Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-10-29 02:40:19 -04:00
Code Issues Projects Releases Packages Wiki Activity
constellation/terraform-provider-constellation/docs/data-sources/attestation.md

4 KiB
Raw Permalink Blame History

page_title subcategory description
constellation_attestation Data Source - constellation Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image.

constellation_attestation (Data Source)

Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image.

Example Usage

data "constellation_image" "example" {} # Fill accordingly for the CSP

data "constellation_attestation" "test" {
  csp                 = "aws"
  attestation_variant = "aws-sev-snp"
  image               = data.constellation_image.example.image
}

Schema

Required

  • attestation_variant (String) Attestation variant the image should work with. Can be one of:
    • aws-sev-snp
    • aws-nitro-tpm
    • azure-sev-snp
    • azure-tdx
    • gcp-sev-snp
    • gcp-sev-es
    • qemu-vtpm
  • csp (String) CSP (Cloud Service Provider) to use. (e.g. azure) See the full list of CSPs that Constellation supports.
  • image (Attributes) Constellation OS Image to use on the nodes. (see below for nested schema)

Optional

  • insecure (Boolean) DON'T USE IN PRODUCTION Skip the signature verification when fetching measurements for the image.
  • maa_url (String) For Azure only, the URL of the Microsoft Azure Attestation service. The MAA's policy needs to be patched manually to work with Constellation OS images. See the Constellation documentation for more information.

Read-Only

  • attestation (Attributes) Attestation comprises the measurements and CVM specific parameters. (see below for nested schema)

Nested Schema for image

Required:

  • reference (String) CSP-specific unique reference to the image. The format differs per CSP.
  • short_path (String) CSP-agnostic short path to the image. The format is vX.Y.Z for release images and ref/$GIT_REF/stream/$STREAM/$SEMANTIC_VERSION for pre-release images.
  • $GIT_REF is the git reference (i.e. branch name) the image was built on, e.g. main.
  • $STREAM is the stream the image was built on, e.g. nightly.
  • $SEMANTIC_VERSION is the semantic version of the image, e.g. vX.Y.Z or vX.Y.Z-pre....
  • version (String) Semantic version of the image.

Optional:

  • marketplace_image (Boolean) Whether a marketplace image should be used.

Nested Schema for attestation

Read-Only:

  • amd_root_key (String)
  • azure_firmware_signer_config (Attributes) (see below for nested schema)
  • bootloader_version (Number)
  • measurements (Attributes Map) (see below for nested schema)
  • microcode_version (Number)
  • snp_version (Number)
  • tdx (Attributes) (see below for nested schema)
  • tee_version (Number)
  • variant (String) Attestation variant the image should work with. Can be one of:
    • aws-sev-snp
    • aws-nitro-tpm
    • azure-sev-snp
    • azure-tdx
    • gcp-sev-snp
    • gcp-sev-es
    • qemu-vtpm

Nested Schema for attestation.azure_firmware_signer_config

Read-Only:

  • accepted_key_digests (List of String)
  • enforcement_policy (String)
  • maa_url (String)

Nested Schema for attestation.measurements

Read-Only:

  • expected (String)
  • warn_only (Boolean)

Nested Schema for attestation.tdx

Read-Only:

  • intel_root_key (String)
  • mr_seam (String)
  • pce_svn (Number)
  • qe_svn (Number)
  • qe_vendor_id (String)
  • tee_tcb_svn (String)
  • xfam (String)