verify: move CSP-specific code to internal/verify

With the introduction of SNP-based attestation on AWS some of the information in the report (MAAToken) is not applicable to all attestation reports anymore. Thus, make verify cmd CSP-agnostic and move CSP-specific logic to internal/verify. Also make internal/attestation/snp CSP aware.
2025-10-02 05:39:07 -04:00 · 2023-11-07 15:19:31 +01:00 · 2023-11-07 15:19:31 +01:00 · cdc91b50bc
commit cdc91b50bc
parent 59b096e279
13 changed files with 665 additions and 531 deletions
--- a/internal/verify/BUILD.bazel
+++ b/internal/verify/BUILD.bazel
@ -1,9 +1,31 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("//bazel/go:go_test.bzl", "go_test")

 go_library(
    name = "verify",
-    srcs = ["verify.go"],
+    srcs = [
+        "certchain.go",
+        "verify.go",
+    ],
    importpath = "github.com/edgelesssys/constellation/v2/internal/verify",
    visibility = ["//:__subpackages__"],
-    deps = ["@com_github_golang_jwt_jwt_v5//:jwt"],
+    deps = [
+        "//internal/attestation/snp",
+        "//internal/constants",
+        "//internal/kubernetes/kubectl",
+        "@com_github_golang_jwt_jwt_v5//:jwt",
+        "@com_github_google_go_sev_guest//abi",
+        "@com_github_google_go_sev_guest//kds",
+    ],
+)
+
+go_test(
+    name = "verify_test",
+    srcs = ["verify_test.go"],
+    embed = [":verify"],
+    deps = [
+        "//internal/attestation/snp/testdata",
+        "//internal/logger",
+        "@com_github_stretchr_testify//assert",
+    ],
 )