AB#2386: TrustedLaunch support for azure attestation

* There are now two attestation packages on azure. The issuer on the server side is created base on successfully querying the idkeydigest from the TPM. Fallback on err: Trusted Launch. * The bootstrapper's issuer choice is validated by the CLI's validator, which is created based on the local config. * Add "azureCVM" field to new "internal-config" cm. This field is populated by the bootstrapper. * Group attestation OIDs by CSP (#42) * Bootstrapper now uses IssuerWrapper type to pass the issuer (and some context info) to the initserver. * Introduce VMType package akin to cloudprovider. Used by IssuerWrapper. * Extend unittests. * Remove CSP specific attestation integration tests Co-authored-by: <dw@edgeless.systems> Signed-off-by: Otto Bittner <cobittner@posteo.net>
2025-05-02 14:26:23 -04:00 · 2022-08-31 20:10:49 +02:00 · 2022-08-31 20:10:49 +02:00 · 405db3286e
commit 405db3286e
parent 4bfb98d35a
33 changed files with 749 additions and 431 deletions
--- a/bootstrapper/internal/kubernetes/kubernetes_test.go
+++ b/bootstrapper/internal/kubernetes/kubernetes_test.go
@ -308,7 +308,7 @@ func TestInitCluster(t *testing.T) {

 			_, err := kube.InitCluster(
 				context.Background(), autoscalingNodeGroups, serviceAccountURI, string(tc.k8sVersion),
-				nil, nil, false, resources.KMSConfig{MasterSecret: masterSecret}, nil, nil, logger.NewTest(t),
+				nil, nil, false, nil, true, resources.KMSConfig{MasterSecret: masterSecret}, nil, nil, logger.NewTest(t),
 			)

 			if tc.wantErr {