attestationconfigapi

package
v2.16.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 14, 2024 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Overview

AttestationConfig API

The AttestationConfig API provides values for the attestation key in the Constellation config.

This package defines API types that represents objects of the AttestationConfig API. The types provide helper methods for validation and commonly used operations on the information contained in the objects. Especially the paths used for the API are defined in these helper methods.

Regarding the decision to implement new types over using the existing types from internal/config: AttesationCfg objects for AttestationCfg API need to hold some version information (for sorting, recognizing latest). Thus, existing config types (AWSNitroTPM, AzureSEVSNP, ...) can not be extended to implement apiObject interface. Instead, we need a separate type that wraps _all_ attestation types. In the codebase this is done using the AttestationCfg interface. The new type AttestationCfgGet needs to be located inside internal/config in order to implement UnmarshalJSON.

SPDX-License-Identifier: AGPL-3.0-only

The reporter contains the logic to determine a latest version for Azure SEVSNP based on cached version values observed on CVM instances. Some code in this file (e.g. listing cached files) does not rely on dedicated API objects and instead uses the AWS SDK directly, for no other reason than original development speed.

Index

Constants

View Source
const AttestationURLPath = "constellation/v1/attestation"

AttestationURLPath is the URL path to the attestation versions.

View Source
const VersionFormat = "2006-01-02-15-04"

VersionFormat is the format of the version name in the S3 bucket.

Variables

View Source
var ErrNoNewerVersion = errors.New("input version is not newer than latest API version")

ErrNoNewerVersion is returned if the input version is not newer than the latest API version.

View Source
var ErrNoVersionsFound = errors.New("no versions found")

ErrNoVersionsFound is returned if no versions are found.

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client manages (modifies) the version information for the attestation variants.

func NewClient

func NewClient(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []byte, dryRun bool, versionWindowSize int, log *slog.Logger) (*Client, apiclient.CloseFunc, error)

NewClient returns a new Client.

func (Client) DeleteSEVSNPVersion added in v2.14.0

func (a Client) DeleteSEVSNPVersion(ctx context.Context, attestation variant.Variant, versionStr string) error

DeleteSEVSNPVersion deletes the given version (without .json suffix) from the API.

func (Client) List

func (a Client) List(ctx context.Context, attestation variant.Variant) (SEVSNPVersionList, error)

List returns the list of versions for the given attestation variant.

func (Client) UploadSEVSNPVersionLatest added in v2.14.0

func (c Client) UploadSEVSNPVersionLatest(ctx context.Context, attestation variant.Variant, inputVersion,
	latestAPIVersion SEVSNPVersion, now time.Time, force bool,
) error

UploadSEVSNPVersionLatest saves the given version to the cache, determines the smallest TCB version in the cache among the last cacheWindowSize versions and updates the latest version in the API if there is an update. force can be used to bypass the validation logic against the cached versions.

type Fetcher

type Fetcher interface {
	FetchSEVSNPVersion(ctx context.Context, version SEVSNPVersionAPI) (SEVSNPVersionAPI, error)
	FetchSEVSNPVersionList(ctx context.Context, list SEVSNPVersionList) (SEVSNPVersionList, error)
	FetchSEVSNPVersionLatest(ctx context.Context, attestation variant.Variant) (SEVSNPVersionAPI, error)
}

Fetcher fetches config API resources without authentication.

func NewFetcher

func NewFetcher() Fetcher

NewFetcher returns a new apifetcher.

func NewFetcherWithClient

func NewFetcherWithClient(client apifetcher.HTTPClient, cdnURL string) Fetcher

NewFetcherWithClient returns a new fetcher with custom http client.

func NewFetcherWithCustomCDNAndCosignKey added in v2.12.0

func NewFetcherWithCustomCDNAndCosignKey(cdnURL, cosignKey string) Fetcher

NewFetcherWithCustomCDNAndCosignKey returns a new fetcher with custom CDN URL.

type SEVSNPVersion added in v2.14.0

type SEVSNPVersion struct {
	// Bootloader is the latest version of the Azure SEVSNP bootloader.
	Bootloader uint8 `json:"bootloader"`
	// TEE is the latest version of the Azure SEVSNP TEE.
	TEE uint8 `json:"tee"`
	// SNP is the latest version of the Azure SEVSNP SNP.
	SNP uint8 `json:"snp"`
	// Microcode is the latest version of the Azure SEVSNP microcode.
	Microcode uint8 `json:"microcode"`
}

SEVSNPVersion tracks the latest version of each component of the Azure SEVSNP.

type SEVSNPVersionAPI added in v2.14.0

type SEVSNPVersionAPI struct {
	Version string          `json:"-"`
	Variant variant.Variant `json:"-"`
	SEVSNPVersion
}

SEVSNPVersionAPI is the request to get the version information of the specific version in the config api. Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. Once we switch to v2 of the API we should embed the variant in the object. That would remove the possibility of some fetcher/client code forgetting to set the variant.

func (SEVSNPVersionAPI) JSONPath added in v2.14.0

func (i SEVSNPVersionAPI) JSONPath() string

JSONPath returns the path to the JSON file for the request to the config api.

func (SEVSNPVersionAPI) Validate added in v2.14.0

func (i SEVSNPVersionAPI) Validate() error

Validate is a No-Op at the moment.

func (SEVSNPVersionAPI) ValidateRequest added in v2.14.0

func (i SEVSNPVersionAPI) ValidateRequest() error

ValidateRequest validates the request.

type SEVSNPVersionList added in v2.14.0

type SEVSNPVersionList struct {
	// contains filtered or unexported fields
}

SEVSNPVersionList is the request to list all versions in the config api. Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. Once we switch to v2 of the API we could embed the variant in the object and remove some code from fetcher & client. That would remove the possibility of some fetcher/client code forgetting to set the variant.

func (SEVSNPVersionList) JSONPath added in v2.14.0

func (i SEVSNPVersionList) JSONPath() string

JSONPath returns the path to the JSON file for the request to the config api.

func (SEVSNPVersionList) List added in v2.14.0

func (i SEVSNPVersionList) List() []string

List returns i's list property.

func (SEVSNPVersionList) MarshalJSON added in v2.14.0

func (i SEVSNPVersionList) MarshalJSON() ([]byte, error)

MarshalJSON marshals the i's list property to JSON.

func (*SEVSNPVersionList) SortReverse added in v2.14.0

func (i *SEVSNPVersionList) SortReverse()

SortReverse sorts the list of versions in reverse order.

func (*SEVSNPVersionList) UnmarshalJSON added in v2.14.0

func (i *SEVSNPVersionList) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals a list of strings into i's list property.

func (SEVSNPVersionList) Validate added in v2.14.0

func (i SEVSNPVersionList) Validate() error

Validate validates the response.

func (SEVSNPVersionList) ValidateRequest added in v2.14.0

func (i SEVSNPVersionList) ValidateRequest() error

ValidateRequest is a NoOp as there is no input.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL