Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-03 04:26:20 -04:00
Code Issues Projects Releases Packages Wiki Activity

uplosi: use separate galleries for Azure TDX and TDX

Browse source
This commit is contained in:
Malte Poll 2024-01-16 14:15:04 +01:00
parent 52dec77508
commit 9d6321faa3
2 changed files with 19 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/attestation/measurements/overrides.go
View file

@ -98,12 +98,12 @@ type valueOverride struct {
func ApplyOverrides(in M, csp cloudprovider.Provider, attestationVariant string) (M, error) { func ApplyOverrides(in M, csp cloudprovider.Provider, attestationVariant string) (M, error) {
out := in.Copy() out := in.Copy()
var matchingOverrides []measurementOverride var matchingOverrides []measurementOverride
if cspOverride, ok := measurementOverridesForCSP[csp.String()]; ok {
matchingOverrides = append(matchingOverrides, cspOverride)
}
if attestationVariantOverride, ok := measurementOverridesForAttestationVariant[attestationVariant]; ok { if attestationVariantOverride, ok := measurementOverridesForAttestationVariant[attestationVariant]; ok {
matchingOverrides = append(matchingOverrides, attestationVariantOverride) matchingOverrides = append(matchingOverrides, attestationVariantOverride)
} }
if cspOverride, ok := measurementOverridesForCSP[csp.String()]; ok {
matchingOverrides = append(matchingOverrides, cspOverride)
}
for _, override := range matchingOverrides { for _, override := range matchingOverrides {
for _, i := range override.ValueOverrides { for _, i := range override.ValueOverrides {
m, ok := out[i.Index] m, ok := out[i.Index]

21
internal/osimage/uplosi/uplosiupload.go
View file

@ -209,21 +209,32 @@ func awsParseAMIARN(arn string) (region string, amiID string, retErr error) {
func extendAzureConfig(azureConfig map[string]any, version versionsapi.Version, attestationVariant string, timestamp time.Time) { func extendAzureConfig(azureConfig map[string]any, version versionsapi.Version, attestationVariant string, timestamp time.Time) {
azureConfig["attestationVariant"] = attestationVariant azureConfig["attestationVariant"] = attestationVariant
azureConfig["sharedImageGallery"] = azureGalleryName(version) azureConfig["sharedImageGallery"] = azureGalleryName(version, attestationVariant)
azureConfig["imageDefinitionName"] = azureImageOffer(version) azureConfig["imageDefinitionName"] = azureImageOffer(version)
azureConfig["offer"] = azureImageOffer(version) azureConfig["offer"] = azureImageOffer(version)
formattedTime := timestamp.Format(timestampFormat) formattedTime := timestamp.Format(timestampFormat)
azureConfig["diskName"] = fmt.Sprintf("constellation-%s-%s-%s", version.Stream(), formattedTime, attestationVariant) azureConfig["diskName"] = fmt.Sprintf("constellation-%s-%s-%s", version.Stream(), formattedTime, attestationVariant)
} }
func azureGalleryName(version versionsapi.Version) string { func azureGalleryName(version versionsapi.Version, attestationVariant string) string {
var prefix string
switch version.Stream() { switch version.Stream() {
case "stable": case "stable":
return "Constellation_CVM" prefix = "Constellation"
case "debug": case "debug":
return "Constellation_Debug_CVM" prefix = "Constellation_Debug"
default:
prefix = "Constellation_Testing"
} }
return "Constellation_Testing_CVM"
var suffix string
switch attestationVariant {
case "azure-tdx":
suffix = "_TDX"
case "azure-sev-snp":
suffix = "_CVM"
}
return prefix + suffix
} }
func azureImageOffer(version versionsapi.Version) string { func azureImageOffer(version versionsapi.Version) string {