cli: support custom attestation policies for maa (#1375)

* create and update maa attestation policy

* use interface to allow unit testing

* fix test csp

* http request for policy patch

* go mod tidy

* remove hyphen

* go mod tidy

* wip: adapt to feedback

* linting fixes

* remove csp from tf call

* fix type assertion

* Add MAA URL to instance tags (#1409)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* conditionally create maa provider

* only set instance tag when maa is created

* fix azure unit test

* bazel tidy

* remove AzureCVM const

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* encode policy at runtime

* remove policy arg

* fix unit test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

cli/internal/terraform/terraform.go

@@ -128,10 +128,18 @@ func (c *Client) CreateCluster(ctx context.Context) (CreateOutput, error) {
 		return CreateOutput{}, errors.New("invalid type in uid output: not a string")
 	}
 
+	var attestationURL string
+	if attestationURLOutput, ok := tfState.Values.Outputs["attestationURL"]; ok {
+		if attestationURLString, ok := attestationURLOutput.Value.(string); ok {
+			attestationURL = attestationURLString
+		}
+	}
+
 	return CreateOutput{
-		IP:     ip,
-		Secret: secret,
-		UID:    uid,
+		IP:             ip,
+		Secret:         secret,
+		UID:            uid,
+		AttestationURL: attestationURL,
 	}, nil
 }
 
@@ -140,6 +148,9 @@ type CreateOutput struct {
 	IP     string
 	Secret string
 	UID    string
+	// AttestationURL is the URL of the attestation provider.
+	// It is only set if the cluster is created on Azure.
+	AttestationURL string
 }
 
 // IAMOutput contains the output information of the Terraform IAM operations.