Manual client secrets on azure

This commit is contained in:
katexochen 2022-08-29 14:18:05 +02:00 committed by Paul Meyer
parent 1861dc2744
commit 10e5249631
11 changed files with 84 additions and 80 deletions

View File

@ -113,8 +113,8 @@ func (c *fakeAzureClient) CreateInstances(ctx context.Context, input azurecl.Cre
func (c *fakeAzureClient) CreateServicePrincipal(ctx context.Context) (string, error) { func (c *fakeAzureClient) CreateServicePrincipal(ctx context.Context) (string, error) {
c.adAppObjectID = "00000000-0000-0000-0000-000000000001" c.adAppObjectID = "00000000-0000-0000-0000-000000000001"
return azureshared.ApplicationCredentials{ return azureshared.ApplicationCredentials{
ClientID: "client-id", AppClientID: "client-id",
ClientSecret: "client-secret", ClientSecretValue: "client-secret",
}.ToCloudServiceAccountURI(), nil }.ToCloudServiceAccountURI(), nil
} }
@ -174,8 +174,8 @@ func (c *stubAzureClient) CreateInstances(ctx context.Context, input azurecl.Cre
func (c *stubAzureClient) CreateServicePrincipal(ctx context.Context) (string, error) { func (c *stubAzureClient) CreateServicePrincipal(ctx context.Context) (string, error) {
return azureshared.ApplicationCredentials{ return azureshared.ApplicationCredentials{
ClientID: "00000000-0000-0000-0000-000000000000", AppClientID: "00000000-0000-0000-0000-000000000000",
ClientSecret: "secret", ClientSecretValue: "secret",
}.ToCloudServiceAccountURI(), c.createServicePrincipalErr }.ToCloudServiceAccountURI(), c.createServicePrincipalErr
} }

View File

@ -17,6 +17,7 @@ import (
"github.com/edgelesssys/constellation/cli/internal/cloudcmd" "github.com/edgelesssys/constellation/cli/internal/cloudcmd"
"github.com/edgelesssys/constellation/cli/internal/gcp" "github.com/edgelesssys/constellation/cli/internal/gcp"
"github.com/edgelesssys/constellation/cli/internal/helm" "github.com/edgelesssys/constellation/cli/internal/helm"
"github.com/edgelesssys/constellation/internal/azureshared"
"github.com/edgelesssys/constellation/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/internal/cloud/cloudtypes" "github.com/edgelesssys/constellation/internal/cloud/cloudtypes"
"github.com/edgelesssys/constellation/internal/config" "github.com/edgelesssys/constellation/internal/config"
@ -349,7 +350,13 @@ func getMarschaledServiceAccountURI(provider cloudprovider.Provider, config *con
return key.ToCloudServiceAccountURI(), nil return key.ToCloudServiceAccountURI(), nil
case cloudprovider.Azure: case cloudprovider.Azure:
return "", fmt.Errorf("TODO") creds := azureshared.ApplicationCredentials{
TenantID: config.Provider.Azure.TenantID,
AppClientID: config.Provider.Azure.AppClientID,
ClientSecretValue: config.Provider.Azure.ClientSecretValue,
Location: config.Provider.Azure.Location,
}
return creds.ToCloudServiceAccountURI(), nil
case cloudprovider.QEMU: case cloudprovider.QEMU:
return "", nil // QEMU does not use service account keys return "", nil // QEMU does not use service account keys

View File

@ -89,10 +89,6 @@ func TestInitialize(t *testing.T) {
"initialize some azure instances": { "initialize some azure instances": {
state: testAzureState, state: testAzureState,
idFile: &clusterIDsFile{IP: "192.0.2.1"}, idFile: &clusterIDsFile{IP: "192.0.2.1"},
configMutator: func(c *config.Config) {
c.Provider.Azure.ResourceGroup = "resourceGroup"
c.Provider.Azure.UserAssignedIdentity = "userAssignedIdentity"
},
initServerAPI: &stubInitServer{initResp: testInitResp}, initServerAPI: &stubInitServer{initResp: testInitResp},
}, },
"initialize some qemu instances": { "initialize some qemu instances": {
@ -111,10 +107,6 @@ func TestInitialize(t *testing.T) {
"initialize azure with autoscaling": { "initialize azure with autoscaling": {
state: testAzureState, state: testAzureState,
idFile: &clusterIDsFile{IP: "192.0.2.1"}, idFile: &clusterIDsFile{IP: "192.0.2.1"},
configMutator: func(c *config.Config) {
c.Provider.Azure.ResourceGroup = "resourceGroup"
c.Provider.Azure.UserAssignedIdentity = "userAssignedIdentity"
},
initServerAPI: &stubInitServer{initResp: testInitResp}, initServerAPI: &stubInitServer{initResp: testInitResp},
setAutoscaleFlag: true, setAutoscaleFlag: true,
}, },
@ -557,6 +549,8 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
conf.Provider.Azure.UserAssignedIdentity = "test-identity" conf.Provider.Azure.UserAssignedIdentity = "test-identity"
conf.Provider.Azure.Image = "some/image/location" conf.Provider.Azure.Image = "some/image/location"
conf.Provider.Azure.ResourceGroup = "test-resource-group" conf.Provider.Azure.ResourceGroup = "test-resource-group"
conf.Provider.Azure.AppClientID = "test-client-secret-id"
conf.Provider.Azure.ClientSecretValue = "test-client-secret"
conf.Provider.Azure.Measurements[8] = []byte("00000000000000000000000000000000") conf.Provider.Azure.Measurements[8] = []byte("00000000000000000000000000000000")
conf.Provider.Azure.Measurements[9] = []byte("11111111111111111111111111111111") conf.Provider.Azure.Measurements[9] = []byte("11111111111111111111111111111111")
case cloudprovider.GCP: case cloudprovider.GCP:

View File

@ -60,7 +60,6 @@ func TestVerify(t *testing.T) {
someErr := errors.New("failed") someErr := errors.New("failed")
testCases := map[string]struct { testCases := map[string]struct {
setupFs func(*require.Assertions) afero.Fs
provider cloudprovider.Provider provider cloudprovider.Provider
protoClient *stubVerifyClient protoClient *stubVerifyClient
nodeEndpointFlag string nodeEndpointFlag string
@ -72,7 +71,6 @@ func TestVerify(t *testing.T) {
wantErr bool wantErr bool
}{ }{
"gcp": { "gcp": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.GCP, provider: cloudprovider.GCP,
nodeEndpointFlag: "192.0.2.1:1234", nodeEndpointFlag: "192.0.2.1:1234",
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
@ -80,7 +78,6 @@ func TestVerify(t *testing.T) {
wantEndpoint: "192.0.2.1:1234", wantEndpoint: "192.0.2.1:1234",
}, },
"azure": { "azure": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.Azure, provider: cloudprovider.Azure,
nodeEndpointFlag: "192.0.2.1:1234", nodeEndpointFlag: "192.0.2.1:1234",
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
@ -88,7 +85,6 @@ func TestVerify(t *testing.T) {
wantEndpoint: "192.0.2.1:1234", wantEndpoint: "192.0.2.1:1234",
}, },
"default port": { "default port": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.GCP, provider: cloudprovider.GCP,
nodeEndpointFlag: "192.0.2.1", nodeEndpointFlag: "192.0.2.1",
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
@ -96,14 +92,12 @@ func TestVerify(t *testing.T) {
wantEndpoint: "192.0.2.1:" + strconv.Itoa(constants.VerifyServiceNodePortGRPC), wantEndpoint: "192.0.2.1:" + strconv.Itoa(constants.VerifyServiceNodePortGRPC),
}, },
"endpoint not set": { "endpoint not set": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.GCP, provider: cloudprovider.GCP,
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
protoClient: &stubVerifyClient{}, protoClient: &stubVerifyClient{},
wantErr: true, wantErr: true,
}, },
"endpoint from id file": { "endpoint from id file": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.GCP, provider: cloudprovider.GCP,
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
protoClient: &stubVerifyClient{}, protoClient: &stubVerifyClient{},
@ -111,7 +105,6 @@ func TestVerify(t *testing.T) {
wantEndpoint: "192.0.2.1:" + strconv.Itoa(constants.VerifyServiceNodePortGRPC), wantEndpoint: "192.0.2.1:" + strconv.Itoa(constants.VerifyServiceNodePortGRPC),
}, },
"override endpoint from details file": { "override endpoint from details file": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.GCP, provider: cloudprovider.GCP,
nodeEndpointFlag: "192.0.2.2:1234", nodeEndpointFlag: "192.0.2.2:1234",
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
@ -120,7 +113,6 @@ func TestVerify(t *testing.T) {
wantEndpoint: "192.0.2.2:1234", wantEndpoint: "192.0.2.2:1234",
}, },
"invalid endpoint": { "invalid endpoint": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.GCP, provider: cloudprovider.GCP,
nodeEndpointFlag: ":::::", nodeEndpointFlag: ":::::",
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
@ -128,13 +120,11 @@ func TestVerify(t *testing.T) {
wantErr: true, wantErr: true,
}, },
"neither owner id nor cluster id set": { "neither owner id nor cluster id set": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.GCP, provider: cloudprovider.GCP,
nodeEndpointFlag: "192.0.2.1:1234", nodeEndpointFlag: "192.0.2.1:1234",
wantErr: true, wantErr: true,
}, },
"use owner id from id file": { "use owner id from id file": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.GCP, provider: cloudprovider.GCP,
nodeEndpointFlag: "192.0.2.1:1234", nodeEndpointFlag: "192.0.2.1:1234",
protoClient: &stubVerifyClient{}, protoClient: &stubVerifyClient{},
@ -142,7 +132,6 @@ func TestVerify(t *testing.T) {
wantEndpoint: "192.0.2.1:1234", wantEndpoint: "192.0.2.1:1234",
}, },
"config file not existing": { "config file not existing": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.GCP, provider: cloudprovider.GCP,
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
nodeEndpointFlag: "192.0.2.1:1234", nodeEndpointFlag: "192.0.2.1:1234",
@ -150,7 +139,6 @@ func TestVerify(t *testing.T) {
wantErr: true, wantErr: true,
}, },
"error protoClient GetState": { "error protoClient GetState": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.Azure, provider: cloudprovider.Azure,
nodeEndpointFlag: "192.0.2.1:1234", nodeEndpointFlag: "192.0.2.1:1234",
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
@ -158,7 +146,6 @@ func TestVerify(t *testing.T) {
wantErr: true, wantErr: true,
}, },
"error protoClient GetState not rpc": { "error protoClient GetState not rpc": {
setupFs: func(require *require.Assertions) afero.Fs { return afero.NewMemMapFs() },
provider: cloudprovider.Azure, provider: cloudprovider.Azure,
nodeEndpointFlag: "192.0.2.1:1234", nodeEndpointFlag: "192.0.2.1:1234",
ownerIDFlag: zeroBase64, ownerIDFlag: zeroBase64,
@ -189,7 +176,7 @@ func TestVerify(t *testing.T) {
if tc.nodeEndpointFlag != "" { if tc.nodeEndpointFlag != "" {
require.NoError(cmd.Flags().Set("node-endpoint", tc.nodeEndpointFlag)) require.NoError(cmd.Flags().Set("node-endpoint", tc.nodeEndpointFlag))
} }
fileHandler := file.NewHandler(tc.setupFs(require)) fileHandler := file.NewHandler(afero.NewMemMapFs())
config := defaultConfigWithExpectedMeasurements(t, config.Default(), tc.provider) config := defaultConfigWithExpectedMeasurements(t, config.Default(), tc.provider)
require.NoError(fileHandler.WriteYAML(constants.ConfigFilename, config)) require.NoError(fileHandler.WriteYAML(constants.ConfigFilename, config))

View File

@ -9,8 +9,8 @@ import (
// It is the equivalent of a service account key in other cloud providers. // It is the equivalent of a service account key in other cloud providers.
type ApplicationCredentials struct { type ApplicationCredentials struct {
TenantID string TenantID string
ClientID string AppClientID string
ClientSecret string ClientSecretValue string
Location string Location string
} }
@ -29,8 +29,8 @@ func ApplicationCredentialsFromURI(cloudServiceAccountURI string) (ApplicationCr
query := uri.Query() query := uri.Query()
return ApplicationCredentials{ return ApplicationCredentials{
TenantID: query.Get("tenant_id"), TenantID: query.Get("tenant_id"),
ClientID: query.Get("client_id"), AppClientID: query.Get("client_id"),
ClientSecret: query.Get("client_secret"), ClientSecretValue: query.Get("client_secret"),
Location: query.Get("location"), Location: query.Get("location"),
}, nil }, nil
} }
@ -39,8 +39,8 @@ func ApplicationCredentialsFromURI(cloudServiceAccountURI string) (ApplicationCr
func (c ApplicationCredentials) ToCloudServiceAccountURI() string { func (c ApplicationCredentials) ToCloudServiceAccountURI() string {
query := url.Values{} query := url.Values{}
query.Add("tenant_id", c.TenantID) query.Add("tenant_id", c.TenantID)
query.Add("client_id", c.ClientID) query.Add("client_id", c.AppClientID)
query.Add("client_secret", c.ClientSecret) query.Add("client_secret", c.ClientSecretValue)
query.Add("location", c.Location) query.Add("location", c.Location)
uri := url.URL{ uri := url.URL{
Scheme: "serviceaccount", Scheme: "serviceaccount",

View File

@ -16,8 +16,8 @@ func TestMain(m *testing.M) {
func TestApplicationCredentialsFromURI(t *testing.T) { func TestApplicationCredentialsFromURI(t *testing.T) {
creds := ApplicationCredentials{ creds := ApplicationCredentials{
TenantID: "tenant-id", TenantID: "tenant-id",
ClientID: "client-id", AppClientID: "client-id",
ClientSecret: "client-secret", ClientSecretValue: "client-secret",
Location: "location", Location: "location",
} }
testCases := map[string]struct { testCases := map[string]struct {
@ -64,8 +64,8 @@ func TestToCloudServiceAccountURI(t *testing.T) {
require := require.New(t) require := require.New(t)
key := ApplicationCredentials{ key := ApplicationCredentials{
TenantID: "tenant-id", TenantID: "tenant-id",
ClientID: "client-id", AppClientID: "client-id",
ClientSecret: "client-secret", ClientSecretValue: "client-secret",
Location: "location", Location: "location",
} }

View File

@ -36,8 +36,8 @@ func (a *Autoscaler) Secrets(providerID string, cloudServiceAccountURI string) (
Namespace: "kube-system", Namespace: "kube-system",
}, },
Data: map[string][]byte{ Data: map[string][]byte{
"ClientID": []byte(creds.ClientID), "ClientID": []byte(creds.AppClientID),
"ClientSecret": []byte(creds.ClientSecret), "ClientSecret": []byte(creds.ClientSecretValue),
"ResourceGroup": []byte(resourceGroup), "ResourceGroup": []byte(resourceGroup),
"SubscriptionID": []byte(subscriptionID), "SubscriptionID": []byte(subscriptionID),
"TenantID": []byte(creds.TenantID), "TenantID": []byte(creds.TenantID),

View File

@ -100,8 +100,8 @@ func (c *CloudControllerManager) Secrets(ctx context.Context, providerID string,
UseInstanceMetadata: true, UseInstanceMetadata: true,
VMType: vmType, VMType: vmType,
Location: creds.Location, Location: creds.Location,
AADClientID: creds.ClientID, AADClientID: creds.AppClientID,
AADClientSecret: creds.ClientSecret, AADClientSecret: creds.ClientSecretValue,
} }
rawConfig, err := json.Marshal(config) rawConfig, err := json.Marshal(config)

View File

@ -149,18 +149,24 @@ type AzureConfig struct {
// Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison // Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"` StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"`
// description: | // description: |
// Expected confidential VM measurements.
Measurements Measurements `yaml:"measurements"`
// description: |
// List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"`
// description: |
// Authorize spawned VMs to access Azure API. See: https://docs.edgeless.systems/constellation/latest/#/getting-started/install?id=azure // Authorize spawned VMs to access Azure API. See: https://docs.edgeless.systems/constellation/latest/#/getting-started/install?id=azure
UserAssignedIdentity string `yaml:"userAssignedIdentity" validate:"required"` UserAssignedIdentity string `yaml:"userAssignedIdentity" validate:"required"`
// description: | // description: |
// Resource group to use. // Resource group to use.
ResourceGroup string `yaml:"resourceGroup" validate:"required"` ResourceGroup string `yaml:"resourceGroup" validate:"required"`
// description: | // description: |
// Application client ID of the Active Directory app registration.
AppClientID string `yaml:"appClientID" validate:"required"`
// description: |
// Client secret value of the Active Directory app registration credentials.
ClientSecretValue string `yaml:"clientSecretValue" validate:"required"`
// description: |
// Expected confidential VM measurements.
Measurements Measurements `yaml:"measurements"`
// description: |
// List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"`
// description: |
// Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview // Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview
ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"` ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"`
} }

View File

@ -199,7 +199,7 @@ func init() {
FieldName: "azure", FieldName: "azure",
}, },
} }
AzureConfigDoc.Fields = make([]encoder.Doc, 10) AzureConfigDoc.Fields = make([]encoder.Doc, 12)
AzureConfigDoc.Fields[0].Name = "subscription" AzureConfigDoc.Fields[0].Name = "subscription"
AzureConfigDoc.Fields[0].Type = "string" AzureConfigDoc.Fields[0].Type = "string"
AzureConfigDoc.Fields[0].Note = "" AzureConfigDoc.Fields[0].Note = ""
@ -225,31 +225,41 @@ func init() {
AzureConfigDoc.Fields[4].Note = "" AzureConfigDoc.Fields[4].Note = ""
AzureConfigDoc.Fields[4].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" AzureConfigDoc.Fields[4].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison"
AzureConfigDoc.Fields[4].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" AzureConfigDoc.Fields[4].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison"
AzureConfigDoc.Fields[5].Name = "measurements" AzureConfigDoc.Fields[5].Name = "userAssignedIdentity"
AzureConfigDoc.Fields[5].Type = "Measurements" AzureConfigDoc.Fields[5].Type = "string"
AzureConfigDoc.Fields[5].Note = "" AzureConfigDoc.Fields[5].Note = ""
AzureConfigDoc.Fields[5].Description = "Expected confidential VM measurements." AzureConfigDoc.Fields[5].Description = "Authorize spawned VMs to access Azure API. See: https://docs.edgeless.systems/constellation/latest/#/getting-started/install?id=azure"
AzureConfigDoc.Fields[5].Comments[encoder.LineComment] = "Expected confidential VM measurements." AzureConfigDoc.Fields[5].Comments[encoder.LineComment] = "Authorize spawned VMs to access Azure API. See: https://docs.edgeless.systems/constellation/latest/#/getting-started/install?id=azure"
AzureConfigDoc.Fields[6].Name = "enforcedMeasurements" AzureConfigDoc.Fields[6].Name = "resourceGroup"
AzureConfigDoc.Fields[6].Type = "[]uint32" AzureConfigDoc.Fields[6].Type = "string"
AzureConfigDoc.Fields[6].Note = "" AzureConfigDoc.Fields[6].Note = ""
AzureConfigDoc.Fields[6].Description = "List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning." AzureConfigDoc.Fields[6].Description = "Resource group to use."
AzureConfigDoc.Fields[6].Comments[encoder.LineComment] = "List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning." AzureConfigDoc.Fields[6].Comments[encoder.LineComment] = "Resource group to use."
AzureConfigDoc.Fields[7].Name = "userAssignedIdentity" AzureConfigDoc.Fields[7].Name = "appClientID"
AzureConfigDoc.Fields[7].Type = "string" AzureConfigDoc.Fields[7].Type = "string"
AzureConfigDoc.Fields[7].Note = "" AzureConfigDoc.Fields[7].Note = ""
AzureConfigDoc.Fields[7].Description = "Authorize spawned VMs to access Azure API. See: https://docs.edgeless.systems/constellation/latest/#/getting-started/install?id=azure" AzureConfigDoc.Fields[7].Description = "Application client ID of the Active Directory app registration."
AzureConfigDoc.Fields[7].Comments[encoder.LineComment] = "Authorize spawned VMs to access Azure API. See: https://docs.edgeless.systems/constellation/latest/#/getting-started/install?id=azure" AzureConfigDoc.Fields[7].Comments[encoder.LineComment] = "Application client ID of the Active Directory app registration."
AzureConfigDoc.Fields[8].Name = "resourceGroup" AzureConfigDoc.Fields[8].Name = "clientSecretValue"
AzureConfigDoc.Fields[8].Type = "string" AzureConfigDoc.Fields[8].Type = "string"
AzureConfigDoc.Fields[8].Note = "" AzureConfigDoc.Fields[8].Note = ""
AzureConfigDoc.Fields[8].Description = "Resource group to use." AzureConfigDoc.Fields[8].Description = "Client secret value of the Active Directory app registration credentials."
AzureConfigDoc.Fields[8].Comments[encoder.LineComment] = "Resource group to use." AzureConfigDoc.Fields[8].Comments[encoder.LineComment] = "Client secret value of the Active Directory app registration credentials."
AzureConfigDoc.Fields[8].Name = "confidentialVM" AzureConfigDoc.Fields[9].Name = "measurements"
AzureConfigDoc.Fields[8].Type = "bool" AzureConfigDoc.Fields[9].Type = "Measurements"
AzureConfigDoc.Fields[8].Note = "" AzureConfigDoc.Fields[9].Note = ""
AzureConfigDoc.Fields[8].Description = "Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview" AzureConfigDoc.Fields[9].Description = "Expected confidential VM measurements."
AzureConfigDoc.Fields[8].Comments[encoder.LineComment] = "Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview" AzureConfigDoc.Fields[9].Comments[encoder.LineComment] = "Expected confidential VM measurements."
AzureConfigDoc.Fields[10].Name = "enforcedMeasurements"
AzureConfigDoc.Fields[10].Type = "[]uint32"
AzureConfigDoc.Fields[10].Note = ""
AzureConfigDoc.Fields[10].Description = "List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning."
AzureConfigDoc.Fields[10].Comments[encoder.LineComment] = "List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning."
AzureConfigDoc.Fields[11].Name = "confidentialVM"
AzureConfigDoc.Fields[11].Type = "bool"
AzureConfigDoc.Fields[11].Note = ""
AzureConfigDoc.Fields[11].Description = "Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
AzureConfigDoc.Fields[11].Comments[encoder.LineComment] = "Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
GCPConfigDoc.Type = "GCPConfig" GCPConfigDoc.Type = "GCPConfig"
GCPConfigDoc.Comments[encoder.LineComment] = "GCPConfig are GCP specific configuration values used by the CLI." GCPConfigDoc.Comments[encoder.LineComment] = "GCPConfig are GCP specific configuration values used by the CLI."

View File

@ -13,7 +13,7 @@ import (
"go.uber.org/goleak" "go.uber.org/goleak"
) )
const defaultMsgCount = 9 // expect this number of error messages by default because user-specific values are not set const defaultMsgCount = 12 // expect this number of error messages by default because user-specific values are not set
func TestMain(m *testing.M) { func TestMain(m *testing.M) {
goleak.VerifyTestMain(m) goleak.VerifyTestMain(m)