Documentation
¶
Overview ¶
Definitions for Constellation's user config file.
The config file is used by the CLI to create and manage a Constellation cluster.
All config relevant definitions, parsing and validation functions should go here.
Index ¶
- Constants
- Variables
- func GetConfigurationDoc() *encoder.FileDoc
- func K8sVersionFromMajorMinor(version string) string
- type AWSConfig
- type AzureConfig
- type Config
- func (c *Config) DeployCSIDriver() bool
- func (_ Config) Doc() *encoder.Doc
- func (c *Config) GetMeasurements() measurements.M
- func (c *Config) GetProvider() cloudprovider.Provider
- func (c *Config) HasProvider(provider cloudprovider.Provider) bool
- func (c *Config) IDKeyDigestPolicy() idkeydigest.EnforceIDKeyDigest
- func (c *Config) IDKeyDigests() idkeydigest.IDKeyDigests
- func (c *Config) IsDebugCluster() bool
- func (c *Config) IsReleaseImage() bool
- func (c *Config) RemoveProviderExcept(provider cloudprovider.Provider)
- func (c *Config) UpdateMeasurements(newMeasurements Measurements)
- func (c *Config) Validate(force bool) error
- type Digests
- type GCPConfig
- type Measurements
- type OpenStackConfig
- type ProviderConfig
- type QEMUConfig
- type ValidationError
Constants ¶
const (
// Version2 is the second version number for Constellation config file.
Version2 = "v2"
)
Variables ¶
Functions ¶
func GetConfigurationDoc ¶
GetConfigurationDoc returns documentation for the file ./config_doc.go.
func K8sVersionFromMajorMinor ¶ added in v2.6.0
K8sVersionFromMajorMinor takes a semver in format MAJOR.MINOR and returns the version in format MAJOR.MINOR.PATCH with the supported patch version as PATCH.
Types ¶
type AWSConfig ¶ added in v2.2.0
type AWSConfig struct { // description: | // AWS data center region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions Region string `yaml:"region" validate:"required"` // description: | // AWS data center zone name in defined region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones Zone string `yaml:"zone" validate:"required"` // description: | // VM instance type to use for Constellation nodes. Needs to support NitroTPM. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html InstanceType string `yaml:"instanceType" validate:"lowercase,aws_instance_type"` // description: | // Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html StateDiskType string `yaml:"stateDiskType" validate:"oneof=standard gp2 gp3 st1 sc1 io1"` // description: | // Name of the IAM profile to use for the control plane nodes. IAMProfileControlPlane string `yaml:"iamProfileControlPlane" validate:"required"` // description: | // Name of the IAM profile to use for the worker nodes. IAMProfileWorkerNodes string `yaml:"iamProfileWorkerNodes" validate:"required"` // description: | // Expected VM measurements. Measurements Measurements `yaml:"measurements" validate:"required,no_placeholders"` }
AWSConfig are AWS specific configuration values used by the CLI.
type AzureConfig ¶
type AzureConfig struct { // description: | // Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription SubscriptionID string `yaml:"subscription" validate:"uuid"` // description: | // Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant TenantID string `yaml:"tenant" validate:"uuid"` // description: | // Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones Location string `yaml:"location" validate:"required"` // description: | // Resource group for the cluster's resources. Must already exist. ResourceGroup string `yaml:"resourceGroup" validate:"required"` // description: | // Authorize spawned VMs to access Azure API. UserAssignedIdentity string `yaml:"userAssignedIdentity" validate:"required"` // description: | // Application client ID of the Active Directory app registration. AppClientID string `yaml:"appClientID" validate:"uuid"` // description: | // Client secret value of the Active Directory app registration credentials. Alternatively leave empty and pass value via CONSTELL_AZURE_CLIENT_SECRET_VALUE environment variable. ClientSecretValue string `yaml:"clientSecretValue" validate:"required"` // description: | // VM instance type to use for Constellation nodes. InstanceType string `yaml:"instanceType" validate:"azure_instance_type"` // description: | // Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"` // description: | // Deploy Azure Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage DeployCSIDriver *bool `yaml:"deployCSIDriver" validate:"required"` // description: | // Use Confidential VMs. Always needs to be true. ConfidentialVM *bool `yaml:"confidentialVM,omitempty" validate:"omitempty,deprecated"` // TODO: v2.8 remove // description: | // Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob. SecureBoot *bool `yaml:"secureBoot" validate:"required"` // description: | // List of accepted values for the field 'idkeydigest' in the AMD SEV-SNP attestation report. Only usable with ConfidentialVMs. See 4.6 and 7.3 in: https://www.amd.com/system/files/TechDocs/56860.pdf IDKeyDigest Digests `yaml:"idKeyDigest" validate:"required_if=EnforceIdKeyDigest true,omitempty"` // description: | // Enforce the specified idKeyDigest value during remote attestation. EnforceIDKeyDigest idkeydigest.EnforceIDKeyDigest `yaml:"enforceIdKeyDigest" validate:"required"` // description: | // Expected confidential VM measurements. Measurements Measurements `yaml:"measurements" validate:"required,no_placeholders"` }
AzureConfig are Azure specific configuration values used by the CLI.
func (AzureConfig) Doc ¶
func (_ AzureConfig) Doc() *encoder.Doc
type Config ¶
type Config struct { // description: | // Schema version of this configuration file. Version string `yaml:"version" validate:"eq=v2"` // description: | // Machine image version used to create Constellation nodes. Image string `yaml:"image" validate:"required,version_compatibility"` // description: | // Name of the cluster. Name string `yaml:"name" validate:"valid_name,required"` // description: | // Size (in GB) of a node's disk to store the non-volatile state. StateDiskSizeGB int `yaml:"stateDiskSizeGB" validate:"min=0"` // description: | // Kubernetes version to be installed into the cluster. KubernetesVersion string `yaml:"kubernetesVersion" validate:"required,supported_k8s_version"` // description: | // Microservice version to be installed into the cluster. Defaults to the version of the CLI. MicroserviceVersion string `yaml:"microserviceVersion" validate:"required,version_compatibility"` // description: | // DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md DebugCluster *bool `yaml:"debugCluster" validate:"required"` // description: | // Attestation variant used to verify the integrity of a node. AttestationVariant string `yaml:"attestationVariant,omitempty" validate:"valid_attestation_variant"` // TODO: v2.8: Mark required // description: | // Supported cloud providers and their specific configurations. Provider ProviderConfig `yaml:"provider" validate:"dive"` }
Config defines configuration used by CLI.
func New ¶ added in v2.3.0
New creates a new config by: 1. Reading config file via provided fileHandler from file with name. 2. Read secrets from environment variables. 3. Validate config. If `--force` is set the version validation will be disabled and any version combination is allowed.
func (*Config) DeployCSIDriver ¶ added in v2.3.0
DeployCSIDriver returns whether the CSI driver should be deployed for a given cloud provider.
func (*Config) GetMeasurements ¶ added in v2.6.0
func (c *Config) GetMeasurements() measurements.M
GetMeasurements returns the configured measurements or nil if no provder is set.
func (*Config) GetProvider ¶
func (c *Config) GetProvider() cloudprovider.Provider
GetProvider returns the configured cloud provider.
func (*Config) HasProvider ¶
func (c *Config) HasProvider(provider cloudprovider.Provider) bool
HasProvider checks whether the config contains the provider.
func (*Config) IDKeyDigestPolicy ¶ added in v2.7.0
func (c *Config) IDKeyDigestPolicy() idkeydigest.EnforceIDKeyDigest
IDKeyDigestPolicy returns the IDKeyDigest checking policy for a cloud provider.
func (*Config) IDKeyDigests ¶ added in v2.5.0
func (c *Config) IDKeyDigests() idkeydigest.IDKeyDigests
IDKeyDigests returns the ID Key Digests for the configured cloud provider.
func (*Config) IsDebugCluster ¶
IsDebugCluster checks whether the cluster is configured as a debug cluster.
func (*Config) IsReleaseImage ¶ added in v2.3.0
IsReleaseImage checks whether image name looks like a release image.
func (*Config) RemoveProviderExcept ¶
func (c *Config) RemoveProviderExcept(provider cloudprovider.Provider)
RemoveProviderExcept removes all provider specific configurations, i.e., sets them to nil, except the one specified. If an unknown provider is passed, the same configuration is returned.
func (*Config) UpdateMeasurements ¶
func (c *Config) UpdateMeasurements(newMeasurements Measurements)
UpdateMeasurements overwrites measurements in config with the provided ones.
type Digests ¶ added in v2.5.0
type Digests = idkeydigest.IDKeyDigests
Digests is a required alias since docgen is not able to work with types in other packages.
type GCPConfig ¶
type GCPConfig struct { // description: | // GCP project. See: https://support.google.com/googleapi/answer/7014113?hl=en Project string `yaml:"project" validate:"required"` // description: | // GCP datacenter region. See: https://cloud.google.com/compute/docs/regions-zones#available Region string `yaml:"region" validate:"required"` // description: | // GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available Zone string `yaml:"zone" validate:"required"` // description: | // Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization ServiceAccountKeyPath string `yaml:"serviceAccountKeyPath" validate:"required"` // description: | // VM instance type to use for Constellation nodes. InstanceType string `yaml:"instanceType" validate:"gcp_instance_type"` // description: | // Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types StateDiskType string `yaml:"stateDiskType" validate:"oneof=pd-standard pd-balanced pd-ssd"` // description: | // Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage DeployCSIDriver *bool `yaml:"deployCSIDriver" validate:"required"` // description: | // Expected confidential VM measurements. Measurements Measurements `yaml:"measurements" validate:"required,no_placeholders"` }
GCPConfig are GCP specific configuration values used by the CLI.
type Measurements ¶
type Measurements = measurements.M
Measurements is a required alias since docgen is not able to work with types in other packages.
type OpenStackConfig ¶ added in v2.6.0
type OpenStackConfig struct { // description: | // OpenStack cloud name to select from "clouds.yaml". Only required if config file for OpenStack is used. Fallback authentication uses environment variables. For details see: https://docs.openstack.org/openstacksdk/latest/user/config/configuration.html. Cloud string `yaml:"cloud"` // description: | // Availability zone to place the VMs in. For details see: https://docs.openstack.org/nova/latest/admin/availability-zones.html AvailabilityZone string `yaml:"availabilityZone" validate:"required"` // description: | // Flavor ID (machine type) to use for the VMs. For details see: https://docs.openstack.org/nova/latest/admin/flavors.html FlavorID string `yaml:"flavorID" validate:"required"` // description: | // Floating IP pool to use for the VMs. For details see: https://docs.openstack.org/ocata/user-guide/cli-manage-ip-addresses.html FloatingIPPoolID string `yaml:"floatingIPPoolID" validate:"required"` // description: | // AuthURL is the OpenStack Identity endpoint to use inside the cluster. AuthURL string `yaml:"authURL" validate:"required"` // description: | // ProjectID is the ID of the project where a user resides. ProjectID string `yaml:"projectID" validate:"required"` // description: | // ProjectName is the name of the project where a user resides. ProjectName string `yaml:"projectName" validate:"required"` // description: | // UserDomainName is the name of the domain where a user resides. UserDomainName string `yaml:"userDomainName" validate:"required"` // description: | // ProjectDomainName is the name of the domain where a project resides. ProjectDomainName string `yaml:"projectDomainName" validate:"required"` // description: | // RegionName is the name of the region to use inside the cluster. RegionName string `yaml:"regionName" validate:"required"` // description: | // Username to use inside the cluster. Username string `yaml:"username" validate:"required"` // description: | // Password to use inside the cluster. You can instead use the environment variable "CONSTELL_OS_PASSWORD". Password string `yaml:"password"` // description: | // If enabled, downloads OS image directly from source URL to OpenStack. Otherwise, downloads image to local machine and uploads to OpenStack. DirectDownload *bool `yaml:"directDownload" validate:"required"` }
OpenStackConfig holds config information for OpenStack based Constellation deployments.
func (OpenStackConfig) Doc ¶ added in v2.6.0
func (_ OpenStackConfig) Doc() *encoder.Doc
type ProviderConfig ¶
type ProviderConfig struct { // description: | // Configuration for AWS as provider. AWS *AWSConfig `yaml:"aws,omitempty" validate:"omitempty,dive"` // description: | // Configuration for Azure as provider. Azure *AzureConfig `yaml:"azure,omitempty" validate:"omitempty,dive"` // description: | // Configuration for Google Cloud as provider. GCP *GCPConfig `yaml:"gcp,omitempty" validate:"omitempty,dive"` // description: | // Configuration for OpenStack as provider. OpenStack *OpenStackConfig `yaml:"openstack,omitempty" validate:"omitempty,dive"` // description: | // Configuration for QEMU as provider. QEMU *QEMUConfig `yaml:"qemu,omitempty" validate:"omitempty,dive"` }
ProviderConfig are cloud-provider specific configuration values used by the CLI. Fields should remain pointer-types so custom specific configs can nil them if not required.
func (ProviderConfig) Doc ¶
func (_ ProviderConfig) Doc() *encoder.Doc
type QEMUConfig ¶
type QEMUConfig struct { // description: | // Format of the image to use for the VMs. Should be either qcow2 or raw. ImageFormat string `yaml:"imageFormat" validate:"oneof=qcow2 raw"` // description: | // vCPU count for the VMs. VCPUs int `yaml:"vcpus" validate:"required"` // description: | // Amount of memory per instance (MiB). Memory int `yaml:"memory" validate:"required"` // description: | // Container image to use for the QEMU metadata server. MetadataAPIImage string `yaml:"metadataAPIServer" validate:"required"` // description: | // Libvirt connection URI. Leave empty to start a libvirt instance in Docker. LibvirtURI string `yaml:"libvirtSocket"` // description: | // Container image to use for launching a containerized libvirt daemon. Only relevant if `libvirtSocket = ""`. LibvirtContainerImage string `yaml:"libvirtContainerImage"` // description: | // NVRAM template to be used for secure boot. Can be sentinel value "production", "testing" or a path to a custom NVRAM template NVRAM string `yaml:"nvram" validate:"required"` // description: | // Path to the OVMF firmware. Leave empty for auto selection. Firmware string `yaml:"firmware"` // description: | // Measurement used to enable measured boot. Measurements Measurements `yaml:"measurements" validate:"required,no_placeholders"` }
QEMUConfig holds config information for QEMU based Constellation deployments.
func (QEMUConfig) Doc ¶
func (_ QEMUConfig) Doc() *encoder.Doc
type ValidationError ¶ added in v2.6.0
type ValidationError struct {
// contains filtered or unexported fields
}
ValidationError occurs when the validation of a config fails. It contains a list of errors that occurred during validation.
func (*ValidationError) Error ¶ added in v2.6.0
func (e *ValidationError) Error() string
func (*ValidationError) LongMessage ¶ added in v2.6.0
func (e *ValidationError) LongMessage() string
LongMessage prints the errors that occurred during validation in a verbose and user friendly way.