config: allow Azure TDX instance types

cli/internal/cmd/configinstancetypes.go

@@ -30,13 +30,22 @@ func printSupportedInstanceTypes(cmd *cobra.Command, _ []string) {
 %v
 AWS NitroTPM-enabled instance types:
 %v
-Azure Confidential VM instance types:
+Azure Intel TDX instance types:
+%v
+Azure AMD SEV-SNP instance types:
 %v
 Azure Trusted Launch instance types:
 %v
 GCP instance types:
 %v
-`, formatInstanceTypes(instancetypes.AWSSNPSupportedInstanceFamilies), formatInstanceTypes(instancetypes.AWSSupportedInstanceFamilies), formatInstanceTypes(instancetypes.AzureCVMInstanceTypes), formatInstanceTypes(instancetypes.AzureTrustedLaunchInstanceTypes), formatInstanceTypes(instancetypes.GCPInstanceTypes))
+`,
+		formatInstanceTypes(instancetypes.AWSSNPSupportedInstanceFamilies),
+		formatInstanceTypes(instancetypes.AWSSupportedInstanceFamilies),
+		formatInstanceTypes(instancetypes.AzureTDXInstanceTypes),
+		formatInstanceTypes(instancetypes.AzureSNPInstanceTypes),
+		formatInstanceTypes(instancetypes.AzureTrustedLaunchInstanceTypes),
+		formatInstanceTypes(instancetypes.GCPInstanceTypes),
+	)
 }
 
 func formatInstanceTypes(types []string) string {

internal/config/config_test.go

@@ -717,14 +717,19 @@ func TestValidInstanceTypeForProvider(t *testing.T) {
 			instanceTypes:  []string{},
 			expectedResult: false,
 		},
-		"azure only CVMs": {
+		"azure only CVMs (SNP)": {
 			provider:       cloudprovider.Azure,
-			instanceTypes:  instancetypes.AzureCVMInstanceTypes,
+			instanceTypes:  instancetypes.AzureSNPInstanceTypes,
+			expectedResult: true,
+		},
+		"azure only CVMs (TDX)": {
+			provider:       cloudprovider.Azure,
+			instanceTypes:  instancetypes.AzureTDXInstanceTypes,
 			expectedResult: true,
 		},
 		"azure CVMs but CVMs disabled": {
 			provider:       cloudprovider.Azure,
-			instanceTypes:  instancetypes.AzureCVMInstanceTypes,
+			instanceTypes:  instancetypes.AzureSNPInstanceTypes,
 			nonCVMsAllowed: true,
 			expectedResult: false,
 		},
@@ -757,7 +762,7 @@ func TestValidInstanceTypeForProvider(t *testing.T) {
 		},
 		"put azure when gcp is set": {
 			provider:       cloudprovider.GCP,
-			instanceTypes:  instancetypes.AzureCVMInstanceTypes,
+			instanceTypes:  instancetypes.AzureSNPInstanceTypes,
 			expectedResult: false,
 		},
 		"put azure when gcp is set with CVMs disabled": {

internal/config/instancetypes/azure.go

@@ -6,9 +6,9 @@ SPDX-License-Identifier: AGPL-3.0-only
 
 package instancetypes
 
-// AzureCVMInstanceTypes are valid Azure CVM instance types.
+// AzureSNPInstanceTypes are valid Azure SEV-SNP instance types.
-var AzureCVMInstanceTypes = []string{
+var AzureSNPInstanceTypes = []string{
-	// CVMs (3rd Generation EPYC 7763v processors)
+	// SEV-SNP CVMs (3rd Generation EPYC 7763v processors)
 	// DCasv5-series
 	"Standard_DC4as_v5",
 	"Standard_DC8as_v5",
@@ -45,6 +45,43 @@ var AzureCVMInstanceTypes = []string{
 	"Standard_EC96ads_v5",
 }
 
+// AzureTDXInstanceTypes are valid Azure TDX instance types.
+var AzureTDXInstanceTypes = []string{
+	// TDX CVMs
+	// DCesv5-series
+	"Standard_DC4es_v5",
+	"Standard_DC8es_v5",
+	"Standard_DC16es_v5",
+	"Standard_DC32es_v5",
+	"Standard_DC48es_v5",
+	"Standard_DC64es_v5",
+	"Standard_DC96es_v5",
+	// DCedsv5-series
+	"Standard_DC4eds_v5",
+	"Standard_DC8eds_v5",
+	"Standard_DC16eds_v5",
+	"Standard_DC32eds_v5",
+	"Standard_DC48eds_v5",
+	"Standard_DC64eds_v5",
+	"Standard_DC96eds_v5",
+	// ECesv5-series
+	"Standard_EC4es_v5",
+	"Standard_EC8es_v5",
+	"Standard_EC16es_v5",
+	"Standard_EC32es_v5",
+	"Standard_EC48es_v5",
+	"Standard_EC64es_v5",
+	"Standard_EC128es_v5",
+	// ECedsv5-series
+	"Standard_EC4eds_v5",
+	"Standard_EC8eds_v5",
+	"Standard_EC16eds_v5",
+	"Standard_EC32eds_v5",
+	"Standard_EC48eds_v5",
+	"Standard_EC64eds_v5",
+	"Standard_EC128eds_v5",
+}
+
 // AzureTrustedLaunchInstanceTypes are valid Azure Trusted Launch instance types.
 var AzureTrustedLaunchInstanceTypes = []string{
 	// Trusted Launch (2nd Generation AMD EPYC 7452 or 3rd Generation EPYC 7763v processors)

internal/config/validation.go

@@ -452,9 +452,14 @@ func (c *Config) translateAzureInstanceTypeError(ut ut.Translator, fe validator.
 
 	attestVariant := c.GetAttestationConfig().GetVariant()
 
-	instances := instancetypes.AzureCVMInstanceTypes
+	var instances []string
-	if attestVariant.Equal(variant.AzureTrustedLaunch{}) {
+	switch attestVariant.String() {
+	case variant.AzureTrustedLaunch{}.String():
 		instances = instancetypes.AzureTrustedLaunchInstanceTypes
+	case variant.AzureSEVSNP{}.String():
+		instances = instancetypes.AzureSNPInstanceTypes
+	case variant.AzureTDX{}.String():
+		instances = instancetypes.AzureTDXInstanceTypes
 	}
 
 	t, _ = ut.T("instance_type", fe.Field(), fmt.Sprintf("%v", instances))
@@ -515,7 +520,12 @@ func validInstanceTypeForProvider(insType string, acceptNonCVM bool, provider cl
 				}
 			}
 		} else {
-			for _, instanceType := range instancetypes.AzureCVMInstanceTypes {
+			for _, instanceType := range instancetypes.AzureTDXInstanceTypes {
+				if insType == instanceType {
+					return true
+				}
+			}
+			for _, instanceType := range instancetypes.AzureSNPInstanceTypes {
 				if insType == instanceType {
 					return true
 				}