feat: status shows attestation config (#2056)

* init * update doc * fix tests * unmarshal typed attestation config for consistent yaml formatting * fix comments * marshal numerical attestation values in join-config * GetAttestationConfig marshals numerical value
2025-10-11 10:08:33 -04:00 · 2023-07-07 17:02:01 +02:00 · 2023-07-07 17:02:01 +02:00 · 7e83991154
commit 7e83991154
parent fafafb48d7
9 changed files with 180 additions and 31 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -600,7 +600,9 @@ func (c *Config) GetAttestationConfig() AttestationCfg {
 		return c.Attestation.AWSNitroTPM
 	}
 	if c.Attestation.AzureSEVSNP != nil {
-		return c.Attestation.AzureSEVSNP
+		cp := *c.Attestation.AzureSEVSNP
+		cp.setWantLatestToFalse()
+		return &cp
 	}
 	if c.Attestation.AzureTrustedLaunch != nil {
 		return c.Attestation.AzureTrustedLaunch
@ -1043,6 +1045,14 @@ type AzureSEVSNP struct {
 	AMDRootKey Certificate `json:"amdRootKey" yaml:"amdRootKey"`
 }

+// setWantLatestToFalse sets the WantLatest field to false for all versions in order to unmarshal the numerical versions instead of the string "latest".
+func (c *AzureSEVSNP) setWantLatestToFalse() {
+	c.BootloaderVersion.WantLatest = false
+	c.TEEVersion.WantLatest = false
+	c.SNPVersion.WantLatest = false
+	c.MicrocodeVersion.WantLatest = false
+}
+
 // AzureTrustedLaunch is the configuration for Azure Trusted Launch attestation.
 type AzureTrustedLaunch struct {
 	// description: |
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@ -42,7 +42,7 @@ func TestDefaultConfig(t *testing.T) {
 	assert.NotNil(def)
 }

-func TestDefaultConfigWritesLatestVersion(t *testing.T) {
+func TestDefaultConfigMarshalsLatestVersion(t *testing.T) {
 	conf := Default()
 	bt, err := yaml.Marshal(conf)
 	require := require.New(t)
@ -57,6 +57,24 @@ func TestDefaultConfigWritesLatestVersion(t *testing.T) {
 	assert.Equal("latest", mp.getAzureSEVSNPVersion("bootloaderVersion"))
 }

+func TestGetAttestationConfigMarshalsNumericalVersion(t *testing.T) {
+	conf := Default()
+	conf.RemoveProviderAndAttestationExcept(cloudprovider.Azure)
+
+	attestationCfg := conf.GetAttestationConfig()
+	bt, err := yaml.Marshal(attestationCfg)
+	require := require.New(t)
+	require.NoError(err)
+
+	var mp map[string]interface{}
+	require.NoError(yaml.Unmarshal(bt, &mp))
+	assert := assert.New(t)
+	assert.Equal(placeholderVersionValue, mp["microcodeVersion"])
+	assert.Equal(placeholderVersionValue, mp["teeVersion"])
+	assert.Equal(placeholderVersionValue, mp["snpVersion"])
+	assert.Equal(placeholderVersionValue, mp["bootloaderVersion"])
+}
+
 func TestNew(t *testing.T) {
 	testCases := map[string]struct {
 		config        configMap