mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-06-26 07:00:39 -04:00
Adjust usage of GCP SEV-SNP throughout codebase
This commit is contained in:
Moritz Sanft
parent
640f6c402b
commit
cb543c75f8
7 changed files with 35 additions and 3 deletions
3
.github/actions/terraform_apply/action.yml
vendored
3
.github/actions/terraform_apply/action.yml
vendored
|
|
@ -26,6 +26,9 @@ runs:
|
||||||
"gcpSEVES")
|
"gcpSEVES")
|
||||||
attestationVariant="gcp-sev-es"
|
attestationVariant="gcp-sev-es"
|
||||||
;;
|
;;
|
||||||
|
"gcpSEVSNP")
|
||||||
|
attestationVariant="gcp-sev-snp"
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Unknown attestation variant: $(yq '.attestation | keys | .[0]' constellation-conf.yaml)"
|
echo "Unknown attestation variant: $(yq '.attestation | keys | .[0]' constellation-conf.yaml)"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
||||||
|
|
@ -209,6 +209,12 @@ func gcpTerraformVars(conf *config.Config, imageRef string) *terraform.GCPCluste
|
||||||
DiskType: group.StateDiskType,
|
DiskType: group.StateDiskType,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ccTech := "SEV"
|
||||||
|
if conf.GetAttestationConfig().GetVariant().Equal(variant.GCPSEVSNP{}) {
|
||||||
|
ccTech = "SEV_SNP"
|
||||||
|
}
|
||||||
|
|
||||||
return &terraform.GCPClusterVariables{
|
return &terraform.GCPClusterVariables{
|
||||||
Name: conf.Name,
|
Name: conf.Name,
|
||||||
NodeGroups: nodeGroups,
|
NodeGroups: nodeGroups,
|
||||||
|
|
@ -219,6 +225,7 @@ func gcpTerraformVars(conf *config.Config, imageRef string) *terraform.GCPCluste
|
||||||
Debug: conf.IsDebugCluster(),
|
Debug: conf.IsDebugCluster(),
|
||||||
CustomEndpoint: conf.CustomEndpoint,
|
CustomEndpoint: conf.CustomEndpoint,
|
||||||
InternalLoadBalancer: conf.InternalLoadBalancer,
|
InternalLoadBalancer: conf.InternalLoadBalancer,
|
||||||
|
CCTechnology: ccTech,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -235,6 +235,11 @@ func TestValidProviderAttestationCombination(t *testing.T) {
|
||||||
variant.GCPSEVES{},
|
variant.GCPSEVES{},
|
||||||
config.AttestationConfig{GCPSEVES: defaultAttestation.GCPSEVES},
|
config.AttestationConfig{GCPSEVES: defaultAttestation.GCPSEVES},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
cloudprovider.GCP,
|
||||||
|
variant.GCPSEVSNP{},
|
||||||
|
config.AttestationConfig{GCPSEVSNP: defaultAttestation.GCPSEVSNP},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
cloudprovider.QEMU,
|
cloudprovider.QEMU,
|
||||||
variant.QEMUVTPM{},
|
variant.QEMUVTPM{},
|
||||||
|
|
@ -286,6 +291,10 @@ func TestParseAttestationFlag(t *testing.T) {
|
||||||
attestationFlag: "gcp-sev-es",
|
attestationFlag: "gcp-sev-es",
|
||||||
wantVariant: variant.GCPSEVES{},
|
wantVariant: variant.GCPSEVES{},
|
||||||
},
|
},
|
||||||
|
"GCPSEVSNP": {
|
||||||
|
attestationFlag: "gcp-sev-snp",
|
||||||
|
wantVariant: variant.GCPSEVSNP{},
|
||||||
|
},
|
||||||
"QEMUVTPM": {
|
"QEMUVTPM": {
|
||||||
attestationFlag: "qemu-vtpm",
|
attestationFlag: "qemu-vtpm",
|
||||||
wantVariant: variant.QEMUVTPM{},
|
wantVariant: variant.QEMUVTPM{},
|
||||||
|
|
|
||||||
|
|
@ -122,6 +122,7 @@ func TestGCPClusterVariables(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
CustomEndpoint: "example.com",
|
CustomEndpoint: "example.com",
|
||||||
|
CCTechnology: "SEV_SNP",
|
||||||
}
|
}
|
||||||
|
|
||||||
// test that the variables are correctly rendered
|
// test that the variables are correctly rendered
|
||||||
|
|
@ -151,6 +152,7 @@ node_groups = {
|
||||||
}
|
}
|
||||||
custom_endpoint = "example.com"
|
custom_endpoint = "example.com"
|
||||||
internal_load_balancer = false
|
internal_load_balancer = false
|
||||||
|
cc_technology = "SEV_SNP"
|
||||||
`
|
`
|
||||||
got := vars.String()
|
got := vars.String()
|
||||||
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
||||||
|
|
|
||||||
|
|
@ -78,7 +78,7 @@ constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags]
|
||||||
### Options
|
### Options
|
||||||
|
|
||||||
```
|
```
|
||||||
-a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used
|
-a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-snp|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used
|
||||||
-h, --help help for generate
|
-h, --help help for generate
|
||||||
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.28")
|
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.28")
|
||||||
```
|
```
|
||||||
|
|
|
||||||
|
|
@ -383,7 +383,7 @@ func (s *State) preInitConstraints(attestation variant.Variant) func() []*valida
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
case variant.GCPSEVES{}:
|
case variant.GCPSEVES{}, variant.GCPSEVSNP{}:
|
||||||
// GCP values need to be valid after infrastructure creation.
|
// GCP values need to be valid after infrastructure creation.
|
||||||
constraints = append(constraints,
|
constraints = append(constraints,
|
||||||
// Azure values need to be nil or empty.
|
// Azure values need to be nil or empty.
|
||||||
|
|
@ -514,7 +514,7 @@ func (s *State) postInitConstraints(attestation variant.Variant) func() []*valid
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
case variant.GCPSEVES{}:
|
case variant.GCPSEVES{}, variant.GCPSEVSNP{}:
|
||||||
constraints = append(constraints,
|
constraints = append(constraints,
|
||||||
// Azure values need to be nil or empty.
|
// Azure values need to be nil or empty.
|
||||||
validation.Or(
|
validation.Or(
|
||||||
|
|
|
||||||
|
|
@ -122,6 +122,10 @@ func convertFromTfAttestationCfg(tfAttestation attestationAttribute, attestation
|
||||||
attestationConfig = &config.GCPSEVES{
|
attestationConfig = &config.GCPSEVES{
|
||||||
Measurements: c11nMeasurements,
|
Measurements: c11nMeasurements,
|
||||||
}
|
}
|
||||||
|
case variant.GCPSEVSNP{}:
|
||||||
|
attestationConfig = &config.GCPSEVSNP{
|
||||||
|
Measurements: c11nMeasurements,
|
||||||
|
}
|
||||||
case variant.QEMUVTPM{}:
|
case variant.QEMUVTPM{}:
|
||||||
attestationConfig = &config.QEMUVTPM{
|
attestationConfig = &config.QEMUVTPM{
|
||||||
Measurements: c11nMeasurements,
|
Measurements: c11nMeasurements,
|
||||||
|
|
@ -150,6 +154,13 @@ func convertToTfAttestation(attVar variant.Variant, snpVersions attestationconfi
|
||||||
}
|
}
|
||||||
tfAttestation.AMDRootKey = certStr
|
tfAttestation.AMDRootKey = certStr
|
||||||
|
|
||||||
|
case variant.GCPSEVSNP{}:
|
||||||
|
certStr, err := certAsString(config.DefaultForGCPSEVSNP().AMDRootKey)
|
||||||
|
if err != nil {
|
||||||
|
return tfAttestation, err
|
||||||
|
}
|
||||||
|
tfAttestation.AMDRootKey = certStr
|
||||||
|
|
||||||
case variant.AzureSEVSNP{}:
|
case variant.AzureSEVSNP{}:
|
||||||
certStr, err := certAsString(config.DefaultForAzureSEVSNP().AMDRootKey)
|
certStr, err := certAsString(config.DefaultForAzureSEVSNP().AMDRootKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue