AB#2350: Configurably enforce idkeydigest on Azure

* Add join-config entry for "enforceIdKeyDigest" bool * Add join-config entry for "idkeydigest" * Initially filled with TPM value from bootstrapper * Add config entries for idkeydigest and enforceIdKeyDigest * Extend azure attestation validator to check idkeydigest, if configured. * Update unittests * Add logger to NewValidator for all CSPs * Add csp to Updateable type Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2025-06-21 04:34:22 -04:00 · 2022-08-29 16:41:09 +02:00 · 2022-08-29 16:41:09 +02:00 · 4adc19b7f5
commit 4adc19b7f5
parent c84e44913b
31 changed files with 350 additions and 136 deletions
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice_test.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice_test.go
@ -9,7 +9,7 @@ import (
 )

 func TestNewJoinServiceDaemonset(t *testing.T) {
-	deployment := NewJoinServiceDaemonset("csp", "measurementsJSON", "enforcedPCRsJSON", []byte{0x0, 0x1, 0x2})
+	deployment := NewJoinServiceDaemonset("csp", "measurementsJSON", "enforcedPCRsJSON", "deadbeef", "true", []byte{0x0, 0x1, 0x2})
 	deploymentYAML, err := deployment.Marshal()
 	require.NoError(t, err)