cli: support custom attestation policies for maa (#1375)

* create and update maa attestation policy * use interface to allow unit testing * fix test csp * http request for policy patch * go mod tidy * remove hyphen * go mod tidy * wip: adapt to feedback * linting fixes * remove csp from tf call * fix type assertion * Add MAA URL to instance tags (#1409) Signed-off-by: Daniel Weiße <dw@edgeless.systems> * conditionally create maa provider * only set instance tag when maa is created * fix azure unit test * bazel tidy * remove AzureCVM const Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * encode policy at runtime * remove policy arg * fix unit test --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2025-05-03 14:54:53 -04:00 · 2023-03-20 13:33:04 +01:00 · 2023-03-20 13:33:04 +01:00 · f2ce9518a3
commit f2ce9518a3
parent 119bf02435
15 changed files with 329 additions and 39 deletions
--- a/cli/internal/terraform/variables.go
+++ b/cli/internal/terraform/variables.go
@ -175,6 +175,8 @@ type AzureClusterVariables struct {
 	ConfidentialVM bool
 	// SecureBoot sets the VM to use secure boot.
 	SecureBoot bool
+	// CreateMAA sets whether a Microsoft Azure attestation provider should be created.
+	CreateMAA bool
 	// Debug is true if debug mode is enabled.
 	Debug bool
 }
@ -191,6 +193,7 @@ func (v *AzureClusterVariables) String() string {
 	writeLinef(b, "image_id = %q", v.ImageID)
 	writeLinef(b, "confidential_vm = %t", v.ConfidentialVM)
 	writeLinef(b, "secure_boot = %t", v.SecureBoot)
+	writeLinef(b, "create_maa = %t", v.CreateMAA)
 	writeLinef(b, "debug = %t", v.Debug)

 	return b.String()