attestation: add awsSEVSNP as new variant (#1900)

* variant: move into internal/attestation * attesation: move aws attesation into subfolder nitrotpm * config: add aws-sev-snp variant * cli: add tf option to enable AWS SNP For now the implementations in aws/nitrotpm and aws/snp are identical. They both contain the aws/nitrotpm impl. A separate commit will add the actual attestation logic.
2025-09-22 22:14:43 -04:00 · 2023-06-09 15:41:02 +02:00 · 2023-06-09 15:41:02 +02:00 · 8f21972aec
commit 8f21972aec
parent 947d0cb20a
110 changed files with 993 additions and 215 deletions
--- a/disk-mapper/cmd/BUILD.bazel
+++ b/disk-mapper/cmd/BUILD.bazel
@ -13,6 +13,7 @@ go_library(
        "//disk-mapper/internal/setup",
        "//internal/attestation/choose",
        "//internal/attestation/tdx",
+        "//internal/attestation/variant",
        "//internal/attestation/vtpm",
        "//internal/cloud/aws",
        "//internal/cloud/azure",
@ -26,7 +27,6 @@ go_library(
        "//internal/kms/setup",
        "//internal/logger",
        "//internal/role",
-        "//internal/variant",
        "@com_github_spf13_afero//:afero",
        "@org_uber_go_zap//:zap",
    ],
--- a/disk-mapper/cmd/main.go
+++ b/disk-mapper/cmd/main.go
@ -20,6 +20,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/disk-mapper/internal/setup"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/choose"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/tdx"
+	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
 	awscloud "github.com/edgelesssys/constellation/v2/internal/cloud/aws"
 	azurecloud "github.com/edgelesssys/constellation/v2/internal/cloud/azure"
@ -33,7 +34,6 @@ import (
 	kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/role"
-	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/spf13/afero"
 	"go.uber.org/zap"
 )
--- a/disk-mapper/internal/recoveryserver/BUILD.bazel
+++ b/disk-mapper/internal/recoveryserver/BUILD.bazel
@ -28,11 +28,11 @@ go_test(
    deps = [
        "//disk-mapper/recoverproto",
        "//internal/atls",
+        "//internal/attestation/variant",
        "//internal/grpc/dialer",
        "//internal/grpc/testdialer",
        "//internal/kms/kms",
        "//internal/logger",
-        "//internal/variant",
        "@com_github_stretchr_testify//assert",
        "@com_github_stretchr_testify//require",
        "@org_uber_go_goleak//:goleak",
--- a/disk-mapper/internal/recoveryserver/recoveryserver_test.go
+++ b/disk-mapper/internal/recoveryserver/recoveryserver_test.go
@ -15,11 +15,11 @@ import (

 	"github.com/edgelesssys/constellation/v2/disk-mapper/recoverproto"
 	"github.com/edgelesssys/constellation/v2/internal/atls"
+	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
 	"github.com/edgelesssys/constellation/v2/internal/kms/kms"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"