GO-2024-2727: Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation

idkeydigest

package

v2.7.1 Latest Latest Go to latest Published: May 2, 2023 License: AGPL-3.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/constellation

Links

Open Source Insights

Documentation ¶

Overview ¶

Package idkeydigest contains policies and type definitions for checking the ID Key Digest value in SEV-SNP attestation.

Index ¶

type Config
type EnforceIDKeyDigest
- func EnforcePolicyFromString(s string) EnforceIDKeyDigest
type IDKeyDigests
- func DefaultsFor(csp cloudprovider.Provider) IDKeyDigests
- func NewIDKeyDigests(digests [][]byte) IDKeyDigests

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶ added in v2.7.0

type Config struct {
	IDKeyDigests      IDKeyDigests       `json:"idKeyDigests"`
	EnforcementPolicy EnforceIDKeyDigest `json:"enforcementPolicy"`
	MAAURL            string             `json:"maaURL,omitempty"`
}

Config contains the configuration for ID Key Digest validation.

type EnforceIDKeyDigest ¶ added in v2.7.0

type EnforceIDKeyDigest uint32

EnforceIDKeyDigest defines the behavior of the validator when the ID key digest is not found in the expected list.

const (
	// Unknown is reserved for invalid configurations.
	Unknown EnforceIDKeyDigest = iota
	// StrictChecking will return an error if the ID key digest is not found in the expected list.
	StrictChecking
	// MAAFallback attempts to verify the attestation using Microsoft Azure Attestation (MAA),
	// if the ID key digest is not found in the expected list.
	MAAFallback
	// WarnOnly logs a warning if the ID key digest is not found in the expected list.
	// No error is returned.
	WarnOnly
)

TODO: Decide on final value naming.

func EnforcePolicyFromString ¶ added in v2.7.0

func EnforcePolicyFromString(s string) EnforceIDKeyDigest

EnforcePolicyFromString returns EnforceIDKeyDigest from string.

func (EnforceIDKeyDigest) MarshalJSON ¶ added in v2.7.0

func (e EnforceIDKeyDigest) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (EnforceIDKeyDigest) MarshalYAML ¶ added in v2.7.0

func (e EnforceIDKeyDigest) MarshalYAML() (any, error)

MarshalYAML implements the yaml.Marshaler interface.

func (EnforceIDKeyDigest) String ¶ added in v2.7.0

func (i EnforceIDKeyDigest) String() string

func (*EnforceIDKeyDigest) UnmarshalJSON ¶ added in v2.7.0

func (e *EnforceIDKeyDigest) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

func (*EnforceIDKeyDigest) UnmarshalYAML ¶ added in v2.7.0

func (e *EnforceIDKeyDigest) UnmarshalYAML(unmarshal func(any) error) error

UnmarshalYAML implements the yaml.Unmarshaler interface.

type IDKeyDigests ¶

type IDKeyDigests [][]byte

IDKeyDigests is a list of trusted digest values for the ID key.

func DefaultsFor ¶

func DefaultsFor(csp cloudprovider.Provider) IDKeyDigests

DefaultsFor returns the default IDKeyDigests for the given cloud provider.

func NewIDKeyDigests ¶

func NewIDKeyDigests(digests [][]byte) IDKeyDigests

NewIDKeyDigests creates a new IDKeyDigests from a list of digests.

func (IDKeyDigests) MarshalJSON ¶

func (d IDKeyDigests) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (IDKeyDigests) MarshalYAML ¶

func (d IDKeyDigests) MarshalYAML() (any, error)

MarshalYAML implements the yaml.Marshaler interface.

func (*IDKeyDigests) UnmarshalJSON ¶

func (d *IDKeyDigests) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

func (*IDKeyDigests) UnmarshalYAML ¶

func (d *IDKeyDigests) UnmarshalYAML(unmarshal func(any) error) error

UnmarshalYAML implements the yaml.Unmarshaler interface.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL