Daniel Weiße 5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257)
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-21 12:46:49 +01:00

43 lines
1.0 KiB
Protocol Buffer

syntax = "proto3";
package init;
option go_package = "github.com/edgelesssys/constellation/v2/bootstrapper/initproto";
service API {
rpc Init(InitRequest) returns (InitResponse);
}
message InitRequest {
// repeated string autoscaling_node_groups = 1; removed
// bytes master_secret = 2; removed
string kms_uri = 3;
string storage_uri = 4;
// string key_encryption_key_id = 5; removed
// bool use_existing_kek = 6; removed
string cloud_service_account_uri = 7;
string kubernetes_version = 8;
// repeated SSHUserKey ssh_user_keys = 9; removed
// bytes salt = 10; removed
bytes helm_deployments = 11;
repeated uint32 enforced_pcrs = 12;
// bool enforce_idkeydigest = 13; removed
bool conformance_mode = 14;
repeated KubernetesComponent kubernetes_components = 15;
bytes init_secret = 16;
string cluster_name = 17;
}
message InitResponse {
bytes kubeconfig = 1;
bytes owner_id = 2;
bytes cluster_id = 3;
}
message KubernetesComponent {
string url = 1;
string hash = 2;
string install_path = 3;
bool extract = 4;
}