Documentation ¶
Overview ¶
Package migration contains outdated configuration formats and their migration functions.
Index ¶
- Constants
- func V3ToV4(path string, fileHandler file.Handler) error
- type AWSConfig
- type AWSNitroTPM
- type AWSSEVSNP
- type AttestationConfig
- type AttestationVersion
- type AzureConfig
- type AzureSEVSNP
- type AzureTrustedLaunch
- type Certificate
- type Config
- type GCPConfig
- type GCPSEVES
- type OpenStackConfig
- type ProviderConfig
- type QEMUConfig
- type QEMUTDX
- type QEMUVTPM
- type SNPFirmwareSignerConfig
Constants ¶
const (
// Version3 is the third version number for Constellation config file.
Version3 = "v3"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AWSConfig ¶
type AWSConfig struct { Region string `yaml:"region" validate:"required,aws_region"` Zone string `yaml:"zone" validate:"required,aws_zone"` InstanceType string `yaml:"instanceType" validate:"lowercase,aws_instance_type"` StateDiskType string `yaml:"stateDiskType" validate:"oneof=standard gp2 gp3 st1 sc1 io1"` IAMProfileControlPlane string `yaml:"iamProfileControlPlane" validate:"required"` IAMProfileWorkerNodes string `yaml:"iamProfileWorkerNodes" validate:"required"` DeployCSIDriver *bool `yaml:"deployCSIDriver"` }
AWSConfig are AWS specific configuration values used by the CLI.
type AWSNitroTPM ¶
type AWSNitroTPM struct { // description: | // Expected TPM measurements. Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` }
AWSNitroTPM is the configuration for AWS Nitro TPM attestation.
type AWSSEVSNP ¶
type AWSSEVSNP struct { // description: | // Expected TPM measurements. Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` }
AWSSEVSNP is the configuration for AWS SEV-SNP attestation.
type AttestationConfig ¶
type AttestationConfig struct { AWSSEVSNP *AWSSEVSNP `yaml:"awsSEVSNP,omitempty" validate:"omitempty,dive"` AWSNitroTPM *AWSNitroTPM `yaml:"awsNitroTPM,omitempty" validate:"omitempty,dive"` AzureSEVSNP *AzureSEVSNP `yaml:"azureSEVSNP,omitempty" validate:"omitempty,dive"` AzureTrustedLaunch *AzureTrustedLaunch `yaml:"azureTrustedLaunch,omitempty" validate:"omitempty,dive"` GCPSEVES *GCPSEVES `yaml:"gcpSEVES,omitempty" validate:"omitempty,dive"` QEMUTDX *QEMUTDX `yaml:"qemuTDX,omitempty" validate:"omitempty,dive"` QEMUVTPM *QEMUVTPM `yaml:"qemuVTPM,omitempty" validate:"omitempty,dive"` }
AttestationConfig configuration values used for attestation. Fields should remain pointer-types so custom specific configs can nil them if not required.
type AttestationVersion ¶
AttestationVersion is a type that represents a version of a SNP.
func (AttestationVersion) MarshalJSON ¶
func (v AttestationVersion) MarshalJSON() ([]byte, error)
MarshalJSON implements a custom marshaller to resolve "latest" values.
func (AttestationVersion) MarshalYAML ¶
func (v AttestationVersion) MarshalYAML() (any, error)
MarshalYAML implements a custom marshaller to resolve "latest" values.
func (*AttestationVersion) UnmarshalJSON ¶
func (v *AttestationVersion) UnmarshalJSON(data []byte) (err error)
UnmarshalJSON implements a custom unmarshaller to resolve "latest" values.
func (*AttestationVersion) UnmarshalYAML ¶
func (v *AttestationVersion) UnmarshalYAML(unmarshal func(any) error) error
UnmarshalYAML implements a custom unmarshaller to resolve "atest" values.
type AzureConfig ¶
type AzureConfig struct { SubscriptionID string `yaml:"subscription" validate:"uuid"` TenantID string `yaml:"tenant" validate:"uuid"` Location string `yaml:"location" validate:"required"` ResourceGroup string `yaml:"resourceGroup" validate:"required"` UserAssignedIdentity string `yaml:"userAssignedIdentity" validate:"required"` InstanceType string `yaml:"instanceType" validate:"azure_instance_type"` StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"` DeployCSIDriver *bool `yaml:"deployCSIDriver" validate:"required"` SecureBoot *bool `yaml:"secureBoot" validate:"required"` }
AzureConfig are Azure specific configuration values used by the CLI.
type AzureSEVSNP ¶
type AzureSEVSNP struct { // description: | // Expected TPM measurements. Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` // description: | // Lowest acceptable bootloader version. BootloaderVersion AttestationVersion `json:"bootloaderVersion" yaml:"bootloaderVersion"` // description: | // Lowest acceptable TEE version. TEEVersion AttestationVersion `json:"teeVersion" yaml:"teeVersion"` // description: | // Lowest acceptable SEV-SNP version. SNPVersion AttestationVersion `json:"snpVersion" yaml:"snpVersion"` // description: | // Lowest acceptable microcode version. MicrocodeVersion AttestationVersion `json:"microcodeVersion" yaml:"microcodeVersion"` // description: | // Configuration for validating the firmware signature. FirmwareSignerConfig SNPFirmwareSignerConfig `json:"firmwareSignerConfig" yaml:"firmwareSignerConfig"` // description: | // AMD Root Key certificate used to verify the SEV-SNP certificate chain. AMDRootKey Certificate `json:"amdRootKey" yaml:"amdRootKey"` }
AzureSEVSNP is the configuration for Azure SEV-SNP attestation.
type AzureTrustedLaunch ¶
type AzureTrustedLaunch struct { // description: | // Expected TPM measurements. Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` }
AzureTrustedLaunch is the configuration for Azure Trusted Launch attestation.
type Certificate ¶
type Certificate x509.Certificate
Certificate is a wrapper around x509.Certificate allowing custom marshaling.
func (Certificate) MarshalJSON ¶
func (c Certificate) MarshalJSON() ([]byte, error)
MarshalJSON marshals the certificate to PEM.
func (Certificate) MarshalYAML ¶
func (c Certificate) MarshalYAML() (any, error)
MarshalYAML marshals the certificate to PEM.
func (*Certificate) UnmarshalJSON ¶
func (c *Certificate) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals the certificate from PEM.
func (*Certificate) UnmarshalYAML ¶
func (c *Certificate) UnmarshalYAML(unmarshal func(any) error) error
UnmarshalYAML unmarshals the certificate from PEM.
type Config ¶
type Config struct { Version string `yaml:"version" validate:"eq=v3"` Image string `yaml:"image" validate:"required,image_compatibility"` Name string `yaml:"name" validate:"valid_name,required"` StateDiskSizeGB int `yaml:"stateDiskSizeGB" validate:"min=0"` KubernetesVersion string `yaml:"kubernetesVersion" validate:"required,supported_k8s_version"` MicroserviceVersion semver.Semver `yaml:"microserviceVersion" validate:"required"` DebugCluster *bool `yaml:"debugCluster" validate:"required"` Provider ProviderConfig `yaml:"provider" validate:"dive"` Attestation AttestationConfig `yaml:"attestation" validate:"dive"` }
Config defines configuration used by CLI.
type GCPConfig ¶
type GCPConfig struct { Project string `yaml:"project" validate:"required"` Region string `yaml:"region" validate:"required"` Zone string `yaml:"zone" validate:"required"` ServiceAccountKeyPath string `yaml:"serviceAccountKeyPath" validate:"required"` InstanceType string `yaml:"instanceType" validate:"gcp_instance_type"` StateDiskType string `yaml:"stateDiskType" validate:"oneof=pd-standard pd-balanced pd-ssd"` DeployCSIDriver *bool `yaml:"deployCSIDriver" validate:"required"` }
GCPConfig are GCP specific configuration values used by the CLI.
type GCPSEVES ¶
type GCPSEVES struct { // description: | // Expected TPM measurements. Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` }
GCPSEVES is the configuration for GCP SEV-ES attestation.
type OpenStackConfig ¶
type OpenStackConfig struct { Cloud string `yaml:"cloud"` AvailabilityZone string `yaml:"availabilityZone" validate:"required"` FlavorID string `yaml:"flavorID" validate:"required"` FloatingIPPoolID string `yaml:"floatingIPPoolID" validate:"required"` StateDiskType string `yaml:"stateDiskType" validate:"required"` AuthURL string `yaml:"authURL" validate:"required"` ProjectID string `yaml:"projectID" validate:"required"` ProjectName string `yaml:"projectName" validate:"required"` UserDomainName string `yaml:"userDomainName" validate:"required"` ProjectDomainName string `yaml:"projectDomainName" validate:"required"` RegionName string `yaml:"regionName" validate:"required"` Username string `yaml:"username" validate:"required"` Password string `yaml:"password"` DirectDownload *bool `yaml:"directDownload" validate:"required"` DeployYawolLoadBalancer *bool `yaml:"deployYawolLoadBalancer" validate:"required"` YawolImageID string `yaml:"yawolImageID"` YawolFlavorID string `yaml:"yawolFlavorID"` DeployCSIDriver *bool `yaml:"deployCSIDriver" validate:"required"` }
OpenStackConfig holds config information for OpenStack based Constellation deployments.
type ProviderConfig ¶
type ProviderConfig struct { AWS *AWSConfig `yaml:"aws,omitempty" validate:"omitempty,dive"` Azure *AzureConfig `yaml:"azure,omitempty" validate:"omitempty,dive"` GCP *GCPConfig `yaml:"gcp,omitempty" validate:"omitempty,dive"` OpenStack *OpenStackConfig `yaml:"openstack,omitempty" validate:"omitempty,dive"` QEMU *QEMUConfig `yaml:"qemu,omitempty" validate:"omitempty,dive"` }
ProviderConfig are cloud-provider specific configuration values used by the CLI. Fields should remain pointer-types so custom specific configs can nil them if not required.
type QEMUConfig ¶
type QEMUConfig struct { ImageFormat string `yaml:"imageFormat" validate:"oneof=qcow2 raw"` VCPUs int `yaml:"vcpus" validate:"required"` Memory int `yaml:"memory" validate:"required"` MetadataAPIImage string `yaml:"metadataAPIServer" validate:"required"` LibvirtURI string `yaml:"libvirtSocket"` LibvirtContainerImage string `yaml:"libvirtContainerImage"` NVRAM string `yaml:"nvram" validate:"required"` Firmware string `yaml:"firmware"` }
QEMUConfig holds config information for QEMU based Constellation deployments.
type QEMUTDX ¶
type QEMUTDX struct { // description: | // Expected TDX measurements. Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` }
QEMUTDX is the configuration for QEMU TDX attestation.
type QEMUVTPM ¶
type QEMUVTPM struct { // description: | // Expected TPM measurements. Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` }
QEMUVTPM is the configuration for QEMU vTPM attestation.
type SNPFirmwareSignerConfig ¶
type SNPFirmwareSignerConfig struct { // description: | // List of accepted values for the firmware signing key digest.\nValues are enforced according to the 'enforcementPolicy'\n - 'equal' : Error if the reported signing key digest does not match any of the values in 'acceptedKeyDigests'\n - 'maaFallback' : Use 'equal' checking for validation, but fallback to using Microsoft Azure Attestation (MAA) for validation if the reported digest does not match any of the values in 'acceptedKeyDigests'. See the Azure docs for more details: https://learn.microsoft.com/en-us/azure/attestation/overview#amd-sev-snp-attestation\n - 'warnOnly' : Same as 'equal', but only prints a warning instead of returning an error if no match is found AcceptedKeyDigests idkeydigest.List `json:"acceptedKeyDigests" yaml:"acceptedKeyDigests"` // description: | // Key digest enforcement policy. One of {'equal', 'maaFallback', 'warnOnly'} EnforcementPolicy idkeydigest.Enforcement `json:"enforcementPolicy" yaml:"enforcementPolicy" validate:"required"` // description: | // URL of the Microsoft Azure Attestation (MAA) instance to use for fallback validation. Only used if 'enforcementPolicy' is set to 'maaFallback'. MAAURL string `json:"maaURL,omitempty" yaml:"maaURL,omitempty" validate:"len=0"` }
SNPFirmwareSignerConfig is the configuration for validating the firmware signer.