--- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "constellation_attestation Data Source - constellation" subcategory: "" description: |- Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image. --- # constellation_attestation (Data Source) Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image. ## Example Usage ```terraform data "constellation_image" "example" {} # Fill accordingly for the CSP data "constellation_attestation" "test" { csp = "aws" attestation_variant = "aws-sev-snp" image = data.constellation_image.example.image } ``` ## Schema ### Required - `attestation_variant` (String) Attestation variant the image should work with. Can be one of: * `aws-sev-snp` * `aws-nitro-tpm` * `azure-sev-snp` * `azure-tdx` * `gcp-sev-snp` * `gcp-sev-es` * `qemu-vtpm` - `csp` (String) CSP (Cloud Service Provider) to use. (e.g. `azure`) See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports. - `image` (Attributes) Constellation OS Image to use on the nodes. (see [below for nested schema](#nestedatt--image)) ### Optional - `insecure` (Boolean) DON'T USE IN PRODUCTION Skip the signature verification when fetching measurements for the image. - `maa_url` (String) For Azure only, the URL of the Microsoft Azure Attestation service. The MAA's policy needs to be patched manually to work with Constellation OS images. See the [Constellation documentation](https://docs.edgeless.systems/constellation/workflows/terraform-provider#quick-setup) for more information. ### Read-Only - `attestation` (Attributes) Attestation comprises the measurements and CVM specific parameters. (see [below for nested schema](#nestedatt--attestation)) ### Nested Schema for `image` Required: - `reference` (String) CSP-specific unique reference to the image. The format differs per CSP. - `short_path` (String) CSP-agnostic short path to the image. The format is `vX.Y.Z` for release images and `ref/$GIT_REF/stream/$STREAM/$SEMANTIC_VERSION` for pre-release images. - `$GIT_REF` is the git reference (i.e. branch name) the image was built on, e.g. `main`. - `$STREAM` is the stream the image was built on, e.g. `nightly`. - `$SEMANTIC_VERSION` is the semantic version of the image, e.g. `vX.Y.Z` or `vX.Y.Z-pre...`. - `version` (String) Semantic version of the image. Optional: - `marketplace_image` (Boolean) Whether a marketplace image should be used. ### Nested Schema for `attestation` Read-Only: - `amd_root_key` (String) - `azure_firmware_signer_config` (Attributes) (see [below for nested schema](#nestedatt--attestation--azure_firmware_signer_config)) - `bootloader_version` (Number) - `measurements` (Attributes Map) (see [below for nested schema](#nestedatt--attestation--measurements)) - `microcode_version` (Number) - `snp_version` (Number) - `tdx` (Attributes) (see [below for nested schema](#nestedatt--attestation--tdx)) - `tee_version` (Number) - `variant` (String) Attestation variant the image should work with. Can be one of: * `aws-sev-snp` * `aws-nitro-tpm` * `azure-sev-snp` * `azure-tdx` * `gcp-sev-snp` * `gcp-sev-es` * `qemu-vtpm` ### Nested Schema for `attestation.azure_firmware_signer_config` Read-Only: - `accepted_key_digests` (List of String) - `enforcement_policy` (String) - `maa_url` (String) ### Nested Schema for `attestation.measurements` Read-Only: - `expected` (String) - `warn_only` (Boolean) ### Nested Schema for `attestation.tdx` Read-Only: - `intel_root_key` (String) - `mr_seam` (String) - `pce_svn` (Number) - `qe_svn` (Number) - `qe_vendor_id` (String) - `tee_tcb_svn` (String) - `xfam` (String)