terraform: Azure Marketplace image support (#2651)

* terraform: add Azure marketplace variable

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* config: add Azure marketplace variable

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: use Terraform variables from config

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: pass down marketplace variable

* image: pad Azure images to 1GiB

* terraform: add version attribute to marketplace image

* semver: allow versions to be exported without prefix

* cli: boolean var to use marketplace images

* config: remove dive key

* dev-docs: add instructions on how to use marketplace images

* terraform: fix unit test

* terraform: only fetch image for non-marketplace images

* mpimage: refactor image selection

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] increase minor version for image build

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: ignore changes to source_image_reference on upgrade

* operator: add support for parsing Azure marketplace images

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* upgrade: fix imagefetcher call

* docs: add info about azure marketplace

* image: ensure more than 1GiB in size

* image: test to pad to 2GiB

* version: change back to v2.14.0-pre

* image: GPT-conformant image size padding

* [remove] increase version

* mpimage: inline prefix func

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: add marketplace image e2e test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] register workflow

* ci: fix workflow name

* ci: only allow azure test

* cli: add marketplace image input to interface

* cli: fix argument passing

* version: roll back to v2.14.0

* ci: add force-flag support

* Update docs/docs/overview/license.md

* Update dev-docs/workflows/marketplace-images.md

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

internal/imagefetcher/imagefetcher.go

@@ -23,6 +23,8 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
+	"github.com/edgelesssys/constellation/v2/internal/mpimage"
+	"github.com/edgelesssys/constellation/v2/internal/semver"
 	"github.com/spf13/afero"
 )
 
@@ -43,13 +45,17 @@ func New() *Fetcher {
 // FetchReference fetches the image reference for a given image version uid, CSP and image variant.
 func (f *Fetcher) FetchReference(ctx context.Context,
 	provider cloudprovider.Provider, attestationVariant variant.Variant,
-	image, region string,
+	image, region string, useMarketplaceImage bool,
 ) (string, error) {
 	ver, err := versionsapi.NewVersionFromShortPath(image, versionsapi.VersionKindImage)
 	if err != nil {
 		return "", fmt.Errorf("parsing config image short path: %w", err)
 	}
 
+	if useMarketplaceImage {
+		return buildMarketplaceImage(ver, provider)
+	}
+
 	imgInfoReq := versionsapi.ImageInfo{
 		Ref:     ver.Ref(),
 		Stream:  ver.Stream(),
@@ -82,6 +88,21 @@ func (f *Fetcher) FetchReference(ctx context.Context,
 	return getReferenceFromImageInfo(provider, attestationVariant.String(), imgInfo, filters(provider, region)...)
 }
 
+// buildMarketplaceImage returns a marketplace image URI for the given CSP and version.
+func buildMarketplaceImage(ver versionsapi.Version, provider cloudprovider.Provider) (string, error) {
+	sv, err := semver.New(ver.Version())
+	if err != nil {
+		return "", fmt.Errorf("parsing image version: %w", err)
+	}
+
+	switch provider {
+	case cloudprovider.Azure:
+		return mpimage.NewAzureMarketplaceImage(sv).URI(), nil
+	default:
+		return "", fmt.Errorf("marketplace images are not supported for csp %s", provider.String())
+	}
+}
+
 func filters(provider cloudprovider.Provider, region string) []filter {
 	var filters []filter
 	switch provider {