config: add separate option for handling attestation parameters (#1623)

* Add attestation options to config * Add join-config migration path for clusters with old measurement format * Always create MAA provider for Azure SNP clusters * Remove confidential VM option from provider in favor of attestation options * cli: add config migrate command to handle config migration (#1678) --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-08-08 23:12:18 -04:00 · 2023-05-03 11:11:53 +02:00 · 2023-05-03 11:11:53 +02:00 · d7a2ddd939
commit d7a2ddd939
parent 6027b066e5
74 changed files with 1339 additions and 1282 deletions
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@ -106,18 +106,12 @@ const (

 	// ServiceBasePath is the base path for the mounted micro service's files.
 	ServiceBasePath = "/var/config"
-	// MeasurementsFilename is the filename of CC measurements.
-	MeasurementsFilename = "measurements"
+	// AttestationConfigFilename is the filename of the config used for CC validation.
+	AttestationConfigFilename = "attestationConfig"
 	// MeasurementSaltFilename is the filename of the salt used in creation of the clusterID.
 	MeasurementSaltFilename = "measurementSalt"
 	// MeasurementSecretFilename is the filename of the secret used in creation of the clusterID.
 	MeasurementSecretFilename = "measurementSecret"
-	// IDKeyDigestFilename is the name of the file holding the currently enforced idkeydigest.
-	IDKeyDigestFilename = "idkeydigests"
-	// EnforceIDKeyDigestFilename is the name of the file configuring whether idkeydigest is enforced or not.
-	EnforceIDKeyDigestFilename = "enforceIdKeyDigest"
-	// IDKeyConfigFilename is the name of the file holding the configuration for validating the SEV-SNP ID key digest.
-	IDKeyConfigFilename = "idKeyConfig"

 	// K8sVersionFieldName is the name of the of the key holding the wanted Kubernetes version.
 	K8sVersionFieldName = "cluster-version"