terraform-provider: add usage examples (#2713)

* terraform-provider: add usage example for Azure * terraform-provider: add usage example for AWS * terraform-provider: add usage example for GCP * terraform-provider: update usage example for Azure * terraform-provider: update generated documentation * docs: adjust creation on Azure and link to examples * terraform-provider: unify image in-/output (#2725) * terraform-provider: check for returned error when converting microservices * terraform-provider: use state values for outputs after creation * terraform-provider: ignore invalid upgrades (#2728) --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2025-06-18 11:19:33 -04:00 · 2023-12-18 10:15:54 +01:00 · 2023-12-18 10:15:54 +01:00 · af791bd221
commit af791bd221
parent 88d626d302
21 changed files with 797 additions and 204 deletions
--- a/terraform-provider-constellation/internal/provider/attestation_data_source.go
+++ b/terraform-provider-constellation/internal/provider/attestation_data_source.go
@ -22,6 +22,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 )

@ -45,7 +46,7 @@ type AttestationDataSource struct {
 type AttestationDataSourceModel struct {
 	CSP                types.String `tfsdk:"csp"`
 	AttestationVariant types.String `tfsdk:"attestation_variant"`
-	ImageVersion       types.String `tfsdk:"image_version"`
+	Image              types.Object `tfsdk:"image"`
 	MaaURL             types.String `tfsdk:"maa_url"`
 	Insecure           types.Bool   `tfsdk:"insecure"`
 	Attestation        types.Object `tfsdk:"attestation"`
@ -85,15 +86,13 @@ func (d *AttestationDataSource) Metadata(_ context.Context, req datasource.Metad
 // Schema returns the schema for the data source.
 func (d *AttestationDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
 	resp.Schema = schema.Schema{
-		// This description is used by the documentation generator and the language server.
-		MarkdownDescription: "The data source to fetch measurements from a configured cloud provider and image.",
+		Description:         "Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image.",
+		MarkdownDescription: "Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image.",
+
 		Attributes: map[string]schema.Attribute{
-			"csp":                 newCSPAttribute(),
-			"attestation_variant": newAttestationVariantAttribute(attributeInput),
-			"image_version": schema.StringAttribute{
-				MarkdownDescription: "The image version to use. If not set, the provider version value is used.",
-				Optional:            true,
-			},
+			"csp":                 newCSPAttributeSchema(),
+			"attestation_variant": newAttestationVariantAttributeSchema(attributeInput),
+			"image":               newImageAttributeSchema(attributeInput),
 			"maa_url": schema.StringAttribute{
 				MarkdownDescription: "For Azure only, the URL of the Microsoft Azure Attestation service",
 				Optional:            true,
@ -102,7 +101,7 @@ func (d *AttestationDataSource) Schema(_ context.Context, _ datasource.SchemaReq
 				MarkdownDescription: "DON'T USE IN PRODUCTION Skip the signature verification when fetching measurements for the image.",
 				Optional:            true,
 			},
-			"attestation": newAttestationConfigAttribute(attributeOutput),
+			"attestation": newAttestationConfigAttributeSchema(attributeOutput),
 		},
 	}
 }
@ -175,12 +174,15 @@ func (d *AttestationDataSource) Read(ctx context.Context, req datasource.ReadReq
 	}
 	verifyFetcher := measurements.NewVerifyFetcher(sigstore.NewCosignVerifier, d.rekor, d.client)

-	imageVersion := data.ImageVersion.ValueString()
-	if imageVersion == "" {
-		tflog.Info(ctx, fmt.Sprintf("No image version specified, using provider version %s", d.version))
-		imageVersion = d.version // Use provider version as default.
+	// parse OS image version
+	var image imageAttribute
+	convertDiags := data.Image.As(ctx, &image, basetypes.ObjectAsOptions{})
+	resp.Diagnostics.Append(convertDiags...)
+	if resp.Diagnostics.HasError() {
+		return
 	}
-	fetchedMeasurements, err := verifyFetcher.FetchAndVerifyMeasurements(ctx, imageVersion,
+
+	fetchedMeasurements, err := verifyFetcher.FetchAndVerifyMeasurements(ctx, image.ShortPath,
 		csp, attestationVariant, insecureFetch)
 	if err != nil {
 		var rekErr *measurements.RekorError