gcp: fix comments and typos

.github/actions/constellation_create/action.yml

@@ -164,6 +164,7 @@ runs:
       shell: bash
       run: |
         echo "Creating cluster using config:"
+        cat constellation-conf.yaml
         sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts' || true
 
     - name: Constellation create (CLI)

internal/attestation/gcp/es/es.go

@@ -5,7 +5,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 */
 
 /*
-# GCP SEV-ES Attestation
+# GCP SEV-ES attestation
 
 Google offers [confidential VMs], utilizing AMD SEV-ES to provide memory encryption.
 

internal/attestation/gcp/gcp.go

@@ -5,6 +5,6 @@ SPDX-License-Identifier: AGPL-3.0-only
 */
 
 /*
-# Google Cloud Platform Attestation
+# Google Cloud Platform attestation
 */
 package gcp

internal/attestation/gcp/snp/issuer.go

@@ -85,7 +85,7 @@ func getInstanceInfo(_ context.Context, tpm io.ReadWriteCloser, _ []byte) ([]byt
 
 	vcek, err := pemEncodedVCEK(certs)
 	if err != nil {
-		return nil, fmt.Errorf("parsing vlek: %w", err)
+		return nil, fmt.Errorf("parsing vcek: %w", err)
 	}
 
 	gceInstanceInfo, err := gceInstanceInfo()
@@ -145,7 +145,7 @@ func pemEncodedVCEK(certs []byte) ([]byte, error) {
 		return nil, fmt.Errorf("getting VCEK certificate: %w", err)
 	}
 
-	// An optional check for certificate well-formedness. vlekRaw == cert.Raw.
+	// An optional check for certificate well-formedness. vcekRaw == cert.Raw.
 	cert, err := x509.ParseCertificate(vcekRaw)
 	if err != nil {
 		return nil, fmt.Errorf("parsing certificate: %w", err)

internal/attestation/gcp/snp/snp.go

@@ -5,7 +5,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 */
 
 /*
-# GCP SEV-SNP Attestation
+# GCP SEV-SNP attestation
 
 Google offers [confidential VMs], utilizing AMD SEV-SNP to provide memory encryption.
 
@@ -36,9 +36,7 @@ public key provided by Google's API corresponding to the project ID, zone, insta
     Without a certificate signing the authenticity of any endorsement keys we have no way of establishing a chain of trust.
     Instead, we have to rely on Google's API to provide us with the public key of the vTPM's endorsement key.
 
-[GCP Confidential VMs]: https://cloud.google.com/compute/confidential-vm/docs/about-cvm
-[GCP Virtual Trusted Platform Module (vTPM)]: https://cloud.google.com/security/shielded-cloud/shielded-vm#vtpm
-[GCP Monitoring docs]: https://cloud.google.com/compute/confidential-vm/docs/monitoring
-[AMD SEV-SNP whitepaper]: https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf#page=7
+[confidential VMs]: https://cloud.google.com/compute/confidential-vm/docs/about-cvm
+[virtual Trusted Platform Module (vTPM)]: https://cloud.google.com/security/shielded-cloud/shielded-vm#vtpm
 */
 package snp

internal/attestation/gcp/snp/validator.go

@@ -49,7 +49,7 @@ type Validator struct {
 func NewValidator(cfg *config.GCPSEVSNP, log attestation.Logger) (*Validator, error) {
 	getGCEKey, err := gcp.TrustedKeyGetter(variant.GCPSEVSNP{}, gcp.NewRESTClient)
 	if err != nil {
-		return nil, fmt.Errorf("create trusted key getter: %v", err)
+		return nil, fmt.Errorf("creating trusted key getter: %w", err)
 	}
 
 	v := &Validator{

internal/attestation/vtpm/attestation.go

@@ -125,7 +125,6 @@ func (i *Issuer) Issue(ctx context.Context, userData []byte, nonce []byte) (res
 	}
 	defer aK.Close()
 
-	// Create an attestation using the loaded key
 	extraData := attestation.MakeExtraData(userData, nonce)
 
 	// Fetch instance info of the VM
@@ -136,6 +135,7 @@ func (i *Issuer) Issue(ctx context.Context, userData []byte, nonce []byte) (res
 
 	tpmNonce := makeTpmNonce(instanceInfo, extraData)
 
+	// Create an attestation using the loaded key
 	tpmAttestation, err := aK.Attest(tpmClient.AttestOpts{Nonce: tpmNonce[:]})
 	if err != nil {
 		return nil, fmt.Errorf("creating attestation: %w", err)

internal/config/gcp.go

@@ -2,6 +2,7 @@
 Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
+
 package config
 
 import (