Documentation
¶
Overview ¶
AttestationConfig API ¶
The AttestationConfig API provides values for the attestation key in the Constellation config.
This package defines API types that represents objects of the AttestationConfig API. The types provide helper methods for validation and commonly used operations on the information contained in the objects. Especially the paths used for the API are defined in these helper methods.
Regarding the decision to implement new types over using the existing types from internal/config: AttesationCfg objects for AttestationCfg API need to hold some version information (for sorting, recognizing latest). Thus, existing config types (AWSNitroTPM, AzureSEVSNP, ...) can not be extended to implement apiObject interface. Instead, we need a separate type that wraps _all_ attestation types. In the codebase this is done using the AttestationCfg interface. The new type AttestationCfgGet needs to be located inside internal/config in order to implement UnmarshalJSON.
Copyright (c) Edgeless Systems GmbH ¶
SPDX-License-Identifier: AGPL-3.0-only
Index ¶
Constants ¶
const VersionFormat = "2006-01-02-15-04"
VersionFormat is the format of the version name in the S3 bucket.
Variables ¶
This section is empty.
Functions ¶
func SortAzureSEVSNPVersionList ¶
func SortAzureSEVSNPVersionList(versions AzureSEVSNPVersionList)
SortAzureSEVSNPVersionList sorts the list of versions in reverse order.
Types ¶
type AzureSEVSNPVersion ¶
type AzureSEVSNPVersion struct {
// Bootloader is the latest version of the Azure SEVSNP bootloader.
Bootloader uint8 `json:"bootloader"`
// TEE is the latest version of the Azure SEVSNP TEE.
TEE uint8 `json:"tee"`
// SNP is the latest version of the Azure SEVSNP SNP.
SNP uint8 `json:"snp"`
// Microcode is the latest version of the Azure SEVSNP microcode.
Microcode uint8 `json:"microcode"`
}
AzureSEVSNPVersion tracks the latest version of each component of the Azure SEVSNP.
type AzureSEVSNPVersionAPI ¶
type AzureSEVSNPVersionAPI struct {
Version string `json:"-"`
AzureSEVSNPVersion
}
AzureSEVSNPVersionAPI is the request to get the version information of the specific version in the config api.
func (AzureSEVSNPVersionAPI) JSONPath ¶
func (i AzureSEVSNPVersionAPI) JSONPath() string
JSONPath returns the path to the JSON file for the request to the config api.
func (AzureSEVSNPVersionAPI) URL ¶
func (i AzureSEVSNPVersionAPI) URL() (string, error)
URL returns the URL for the request to the config api.
func (AzureSEVSNPVersionAPI) Validate ¶
func (i AzureSEVSNPVersionAPI) Validate() error
Validate is a No-Op at the moment.
func (AzureSEVSNPVersionAPI) ValidateRequest ¶
func (i AzureSEVSNPVersionAPI) ValidateRequest() error
ValidateRequest validates the request.
type AzureSEVSNPVersionList ¶
type AzureSEVSNPVersionList []string
AzureSEVSNPVersionList is the request to list all versions in the config api.
func (AzureSEVSNPVersionList) JSONPath ¶
func (i AzureSEVSNPVersionList) JSONPath() string
JSONPath returns the path to the JSON file for the request to the config api.
func (AzureSEVSNPVersionList) URL ¶
func (i AzureSEVSNPVersionList) URL() (string, error)
URL returns the URL for the request to the config api.
func (AzureSEVSNPVersionList) Validate ¶
func (i AzureSEVSNPVersionList) Validate() error
Validate validates the response.
func (AzureSEVSNPVersionList) ValidateRequest ¶
func (i AzureSEVSNPVersionList) ValidateRequest() error
ValidateRequest is a NoOp as there is no input.
type AzureSEVSNPVersionSignature ¶
type AzureSEVSNPVersionSignature struct {
Version string `json:"-"`
Signature []byte `json:"signature"`
}
AzureSEVSNPVersionSignature is the object to perform CRUD operations on the config api.
func (AzureSEVSNPVersionSignature) JSONPath ¶
func (s AzureSEVSNPVersionSignature) JSONPath() string
JSONPath returns the path to the JSON file for the request to the config api.
func (AzureSEVSNPVersionSignature) URL ¶
func (s AzureSEVSNPVersionSignature) URL() (string, error)
URL returns the URL for the request to the config api.
func (AzureSEVSNPVersionSignature) Validate ¶
func (s AzureSEVSNPVersionSignature) Validate() error
Validate is a No-Op at the moment.
func (AzureSEVSNPVersionSignature) ValidateRequest ¶
func (s AzureSEVSNPVersionSignature) ValidateRequest() error
ValidateRequest validates the request.
type AzureSEVSNPVersionType ¶
type AzureSEVSNPVersionType string
AzureSEVSNPVersionType is the type of the version to be requested.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client manages (modifies) the version information for the attestation variants.
func NewClient ¶
func NewClient(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []byte, dryRun bool, log *logger.Logger) (*Client, apiclient.CloseFunc, error)
NewClient returns a new Client.
func (Client) DeleteAzureSEVSNPVersion ¶
DeleteAzureSEVSNPVersion deletes the given version (without .json suffix) from the API.
func (Client) UploadAzureSEVSNP ¶
func (a Client) UploadAzureSEVSNP(ctx context.Context, version AzureSEVSNPVersion, date time.Time) error
UploadAzureSEVSNP uploads the latest version numbers of the Azure SEVSNP. Then version name is the UTC timestamp of the date. The /list entry stores the version name + .json suffix.
type Fetcher ¶
type Fetcher interface {
FetchAzureSEVSNPVersion(ctx context.Context, azureVersion AzureSEVSNPVersionAPI) (AzureSEVSNPVersionAPI, error)
FetchAzureSEVSNPVersionList(ctx context.Context, attestation AzureSEVSNPVersionList) (AzureSEVSNPVersionList, error)
FetchAzureSEVSNPVersionLatest(ctx context.Context, now time.Time) (AzureSEVSNPVersionAPI, error)
}
Fetcher fetches config API resources without authentication.
func NewFetcherWithClient ¶
func NewFetcherWithClient(client apifetcher.HTTPClient) Fetcher
NewFetcherWithClient returns a new fetcher with custom http client.
Source Files