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
|
||||
|
||||
- name: Prepare terraform state artifact upload
|
||||
if: always()
|
||||
shell: bash
|
||||
run: |
|
||||
mkdir -p to-zip
|
||||
cp -r constellation-terraform to-zip
|
||||
rm -f to-zip/constellation-terraform/plan.zip
|
||||
rm -rf to-zip/constellation-terraform/.terraform
|
||||
cp -r constellation-iam-terraform to-zip
|
||||
rm -rf to-zip/constellation-iam-terraform/.terraform
|
||||
|
||||
- name: Always terminate cluster
|
||||
if: always()
|
||||
uses: ./.github/actions/constellation_destroy
|
||||
|
@ -523,6 +536,16 @@ jobs:
|
|||
azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
||||
gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
|
||||
|
||||
- name: Update tfstate
|
||||
if: always()
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
uses: ./.github/actions/update_tfstate
|
||||
with:
|
||||
name: terraform-state-${{ needs.create-cluster.outputs.e2e-name-prefix }}
|
||||
runID: ${{ github.run_id }}
|
||||
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
|
||||
|
||||
- name: Notify about failure
|
||||
if: |
|
||||
always() &&
|
||||
|
|
|
@ -21,7 +21,7 @@ jobs:
|
|||
packages: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -48,7 +48,7 @@ jobs:
|
|||
push: true
|
||||
|
||||
- name: Upload CLI artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
path: build/constellation.exe
|
||||
name: "constell-exe"
|
||||
|
@ -59,12 +59,12 @@ jobs:
|
|||
needs: build-cli
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Download CLI artifact
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: "constell-exe"
|
||||
|
||||
|
@ -80,11 +80,13 @@ jobs:
|
|||
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
||||
|
||||
- name: Create IAM configuration
|
||||
id: iam-create
|
||||
shell: pwsh
|
||||
run: |
|
||||
$uid = Get-Random -Minimum 1000 -Maximum 9999
|
||||
$rgName = "e2e-win-${{ github.run_id }}-${{ github.run_attempt }}-$uid"
|
||||
.\constellation.exe config generate azure -t "workflow=${{ github.workflow }}"
|
||||
"rgName=$($rgName)" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
||||
.\constellation.exe config generate azure -t "workflow=${{ github.run_id }}"
|
||||
.\constellation.exe iam create azure --region=westus --resourceGroup=$rgName-rg --servicePrincipal=$rgName-sp --update-config --debug -y
|
||||
|
||||
- name: Login to Azure (Cluster service principal)
|
||||
|
@ -150,6 +152,7 @@ jobs:
|
|||
}
|
||||
|
||||
- name: Terminate cluster
|
||||
id: terminate-cluster
|
||||
if: always()
|
||||
shell: pwsh
|
||||
run: |
|
||||
|
@ -162,11 +165,20 @@ jobs:
|
|||
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
||||
|
||||
- name: Delete IAM configuration
|
||||
id: delete-iam
|
||||
if: always()
|
||||
shell: pwsh
|
||||
run: |
|
||||
.\constellation.exe iam destroy --debug -y
|
||||
|
||||
- name: Clean up after failure
|
||||
# run on a cleanup failure or if cancelled
|
||||
if: (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled()
|
||||
shell: pwsh
|
||||
run: |
|
||||
az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes
|
||||
az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg-identity --yes
|
||||
|
||||
notify-failure:
|
||||
name: Notify about failure
|
||||
runs-on: ubuntu-22.04
|
||||
|
@ -177,7 +189,7 @@ jobs:
|
|||
inputs.scheduled
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -195,3 +207,4 @@ jobs:
|
|||
test: Windows E2E Test
|
||||
provider: Azure
|
||||
attestationVariant: "azure-sev-snp"
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ jobs:
|
|||
WORKING_BRANCH: ${{ env.WORKING_BRANCH }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0 # fetch all history
|
||||
|
||||
|
@ -49,7 +49,7 @@ jobs:
|
|||
latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Override latest
|
||||
if: github.event.inputs.latest == 'true'
|
||||
|
@ -123,7 +123,7 @@ jobs:
|
|||
contents: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Remove temporary branch
|
||||
run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}"
|
||||
|
@ -137,7 +137,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- uses: ./.github/actions/setup_bazel_nix
|
||||
with:
|
||||
|
|
|
@ -18,7 +18,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ jobs:
|
|||
RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }}
|
||||
WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }}
|
||||
steps:
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Working branch
|
||||
run: echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV"
|
||||
|
@ -85,7 +85,7 @@ jobs:
|
|||
MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
|
||||
BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
|
||||
steps:
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: main
|
||||
|
||||
|
@ -96,7 +96,7 @@ jobs:
|
|||
npm run docusaurus docs:version "${MAJOR_MINOR}"
|
||||
|
||||
- name: Create docs pull request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
branch: ${{ env.BRANCH }}
|
||||
base: main
|
||||
|
@ -123,7 +123,7 @@ jobs:
|
|||
WORKING_BRANCH: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
|
||||
|
||||
|
@ -161,7 +161,7 @@ jobs:
|
|||
WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
|
||||
|
||||
|
@ -226,14 +226,14 @@ jobs:
|
|||
WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: true
|
||||
|
||||
- name: Build generateMeasurements tool
|
||||
|
|
|
@ -31,7 +31,7 @@ jobs:
|
|||
runs-on: ${{ matrix.runner }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -60,13 +60,13 @@ jobs:
|
|||
run: shasum -a 256 "${binary}" | tee "${binary}.sha256"
|
||||
|
||||
- name: Upload binary artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: "binaries-${{ matrix.target }}-${{ matrix.runner }}"
|
||||
path: "${{ env.binary }}"
|
||||
|
||||
- name: Upload hash artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}"
|
||||
path: "${{ env.binary }}.sha256"
|
||||
|
@ -87,7 +87,7 @@ jobs:
|
|||
runs-on: ${{ matrix.runner }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -116,13 +116,13 @@ jobs:
|
|||
run: shasum -a 256 "${binary}" | tee "${binary}.sha256"
|
||||
|
||||
- name: Upload binary artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: "osimages-${{ matrix.target }}-${{ matrix.runner }}"
|
||||
path: "${{ env.binary }}"
|
||||
|
||||
- name: Upload hash artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}"
|
||||
path: "${{ env.binary }}.sha256"
|
||||
|
@ -145,7 +145,7 @@ jobs:
|
|||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Download binaries
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
pattern: "binaries-${{ matrix.target }}-*"
|
||||
merge-multiple: true
|
||||
|
@ -179,7 +179,7 @@ jobs:
|
|||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Download os images
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
pattern: "osimages-${{ matrix.target }}-*"
|
||||
merge-multiple: true
|
||||
|
|
|
@ -18,7 +18,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
|
@ -30,13 +30,13 @@ jobs:
|
|||
publish_results: true
|
||||
|
||||
- name: Upload artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
retention-days: 5
|
||||
|
||||
- name: Upload to code-scanning
|
||||
uses: github/codeql-action/upload-sarif@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
|
||||
uses: github/codeql-action/upload-sarif@ceaec5c11a131e0d282ff3b6f095917d234caace # v2.25.3
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
|
|
@ -18,14 +18,14 @@ jobs:
|
|||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout constellation repo
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
fetch-depth: 0
|
||||
path: constellation
|
||||
|
||||
- name: Checkout terraform-provider-constellation repo
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: edgelesssys/terraform-provider-constellation
|
||||
ref: main
|
||||
|
@ -40,7 +40,7 @@ jobs:
|
|||
|
||||
- name: Create pull request
|
||||
id: create-pull-request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
path: terraform-provider-constellation
|
||||
branch: "feat/docs/update"
|
||||
|
|
|
@ -25,7 +25,7 @@ jobs:
|
|||
CTEST_OUTPUT_ON_FAILURE: True
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -21,14 +21,14 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: true
|
||||
|
||||
- name: Run code generation
|
||||
|
|
|
@ -23,7 +23,7 @@ jobs:
|
|||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
# No token available for forks, so we can't push changes
|
||||
|
|
|
@ -30,7 +30,7 @@ jobs:
|
|||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
fetch-depth: 0
|
||||
|
|
|
@ -13,7 +13,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Assume AWS role to upload Bazel dependencies to S3
|
||||
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
|
||||
|
@ -40,7 +40,7 @@ jobs:
|
|||
fi
|
||||
|
||||
- name: Create pull request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
branch: "image/automated/update-rpms-${{ github.run_number }}"
|
||||
base: main
|
||||
|
|
|
@ -115,7 +115,7 @@ jobs:
|
|||
steps:
|
||||
- name: Check out repository
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ RUN apt-get update && apt-get install -y \
|
|||
git
|
||||
|
||||
# Install Go
|
||||
ARG GO_VER=1.22.2
|
||||
ARG GO_VER=1.22.3
|
||||
RUN wget -q https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
|
||||
tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
|
||||
rm go${GO_VER}.linux-amd64.tar.gz
|
||||
|
|
|
@ -170,7 +170,7 @@ load("@io_bazel_rules_go//go:deps.bzl", "go_download_sdk", "go_register_toolchai
|
|||
go_download_sdk(
|
||||
name = "go_sdk",
|
||||
patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"],
|
||||
version = "1.22.2",
|
||||
version = "1.22.3",
|
||||
)
|
||||
|
||||
go_rules_dependencies()
|
||||
|
|
|
@ -6,10 +6,10 @@ def proto_deps():
|
|||
http_archive(
|
||||
name = "rules_proto",
|
||||
sha256 = "17fa03f509b0d1df05c70c174a266ab211d04b9969e41924fd07a81ea171f117",
|
||||
strip_prefix = "rules_proto-cda0effe6b5af095a6886c67f90c760b83f08c48",
|
||||
strip_prefix = "rules_proto-d205d37866925569d99b4d6cdcba172326ecf812",
|
||||
urls = [
|
||||
"https://cdn.confidential.cloud/constellation/cas/sha256/17fa03f509b0d1df05c70c174a266ab211d04b9969e41924fd07a81ea171f117",
|
||||
"https://github.com/bazelbuild/rules_proto/archive/cda0effe6b5af095a6886c67f90c760b83f08c48.tar.gz",
|
||||
"https://github.com/bazelbuild/rules_proto/archive/d205d37866925569d99b4d6cdcba172326ecf812.tar.gz",
|
||||
],
|
||||
type = "tar.gz",
|
||||
)
|
||||
|
|
|
@ -0,0 +1,88 @@
|
|||
# How to create kubeconfigs for users
|
||||
|
||||
One of the first things to do after setting up a Constellation cluster is to hand out kubeconfig files to its prospective users.
|
||||
Adhering to the *principle of least privilege*, it is not advisable to share the admin config with all cluster users.
|
||||
Instead, users should authenticate individually to the API server, and permissions should be controlled by [RBAC].
|
||||
|
||||
Constellation users authenticate to the API server with a client TLS certificate, signed by the Kubernetes CA.
|
||||
The user's identity and group memberships are taken from the certificates common name and organizations, respectively.
|
||||
Details can be found in the upstream [authn documentation].
|
||||
|
||||
The [`kubeadm` documentation] describes a process for creating new kubeconfigs, but the instructions requires access to a control-plane node, or at least the Kubernetes CA certificate and key.
|
||||
While the certificates can be extracted, e.g. by spawning a [node debugger pod], we can take a safer road that only requires `kubectl`.
|
||||
The example script below creates a new kubeconfig for a user and optional group memberships.
|
||||
It uses the [Kubernetes certificate API] to obtain a user certificate signed by the cluster CA.
|
||||
|
||||
[RBAC]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
|
||||
[authn documentation]: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes
|
||||
[`kubeadm` documentation]: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubeconfig-additional-users
|
||||
[node debugger pod]: https://kubernetes.io/docs/tasks/debug/debug-cluster/kubectl-node-debug/
|
||||
[Kubernetes certificate API]: https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
|
||||
|
||||
```sh
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
if [ $# -lt 2 ]; then
|
||||
echo "Usage: $0 username [groupname...]" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
user=$1
|
||||
shift
|
||||
|
||||
subj="/CN=${user}"
|
||||
for g in "$@"; do
|
||||
subj="${subj}/O=$g"
|
||||
done
|
||||
|
||||
openssl req -newkey rsa:4096 -out ${user}.csr -keyout ${user}.key -nodes -subj "${subj}"
|
||||
|
||||
kubectl apply -f - <<EOF
|
||||
apiVersion: certificates.k8s.io/v1
|
||||
kind: CertificateSigningRequest
|
||||
metadata:
|
||||
name: ${user}
|
||||
spec:
|
||||
request: $(base64 -w0 ${user}.csr)
|
||||
signerName: kubernetes.io/kube-apiserver-client
|
||||
usages:
|
||||
- digital signature
|
||||
- key encipherment
|
||||
- client auth
|
||||
EOF
|
||||
kubectl certificate approve ${user}
|
||||
kubectl wait --for=jsonpath='{.status.certificate}' csr/${user}
|
||||
kubectl get csr ${user} -o jsonpath='{.status.certificate}' | base64 -d >${user}.pem
|
||||
kubectl delete csr ${user}
|
||||
|
||||
kubectl get cm kube-root-ca.crt -o go-template='{{ index .data "ca.crt" }}' >ca.pem
|
||||
kubectl get cm kubeadm-config -n kube-system -o=jsonpath="{.data.ClusterConfiguration}" >clusterconfig.yaml
|
||||
cluster=$(yq .clusterName clusterconfig.yaml)
|
||||
endpoint=$(yq .controlPlaneEndpoint clusterconfig.yaml)
|
||||
|
||||
cat >${user}.conf <<EOF
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- cluster:
|
||||
certificate-authority-data: $(base64 -w0 ca.pem)
|
||||
server: https://${endpoint}
|
||||
name: ${cluster}
|
||||
contexts:
|
||||
- context:
|
||||
cluster: ${cluster}
|
||||
user: ${user}
|
||||
name: ${user}@${cluster}
|
||||
current-context: ${user}@${cluster}
|
||||
users:
|
||||
- name: ${user}
|
||||
user:
|
||||
client-certificate-data: $(base64 -w0 ${user}.pem)
|
||||
client-key-data: $(base64 -w0 ${user}.key)
|
||||
EOF
|
||||
|
||||
env KUBECONFIG=./${user}.conf kubectl auth whoami
|
||||
|
||||
rm ca.pem clusterconfig.yaml ${user}.csr ${user}.pem ${user}.key
|
||||
```
|
|
@ -1,4 +1,5 @@
|
|||
# Bump Go version
|
||||
|
||||
`govulncheck` from the bazel `check` target will fail if our code is vulnerable, which is often the case when a patch version was released with security fixes.
|
||||
|
||||
## Steps
|
||||
|
@ -6,5 +7,13 @@
|
|||
Replace "1.xx.x" with the new version in [WORKSPACE.bazel](/WORKSPACE.bazel):
|
||||
|
||||
```starlark
|
||||
go_register_toolchains(version = "1.xx.x")
|
||||
load("@io_bazel_rules_go//go:deps.bzl", "go_download_sdk", "go_register_toolchains", "go_rules_dependencies")
|
||||
|
||||
go_download_sdk(
|
||||
name = "go_sdk",
|
||||
patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"],
|
||||
version = "1.xx.x", <--- Replace this one
|
||||
~~~~~~~~
|
||||
)
|
||||
|
||||
```
|
||||
|
|
|
@ -13,7 +13,7 @@ If you encounter any problem with the following steps, make sure to use the [lat
|
|||
|
||||
## Create a cluster
|
||||
|
||||
1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider.
|
||||
1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file.
|
||||
|
||||
<tabs groupId="csp">
|
||||
<tabItem value="aws" label="AWS">
|
||||
|
|
File diff suppressed because one or more lines are too long
Before Width: | Height: | Size: 135 KiB After Width: | Height: | Size: 128 KiB |
4
go.work
4
go.work
|
@ -1,6 +1,6 @@
|
|||
go 1.22.2
|
||||
go 1.22.3
|
||||
|
||||
toolchain go1.22.2
|
||||
toolchain go1.22.3
|
||||
|
||||
use (
|
||||
.
|
||||
|
|
|
@ -92,9 +92,9 @@ cd41c94b8c668602f7fb5eae595e5d5c34bd1b91690b5cc06f4c8c199794dfa8 gnupg2-smime-2
|
|||
e0481a0fd263907193fe9f3f080a17e89de1ef1d8a490078a6225062b4eec761 gpgme-1.17.1-5.fc38.x86_64.rpm
|
||||
ad16ec814c4423d007d218a3f45d2e39d3dab00fc8c0d75eef176041594e3970 gpm-libs-1.20.7-42.fc38.x86_64.rpm
|
||||
60ed241ec381a23d03fac733a72132dbdc4ba04c412add78bfc67f1b9f1b4daa grep-3.8-3.fc38.x86_64.rpm
|
||||
8ccdd14f712a6459ff2094fb84a6b2f065040cf5ab0bcb844caaa07bb0ad2cda grub2-common-2.06-116.fc38.noarch.rpm
|
||||
938199770615a3698fb69a32f5274ca36904f4496772f8f538b2b1f332381351 grub2-tools-2.06-116.fc38.x86_64.rpm
|
||||
76f510f88200abe7009807c4630688050fc4eebf206d173e00508cee992e2d5e grub2-tools-minimal-2.06-116.fc38.x86_64.rpm
|
||||
b550e98ee06b72177009627b7dedf470fe662c5b7180180fed14d705788f33a7 grub2-common-2.06-118.fc38.noarch.rpm
|
||||
ad56781d108b910a9f86106cbb653f01201196995150e9e5d84d3de6b90f4851 grub2-tools-2.06-118.fc38.x86_64.rpm
|
||||
2e98885b2a2271f1020804ec2a2912f045fc19c87b65177280d94250ad8e21f5 grub2-tools-minimal-2.06-118.fc38.x86_64.rpm
|
||||
5e95f1f40c3242809a7a047543a57046d16e5df811aa816c4aa2b0cc8b883b8e grubby-8.40-70.fc38.x86_64.rpm
|
||||
cd17ffd09699224216affbbc765dfda04e1b5ccebb8e95af45a56c54ff257e2b gvisor-tap-vsock-0.7.3-1.fc38.x86_64.rpm
|
||||
8ec6f2f11b854734c53b5d43638d08740b3b36f981c495d0ca17bf044b370248 gvisor-tap-vsock-gvforwarder-0.7.3-1.fc38.x86_64.rpm
|
||||
|
@ -131,7 +131,7 @@ d78d7bc485f099bb08c9de55dd12ea6a984b948face1f947de6ec805663a96c5 libattr-2.5.1-
|
|||
dca5cafabf192d1f5abe37fa06425877bf74bb6e8c5ce5cad577274b18169b94 libblkid-2.38.1-4.fc38.i686.rpm
|
||||
21b5a1a024c2d1877d2b7271fd3f82424eb0bd6b95395ad3a3dae5776eec8714 libblkid-2.38.1-4.fc38.x86_64.rpm
|
||||
8079443881e764cece2f8f6789b39ebbe43226cde61675bdfae5a5a18a439b5f libbpf-1.1.0-2.fc38.x86_64.rpm
|
||||
58cc0371663c027c0c369337f303133ccad774b2f474d8ab53bdce7b904dbb0f libbsd-0.12.2-1.fc38.x86_64.rpm
|
||||
d206e2d18ff35ffc2d39a49db20abd3bd24274f54efb2af257f3bff36afe3dcb libbsd-0.12.2-3.fc38.x86_64.rpm
|
||||
04fdf1cee0fc12ff10757a07beb1dd014a0f23def582255ff0dbd8472868f08f libcap-2.48-8.fc38.i686.rpm
|
||||
df1ecff1c2d83b5256a03aaf9bda20cfd86def263645ddd677aaa3facc525561 libcap-2.48-8.fc38.x86_64.rpm
|
||||
5257031cba9a8791a277994e026b0f4c7a1cf2878505f5e1ed463fa670b67f05 libcap-ng-0.8.3-8.fc38.i686.rpm
|
||||
|
@ -276,11 +276,11 @@ fb3fabd657b8f8603c6e19858beb0d506cf957bbca2f3feb827b64c94563b31f popt-1.19-2.fc
|
|||
8b3f681cd05e071d4c7b21eff4684a3ca7674599ee984cccd6a69a685eb8a41c protobuf-c-1.4.1-4.fc38.x86_64.rpm
|
||||
6983318d6b2dfd4eea29448e9853b74b1d009ab37be7add3ff304ff0483714cb psmisc-23.6-2.fc38.x86_64.rpm
|
||||
5d57133d4f5ace3ca45aaa59ae4b8f6e907a51df6503f3747ed0e5316de3b4dc publicsuffix-list-dafsa-20240107-1.fc38.noarch.rpm
|
||||
e59d71a66652002e1bc6331db17a061bd3ceacf1a449be8af9f7cefc50af4ad7 python-pip-wheel-22.3.1-3.fc38.noarch.rpm
|
||||
b6416707be79fb1e9f99d0cb9b06a27fb045f88ec2f698e93117cc95cac7fff2 python-pip-wheel-22.3.1-4.fc38.noarch.rpm
|
||||
7417816bd96d7b49e5a98c85eba313afaa8b8802458d7cd9f5ba72ecc31933e3 python-setuptools-wheel-65.5.1-2.fc38.noarch.rpm
|
||||
5aadde78a824378f6c98385cd2efabbbad183e3eb02333e44f0d4e771a45fafe python-unversioned-command-3.11.8-2.fc38.noarch.rpm
|
||||
addcb7a118134fede26541516a4e53c983b625266ae223f00e07a990ada62938 python3-3.11.8-2.fc38.x86_64.rpm
|
||||
1cbb84f28da01dcb48b6b7dbb7248f7e9875dcb2d182385ef82b2d7d05a84abc python3-libs-3.11.8-2.fc38.x86_64.rpm
|
||||
4abf1cf4a1eacaa8755650704f0c8d4dba0814e648aae82df935a00d53bf46b2 python-unversioned-command-3.11.9-2.fc38.noarch.rpm
|
||||
a537a4e0e298651cf582b9af3ed3d843946837e94fef66de3041729533283d12 python3-3.11.9-2.fc38.x86_64.rpm
|
||||
64c68c1eb659020a6587b1b25e825afafe21effd05a9abdfa1b363f81ed400d8 python3-libs-3.11.9-2.fc38.x86_64.rpm
|
||||
92ff091ca65dbfb27dcbebe3087e55b64bebf204df0ed41c26de59497dbd023b qemu-user-static-7.2.10-1.fc38.x86_64.rpm
|
||||
c6556a55be749a8c81edf22e47cb9c3385aaf69df7950f20312fa7f0818b9488 qemu-user-static-aarch64-7.2.10-1.fc38.x86_64.rpm
|
||||
1fe55e907d9efa0e02f398485859a795dea0fbb01d3a51658dc897874c75f1bc qemu-user-static-alpha-7.2.10-1.fc38.x86_64.rpm
|
||||
|
@ -337,15 +337,15 @@ a0bf879d762443195b4745096d7ee0afef4b71c9008042a3f06d9cd35162d197 systemd-libs-2
|
|||
232da16c546617adde46ecaa1d5367acd05f75d04570fb367123b8dd01abdea4 util-linux-2.38.1-4.fc38.i686.rpm
|
||||
f0f8e33332df97afd911093f28c487bc84cbe4dcc7bb468eac5551d235acee62 util-linux-2.38.1-4.fc38.x86_64.rpm
|
||||
b57dbbbee14301e89df618b398ef39b7fc841eaba6be1b6346cf37ed7695c26a util-linux-core-2.38.1-4.fc38.x86_64.rpm
|
||||
ecf20fb825cac6c1e186fd9034999492e52d5df8114242372866bcebe79e3ad4 vim-common-9.1.309-1.fc38.x86_64.rpm
|
||||
54c84db8b9b86ed2d5a3599f38bb9aef7b8e383d3cd5662afc72cf7812580104 vim-data-9.1.309-1.fc38.noarch.rpm
|
||||
67b4e8a44d30b0c1fd0bedf2ccabf6097b1d1ad5a36b82a0ac66181de63c2dc5 vim-enhanced-9.1.309-1.fc38.x86_64.rpm
|
||||
39fd499ecab55d81bc6051eee9fbc3521640fb45545ff9609397e192a7a3dd15 vim-filesystem-9.1.309-1.fc38.noarch.rpm
|
||||
cb167e73a911cd10edcaf58a911f23e75581c27aadb7d2b48f9988057002a27e vim-common-9.1.354-1.fc38.x86_64.rpm
|
||||
275f7257e70f8c060b088686d6bd22c327f9ffed0eb79d79a6335b41f85a183a vim-data-9.1.354-1.fc38.noarch.rpm
|
||||
0da95855d82ce7249fe402f9251a54edd574ea7329fb1d8ec0f7d0207e21dc23 vim-enhanced-9.1.354-1.fc38.x86_64.rpm
|
||||
273bd9f355aee40d4220ba89e3bcf4bfe5f2a72f3ba84d1c1026f5a36a13398b vim-filesystem-9.1.354-1.fc38.noarch.rpm
|
||||
a4c8b2a90705fed491f6f7f258904637c18773d323d39e97bf9036260b79a0f6 wget-1.21.4-1.fc38.x86_64.rpm
|
||||
2c8b143f3cb83efa5a31c85bea1da3164ca2dde5e2d75d25115f3e21ef98b4e0 which-2.21-39.fc38.x86_64.rpm
|
||||
84f87df3afabe3de8748f172220107e5a5cbb0f0ef954386ecff6b914604aada whois-nls-5.5.18-1.fc38.noarch.rpm
|
||||
59a7a5a775c196961cdc51fb89440a055295c767a632bfa684760e73650aa9a0 xkeyboard-config-2.38-1.fc38.noarch.rpm
|
||||
56b7e00ebf801a10a47a2a09d4409595ab9cabdbbeb772502348066cfd490736 xxd-9.1.309-1.fc38.x86_64.rpm
|
||||
fd60e5a90c7f28e2c9b72aabb17c7fa548330ebfa2e99d72d861e557562ceec0 xxd-9.1.354-1.fc38.x86_64.rpm
|
||||
e911703ffceee37ec1066344820ab0cf9ba8e43d7957395981ba68c4d411a0a4 xz-5.4.1-1.fc38.x86_64.rpm
|
||||
2b3a57c5ccfd4c99ec78d8420394387782a4ac57946d63800a406a4050c3d214 xz-libs-5.4.1-1.fc38.i686.rpm
|
||||
bfce8ac2a2a78a23fb931531fb3d8f530a78f4d5b17f6199bf99b93ca21858c0 xz-libs-5.4.1-1.fc38.x86_64.rpm
|
||||
|
|
|
@ -13,17 +13,20 @@ package measurements
|
|||
// a build tag.
|
||||
// The enterprise build tag is required to validate the measurements using production
|
||||
// sigstore certificates.
|
||||
//
|
||||
// To add measurements for a new variant, add a new entry as `<csp>_<variant> = M{}` and run the generate tool.
|
||||
// Entries defined as `<csp>_<variant> M` are ignored.
|
||||
|
||||
// revive:disable:var-naming
|
||||
var (
|
||||
aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xbf, 0x2f, 0x54, 0x46, 0x1f, 0x12, 0xd9, 0x85, 0x0d, 0xaf, 0xe3, 0xf5, 0x7d, 0xb8, 0x4d, 0x63, 0x67, 0x22, 0x8a, 0x12, 0x6e, 0x26, 0x1d, 0x42, 0x82, 0xdf, 0x1e, 0x2c, 0xc6, 0xfc, 0x43, 0x1a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x72, 0x1e, 0xde, 0x8b, 0x0d, 0x8a, 0xbe, 0x48, 0x3e, 0x92, 0x52, 0x3e, 0x0f, 0x2b, 0x1a, 0x3d, 0x33, 0x9d, 0x5c, 0x3c, 0xe1, 0x70, 0xa8, 0x95, 0xf5, 0xc9, 0x8d, 0x6e, 0xe2, 0x03, 0x5f, 0x86}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc9, 0xac, 0x85, 0x73, 0x0e, 0x69, 0x7f, 0x6b, 0x36, 0x53, 0xb1, 0x80, 0xa4, 0x3b, 0x22, 0xcb, 0x6a, 0xfc, 0xad, 0xbb, 0xc7, 0xb5, 0xb3, 0x83, 0x6a, 0x51, 0x29, 0x6f, 0x54, 0x83, 0x35, 0xf8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6d, 0xbf, 0x47, 0x89, 0x38, 0x51, 0xea, 0x1f, 0xd7, 0x83, 0xb9, 0xb3, 0xda, 0x91, 0x6f, 0x41, 0xce, 0x85, 0x27, 0x1c, 0x0d, 0xaf, 0x6e, 0xf0, 0x9c, 0xf8, 0x22, 0xca, 0x05, 0xb8, 0xc1, 0x9c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x74, 0x89, 0x5a, 0x6b, 0x00, 0x3d, 0xd4, 0xe0, 0xd4, 0x78, 0x31, 0xcc, 0x46, 0x41, 0xfb, 0xf0, 0x6c, 0xeb, 0x2f, 0xce, 0x3f, 0x05, 0x05, 0x22, 0xe7, 0xee, 0x9c, 0xf2, 0xa3, 0xcd, 0xe0, 0xde}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x19, 0x3e, 0xca, 0x8e, 0x74, 0x55, 0xfe, 0x52, 0x98, 0xc7, 0x07, 0x7f, 0x4f, 0x3f, 0x43, 0x25, 0xe3, 0xb8, 0x2a, 0xbb, 0x2c, 0x2b, 0x80, 0xe3, 0xdd, 0x0c, 0x0f, 0x49, 0xfa, 0x61, 0x99, 0x96}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc9, 0x5d, 0xd8, 0xa5, 0xc5, 0x09, 0x51, 0x1a, 0xf4, 0x4d, 0xd4, 0x16, 0x5d, 0xcb, 0xd9, 0xe2, 0x97, 0x19, 0x99, 0x65, 0x6b, 0xb1, 0xfc, 0xef, 0xac, 0xef, 0x58, 0xac, 0x71, 0x9d, 0x7d, 0xf9}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0a, 0x98, 0xc7, 0xa3, 0xaa, 0x81, 0x68, 0x4c, 0xf7, 0x1f, 0x35, 0x1f, 0x49, 0x62, 0x45, 0x48, 0x0e, 0xac, 0x77, 0x36, 0x26, 0x61, 0x2f, 0x13, 0xb0, 0xbc, 0x64, 0x6d, 0x0a, 0xd9, 0xd5, 0x3b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf5, 0xa8, 0x0d, 0xca, 0x84, 0x40, 0xab, 0x7d, 0xe2, 0x7b, 0xc4, 0x95, 0xb0, 0x81, 0x19, 0x12, 0xbc, 0x5b, 0x7c, 0xe6, 0xd3, 0x9a, 0xda, 0xd7, 0xa9, 0x1b, 0x61, 0x67, 0xf0, 0xc6, 0x99, 0xe8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf3, 0xf2, 0x64, 0xcc, 0xae, 0x7a, 0x1b, 0xdb, 0xc2, 0xeb, 0x95, 0x1c, 0xe2, 0x1a, 0x14, 0x3d, 0x47, 0xda, 0x60, 0x28, 0xea, 0x2c, 0x1e, 0xa9, 0x37, 0x29, 0x3a, 0xc3, 0xca, 0x82, 0x24, 0x08}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x64, 0x57, 0x07, 0x7a, 0x96, 0x72, 0x35, 0x84, 0x09, 0x55, 0xed, 0x02, 0x96, 0x62, 0x37, 0xb6, 0xb3, 0xab, 0xbb, 0xe6, 0x84, 0xa7, 0x45, 0x8e, 0x8a, 0xd4, 0x8b, 0x5d, 0xe9, 0x80, 0x2d, 0x56}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7b, 0x84, 0x7e, 0xa7, 0x38, 0x9e, 0xb7, 0x69, 0x19, 0x4f, 0x21, 0x46, 0xdf, 0x71, 0x14, 0x23, 0x25, 0xc6, 0x0d, 0x66, 0x20, 0xef, 0xf1, 0x79, 0xf2, 0xcb, 0xa6, 0xf4, 0xb1, 0xee, 0x61, 0x33}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x56, 0x59, 0x34, 0x21, 0x02, 0x90, 0x44, 0x09, 0x1e, 0xa3, 0xf4, 0xee, 0x2d, 0x37, 0x81, 0x0d, 0x7c, 0x61, 0xb0, 0xe0, 0x2f, 0x02, 0xc3, 0xb1, 0x62, 0x03, 0xcf, 0xcb, 0x6e, 0xe2, 0xc4, 0x16}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x23, 0x41, 0x35, 0x4c, 0xe6, 0xd4, 0xc2, 0x22, 0xac, 0x29, 0x22, 0x81, 0x0b, 0x7d, 0x47, 0x05, 0xff, 0xa2, 0x53, 0x7e, 0x2d, 0x70, 0xe4, 0x1c, 0x1d, 0x24, 0x9d, 0x76, 0x14, 0xd3, 0x44, 0x6e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x27, 0xb6, 0x56, 0xaf, 0xf7, 0xa1, 0x42, 0x72, 0xcb, 0x2d, 0x73, 0xa7, 0xe8, 0x91, 0xb7, 0x65, 0xe5, 0x1d, 0x6c, 0xd5, 0x96, 0xa8, 0xf1, 0x3d, 0x0a, 0xd2, 0x98, 0x0a, 0x82, 0x28, 0xd9, 0x18}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x20, 0xad, 0x2d, 0x6d, 0xa9, 0xf8, 0xe2, 0x0d, 0x29, 0x5a, 0x04, 0xa0, 0x3a, 0x12, 0xd2, 0x56, 0x23, 0x96, 0x92, 0x56, 0x4c, 0x6f, 0x84, 0xc8, 0x23, 0x62, 0x32, 0x0e, 0x0e, 0x10, 0x6e, 0xe0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x43, 0x61, 0xcc, 0x73, 0x35, 0xbf, 0xf7, 0x9c, 0xad, 0x9b, 0xb2, 0x79, 0xd8, 0x79, 0xb3, 0x11, 0xba, 0x25, 0x86, 0x05, 0xcd, 0x42, 0x61, 0x2c, 0x83, 0x52, 0xfe, 0x94, 0x1a, 0x20, 0x88, 0x32}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x47, 0x32, 0xad, 0xc8, 0x09, 0x1c, 0xb4, 0x48, 0xc3, 0x02, 0x5b, 0xfc, 0x25, 0x1b, 0xa3, 0x4f, 0x08, 0x87, 0x96, 0xa6, 0x35, 0x5f, 0xfe, 0x0f, 0x25, 0x12, 0xdc, 0xb4, 0x51, 0x82, 0x63, 0x4d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xfc, 0xe3, 0xcc, 0xa7, 0xbc, 0x7b, 0xb6, 0xad, 0x5c, 0x9f, 0xcb, 0x9a, 0x2c, 0x29, 0xda, 0xe6, 0x92, 0x47, 0x6f, 0x1e, 0x22, 0xfc, 0xb0, 0xe0, 0x1c, 0x97, 0x53, 0x8c, 0x94, 0x20, 0x29, 0xbf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbb, 0x02, 0x30, 0x52, 0x12, 0x53, 0x7f, 0x41, 0x45, 0x9d, 0x90, 0xea, 0xf5, 0xd1, 0x45, 0xf2, 0xd5, 0x7b, 0x40, 0x4b, 0x2d, 0xbd, 0xdd, 0x36, 0x35, 0xa4, 0x0f, 0xc0, 0xc9, 0x24, 0x3e, 0x3d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xff, 0x83, 0xa5, 0x18, 0x84, 0xaa, 0x4f, 0x94, 0x3a, 0x34, 0x2a, 0xf8, 0x65, 0x3d, 0x4c, 0xab, 0xe6, 0x50, 0xf5, 0xce, 0xba, 0x38, 0x81, 0xcc, 0xd4, 0x57, 0xb4, 0xcd, 0x52, 0x27, 0xa5, 0x6d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc9, 0xf5, 0x25, 0x37, 0xb1, 0x53, 0xac, 0x42, 0xc1, 0xea, 0xba, 0x12, 0x02, 0xc4, 0xe8, 0xfc, 0xb1, 0x02, 0x4d, 0x25, 0x64, 0x84, 0xb0, 0x26, 0x2f, 0x9f, 0x20, 0x66, 0x3b, 0x6a, 0xa3, 0xdf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x75, 0x85, 0xdc, 0xff, 0x32, 0x29, 0x12, 0xc0, 0x78, 0x25, 0xb3, 0x9b, 0x91, 0x17, 0xb4, 0x1b, 0x76, 0xad, 0xe5, 0x97, 0x07, 0x08, 0xd5, 0xbe, 0x26, 0x26, 0x67, 0x37, 0x6d, 0x9f, 0x9a, 0x00}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9d, 0xe2, 0x2b, 0x92, 0xf8, 0xba, 0xb8, 0xe2, 0x4f, 0x4d, 0xf1, 0xc3, 0x10, 0x42, 0x2d, 0xe1, 0x4b, 0x77, 0x43, 0x46, 0x2e, 0x02, 0x5e, 0xa1, 0xb7, 0x0e, 0x69, 0x85, 0x53, 0x49, 0x80, 0xd4}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
azure_AzureTrustedLaunch M
|
||||
gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x25, 0xda, 0xe3, 0x74, 0x8b, 0x43, 0xa3, 0x4f, 0xea, 0x5f, 0x18, 0xeb, 0x02, 0x38, 0xfc, 0xa3, 0xef, 0x20, 0x81, 0x5a, 0x58, 0x21, 0x4a, 0x16, 0xcc, 0x33, 0x4f, 0x0b, 0xe4, 0xb8, 0x96, 0x00}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf0, 0xfd, 0x0a, 0x1f, 0x8c, 0x5e, 0x60, 0x3f, 0x54, 0x81, 0xcc, 0x28, 0x75, 0x39, 0x12, 0x2d, 0xc9, 0x98, 0xad, 0xd0, 0x4e, 0x85, 0x71, 0xa7, 0xc0, 0xfc, 0x28, 0xb7, 0xc2, 0x2f, 0xc3, 0x39}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5a, 0x2f, 0xc6, 0x77, 0x4d, 0xc2, 0x9e, 0xf1, 0xac, 0xd5, 0x5e, 0x82, 0x66, 0x4d, 0x92, 0xe5, 0x0d, 0x48, 0xfe, 0xcf, 0xe8, 0xe7, 0x5a, 0x51, 0x8b, 0xd8, 0x2a, 0x78, 0xb8, 0x17, 0xec, 0x23}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
gcp_GCPSEVSNP M
|
||||
openstack_QEMUVTPM = M{4: {Expected: []byte{0x7f, 0xf9, 0x31, 0x4a, 0x4d, 0xa5, 0xe2, 0xe3, 0xe1, 0x1c, 0x3e, 0x40, 0x71, 0x44, 0xe7, 0x96, 0x3d, 0x62, 0x0b, 0x7f, 0xf0, 0xe8, 0xcb, 0x17, 0x7f, 0x53, 0x93, 0xd4, 0x91, 0xfb, 0xc7, 0x09}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x20, 0x0e, 0x08, 0x40, 0xb6, 0x49, 0xdd, 0xaf, 0xa5, 0x95, 0x39, 0x73, 0x2b, 0x8a, 0x2d, 0x9e, 0xbf, 0x87, 0xdf, 0xb3, 0x2b, 0x0f, 0x82, 0x63, 0xd0, 0x9a, 0x9e, 0x56, 0x7d, 0x37, 0xf4, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2d, 0x5d, 0xcf, 0x9e, 0x2f, 0x70, 0x9c, 0xa6, 0xcf, 0xb3, 0x83, 0x07, 0x9c, 0xd6, 0x6e, 0x2c, 0x29, 0x2c, 0x40, 0xc7, 0x93, 0x51, 0x59, 0x38, 0xdf, 0xc4, 0xc5, 0xb6, 0xf5, 0x49, 0x5b, 0x2d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4f, 0x5d, 0x48, 0xaf, 0xc1, 0x07, 0xc3, 0x27, 0x3d, 0xd2, 0xec, 0x79, 0x59, 0x43, 0x4a, 0x04, 0x1d, 0x52, 0xd9, 0x4f, 0x8e, 0xbc, 0x04, 0x67, 0x9a, 0x7a, 0xf3, 0x69, 0xd6, 0x29, 0xb8, 0xe7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x52, 0x46, 0xa7, 0xd7, 0x8d, 0xfd, 0x26, 0xcf, 0xb1, 0x44, 0xb3, 0x91, 0x27, 0xb4, 0x78, 0xc4, 0x75, 0xd0, 0xa0, 0x2f, 0xda, 0x30, 0x51, 0xb9, 0xa5, 0xae, 0x22, 0x80, 0x12, 0xd3, 0x05, 0x85}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0x58, 0x0b, 0x42, 0xf5, 0xc7, 0x76, 0xc5, 0x40, 0x0f, 0x11, 0xc9, 0x5c, 0xa0, 0xb1, 0xed, 0xa8, 0x36, 0x32, 0xd8, 0x73, 0x69, 0x33, 0xf7, 0x12, 0xfc, 0x04, 0xc4, 0x63, 0x61, 0x66, 0x53}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf0, 0xa7, 0x42, 0xe7, 0x1a, 0x57, 0xdc, 0x54, 0xac, 0x51, 0xb8, 0x22, 0xd4, 0x15, 0xf8, 0xdc, 0x24, 0xa0, 0x0b, 0xe4, 0x73, 0xc0, 0x73, 0x57, 0x98, 0x95, 0x75, 0x87, 0x8d, 0x2f, 0xbd, 0x56}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8b, 0x20, 0x17, 0x19, 0x06, 0x1f, 0x92, 0x73, 0x60, 0x1a, 0x74, 0x39, 0x72, 0xd7, 0x48, 0xca, 0x88, 0xd0, 0x59, 0x32, 0xba, 0x6c, 0x36, 0x23, 0xce, 0xf1, 0xd9, 0xe8, 0xbc, 0xf2, 0xe6, 0x2c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x59, 0x6b, 0x0e, 0xd5, 0x58, 0xf7, 0x2d, 0x2e, 0x5c, 0xb3, 0x1a, 0x9f, 0x41, 0xe8, 0x17, 0x07, 0x30, 0xcd, 0x76, 0x0d, 0x63, 0xb8, 0x13, 0x2e, 0xe6, 0xcb, 0x40, 0xf0, 0xd6, 0x73, 0xef, 0x40}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
openstack_QEMUVTPM = M{4: {Expected: []byte{0xaa, 0x36, 0x58, 0xb8, 0xe2, 0x8e, 0x07, 0x86, 0x65, 0x5a, 0xdf, 0x04, 0x3a, 0x04, 0x02, 0x81, 0x3d, 0x07, 0xb8, 0x91, 0x83, 0x5a, 0xd2, 0x38, 0x75, 0x8a, 0x30, 0x36, 0xee, 0x52, 0xce, 0x5e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2c, 0x92, 0x4d, 0x3b, 0x70, 0x10, 0xff, 0x4c, 0x8f, 0xf2, 0x8a, 0x55, 0x59, 0x8b, 0x26, 0x97, 0xf8, 0x21, 0x24, 0xce, 0x55, 0x0a, 0x35, 0xef, 0xc7, 0x8d, 0x9c, 0x7b, 0x89, 0xbb, 0xbc, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe1, 0x56, 0x6d, 0xbc, 0x19, 0x27, 0x29, 0xd1, 0x80, 0xa9, 0xaa, 0x18, 0x6c, 0xa0, 0x5c, 0x3a, 0xb1, 0xd6, 0xb2, 0x52, 0xe3, 0x78, 0x47, 0x74, 0xe6, 0x91, 0x98, 0x8b, 0x1f, 0xd3, 0x54, 0xad}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
qemu_QEMUTDX M
|
||||
qemu_QEMUVTPM = M{4: {Expected: []byte{0x33, 0xbb, 0x15, 0x90, 0x9b, 0x77, 0xd9, 0xed, 0x9e, 0x30, 0x54, 0x38, 0x3c, 0x5d, 0xb5, 0x34, 0xd1, 0x44, 0x21, 0x8d, 0x1a, 0x92, 0x4b, 0x4a, 0xa3, 0x89, 0x05, 0xba, 0xab, 0x85, 0xc5, 0xb1}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x31, 0x30, 0x26, 0x04, 0x4e, 0x76, 0x24, 0x68, 0x05, 0x29, 0x84, 0xed, 0x86, 0xeb, 0xa6, 0x4d, 0x25, 0x58, 0x11, 0xfe, 0x2b, 0xae, 0xab, 0xcc, 0x8e, 0x99, 0x31, 0x48, 0x40, 0x58, 0x37, 0xeb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0xcd, 0x39, 0xe4, 0x9d, 0x33, 0xcf, 0xae, 0x08, 0x2b, 0x00, 0x91, 0xc0, 0xaa, 0x1c, 0xe5, 0x88, 0x9b, 0xcf, 0x59, 0x54, 0x33, 0xd2, 0xab, 0x61, 0xec, 0x9a, 0x95, 0xb0, 0x5d, 0x2b, 0xc1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
qemu_QEMUVTPM = M{4: {Expected: []byte{0xfc, 0x2c, 0xd1, 0x14, 0x27, 0xe6, 0x0c, 0xb0, 0x69, 0x96, 0xa9, 0x1d, 0x60, 0x07, 0x38, 0x97, 0x49, 0xcf, 0xd0, 0xb8, 0xea, 0x80, 0xdf, 0x38, 0x3b, 0x46, 0xb2, 0x12, 0xba, 0x85, 0x88, 0xe2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3c, 0xc6, 0xd0, 0xb9, 0xe5, 0x7a, 0x15, 0x22, 0x97, 0xaa, 0xf3, 0xc8, 0xbe, 0x02, 0x1d, 0x70, 0xed, 0xcc, 0xd1, 0x18, 0x8f, 0xd8, 0x02, 0x44, 0x9b, 0x82, 0x84, 0x17, 0xe7, 0x66, 0xd2, 0x3a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x35, 0xed, 0x01, 0x1d, 0x52, 0xf6, 0x5e, 0xa8, 0x89, 0xe4, 0xf5, 0x05, 0xb9, 0x1e, 0xd9, 0x2d, 0x85, 0x57, 0x85, 0x87, 0x72, 0xba, 0x5c, 0xf8, 0x19, 0x4a, 0x5b, 0x2c, 0x3c, 0x09, 0xca, 0x84}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
|
||||
)
|
||||
|
|
|
@ -12,6 +12,7 @@ import (
|
|||
"bytes"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/edgelesssys/constellation/v2/internal/attestation"
|
||||
|
@ -22,6 +23,8 @@ import (
|
|||
"github.com/google/go-tpm-tools/proto/attest"
|
||||
)
|
||||
|
||||
var errNoPemBlocks = errors.New("no PEM blocks found")
|
||||
|
||||
// Product returns the SEV product info currently supported by Constellation's SNP attestation.
|
||||
func Product() *spb.SevProduct {
|
||||
// sevProduct is the product info of the SEV platform as reported through CPUID[EAX=1].
|
||||
|
@ -124,7 +127,7 @@ func (a *InstanceInfo) AttestationWithCerts(getter trust.HTTPSGetter,
|
|||
// If a certificate chain was pre-fetched by the Issuer, parse it and format it.
|
||||
// Make sure to only use the ask, since using an ark from the Issuer would invalidate security guarantees.
|
||||
ask, _, err := a.ParseCertChain()
|
||||
if err != nil {
|
||||
if err != nil && !errors.Is(err, errNoPemBlocks) {
|
||||
logger.Warn(fmt.Sprintf("Error parsing certificate chain: %v", err))
|
||||
}
|
||||
if ask != nil {
|
||||
|
@ -222,7 +225,7 @@ func (a *InstanceInfo) ParseCertChain() (ask, ark *x509.Certificate, retErr erro
|
|||
|
||||
switch {
|
||||
case i == 1:
|
||||
retErr = fmt.Errorf("no PEM blocks found")
|
||||
retErr = errNoPemBlocks
|
||||
case len(rest) != 0:
|
||||
retErr = fmt.Errorf("remaining PEM block is not a valid certificate: %s", rest)
|
||||
}
|
||||
|
|
|
@ -9,6 +9,7 @@ package snp
|
|||
import (
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"fmt"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
@ -34,16 +35,13 @@ func TestParseCertChain(t *testing.T) {
|
|||
wantAsk bool
|
||||
wantArk bool
|
||||
wantErr bool
|
||||
errTarget error
|
||||
}{
|
||||
"success": {
|
||||
certChain: defaultCertChain,
|
||||
wantAsk: true,
|
||||
wantArk: true,
|
||||
},
|
||||
"empty cert chain": {
|
||||
certChain: []byte{},
|
||||
wantErr: true,
|
||||
},
|
||||
"more than two certificates": {
|
||||
certChain: append(defaultCertChain, defaultCertChain...),
|
||||
wantErr: true,
|
||||
|
@ -52,6 +50,11 @@ func TestParseCertChain(t *testing.T) {
|
|||
certChain: []byte("invalid"),
|
||||
wantErr: true,
|
||||
},
|
||||
"empty cert chain": {
|
||||
certChain: []byte{},
|
||||
wantErr: true,
|
||||
errTarget: errNoPemBlocks,
|
||||
},
|
||||
"ark missing": {
|
||||
certChain: []byte(askOnly),
|
||||
wantAsk: true,
|
||||
|
@ -73,6 +76,9 @@ func TestParseCertChain(t *testing.T) {
|
|||
ask, ark, err := instanceInfo.ParseCertChain()
|
||||
if tc.wantErr {
|
||||
assert.Error(err)
|
||||
if tc.errTarget != nil {
|
||||
assert.True(errors.Is(err, tc.errTarget))
|
||||
}
|
||||
} else {
|
||||
assert.NoError(err)
|
||||
assert.Equal(tc.wantAsk, ask != nil)
|
||||
|
|
|
@ -10,5 +10,5 @@ package config
|
|||
|
||||
const (
|
||||
// defaultImage is the default image to use.
|
||||
defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240425154950-3ea0e3a4874b"
|
||||
defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240502082051-3d2a023ccf5d"
|
||||
)
|
||||
|
|
|
@ -169,7 +169,7 @@ const (
|
|||
|
||||
// GcpGuestImage image for GCP guest agent.
|
||||
// Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml.
|
||||
GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240213.0.0@sha256:aa7b27a4f9af356bdc6bad112e2255c68cd8759fb4430e4c91a5d19ced948a3e" // renovate:container
|
||||
GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240314.0.0@sha256:56f5f5250056174c82cffe6b3190838f4e001cf6375eeea0b7847d679e0a600f" // renovate:container
|
||||
// NodeMaintenanceOperatorImage is the image for the node maintenance operator.
|
||||
NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.15.0@sha256:8cb8dad93283268282c30e75c68f4bd76b28def4b68b563d2f9db9c74225d634" // renovate:container
|
||||
// LogstashImage is the container image of logstash, used for log collection by debugd.
|
||||
|
|
|
@ -42,44 +42,44 @@
|
|||
"prPriority": -30,
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^k8s.io", "^sigs.k8s.io"],
|
||||
"matchDepPatterns": ["^k8s.io", "^sigs.k8s.io"],
|
||||
"groupName": "K8s dependencies",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^go.etcd.io/etcd"],
|
||||
"matchDepPatterns": ["^go.etcd.io/etcd"],
|
||||
"groupName": "etcd dependencies",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^github.com/hashicorp/go-kms-wrapping"],
|
||||
"matchDepPatterns": ["^github.com/hashicorp/go-kms-wrapping"],
|
||||
"groupName": "github.com/hashicorp/go-kms-wrapping",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^github.com/aws/aws-sdk-go-v2"],
|
||||
"matchDepPatterns": ["^github.com/aws/aws-sdk-go-v2"],
|
||||
"groupName": "AWS SDK",
|
||||
"prPriority": -10,
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": [
|
||||
"matchDepPatterns": [
|
||||
"^github.com/Azure/",
|
||||
"^github.com/AzureAD/microsoft-authentication-library-for-go",
|
||||
],
|
||||
"groupName": "Azure SDK",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^cloud.google.com/go"],
|
||||
"matchDepPatterns": ["^cloud.google.com/go"],
|
||||
"groupName": "Google SDK",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^google.golang.org/genproto"],
|
||||
"matchDepPatterns": ["^google.golang.org/genproto"],
|
||||
"prPriority": -10,
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^libvirt.org/go"],
|
||||
"matchDepPatterns": ["^libvirt.org/go"],
|
||||
"groupName": "libvirt.org/go",
|
||||
},
|
||||
{
|
||||
"matchManagers": ["bazelisk", "bazel", "bazel-module"],
|
||||
"matchPackageNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle"],
|
||||
"matchDepNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle"],
|
||||
"groupName": "bazel (core)",
|
||||
},
|
||||
{
|
||||
|
@ -105,14 +105,14 @@
|
|||
],
|
||||
},
|
||||
{
|
||||
"matchPackageNames": ["kubernetes/kubernetes"],
|
||||
"matchDepNames": ["kubernetes/kubernetes"],
|
||||
// example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
|
||||
"versioning": "regex:^(?<compatibility>v?\\d+\\.\\d+\\.)(?<patch>\\d+)$",
|
||||
"groupName": "Kubernetes versions",
|
||||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": [
|
||||
"matchDepNames": [
|
||||
"registry.k8s.io/provider-aws/cloud-controller-manager",
|
||||
],
|
||||
// example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
|
||||
|
@ -121,7 +121,7 @@
|
|||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": [
|
||||
"matchDepNames": [
|
||||
"mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager",
|
||||
"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager",
|
||||
],
|
||||
|
@ -131,7 +131,7 @@
|
|||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": [
|
||||
"matchDepNames": [
|
||||
"docker.io/k8scloudprovider/openstack-cloud-controller-manager",
|
||||
],
|
||||
// example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
|
||||
|
@ -140,14 +140,14 @@
|
|||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": ["registry.k8s.io/autoscaling/cluster-autoscaler"],
|
||||
"matchDepNames": ["registry.k8s.io/autoscaling/cluster-autoscaler"],
|
||||
// example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
|
||||
"versioning": "regex:^(?<compatibility>v?\\d+\\.\\d+\\.)(?<patch>\\d+)$",
|
||||
"groupName": "K8s constrained GCP versions",
|
||||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": ["ghcr.io/edgelesssys/cloud-provider-gcp"],
|
||||
"matchDepNames": ["ghcr.io/edgelesssys/cloud-provider-gcp"],
|
||||
// example match: v1.2.3 (1. -> compatibility, 2 -> minor, 3 -> patch)
|
||||
"versioning": "regex:^(?<compatibility>v\\d+\\.)(?<minor>\\d+)\\.(?<patch>\\d+)$",
|
||||
"groupName": "cloud-provider-gcp (K8s version constrained)",
|
||||
|
@ -166,7 +166,7 @@
|
|||
"prPriority": 20,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": [
|
||||
"matchDepNames": [
|
||||
"registry.k8s.io/kas-network-proxy/proxy-agent",
|
||||
"registry.k8s.io/kas-network-proxy/proxy-server",
|
||||
],
|
||||
|
@ -175,7 +175,7 @@
|
|||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": ["^k8s.io/client-go"],
|
||||
"matchDepNames": ["^k8s.io/client-go"],
|
||||
"matchUpdateTypes": ["major"],
|
||||
"enabled": false,
|
||||
},
|
||||
|
@ -185,11 +185,11 @@
|
|||
},
|
||||
{
|
||||
"matchManagers": ["github-actions"],
|
||||
"matchPackageNames": ["slsa-framework/slsa-github-generator"],
|
||||
"matchDepNames": ["slsa-framework/slsa-github-generator"],
|
||||
"pinDigests": false,
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["_(darwin|linux)_(arm64|amd64)$"],
|
||||
"matchDepPatterns": ["_(darwin|linux)_(arm64|amd64)$"],
|
||||
"additionalBranchPrefix": "{{packageName}}-",
|
||||
"groupName": "{{packageName}}",
|
||||
},
|
||||
|
|
|
@ -48,9 +48,10 @@ locals {
|
|||
// example: given "name-1234567890.region.elb.amazonaws.com" it will return "*.region.elb.amazonaws.com"
|
||||
wildcard_lb_dns_name = replace(aws_lb.front_end.dns_name, "/^[^.]*\\./", "*.")
|
||||
|
||||
tags = {
|
||||
constellation-uid = local.uid,
|
||||
}
|
||||
tags = merge(
|
||||
var.additional_tags,
|
||||
{ constellation-uid = local.uid }
|
||||
)
|
||||
|
||||
in_cluster_endpoint = aws_lb.front_end.dns_name
|
||||
out_of_cluster_endpoint = var.internal_load_balancer && var.debug ? module.jump_host[0].ip : local.in_cluster_endpoint
|
||||
|
@ -68,7 +69,7 @@ resource "random_password" "init_secret" {
|
|||
|
||||
resource "aws_vpc" "vpc" {
|
||||
cidr_block = "192.168.0.0/16"
|
||||
tags = merge(local.tags, var.additional_tags, { Name = "${local.name}-vpc" })
|
||||
tags = merge(local.tags, { Name = "${local.name}-vpc" })
|
||||
}
|
||||
|
||||
module "public_private_subnet" {
|
||||
|
@ -79,7 +80,7 @@ module "public_private_subnet" {
|
|||
cidr_vpc_subnet_internet = "192.168.0.0/20"
|
||||
zone = var.zone
|
||||
zones = local.zones
|
||||
tags = merge(local.tags, var.additional_tags)
|
||||
tags = local.tags
|
||||
}
|
||||
|
||||
resource "aws_eip" "lb" {
|
||||
|
@ -89,14 +90,14 @@ resource "aws_eip" "lb" {
|
|||
# control-plane.
|
||||
for_each = var.internal_load_balancer ? [] : toset([var.zone])
|
||||
domain = "vpc"
|
||||
tags = merge(local.tags, var.additional_tags, { "constellation-ip-endpoint" = each.key == var.zone ? "legacy-primary-zone" : "additional-zone" })
|
||||
tags = merge(local.tags, { "constellation-ip-endpoint" = each.key == var.zone ? "legacy-primary-zone" : "additional-zone" })
|
||||
}
|
||||
|
||||
resource "aws_lb" "front_end" {
|
||||
name = "${local.name}-loadbalancer"
|
||||
internal = var.internal_load_balancer
|
||||
load_balancer_type = "network"
|
||||
tags = merge(local.tags, var.additional_tags)
|
||||
tags = local.tags
|
||||
security_groups = [aws_security_group.security_group.id]
|
||||
|
||||
dynamic "subnet_mapping" {
|
||||
|
@ -123,7 +124,7 @@ resource "aws_security_group" "security_group" {
|
|||
name = local.name
|
||||
vpc_id = aws_vpc.vpc.id
|
||||
description = "Security group for ${local.name}"
|
||||
tags = merge(local.tags, var.additional_tags)
|
||||
tags = local.tags
|
||||
|
||||
egress {
|
||||
from_port = 0
|
||||
|
@ -171,7 +172,7 @@ module "load_balancer_targets" {
|
|||
healthcheck_path = each.value.name == "kubernetes" ? "/readyz" : ""
|
||||
vpc_id = aws_vpc.vpc.id
|
||||
lb_arn = aws_lb.front_end.arn
|
||||
tags = merge(local.tags, var.additional_tags)
|
||||
tags = local.tags
|
||||
}
|
||||
|
||||
module "instance_group" {
|
||||
|
@ -194,7 +195,6 @@ module "instance_group" {
|
|||
enable_snp = var.enable_snp
|
||||
tags = merge(
|
||||
local.tags,
|
||||
var.additional_tags,
|
||||
{ Name = "${local.name}-${each.value.role}" },
|
||||
{ constellation-role = each.value.role },
|
||||
{ constellation-node-group = each.key },
|
||||
|
|
|
@ -27,7 +27,7 @@ resource "aws_instance" "jump_host" {
|
|||
vpc_security_group_ids = var.security_groups
|
||||
|
||||
tags = merge(var.additional_tags, {
|
||||
"Name" = "${var.base_name}-jump-host"
|
||||
"Name" = "${var.base_name}-jump-host",
|
||||
})
|
||||
|
||||
user_data = <<EOF
|
||||
|
|
|
@ -82,5 +82,6 @@ variable "enable_snp" {
|
|||
|
||||
variable "additional_tags" {
|
||||
type = map(any)
|
||||
default = {}
|
||||
description = "Additional tags that should be applied to created resources."
|
||||
}
|
||||
|
|
|
@ -23,9 +23,10 @@ locals {
|
|||
uid = random_id.uid.hex
|
||||
name = "${var.name}-${local.uid}"
|
||||
init_secret_hash = random_password.init_secret.bcrypt_hash
|
||||
tags = {
|
||||
constellation-uid = local.uid,
|
||||
}
|
||||
tags = merge(
|
||||
var.additional_tags,
|
||||
{ constellation-uid = local.uid }
|
||||
)
|
||||
ports_node_range = "30000-32767"
|
||||
cidr_vpc_subnet_nodes = "10.9.0.0/16"
|
||||
ports = flatten([
|
||||
|
@ -76,7 +77,7 @@ resource "azurerm_attestation_provider" "attestation_provider" {
|
|||
ignore_changes = [open_enclave_policy_base64, sgx_enclave_policy_base64, tpm_policy_base64, sev_snp_policy_base64]
|
||||
}
|
||||
|
||||
tags = var.additional_tags
|
||||
tags = local.tags
|
||||
}
|
||||
|
||||
resource "azurerm_public_ip" "loadbalancer_ip" {
|
||||
|
@ -87,7 +88,7 @@ resource "azurerm_public_ip" "loadbalancer_ip" {
|
|||
location = var.location
|
||||
allocation_method = "Static"
|
||||
sku = "Standard"
|
||||
tags = merge(local.tags, var.additional_tags)
|
||||
tags = local.tags
|
||||
|
||||
lifecycle {
|
||||
ignore_changes = [name]
|
||||
|
@ -113,7 +114,7 @@ resource "azurerm_public_ip" "nat_gateway_ip" {
|
|||
location = var.location
|
||||
allocation_method = "Static"
|
||||
sku = "Standard"
|
||||
tags = merge(local.tags, var.additional_tags)
|
||||
tags = local.tags
|
||||
}
|
||||
|
||||
resource "azurerm_nat_gateway" "gateway" {
|
||||
|
@ -122,7 +123,7 @@ resource "azurerm_nat_gateway" "gateway" {
|
|||
resource_group_name = var.resource_group
|
||||
sku_name = "Standard"
|
||||
idle_timeout_in_minutes = 10
|
||||
tags = var.additional_tags
|
||||
tags = local.tags
|
||||
}
|
||||
|
||||
resource "azurerm_subnet_nat_gateway_association" "example" {
|
||||
|
@ -140,7 +141,7 @@ resource "azurerm_lb" "loadbalancer" {
|
|||
location = var.location
|
||||
resource_group_name = var.resource_group
|
||||
sku = "Standard"
|
||||
tags = merge(local.tags, var.additional_tags)
|
||||
tags = local.tags
|
||||
|
||||
dynamic "frontend_ip_configuration" {
|
||||
for_each = var.internal_load_balancer ? [] : [1]
|
||||
|
@ -188,7 +189,7 @@ resource "azurerm_virtual_network" "network" {
|
|||
resource_group_name = var.resource_group
|
||||
location = var.location
|
||||
address_space = ["10.0.0.0/8"]
|
||||
tags = merge(local.tags, var.additional_tags)
|
||||
tags = local.tags
|
||||
}
|
||||
|
||||
resource "azurerm_subnet" "loadbalancer_subnet" {
|
||||
|
@ -210,7 +211,7 @@ resource "azurerm_network_security_group" "security_group" {
|
|||
name = local.name
|
||||
location = var.location
|
||||
resource_group_name = var.resource_group
|
||||
tags = merge(local.tags, var.additional_tags)
|
||||
tags = local.tags
|
||||
|
||||
dynamic "security_rule" {
|
||||
for_each = concat(
|
||||
|
@ -240,7 +241,6 @@ module "scale_set_group" {
|
|||
zones = each.value.zones
|
||||
tags = merge(
|
||||
local.tags,
|
||||
var.additional_tags,
|
||||
{ constellation-init-secret-hash = local.init_secret_hash },
|
||||
{ constellation-maa-url = var.create_maa ? azurerm_attestation_provider.attestation_provider[0].attestation_uri : "" },
|
||||
)
|
||||
|
|
|
@ -92,5 +92,6 @@ variable "marketplace_image" {
|
|||
|
||||
variable "additional_tags" {
|
||||
type = map(any)
|
||||
default = {}
|
||||
description = "Additional tags that should be applied to created resources."
|
||||
}
|
||||
|
|
|
@ -33,9 +33,10 @@ locals {
|
|||
uid = random_id.uid.hex
|
||||
name = "${var.name}-${local.uid}"
|
||||
init_secret_hash = random_password.init_secret.bcrypt_hash
|
||||
labels = {
|
||||
constellation-uid = local.uid,
|
||||
}
|
||||
labels = merge(
|
||||
var.additional_labels,
|
||||
{ constellation-uid = local.uid }
|
||||
)
|
||||
ports_node_range = "30000-32767"
|
||||
cidr_vpc_subnet_nodes = "192.168.178.0/24"
|
||||
cidr_vpc_subnet_pods = "10.10.0.0/16"
|
||||
|
@ -183,7 +184,7 @@ module "instance_group" {
|
|||
kube_env = local.kube_env
|
||||
debug = var.debug
|
||||
named_ports = each.value.role == "control-plane" ? local.control_plane_named_ports : []
|
||||
labels = merge(var.additional_labels, local.labels)
|
||||
labels = local.labels
|
||||
init_secret_hash = local.init_secret_hash
|
||||
custom_endpoint = var.custom_endpoint
|
||||
cc_technology = var.cc_technology
|
||||
|
@ -196,7 +197,7 @@ resource "google_compute_address" "loadbalancer_ip_internal" {
|
|||
subnetwork = google_compute_subnetwork.ilb_subnet[0].id
|
||||
purpose = "SHARED_LOADBALANCER_VIP"
|
||||
address_type = "INTERNAL"
|
||||
labels = var.additional_labels
|
||||
labels = local.labels
|
||||
}
|
||||
|
||||
resource "google_compute_global_address" "loadbalancer_ip" {
|
||||
|
@ -214,7 +215,7 @@ module "loadbalancer_public" {
|
|||
health_check = each.value.health_check
|
||||
backend_instance_groups = local.control_plane_instance_groups
|
||||
ip_address = google_compute_global_address.loadbalancer_ip[0].self_link
|
||||
frontend_labels = merge(local.labels, var.additional_labels, { constellation-use = each.value.name })
|
||||
frontend_labels = merge(local.labels, { constellation-use = each.value.name })
|
||||
}
|
||||
|
||||
module "loadbalancer_internal" {
|
||||
|
@ -226,7 +227,7 @@ module "loadbalancer_internal" {
|
|||
health_check = each.value.health_check
|
||||
backend_instance_group = local.control_plane_instance_groups[0]
|
||||
ip_address = google_compute_address.loadbalancer_ip_internal[0].self_link
|
||||
frontend_labels = merge(local.labels, var.additional_labels, { constellation-use = each.value.name })
|
||||
frontend_labels = merge(local.labels, { constellation-use = each.value.name })
|
||||
|
||||
region = var.region
|
||||
network = google_compute_network.vpc_network.id
|
||||
|
@ -239,7 +240,7 @@ module "jump_host" {
|
|||
base_name = local.name
|
||||
zone = var.zone
|
||||
subnetwork = google_compute_subnetwork.vpc_subnetwork.id
|
||||
labels = merge(local.labels, var.additional_labels)
|
||||
labels = var.additional_labels
|
||||
lb_internal_ip = google_compute_address.loadbalancer_ip_internal[0].address
|
||||
ports = [for port in local.control_plane_named_ports : port.port]
|
||||
}
|
||||
|
|
|
@ -72,5 +72,6 @@ variable "cc_technology" {
|
|||
|
||||
variable "additional_labels" {
|
||||
type = map(any)
|
||||
default = {}
|
||||
description = "Additional labels that should be given to created recources."
|
||||
}
|
||||
|
|
|
@ -26,29 +26,29 @@ provider "registry.terraform.io/hashicorp/random" {
|
|||
}
|
||||
|
||||
provider "registry.terraform.io/stackitcloud/stackit" {
|
||||
version = "0.15.1"
|
||||
constraints = "0.15.1"
|
||||
version = "0.16.0"
|
||||
constraints = "0.16.0"
|
||||
hashes = [
|
||||
"h1:CUdva/dYmpT8++N6Ga2r4z592keQCFLnjfHPbNjegtQ=",
|
||||
"h1:Ue1niRFNomhn2QRuXLc39gYs9VR6blZm31vV4h5DKlw=",
|
||||
"h1:Vra5UFH8yFTaa/xykLJ1XzUSmSsFyhtT4xsiZy2uJiY=",
|
||||
"h1:eWQwYVxuB8JFt3w95fNMP3l8UfRNTtX9RwcmkG7YhNU=",
|
||||
"h1:ouS981NXWByi4I15QpypXdqza6p5TmqEJKGqPbE2QBQ=",
|
||||
"zh:0673b539594ed62a1510036da5b15bb477fcd1d997cc4fd7ec82227c5a4b2a26",
|
||||
"zh:0bd6afcebeeeea3a463fe3e6b5537f2f046ec2b8ae3e842984d9e30e2cdfd8e6",
|
||||
"h1:5pqR+RW1V/9aJG4f83yvwNqmpvAL9oBAPc1NKZxZtqg=",
|
||||
"h1:8srLRTAr1SiVUlp7WhQ1gJqq2ed6PSJTH4uANSw2bWw=",
|
||||
"h1:DeRqBAwNbujA+IndjD8V1PqdL/hlFEHV7vNSHqi7MTI=",
|
||||
"h1:SNrzlP/fZuwIiTINd+4lco9pdy1oPCfz00whj3e/tcM=",
|
||||
"h1:uP5Mrchmy+vbdrK812Fz9HyGDHhkHB1rayptT9CMQPA=",
|
||||
"zh:08c96ea6691f0d35db1a9167837c40483f84090262ce821a8dc6f9d7fe00a03a",
|
||||
"zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f",
|
||||
"zh:1f97c5435e58072e7369df8510251c94d832d98d1ee0bc3acfa9c2ed533b178d",
|
||||
"zh:282dad21d39d81f64e1749797c57961eb04c020374e83e86b877d5866e22ba32",
|
||||
"zh:38fa32343fe63779d4ed95600d12c589b9e49bf52cf0121b1b849e4a6ee75162",
|
||||
"zh:65384b0f08cab580377aafc0d944bf853663dc116f0a453acd9d701ed856ec67",
|
||||
"zh:6723184842d5e7cdffa5e8225ceccc4315b2a2624157d5b42b13f51d6916812b",
|
||||
"zh:772b35cd5ee7900a8cae77580d10c10d4cb8c7cf99bf2fe2e906cbf3d554ecd5",
|
||||
"zh:796eeabb73fb22d5996a7b846d5462477e90c08ba9eada194c8ad1d1eb9daeb2",
|
||||
"zh:8575e1867a8d8410b9d7652511b57783f4e592db64f32ab2d53950d54b3df282",
|
||||
"zh:cf56e99ce0ab2e09e75da3ed3e30712ebf32125f8a436e6ea120a45079161cbb",
|
||||
"zh:e591c9fcd5e1b22bc928974655276e9cff0bf66c2d82712805b42e1a6dc9fdd9",
|
||||
"zh:f095b3499b57c344aa8586e4ad4dbfc65ef74ca800470ce4a805e1858b632827",
|
||||
"zh:f68014d78c1eec7ba0a12eeba0713ba7ee98446621649cd05452f358a4f8a9f9",
|
||||
"zh:21cba481afdac6b37d9cf3d01b31811153d5f9a7cb637561972ecaf134b39322",
|
||||
"zh:2443caa9b47cde48e35c309bf6bc37ead1644759884e0a5a0b5048d9df36af62",
|
||||
"zh:310db0de98b9cb46618119fc71f5beba9334d03f35c02846fdc31ee27edbe758",
|
||||
"zh:35d096f3498a1e47adabd14e61d9dd77afb16e036714c4363a3ccf68c86982f6",
|
||||
"zh:429f5c39e75725cd3bab9f3314881d4ff1c0a26d093e18f438169b21803be66a",
|
||||
"zh:43e67da636bbb7f6fd5175925dee9118914b048c4faea20141e5150cb750c409",
|
||||
"zh:4767f9588ea7b8f1249295416632cb54fb03c517575e3a5a5b26f4c4b7959f30",
|
||||
"zh:498ace5482bacffbfdc36f631e9ada4b5a435a0ecf1b72ce0dc94bffe12c9103",
|
||||
"zh:6fe323b619b89de584b96c80962d4f0a3a8207a9b5b99d994de4d32e4abec828",
|
||||
"zh:ad214a71ebd0d11cce10a682f0f5de2d24d944a82ee7b5e2e37c8df1fbcbc99c",
|
||||
"zh:ad5ddfff5504f68aab3cf0910acc8f215aee471cf1ea38f933202f89773ac12e",
|
||||
"zh:b77e59a08ec9a638a7a67c7d1f36391ec0c3dacf42e38740212f67063bf9c78c",
|
||||
"zh:fc8122fa33c310eb2c401fbd4436a7ac96d95326034b3cbdeef703689b7e1ebd",
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ terraform {
|
|||
|
||||
stackit = {
|
||||
source = "stackitcloud/stackit"
|
||||
version = "0.15.1"
|
||||
version = "0.16.0"
|
||||
}
|
||||
|
||||
random = {
|
||||
|
|
|
@ -2,7 +2,7 @@ terraform {
|
|||
required_providers {
|
||||
stackit = {
|
||||
source = "stackitcloud/stackit"
|
||||
version = "0.15.1"
|
||||
version = "0.16.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -61,6 +61,7 @@ variable "floating_ip_pool_id" {
|
|||
|
||||
variable "additional_tags" {
|
||||
type = list(any)
|
||||
default = []
|
||||
description = "Additional tags that should be applied to created resources."
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue