mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-08-08 06:52:26 -04:00
config: add separate option for handling attestation parameters (#1623)
* Add attestation options to config * Add join-config migration path for clusters with old measurement format * Always create MAA provider for Azure SNP clusters * Remove confidential VM option from provider in favor of attestation options * cli: add config migrate command to handle config migration (#1678) --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
parent
6027b066e5
commit
d7a2ddd939
74 changed files with 1339 additions and 1282 deletions
|
@ -91,15 +91,17 @@ func (c *verifyCmd) verify(cmd *cobra.Command, fileHandler file.Handler, verifyC
|
|||
return fmt.Errorf("loading config file: %w", err)
|
||||
}
|
||||
|
||||
c.log.Debugf("Creating aTLS Validator for %s", conf.AttestationVariant)
|
||||
validators, err := cloudcmd.NewValidator(conf, flags.maaURL, c.log)
|
||||
if err != nil {
|
||||
return fmt.Errorf("creating aTLS validator: %w", err)
|
||||
conf.UpdateMAAURL(flags.maaURL)
|
||||
c.log.Debugf("Updating expected PCRs")
|
||||
attConfig := conf.GetAttestationConfig()
|
||||
if err := cloudcmd.UpdateInitPCRs(attConfig, flags.ownerID, flags.clusterID); err != nil {
|
||||
return fmt.Errorf("updating expected PCRs: %w", err)
|
||||
}
|
||||
|
||||
c.log.Debugf("Updating expected PCRs")
|
||||
if err := validators.UpdateInitPCRs(flags.ownerID, flags.clusterID); err != nil {
|
||||
return fmt.Errorf("updating expected PCRs: %w", err)
|
||||
c.log.Debugf("Creating aTLS Validator for %s", conf.GetAttestationConfig().GetVariant())
|
||||
validator, err := cloudcmd.NewValidator(cmd, attConfig, c.log)
|
||||
if err != nil {
|
||||
return fmt.Errorf("creating aTLS validator: %w", err)
|
||||
}
|
||||
|
||||
nonce, err := crypto.GenerateRandomBytes(32)
|
||||
|
@ -114,14 +116,14 @@ func (c *verifyCmd) verify(cmd *cobra.Command, fileHandler file.Handler, verifyC
|
|||
&verifyproto.GetAttestationRequest{
|
||||
Nonce: nonce,
|
||||
},
|
||||
validators.V(cmd),
|
||||
validator,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("verifying: %w", err)
|
||||
}
|
||||
|
||||
// certificates are only available for Azure
|
||||
attDocOutput, err := formatter.format(rawAttestationDoc, conf.Provider.Azure == nil, flags.rawOutput, validators.PCRS())
|
||||
attDocOutput, err := formatter.format(rawAttestationDoc, conf.Provider.Azure == nil, flags.rawOutput, attConfig.GetMeasurements())
|
||||
if err != nil {
|
||||
return fmt.Errorf("printing attestation document: %w", err)
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue