Merge branch 'main' into add_larger_flavors

Author: scoopex

Standards/scs-0001-v1-sovereign-cloud-standards.md

@@ -189,6 +189,10 @@ where the group which has to form the consensus depends on the `track` of the do
 Any pull request affecting a document in the Global track MUST NOT be merged
 unless approved by a representative of the _Forum SCS-Standards_.
 
+In case there is little or no activity in some team, the SIG Standardization/Certification
+can take decisions on behalf of such a team. The SIG will seek alignment with the Project
+Board for decisions with large impact to ensure we have the wanted broad alignment.
+
 Supplements may be kept in Draft state, because they are not authoritative.
 
 ### Proposal phase
@@ -281,6 +285,8 @@ Changes to the documents are gated through pull requests.
 
 Once the document is deemed ready for production use,
 its `status` is changed to `Stable`.
+Additionally, the field `stabilized_at` MUST be added and set to a date after which the document is
+to be considered stable.
 
 If the document in question is a `Standard`
 (and if applicable),

Standards/scs-0005-v1-project-governance.md

@@ -94,7 +94,7 @@ Every person who is a member of the GitHub organization "Sovereign Cloud Stack"
 ### Electoral management
 
 The voting process is governed by the _Forum SCS-Standards_.
-Voting is done using the [Condorcet Internet Voting Service](https://civs.cs.cornell.edu). This is the same system as is [being used by the OpenInfra foundation](https://wiki.openstack.org/wiki/Election_Officiating_Guidelines#Running_the_election_itself).
+Voting is done using the [Condorcet Internet Voting Service](https://civs1.civs.us/). This is the same system as is [being used by the OpenInfra foundation](https://wiki.openstack.org/wiki/Election_Officiating_Guidelines#Running_the_election_itself).
 
 ### Voting period
 

Standards/scs-0007-v1-certification-integrators.md

@@ -0,0 +1,55 @@
+---
+title: Certification of integrators
+type: Procedural
+status: Draft
+track: Global
+description: |
+  SCS-0007 defines the process and rules on how SCS integrators are certified.
+---
+
+## Introduction
+
+The purpose of this document is to describe a concept for how implementation partners can obtain certification as SCS integrators. In essence, this certificate is intended to express that an organization has sufficient technical knowledge and experience to provide technical support to companies using SCS.
+For this purpose, two essential criteria are defined that must be fulfilled. In addition, there are a few other criteria that can be taken into account in favor of certification.
+
+## Motivation
+
+## Regulations
+
+The certificates are awarded for the period of one year.
+The certification is done either by the Forum SCS-Standards or an attestation body nominated by the forum.
+
+### Certificates
+
+- Certified SCS KaaS Integrator: SCS KaaS (Kubernetes as a Service) implementation partner
+- Certified SCS IaaS Integrator: SCS IaaS (Infrastructure as a Service) implementation partner
+
+### Criteria
+
+Criteria for certification, proof of experience in setting up, operating and supporting SCS-compliant environments:
+
+The organization to be certified needs to satisfy one of the following requirements
+
+a) have successfully brought at least two SCS-compliant environments of a third party (customer) into production in the last 12 months. The two environments must fulfill at least the [_Certified SCS-compatible IaaS_](https://docs.scs.community/standards/scs-compatible-iaas) or [_Certified SCS-compatible KaaS_](https://docs.scs.community/standards/scs-compatible-kaas) scope.
+
+or
+
+b) actively manage at least two such environments of third parties (customers) at the time the certificate is issued. These environments must have been managed at least for a year at the time of attestation.
+
+or
+
+c) have been operating a _Certified SCS-compatible IaaS_ public cloud with at least two regions or at least three availability zones for more than one year.
+
+#### Additional favorable criteria for certification
+
+SCS is an open source community project with the goal of enabling digital sovereignty. As such, the commitment and support of this mission should be recognized and promoted beyond technical competence. To this end, the following aspects can be taken into account for certification or compensate for any criteria that are not fully met (see above):
+
+The implementation partners should work towards ensuring that digital sovereignty is implemented in accordance with the SCS definition (Standards, Open Software, OpenOperations). This is expressed in a way that, in addition to the technology used to build environments (not necessarily only SCS environments), knowledge and experience in SCS standards compliance (SCS-compatible IaaS and KaaS) is also available and that environments built by this organization have already been configured in accordance with the standards and are listed on the SCS compliance list.
+
+The implementation partners should work towards ensuring that the cloud environments they set up and/or manage are also officially visible as SCS clouds, thereby strengthening the SCS brand.
+
+### Attestation
+
+The audit for the certification of an implementation partner is carried out by a person appointed by the Forum SCS-Standards. The person will assess and, if necessary, obtain evidence from the organization to be certified as to whether and to what extent the criteria have been met.
+
+If one of the above criteria is not met, the forum can be requested to certify the candidate nevertheless. This must be decided by unanimous vote in the forum, two third of all eligible votes must be present. Abstentions are not counted as votes against.

Standards/scs-0007-w1-certification-integrators-implementation-notes.md

@@ -0,0 +1,37 @@
+---
+title: "Implementation hints for achieving Certified SCS Integrator"
+type: Supplement
+track: Global
+status: Draft
+supplements:
+  - scs-0007-v1-certification-integrators.md
+---
+
+## Introduction
+
+The standard scs-0007 documents what requirements integration partners must fulfill to be eligible
+for being certified as SCS Integrators.
+This document contains hints how these requirements may be evaluated by the Forum SCS-Standards
+auditor and how exceptions will be handled.
+
+### Voting on exceptions
+
+When someone requests approval for a certified SCS integrator that does not meet all requirements,
+this can be waived with a qualified vote in the Forum SCS-Standards.
+To avoid conflict of interests and social pressure clouding this exception, we envision the
+following process:
+
+- The beneficiary party (the integrator in whose favor the exception is requested) should be
+  invited to a meeting to explain why they believe that they qualify as a certified SCS
+  integrator despite not meeting the normal qualification criteria.
+- The forum members may ask the beneficiary clarifying questions that should be answered.
+- To ensure an open discussion, the beneficiary should be excluded from the discussions about
+  the matter. The same applies if the beneficiary party is a member of the Forum
+  SCS-Standards. In that case, the expulsion should not be counted against the required quorum
+  to avoid forum members from having a disadvantage. If the excluded party is a voting member,
+  they will automatically abstain from the vote.
+- Any parties that have significant conflicts of interests are expected to make these
+  conflicts transparent and cast abstention votes.
+
+By the time of re-certification, all exceptions from a previous certification should have been
+eliminated.

Standards/scs-0122-v1-node-to-node-encryption.md

@@ -1,5 +1,5 @@
 ---
-title: _End-to-End Encryption between Customer Workloads_
+title: End-to-End Encryption between Customer Workloads
 type: Decision Record
 status: Draft
 track: IaaS

Tests/iaas/volume-types/volume-types-check.py

@@ -142,7 +142,7 @@ def main(argv):
         f"{c[logging.CRITICAL]} / {c[logging.ERROR]} / {c[logging.WARNING]}"
     )
     if not c[logging.CRITICAL]:
-        print("volume-types-check: " + ('PASS', 'FAIL')[min(1, c[logging.ERROR])])
+        print("volume-types-check: " + ('PASS', 'FAIL')[min(1, c[logging.ERROR] + c[logging.WARNING])])
     return min(127, c[logging.CRITICAL] + c[logging.ERROR])  # cap at 127 due to OS restrictions
 
 

Tests/kaas/kaas-sonobuoy-tests/go.mod

@@ -1,6 +1,6 @@
 module kaas/kaas-sonobuoy-tests
 
-go 1.21
+go 1.23.0
 
 require (
 	github.com/sirupsen/logrus v1.7.0
@@ -31,11 +31,11 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/vladimirvivien/gexe v0.1.1 // indirect
 	github.com/vmware-tanzu/sonobuoy v1.11.5-prerelease.1.0.20211004145628-b633b4fefcdc // indirect
-	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/net v0.38.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
-	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/term v0.27.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect

Tests/kaas/kaas-sonobuoy-tests/go.sum

@@ -506,8 +506,8 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -570,23 +570,23 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

Tests/scs-compatible-iaas.yaml

@@ -125,7 +125,7 @@ modules:
         args: -c {os_cloud} -d
     testcases:
       - id: volume-types-check
-        tags: [mandatory]
+        tags: [volume-types-check]
         description: >
           Must fulfill all requirements of <https://docs.scs.community/standards/scs-0114-v1-volume-type-standard>
   - id: scs-0115-v1

compliance-monitor/.gitignore

@@ -0,0 +1 @@
+.env