Documentation ¶
Overview ¶
AttestationConfig API ¶
The AttestationConfig API provides values for the attestation key in the Constellation config.
This package defines API types that represents objects of the AttestationConfig API. The types provide helper methods for validation and commonly used operations on the information contained in the objects. Especially the paths used for the API are defined in these helper methods.
Regarding the decision to implement new types over using the existing types from internal/config: AttesationCfg objects for AttestationCfg API need to hold some version information (for sorting, recognizing latest). Thus, existing config types (AWSNitroTPM, AzureSEVSNP, ...) can not be extended to implement apiObject interface. Instead, we need a separate type that wraps _all_ attestation types. In the codebase this is done using the AttestationCfg interface. The new type AttestationCfgGet needs to be located inside internal/config in order to implement UnmarshalJSON.
Copyright (c) Edgeless Systems GmbH ¶
SPDX-License-Identifier: AGPL-3.0-only
The reporter contains the logic to determine a latest version for Azure SEVSNP based on cached version values observed on CVM instances. Some code in this file (e.g. listing cached files) does not rely on dedicated API objects and instead uses the AWS SDK directly, for no other reason than original development speed.
Index ¶
- Constants
- Variables
- type Client
- func (a Client) DeleteSEVSNPVersion(ctx context.Context, attestation variant.Variant, versionStr string) error
- func (a Client) List(ctx context.Context, attestation variant.Variant) (SEVSNPVersionList, error)
- func (c Client) UploadSEVSNPVersionLatest(ctx context.Context, attestation variant.Variant, ...) error
- type Fetcher
- type SEVSNPVersion
- type SEVSNPVersionAPI
- type SEVSNPVersionList
- func (i SEVSNPVersionList) JSONPath() string
- func (i SEVSNPVersionList) List() []string
- func (i SEVSNPVersionList) MarshalJSON() ([]byte, error)
- func (i *SEVSNPVersionList) SortReverse()
- func (i *SEVSNPVersionList) UnmarshalJSON(data []byte) error
- func (i SEVSNPVersionList) Validate() error
- func (i SEVSNPVersionList) ValidateRequest() error
Constants ¶
const AttestationURLPath = "constellation/v1/attestation"
AttestationURLPath is the URL path to the attestation versions.
const VersionFormat = "2006-01-02-15-04"
VersionFormat is the format of the version name in the S3 bucket.
Variables ¶
var ErrNoNewerVersion = errors.New("input version is not newer than latest API version")
ErrNoNewerVersion is returned if the input version is not newer than the latest API version.
var ErrNoVersionsFound = errors.New("no versions found")
ErrNoVersionsFound is returned if no versions are found.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client manages (modifies) the version information for the attestation variants.
func NewClient ¶
func NewClient(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []byte, dryRun bool, versionWindowSize int, log *slog.Logger) (*Client, apiclient.CloseFunc, error)
NewClient returns a new Client.
func (Client) DeleteSEVSNPVersion ¶ added in v2.14.0
func (a Client) DeleteSEVSNPVersion(ctx context.Context, attestation variant.Variant, versionStr string) error
DeleteSEVSNPVersion deletes the given version (without .json suffix) from the API.
func (Client) UploadSEVSNPVersionLatest ¶ added in v2.14.0
func (c Client) UploadSEVSNPVersionLatest(ctx context.Context, attestation variant.Variant, inputVersion, latestAPIVersion SEVSNPVersion, now time.Time, force bool, ) error
UploadSEVSNPVersionLatest saves the given version to the cache, determines the smallest TCB version in the cache among the last cacheWindowSize versions and updates the latest version in the API if there is an update. force can be used to bypass the validation logic against the cached versions.
type Fetcher ¶
type Fetcher interface { FetchSEVSNPVersion(ctx context.Context, version SEVSNPVersionAPI) (SEVSNPVersionAPI, error) FetchSEVSNPVersionList(ctx context.Context, list SEVSNPVersionList) (SEVSNPVersionList, error) FetchSEVSNPVersionLatest(ctx context.Context, attestation variant.Variant) (SEVSNPVersionAPI, error) }
Fetcher fetches config API resources without authentication.
func NewFetcherWithClient ¶
func NewFetcherWithClient(client apifetcher.HTTPClient, cdnURL string) Fetcher
NewFetcherWithClient returns a new fetcher with custom http client.
func NewFetcherWithCustomCDNAndCosignKey ¶ added in v2.12.0
NewFetcherWithCustomCDNAndCosignKey returns a new fetcher with custom CDN URL.
type SEVSNPVersion ¶ added in v2.14.0
type SEVSNPVersion struct { // Bootloader is the latest version of the Azure SEVSNP bootloader. Bootloader uint8 `json:"bootloader"` // TEE is the latest version of the Azure SEVSNP TEE. TEE uint8 `json:"tee"` // SNP is the latest version of the Azure SEVSNP SNP. SNP uint8 `json:"snp"` // Microcode is the latest version of the Azure SEVSNP microcode. Microcode uint8 `json:"microcode"` }
SEVSNPVersion tracks the latest version of each component of the Azure SEVSNP.
type SEVSNPVersionAPI ¶ added in v2.14.0
type SEVSNPVersionAPI struct { Version string `json:"-"` Variant variant.Variant `json:"-"` SEVSNPVersion }
SEVSNPVersionAPI is the request to get the version information of the specific version in the config api. Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. Once we switch to v2 of the API we should embed the variant in the object. That would remove the possibility of some fetcher/client code forgetting to set the variant.
func (SEVSNPVersionAPI) JSONPath ¶ added in v2.14.0
func (i SEVSNPVersionAPI) JSONPath() string
JSONPath returns the path to the JSON file for the request to the config api.
func (SEVSNPVersionAPI) Validate ¶ added in v2.14.0
func (i SEVSNPVersionAPI) Validate() error
Validate is a No-Op at the moment.
func (SEVSNPVersionAPI) ValidateRequest ¶ added in v2.14.0
func (i SEVSNPVersionAPI) ValidateRequest() error
ValidateRequest validates the request.
type SEVSNPVersionList ¶ added in v2.14.0
type SEVSNPVersionList struct {
// contains filtered or unexported fields
}
SEVSNPVersionList is the request to list all versions in the config api. Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. Once we switch to v2 of the API we could embed the variant in the object and remove some code from fetcher & client. That would remove the possibility of some fetcher/client code forgetting to set the variant.
func (SEVSNPVersionList) JSONPath ¶ added in v2.14.0
func (i SEVSNPVersionList) JSONPath() string
JSONPath returns the path to the JSON file for the request to the config api.
func (SEVSNPVersionList) List ¶ added in v2.14.0
func (i SEVSNPVersionList) List() []string
List returns i's list property.
func (SEVSNPVersionList) MarshalJSON ¶ added in v2.14.0
func (i SEVSNPVersionList) MarshalJSON() ([]byte, error)
MarshalJSON marshals the i's list property to JSON.
func (*SEVSNPVersionList) SortReverse ¶ added in v2.14.0
func (i *SEVSNPVersionList) SortReverse()
SortReverse sorts the list of versions in reverse order.
func (*SEVSNPVersionList) UnmarshalJSON ¶ added in v2.14.0
func (i *SEVSNPVersionList) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals a list of strings into i's list property.
func (SEVSNPVersionList) Validate ¶ added in v2.14.0
func (i SEVSNPVersionList) Validate() error
Validate validates the response.
func (SEVSNPVersionList) ValidateRequest ¶ added in v2.14.0
func (i SEVSNPVersionList) ValidateRequest() error
ValidateRequest is a NoOp as there is no input.