mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-13 08:29:38 -05:00
8da6a23aa5
terraform: collect apiserver cert SANs and support custom endpoint constants: add new constants for cluster configuration and custom endpoint cloud: support apiserver cert sans and prepare for endpoint migration on AWS config: add customEndpoint field bootstrapper: use per-CSP apiserver cert SANs cli: route customEndpoint to terraform and add migration for apiserver cert SANs bootstrapper: change interface of GetLoadBalancerEndpoint to return host and port separately
739 lines
46 KiB
Go
739 lines
46 KiB
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
// Code generated by hack/docgen tool. DO NOT EDIT.
|
|
|
|
package config
|
|
|
|
import (
|
|
"github.com/siderolabs/talos/pkg/machinery/config/encoder"
|
|
)
|
|
|
|
var (
|
|
ConfigDoc encoder.Doc
|
|
ProviderConfigDoc encoder.Doc
|
|
AWSConfigDoc encoder.Doc
|
|
AzureConfigDoc encoder.Doc
|
|
GCPConfigDoc encoder.Doc
|
|
OpenStackConfigDoc encoder.Doc
|
|
QEMUConfigDoc encoder.Doc
|
|
AttestationConfigDoc encoder.Doc
|
|
UnsupportedAppRegistrationErrorDoc encoder.Doc
|
|
AWSSEVSNPDoc encoder.Doc
|
|
AWSNitroTPMDoc encoder.Doc
|
|
SNPFirmwareSignerConfigDoc encoder.Doc
|
|
GCPSEVESDoc encoder.Doc
|
|
QEMUVTPMDoc encoder.Doc
|
|
QEMUTDXDoc encoder.Doc
|
|
AzureSEVSNPDoc encoder.Doc
|
|
AzureTrustedLaunchDoc encoder.Doc
|
|
)
|
|
|
|
func init() {
|
|
ConfigDoc.Type = "Config"
|
|
ConfigDoc.Comments[encoder.LineComment] = "Config defines configuration used by CLI."
|
|
ConfigDoc.Description = "Config defines configuration used by CLI."
|
|
ConfigDoc.Fields = make([]encoder.Doc, 10)
|
|
ConfigDoc.Fields[0].Name = "version"
|
|
ConfigDoc.Fields[0].Type = "string"
|
|
ConfigDoc.Fields[0].Note = ""
|
|
ConfigDoc.Fields[0].Description = "Schema version of this configuration file."
|
|
ConfigDoc.Fields[0].Comments[encoder.LineComment] = "Schema version of this configuration file."
|
|
ConfigDoc.Fields[1].Name = "image"
|
|
ConfigDoc.Fields[1].Type = "string"
|
|
ConfigDoc.Fields[1].Note = ""
|
|
ConfigDoc.Fields[1].Description = "Machine image version used to create Constellation nodes."
|
|
ConfigDoc.Fields[1].Comments[encoder.LineComment] = "Machine image version used to create Constellation nodes."
|
|
ConfigDoc.Fields[2].Name = "name"
|
|
ConfigDoc.Fields[2].Type = "string"
|
|
ConfigDoc.Fields[2].Note = ""
|
|
ConfigDoc.Fields[2].Description = "Name of the cluster."
|
|
ConfigDoc.Fields[2].Comments[encoder.LineComment] = "Name of the cluster."
|
|
ConfigDoc.Fields[3].Name = "stateDiskSizeGB"
|
|
ConfigDoc.Fields[3].Type = "int"
|
|
ConfigDoc.Fields[3].Note = ""
|
|
ConfigDoc.Fields[3].Description = "Size (in GB) of a node's disk to store the non-volatile state."
|
|
ConfigDoc.Fields[3].Comments[encoder.LineComment] = "Size (in GB) of a node's disk to store the non-volatile state."
|
|
ConfigDoc.Fields[4].Name = "kubernetesVersion"
|
|
ConfigDoc.Fields[4].Type = "string"
|
|
ConfigDoc.Fields[4].Note = ""
|
|
ConfigDoc.Fields[4].Description = "Kubernetes version to be installed into the cluster."
|
|
ConfigDoc.Fields[4].Comments[encoder.LineComment] = "Kubernetes version to be installed into the cluster."
|
|
ConfigDoc.Fields[5].Name = "microserviceVersion"
|
|
ConfigDoc.Fields[5].Type = "string"
|
|
ConfigDoc.Fields[5].Note = ""
|
|
ConfigDoc.Fields[5].Description = "Microservice version to be installed into the cluster. Defaults to the version of the CLI."
|
|
ConfigDoc.Fields[5].Comments[encoder.LineComment] = "Microservice version to be installed into the cluster. Defaults to the version of the CLI."
|
|
ConfigDoc.Fields[6].Name = "debugCluster"
|
|
ConfigDoc.Fields[6].Type = "bool"
|
|
ConfigDoc.Fields[6].Note = ""
|
|
ConfigDoc.Fields[6].Description = "DON'T USE IN PRODUCTION: enable debug mode and use debug images."
|
|
ConfigDoc.Fields[6].Comments[encoder.LineComment] = "DON'T USE IN PRODUCTION: enable debug mode and use debug images."
|
|
ConfigDoc.Fields[7].Name = "provider"
|
|
ConfigDoc.Fields[7].Type = "ProviderConfig"
|
|
ConfigDoc.Fields[7].Note = ""
|
|
ConfigDoc.Fields[7].Description = "Supported cloud providers and their specific configurations."
|
|
ConfigDoc.Fields[7].Comments[encoder.LineComment] = "Supported cloud providers and their specific configurations."
|
|
ConfigDoc.Fields[8].Name = "attestation"
|
|
ConfigDoc.Fields[8].Type = "AttestationConfig"
|
|
ConfigDoc.Fields[8].Note = ""
|
|
ConfigDoc.Fields[8].Description = "Configuration for attestation validation. This configuration provides sensible defaults for the Constellation version it was created for.\nSee the docs for an overview on attestation: https://docs.edgeless.systems/constellation/architecture/attestation"
|
|
ConfigDoc.Fields[8].Comments[encoder.LineComment] = "Configuration for attestation validation. This configuration provides sensible defaults for the Constellation version it was created for.\nSee the docs for an overview on attestation: https://docs.edgeless.systems/constellation/architecture/attestation"
|
|
ConfigDoc.Fields[9].Name = "customEndpoint"
|
|
ConfigDoc.Fields[9].Type = "string"
|
|
ConfigDoc.Fields[9].Note = ""
|
|
ConfigDoc.Fields[9].Description = "Optional custom endpoint (DNS name) for the Constellation API server.\nThis can be used to point a custom dns name at the Constellation API server\nand is added to the Subject Alternative Name (SAN) field of the TLS certificate used by the API server.\nA fallback to DNS name is always available."
|
|
ConfigDoc.Fields[9].Comments[encoder.LineComment] = "Optional custom endpoint (DNS name) for the Constellation API server."
|
|
|
|
ProviderConfigDoc.Type = "ProviderConfig"
|
|
ProviderConfigDoc.Comments[encoder.LineComment] = "ProviderConfig are cloud-provider specific configuration values used by the CLI."
|
|
ProviderConfigDoc.Description = "ProviderConfig are cloud-provider specific configuration values used by the CLI.\nFields should remain pointer-types so custom specific configs can nil them\nif not required.\n"
|
|
ProviderConfigDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "Config",
|
|
FieldName: "provider",
|
|
},
|
|
}
|
|
ProviderConfigDoc.Fields = make([]encoder.Doc, 5)
|
|
ProviderConfigDoc.Fields[0].Name = "aws"
|
|
ProviderConfigDoc.Fields[0].Type = "AWSConfig"
|
|
ProviderConfigDoc.Fields[0].Note = ""
|
|
ProviderConfigDoc.Fields[0].Description = "Configuration for AWS as provider."
|
|
ProviderConfigDoc.Fields[0].Comments[encoder.LineComment] = "Configuration for AWS as provider."
|
|
ProviderConfigDoc.Fields[1].Name = "azure"
|
|
ProviderConfigDoc.Fields[1].Type = "AzureConfig"
|
|
ProviderConfigDoc.Fields[1].Note = ""
|
|
ProviderConfigDoc.Fields[1].Description = "Configuration for Azure as provider."
|
|
ProviderConfigDoc.Fields[1].Comments[encoder.LineComment] = "Configuration for Azure as provider."
|
|
ProviderConfigDoc.Fields[2].Name = "gcp"
|
|
ProviderConfigDoc.Fields[2].Type = "GCPConfig"
|
|
ProviderConfigDoc.Fields[2].Note = ""
|
|
ProviderConfigDoc.Fields[2].Description = "Configuration for Google Cloud as provider."
|
|
ProviderConfigDoc.Fields[2].Comments[encoder.LineComment] = "Configuration for Google Cloud as provider."
|
|
ProviderConfigDoc.Fields[3].Name = "openstack"
|
|
ProviderConfigDoc.Fields[3].Type = "OpenStackConfig"
|
|
ProviderConfigDoc.Fields[3].Note = ""
|
|
ProviderConfigDoc.Fields[3].Description = "Configuration for OpenStack as provider."
|
|
ProviderConfigDoc.Fields[3].Comments[encoder.LineComment] = "Configuration for OpenStack as provider."
|
|
ProviderConfigDoc.Fields[4].Name = "qemu"
|
|
ProviderConfigDoc.Fields[4].Type = "QEMUConfig"
|
|
ProviderConfigDoc.Fields[4].Note = ""
|
|
ProviderConfigDoc.Fields[4].Description = "Configuration for QEMU as provider."
|
|
ProviderConfigDoc.Fields[4].Comments[encoder.LineComment] = "Configuration for QEMU as provider."
|
|
|
|
AWSConfigDoc.Type = "AWSConfig"
|
|
AWSConfigDoc.Comments[encoder.LineComment] = "AWSConfig are AWS specific configuration values used by the CLI."
|
|
AWSConfigDoc.Description = "AWSConfig are AWS specific configuration values used by the CLI."
|
|
AWSConfigDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "ProviderConfig",
|
|
FieldName: "aws",
|
|
},
|
|
}
|
|
AWSConfigDoc.Fields = make([]encoder.Doc, 7)
|
|
AWSConfigDoc.Fields[0].Name = "region"
|
|
AWSConfigDoc.Fields[0].Type = "string"
|
|
AWSConfigDoc.Fields[0].Note = ""
|
|
AWSConfigDoc.Fields[0].Description = "AWS data center region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions"
|
|
AWSConfigDoc.Fields[0].Comments[encoder.LineComment] = "AWS data center region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions"
|
|
AWSConfigDoc.Fields[1].Name = "zone"
|
|
AWSConfigDoc.Fields[1].Type = "string"
|
|
AWSConfigDoc.Fields[1].Note = ""
|
|
AWSConfigDoc.Fields[1].Description = "AWS data center zone name in defined region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones"
|
|
AWSConfigDoc.Fields[1].Comments[encoder.LineComment] = "AWS data center zone name in defined region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones"
|
|
AWSConfigDoc.Fields[2].Name = "instanceType"
|
|
AWSConfigDoc.Fields[2].Type = "string"
|
|
AWSConfigDoc.Fields[2].Note = ""
|
|
AWSConfigDoc.Fields[2].Description = "VM instance type to use for Constellation nodes. Needs to support NitroTPM. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html"
|
|
AWSConfigDoc.Fields[2].Comments[encoder.LineComment] = "VM instance type to use for Constellation nodes. Needs to support NitroTPM. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html"
|
|
AWSConfigDoc.Fields[3].Name = "stateDiskType"
|
|
AWSConfigDoc.Fields[3].Type = "string"
|
|
AWSConfigDoc.Fields[3].Note = ""
|
|
AWSConfigDoc.Fields[3].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html"
|
|
AWSConfigDoc.Fields[3].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html"
|
|
AWSConfigDoc.Fields[4].Name = "iamProfileControlPlane"
|
|
AWSConfigDoc.Fields[4].Type = "string"
|
|
AWSConfigDoc.Fields[4].Note = ""
|
|
AWSConfigDoc.Fields[4].Description = "Name of the IAM profile to use for the control-plane nodes."
|
|
AWSConfigDoc.Fields[4].Comments[encoder.LineComment] = "Name of the IAM profile to use for the control-plane nodes."
|
|
AWSConfigDoc.Fields[5].Name = "iamProfileWorkerNodes"
|
|
AWSConfigDoc.Fields[5].Type = "string"
|
|
AWSConfigDoc.Fields[5].Note = ""
|
|
AWSConfigDoc.Fields[5].Description = "Name of the IAM profile to use for the worker nodes."
|
|
AWSConfigDoc.Fields[5].Comments[encoder.LineComment] = "Name of the IAM profile to use for the worker nodes."
|
|
AWSConfigDoc.Fields[6].Name = "deployCSIDriver"
|
|
AWSConfigDoc.Fields[6].Type = "bool"
|
|
AWSConfigDoc.Fields[6].Note = "TODO (msanft): after v2.9 release re-enable \"required\" validation\n"
|
|
AWSConfigDoc.Fields[6].Description = "Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"
|
|
AWSConfigDoc.Fields[6].Comments[encoder.LineComment] = "Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"
|
|
|
|
AzureConfigDoc.Type = "AzureConfig"
|
|
AzureConfigDoc.Comments[encoder.LineComment] = "AzureConfig are Azure specific configuration values used by the CLI."
|
|
AzureConfigDoc.Description = "AzureConfig are Azure specific configuration values used by the CLI."
|
|
AzureConfigDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "ProviderConfig",
|
|
FieldName: "azure",
|
|
},
|
|
}
|
|
AzureConfigDoc.Fields = make([]encoder.Doc, 9)
|
|
AzureConfigDoc.Fields[0].Name = "subscription"
|
|
AzureConfigDoc.Fields[0].Type = "string"
|
|
AzureConfigDoc.Fields[0].Note = ""
|
|
AzureConfigDoc.Fields[0].Description = "Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription"
|
|
AzureConfigDoc.Fields[0].Comments[encoder.LineComment] = "Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription"
|
|
AzureConfigDoc.Fields[1].Name = "tenant"
|
|
AzureConfigDoc.Fields[1].Type = "string"
|
|
AzureConfigDoc.Fields[1].Note = ""
|
|
AzureConfigDoc.Fields[1].Description = "Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant"
|
|
AzureConfigDoc.Fields[1].Comments[encoder.LineComment] = "Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant"
|
|
AzureConfigDoc.Fields[2].Name = "location"
|
|
AzureConfigDoc.Fields[2].Type = "string"
|
|
AzureConfigDoc.Fields[2].Note = ""
|
|
AzureConfigDoc.Fields[2].Description = "Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones"
|
|
AzureConfigDoc.Fields[2].Comments[encoder.LineComment] = "Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones"
|
|
AzureConfigDoc.Fields[3].Name = "resourceGroup"
|
|
AzureConfigDoc.Fields[3].Type = "string"
|
|
AzureConfigDoc.Fields[3].Note = ""
|
|
AzureConfigDoc.Fields[3].Description = "Resource group for the cluster's resources. Must already exist."
|
|
AzureConfigDoc.Fields[3].Comments[encoder.LineComment] = "Resource group for the cluster's resources. Must already exist."
|
|
AzureConfigDoc.Fields[4].Name = "userAssignedIdentity"
|
|
AzureConfigDoc.Fields[4].Type = "string"
|
|
AzureConfigDoc.Fields[4].Note = ""
|
|
AzureConfigDoc.Fields[4].Description = "Authorize spawned VMs to access Azure API."
|
|
AzureConfigDoc.Fields[4].Comments[encoder.LineComment] = "Authorize spawned VMs to access Azure API."
|
|
AzureConfigDoc.Fields[5].Name = "instanceType"
|
|
AzureConfigDoc.Fields[5].Type = "string"
|
|
AzureConfigDoc.Fields[5].Note = ""
|
|
AzureConfigDoc.Fields[5].Description = "VM instance type to use for Constellation nodes."
|
|
AzureConfigDoc.Fields[5].Comments[encoder.LineComment] = "VM instance type to use for Constellation nodes."
|
|
AzureConfigDoc.Fields[6].Name = "stateDiskType"
|
|
AzureConfigDoc.Fields[6].Type = "string"
|
|
AzureConfigDoc.Fields[6].Note = ""
|
|
AzureConfigDoc.Fields[6].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison"
|
|
AzureConfigDoc.Fields[6].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison"
|
|
AzureConfigDoc.Fields[7].Name = "deployCSIDriver"
|
|
AzureConfigDoc.Fields[7].Type = "bool"
|
|
AzureConfigDoc.Fields[7].Note = ""
|
|
AzureConfigDoc.Fields[7].Description = "Deploy Azure Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"
|
|
AzureConfigDoc.Fields[7].Comments[encoder.LineComment] = "Deploy Azure Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"
|
|
AzureConfigDoc.Fields[8].Name = "secureBoot"
|
|
AzureConfigDoc.Fields[8].Type = "bool"
|
|
AzureConfigDoc.Fields[8].Note = ""
|
|
AzureConfigDoc.Fields[8].Description = "Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob."
|
|
AzureConfigDoc.Fields[8].Comments[encoder.LineComment] = "Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob."
|
|
|
|
GCPConfigDoc.Type = "GCPConfig"
|
|
GCPConfigDoc.Comments[encoder.LineComment] = "GCPConfig are GCP specific configuration values used by the CLI."
|
|
GCPConfigDoc.Description = "GCPConfig are GCP specific configuration values used by the CLI."
|
|
GCPConfigDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "ProviderConfig",
|
|
FieldName: "gcp",
|
|
},
|
|
}
|
|
GCPConfigDoc.Fields = make([]encoder.Doc, 7)
|
|
GCPConfigDoc.Fields[0].Name = "project"
|
|
GCPConfigDoc.Fields[0].Type = "string"
|
|
GCPConfigDoc.Fields[0].Note = ""
|
|
GCPConfigDoc.Fields[0].Description = "GCP project. See: https://support.google.com/googleapi/answer/7014113?hl=en"
|
|
GCPConfigDoc.Fields[0].Comments[encoder.LineComment] = "GCP project. See: https://support.google.com/googleapi/answer/7014113?hl=en"
|
|
GCPConfigDoc.Fields[1].Name = "region"
|
|
GCPConfigDoc.Fields[1].Type = "string"
|
|
GCPConfigDoc.Fields[1].Note = ""
|
|
GCPConfigDoc.Fields[1].Description = "GCP datacenter region. See: https://cloud.google.com/compute/docs/regions-zones#available"
|
|
GCPConfigDoc.Fields[1].Comments[encoder.LineComment] = "GCP datacenter region. See: https://cloud.google.com/compute/docs/regions-zones#available"
|
|
GCPConfigDoc.Fields[2].Name = "zone"
|
|
GCPConfigDoc.Fields[2].Type = "string"
|
|
GCPConfigDoc.Fields[2].Note = ""
|
|
GCPConfigDoc.Fields[2].Description = "GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available"
|
|
GCPConfigDoc.Fields[2].Comments[encoder.LineComment] = "GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available"
|
|
GCPConfigDoc.Fields[3].Name = "serviceAccountKeyPath"
|
|
GCPConfigDoc.Fields[3].Type = "string"
|
|
GCPConfigDoc.Fields[3].Note = ""
|
|
GCPConfigDoc.Fields[3].Description = "Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization"
|
|
GCPConfigDoc.Fields[3].Comments[encoder.LineComment] = "Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization"
|
|
GCPConfigDoc.Fields[4].Name = "instanceType"
|
|
GCPConfigDoc.Fields[4].Type = "string"
|
|
GCPConfigDoc.Fields[4].Note = ""
|
|
GCPConfigDoc.Fields[4].Description = "VM instance type to use for Constellation nodes."
|
|
GCPConfigDoc.Fields[4].Comments[encoder.LineComment] = "VM instance type to use for Constellation nodes."
|
|
GCPConfigDoc.Fields[5].Name = "stateDiskType"
|
|
GCPConfigDoc.Fields[5].Type = "string"
|
|
GCPConfigDoc.Fields[5].Note = ""
|
|
GCPConfigDoc.Fields[5].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types"
|
|
GCPConfigDoc.Fields[5].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types"
|
|
GCPConfigDoc.Fields[6].Name = "deployCSIDriver"
|
|
GCPConfigDoc.Fields[6].Type = "bool"
|
|
GCPConfigDoc.Fields[6].Note = ""
|
|
GCPConfigDoc.Fields[6].Description = "Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"
|
|
GCPConfigDoc.Fields[6].Comments[encoder.LineComment] = "Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"
|
|
|
|
OpenStackConfigDoc.Type = "OpenStackConfig"
|
|
OpenStackConfigDoc.Comments[encoder.LineComment] = "OpenStackConfig holds config information for OpenStack based Constellation deployments."
|
|
OpenStackConfigDoc.Description = "OpenStackConfig holds config information for OpenStack based Constellation deployments."
|
|
OpenStackConfigDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "ProviderConfig",
|
|
FieldName: "openstack",
|
|
},
|
|
}
|
|
OpenStackConfigDoc.Fields = make([]encoder.Doc, 18)
|
|
OpenStackConfigDoc.Fields[0].Name = "cloud"
|
|
OpenStackConfigDoc.Fields[0].Type = "string"
|
|
OpenStackConfigDoc.Fields[0].Note = ""
|
|
OpenStackConfigDoc.Fields[0].Description = "OpenStack cloud name to select from \"clouds.yaml\". Only required if config file for OpenStack is used. Fallback authentication uses environment variables. For details see: https://docs.openstack.org/openstacksdk/latest/user/config/configuration.html."
|
|
OpenStackConfigDoc.Fields[0].Comments[encoder.LineComment] = "OpenStack cloud name to select from \"clouds.yaml\". Only required if config file for OpenStack is used. Fallback authentication uses environment variables. For details see: https://docs.openstack.org/openstacksdk/latest/user/config/configuration.html."
|
|
OpenStackConfigDoc.Fields[1].Name = "availabilityZone"
|
|
OpenStackConfigDoc.Fields[1].Type = "string"
|
|
OpenStackConfigDoc.Fields[1].Note = ""
|
|
OpenStackConfigDoc.Fields[1].Description = "Availability zone to place the VMs in. For details see: https://docs.openstack.org/nova/latest/admin/availability-zones.html"
|
|
OpenStackConfigDoc.Fields[1].Comments[encoder.LineComment] = "Availability zone to place the VMs in. For details see: https://docs.openstack.org/nova/latest/admin/availability-zones.html"
|
|
OpenStackConfigDoc.Fields[2].Name = "flavorID"
|
|
OpenStackConfigDoc.Fields[2].Type = "string"
|
|
OpenStackConfigDoc.Fields[2].Note = ""
|
|
OpenStackConfigDoc.Fields[2].Description = "Flavor ID (machine type) to use for the VMs. For details see: https://docs.openstack.org/nova/latest/admin/flavors.html"
|
|
OpenStackConfigDoc.Fields[2].Comments[encoder.LineComment] = "Flavor ID (machine type) to use for the VMs. For details see: https://docs.openstack.org/nova/latest/admin/flavors.html"
|
|
OpenStackConfigDoc.Fields[3].Name = "floatingIPPoolID"
|
|
OpenStackConfigDoc.Fields[3].Type = "string"
|
|
OpenStackConfigDoc.Fields[3].Note = ""
|
|
OpenStackConfigDoc.Fields[3].Description = "Floating IP pool to use for the VMs. For details see: https://docs.openstack.org/ocata/user-guide/cli-manage-ip-addresses.html"
|
|
OpenStackConfigDoc.Fields[3].Comments[encoder.LineComment] = "Floating IP pool to use for the VMs. For details see: https://docs.openstack.org/ocata/user-guide/cli-manage-ip-addresses.html"
|
|
OpenStackConfigDoc.Fields[4].Name = "stateDiskType"
|
|
OpenStackConfigDoc.Fields[4].Type = "string"
|
|
OpenStackConfigDoc.Fields[4].Note = ""
|
|
OpenStackConfigDoc.Fields[4].Description = "Type of a node's state disk. The type influences boot time and I/O performance. Use `openstack volume type list` to get a list of available types."
|
|
OpenStackConfigDoc.Fields[4].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. Use `openstack volume type list` to get a list of available types."
|
|
OpenStackConfigDoc.Fields[5].Name = "authURL"
|
|
OpenStackConfigDoc.Fields[5].Type = "string"
|
|
OpenStackConfigDoc.Fields[5].Note = ""
|
|
OpenStackConfigDoc.Fields[5].Description = "description: |\nAuthURL is the OpenStack Identity endpoint to use inside the cluster.\n"
|
|
OpenStackConfigDoc.Fields[5].Comments[encoder.LineComment] = "description: |"
|
|
OpenStackConfigDoc.Fields[6].Name = "projectID"
|
|
OpenStackConfigDoc.Fields[6].Type = "string"
|
|
OpenStackConfigDoc.Fields[6].Note = ""
|
|
OpenStackConfigDoc.Fields[6].Description = "ProjectID is the ID of the project where a user resides."
|
|
OpenStackConfigDoc.Fields[6].Comments[encoder.LineComment] = "ProjectID is the ID of the project where a user resides."
|
|
OpenStackConfigDoc.Fields[7].Name = "projectName"
|
|
OpenStackConfigDoc.Fields[7].Type = "string"
|
|
OpenStackConfigDoc.Fields[7].Note = ""
|
|
OpenStackConfigDoc.Fields[7].Description = "ProjectName is the name of the project where a user resides."
|
|
OpenStackConfigDoc.Fields[7].Comments[encoder.LineComment] = "ProjectName is the name of the project where a user resides."
|
|
OpenStackConfigDoc.Fields[8].Name = "userDomainName"
|
|
OpenStackConfigDoc.Fields[8].Type = "string"
|
|
OpenStackConfigDoc.Fields[8].Note = ""
|
|
OpenStackConfigDoc.Fields[8].Description = "UserDomainName is the name of the domain where a user resides."
|
|
OpenStackConfigDoc.Fields[8].Comments[encoder.LineComment] = "UserDomainName is the name of the domain where a user resides."
|
|
OpenStackConfigDoc.Fields[9].Name = "projectDomainName"
|
|
OpenStackConfigDoc.Fields[9].Type = "string"
|
|
OpenStackConfigDoc.Fields[9].Note = ""
|
|
OpenStackConfigDoc.Fields[9].Description = "ProjectDomainName is the name of the domain where a project resides."
|
|
OpenStackConfigDoc.Fields[9].Comments[encoder.LineComment] = "ProjectDomainName is the name of the domain where a project resides."
|
|
OpenStackConfigDoc.Fields[10].Name = "regionName"
|
|
OpenStackConfigDoc.Fields[10].Type = "string"
|
|
OpenStackConfigDoc.Fields[10].Note = ""
|
|
OpenStackConfigDoc.Fields[10].Description = "description: |\nRegionName is the name of the region to use inside the cluster.\n"
|
|
OpenStackConfigDoc.Fields[10].Comments[encoder.LineComment] = "description: |"
|
|
OpenStackConfigDoc.Fields[11].Name = "username"
|
|
OpenStackConfigDoc.Fields[11].Type = "string"
|
|
OpenStackConfigDoc.Fields[11].Note = ""
|
|
OpenStackConfigDoc.Fields[11].Description = "Username to use inside the cluster."
|
|
OpenStackConfigDoc.Fields[11].Comments[encoder.LineComment] = "Username to use inside the cluster."
|
|
OpenStackConfigDoc.Fields[12].Name = "password"
|
|
OpenStackConfigDoc.Fields[12].Type = "string"
|
|
OpenStackConfigDoc.Fields[12].Note = ""
|
|
OpenStackConfigDoc.Fields[12].Description = "Password to use inside the cluster. You can instead use the environment variable \"CONSTELL_OS_PASSWORD\"."
|
|
OpenStackConfigDoc.Fields[12].Comments[encoder.LineComment] = "Password to use inside the cluster. You can instead use the environment variable \"CONSTELL_OS_PASSWORD\"."
|
|
OpenStackConfigDoc.Fields[13].Name = "directDownload"
|
|
OpenStackConfigDoc.Fields[13].Type = "bool"
|
|
OpenStackConfigDoc.Fields[13].Note = ""
|
|
OpenStackConfigDoc.Fields[13].Description = "If enabled, downloads OS image directly from source URL to OpenStack. Otherwise, downloads image to local machine and uploads to OpenStack."
|
|
OpenStackConfigDoc.Fields[13].Comments[encoder.LineComment] = "If enabled, downloads OS image directly from source URL to OpenStack. Otherwise, downloads image to local machine and uploads to OpenStack."
|
|
OpenStackConfigDoc.Fields[14].Name = "deployYawolLoadBalancer"
|
|
OpenStackConfigDoc.Fields[14].Type = "bool"
|
|
OpenStackConfigDoc.Fields[14].Note = ""
|
|
OpenStackConfigDoc.Fields[14].Description = "Deploy Yawol loadbalancer. For details see: https://github.com/stackitcloud/yawol"
|
|
OpenStackConfigDoc.Fields[14].Comments[encoder.LineComment] = "Deploy Yawol loadbalancer. For details see: https://github.com/stackitcloud/yawol"
|
|
OpenStackConfigDoc.Fields[15].Name = "yawolImageID"
|
|
OpenStackConfigDoc.Fields[15].Type = "string"
|
|
OpenStackConfigDoc.Fields[15].Note = ""
|
|
OpenStackConfigDoc.Fields[15].Description = "OpenStack OS image used by the yawollet. For details see: https://github.com/stackitcloud/yawol"
|
|
OpenStackConfigDoc.Fields[15].Comments[encoder.LineComment] = "OpenStack OS image used by the yawollet. For details see: https://github.com/stackitcloud/yawol"
|
|
OpenStackConfigDoc.Fields[16].Name = "yawolFlavorID"
|
|
OpenStackConfigDoc.Fields[16].Type = "string"
|
|
OpenStackConfigDoc.Fields[16].Note = ""
|
|
OpenStackConfigDoc.Fields[16].Description = "OpenStack flavor id used for yawollets. For details see: https://github.com/stackitcloud/yawol"
|
|
OpenStackConfigDoc.Fields[16].Comments[encoder.LineComment] = "OpenStack flavor id used for yawollets. For details see: https://github.com/stackitcloud/yawol"
|
|
OpenStackConfigDoc.Fields[17].Name = "deployCSIDriver"
|
|
OpenStackConfigDoc.Fields[17].Type = "bool"
|
|
OpenStackConfigDoc.Fields[17].Note = ""
|
|
OpenStackConfigDoc.Fields[17].Description = "Deploy Cinder CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"
|
|
OpenStackConfigDoc.Fields[17].Comments[encoder.LineComment] = "Deploy Cinder CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"
|
|
|
|
QEMUConfigDoc.Type = "QEMUConfig"
|
|
QEMUConfigDoc.Comments[encoder.LineComment] = "QEMUConfig holds config information for QEMU based Constellation deployments."
|
|
QEMUConfigDoc.Description = "QEMUConfig holds config information for QEMU based Constellation deployments."
|
|
QEMUConfigDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "ProviderConfig",
|
|
FieldName: "qemu",
|
|
},
|
|
}
|
|
QEMUConfigDoc.Fields = make([]encoder.Doc, 8)
|
|
QEMUConfigDoc.Fields[0].Name = "imageFormat"
|
|
QEMUConfigDoc.Fields[0].Type = "string"
|
|
QEMUConfigDoc.Fields[0].Note = ""
|
|
QEMUConfigDoc.Fields[0].Description = "Format of the image to use for the VMs. Should be either qcow2 or raw."
|
|
QEMUConfigDoc.Fields[0].Comments[encoder.LineComment] = "Format of the image to use for the VMs. Should be either qcow2 or raw."
|
|
QEMUConfigDoc.Fields[1].Name = "vcpus"
|
|
QEMUConfigDoc.Fields[1].Type = "int"
|
|
QEMUConfigDoc.Fields[1].Note = ""
|
|
QEMUConfigDoc.Fields[1].Description = "vCPU count for the VMs."
|
|
QEMUConfigDoc.Fields[1].Comments[encoder.LineComment] = "vCPU count for the VMs."
|
|
QEMUConfigDoc.Fields[2].Name = "memory"
|
|
QEMUConfigDoc.Fields[2].Type = "int"
|
|
QEMUConfigDoc.Fields[2].Note = ""
|
|
QEMUConfigDoc.Fields[2].Description = "Amount of memory per instance (MiB)."
|
|
QEMUConfigDoc.Fields[2].Comments[encoder.LineComment] = "Amount of memory per instance (MiB)."
|
|
QEMUConfigDoc.Fields[3].Name = "metadataAPIServer"
|
|
QEMUConfigDoc.Fields[3].Type = "string"
|
|
QEMUConfigDoc.Fields[3].Note = ""
|
|
QEMUConfigDoc.Fields[3].Description = "Container image to use for the QEMU metadata server."
|
|
QEMUConfigDoc.Fields[3].Comments[encoder.LineComment] = "Container image to use for the QEMU metadata server."
|
|
QEMUConfigDoc.Fields[4].Name = "libvirtSocket"
|
|
QEMUConfigDoc.Fields[4].Type = "string"
|
|
QEMUConfigDoc.Fields[4].Note = ""
|
|
QEMUConfigDoc.Fields[4].Description = "Libvirt connection URI. Leave empty to start a libvirt instance in Docker."
|
|
QEMUConfigDoc.Fields[4].Comments[encoder.LineComment] = "Libvirt connection URI. Leave empty to start a libvirt instance in Docker."
|
|
QEMUConfigDoc.Fields[5].Name = "libvirtContainerImage"
|
|
QEMUConfigDoc.Fields[5].Type = "string"
|
|
QEMUConfigDoc.Fields[5].Note = ""
|
|
QEMUConfigDoc.Fields[5].Description = "Container image to use for launching a containerized libvirt daemon. Only relevant if `libvirtSocket = \"\"`."
|
|
QEMUConfigDoc.Fields[5].Comments[encoder.LineComment] = "Container image to use for launching a containerized libvirt daemon. Only relevant if `libvirtSocket = \"\"`."
|
|
QEMUConfigDoc.Fields[6].Name = "nvram"
|
|
QEMUConfigDoc.Fields[6].Type = "string"
|
|
QEMUConfigDoc.Fields[6].Note = ""
|
|
QEMUConfigDoc.Fields[6].Description = "NVRAM template to be used for secure boot. Can be sentinel value \"production\", \"testing\" or a path to a custom NVRAM template"
|
|
QEMUConfigDoc.Fields[6].Comments[encoder.LineComment] = "NVRAM template to be used for secure boot. Can be sentinel value \"production\", \"testing\" or a path to a custom NVRAM template"
|
|
QEMUConfigDoc.Fields[7].Name = "firmware"
|
|
QEMUConfigDoc.Fields[7].Type = "string"
|
|
QEMUConfigDoc.Fields[7].Note = ""
|
|
QEMUConfigDoc.Fields[7].Description = "Path to the OVMF firmware. Leave empty for auto selection."
|
|
QEMUConfigDoc.Fields[7].Comments[encoder.LineComment] = "Path to the OVMF firmware. Leave empty for auto selection."
|
|
|
|
AttestationConfigDoc.Type = "AttestationConfig"
|
|
AttestationConfigDoc.Comments[encoder.LineComment] = "AttestationConfig configuration values used for attestation."
|
|
AttestationConfigDoc.Description = "AttestationConfig configuration values used for attestation.\nFields should remain pointer-types so custom specific configs can nil them\nif not required.\n"
|
|
AttestationConfigDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "Config",
|
|
FieldName: "attestation",
|
|
},
|
|
}
|
|
AttestationConfigDoc.Fields = make([]encoder.Doc, 7)
|
|
AttestationConfigDoc.Fields[0].Name = "awsSEVSNP"
|
|
AttestationConfigDoc.Fields[0].Type = "AWSSEVSNP"
|
|
AttestationConfigDoc.Fields[0].Note = ""
|
|
AttestationConfigDoc.Fields[0].Description = "AWS SEV-SNP attestation. WARNING: Attestation temporarily relies on AWS nitroTPM. See https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information."
|
|
AttestationConfigDoc.Fields[0].Comments[encoder.LineComment] = "AWS SEV-SNP attestation. WARNING: Attestation temporarily relies on AWS nitroTPM. See https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information."
|
|
AttestationConfigDoc.Fields[1].Name = "awsNitroTPM"
|
|
AttestationConfigDoc.Fields[1].Type = "AWSNitroTPM"
|
|
AttestationConfigDoc.Fields[1].Note = ""
|
|
AttestationConfigDoc.Fields[1].Description = "AWS Nitro TPM attestation."
|
|
AttestationConfigDoc.Fields[1].Comments[encoder.LineComment] = "AWS Nitro TPM attestation."
|
|
AttestationConfigDoc.Fields[2].Name = "azureSEVSNP"
|
|
AttestationConfigDoc.Fields[2].Type = "AzureSEVSNP"
|
|
AttestationConfigDoc.Fields[2].Note = ""
|
|
AttestationConfigDoc.Fields[2].Description = "Azure SEV-SNP attestation.\nFor details see: https://docs.edgeless.systems/constellation/architecture/attestation#cvm-verification"
|
|
AttestationConfigDoc.Fields[2].Comments[encoder.LineComment] = "Azure SEV-SNP attestation.\nFor details see: https://docs.edgeless.systems/constellation/architecture/attestation#cvm-verification"
|
|
AttestationConfigDoc.Fields[3].Name = "azureTrustedLaunch"
|
|
AttestationConfigDoc.Fields[3].Type = "AzureTrustedLaunch"
|
|
AttestationConfigDoc.Fields[3].Note = ""
|
|
AttestationConfigDoc.Fields[3].Description = "Azure TPM attestation (Trusted Launch)."
|
|
AttestationConfigDoc.Fields[3].Comments[encoder.LineComment] = "Azure TPM attestation (Trusted Launch)."
|
|
AttestationConfigDoc.Fields[4].Name = "gcpSEVES"
|
|
AttestationConfigDoc.Fields[4].Type = "GCPSEVES"
|
|
AttestationConfigDoc.Fields[4].Note = ""
|
|
AttestationConfigDoc.Fields[4].Description = "GCP SEV-ES attestation."
|
|
AttestationConfigDoc.Fields[4].Comments[encoder.LineComment] = "GCP SEV-ES attestation."
|
|
AttestationConfigDoc.Fields[5].Name = "qemuTDX"
|
|
AttestationConfigDoc.Fields[5].Type = "QEMUTDX"
|
|
AttestationConfigDoc.Fields[5].Note = ""
|
|
AttestationConfigDoc.Fields[5].Description = "QEMU tdx attestation."
|
|
AttestationConfigDoc.Fields[5].Comments[encoder.LineComment] = "QEMU tdx attestation."
|
|
AttestationConfigDoc.Fields[6].Name = "qemuVTPM"
|
|
AttestationConfigDoc.Fields[6].Type = "QEMUVTPM"
|
|
AttestationConfigDoc.Fields[6].Note = ""
|
|
AttestationConfigDoc.Fields[6].Description = "QEMU vTPM attestation."
|
|
AttestationConfigDoc.Fields[6].Comments[encoder.LineComment] = "QEMU vTPM attestation."
|
|
|
|
UnsupportedAppRegistrationErrorDoc.Type = "UnsupportedAppRegistrationError"
|
|
UnsupportedAppRegistrationErrorDoc.Comments[encoder.LineComment] = "UnsupportedAppRegistrationError is returned when the config contains configuration related to now unsupported app registrations."
|
|
UnsupportedAppRegistrationErrorDoc.Description = "UnsupportedAppRegistrationError is returned when the config contains configuration related to now unsupported app registrations."
|
|
UnsupportedAppRegistrationErrorDoc.Fields = make([]encoder.Doc, 0)
|
|
|
|
AWSSEVSNPDoc.Type = "AWSSEVSNP"
|
|
AWSSEVSNPDoc.Comments[encoder.LineComment] = "AWSSEVSNP is the configuration for AWS SEV-SNP attestation."
|
|
AWSSEVSNPDoc.Description = "AWSSEVSNP is the configuration for AWS SEV-SNP attestation."
|
|
AWSSEVSNPDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "AttestationConfig",
|
|
FieldName: "awsSEVSNP",
|
|
},
|
|
}
|
|
AWSSEVSNPDoc.Fields = make([]encoder.Doc, 1)
|
|
AWSSEVSNPDoc.Fields[0].Name = "measurements"
|
|
AWSSEVSNPDoc.Fields[0].Type = "M"
|
|
AWSSEVSNPDoc.Fields[0].Note = ""
|
|
AWSSEVSNPDoc.Fields[0].Description = "Expected TPM measurements."
|
|
AWSSEVSNPDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
|
|
|
|
AWSNitroTPMDoc.Type = "AWSNitroTPM"
|
|
AWSNitroTPMDoc.Comments[encoder.LineComment] = "AWSNitroTPM is the configuration for AWS Nitro TPM attestation."
|
|
AWSNitroTPMDoc.Description = "AWSNitroTPM is the configuration for AWS Nitro TPM attestation."
|
|
AWSNitroTPMDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "AttestationConfig",
|
|
FieldName: "awsNitroTPM",
|
|
},
|
|
}
|
|
AWSNitroTPMDoc.Fields = make([]encoder.Doc, 1)
|
|
AWSNitroTPMDoc.Fields[0].Name = "measurements"
|
|
AWSNitroTPMDoc.Fields[0].Type = "M"
|
|
AWSNitroTPMDoc.Fields[0].Note = ""
|
|
AWSNitroTPMDoc.Fields[0].Description = "Expected TPM measurements."
|
|
AWSNitroTPMDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
|
|
|
|
SNPFirmwareSignerConfigDoc.Type = "SNPFirmwareSignerConfig"
|
|
SNPFirmwareSignerConfigDoc.Comments[encoder.LineComment] = "SNPFirmwareSignerConfig is the configuration for validating the firmware signer."
|
|
SNPFirmwareSignerConfigDoc.Description = "SNPFirmwareSignerConfig is the configuration for validating the firmware signer."
|
|
SNPFirmwareSignerConfigDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "AzureSEVSNP",
|
|
FieldName: "firmwareSignerConfig",
|
|
},
|
|
}
|
|
SNPFirmwareSignerConfigDoc.Fields = make([]encoder.Doc, 3)
|
|
SNPFirmwareSignerConfigDoc.Fields[0].Name = "acceptedKeyDigests"
|
|
SNPFirmwareSignerConfigDoc.Fields[0].Type = "List"
|
|
SNPFirmwareSignerConfigDoc.Fields[0].Note = ""
|
|
SNPFirmwareSignerConfigDoc.Fields[0].Description = "List of accepted values for the firmware signing key digest.\nValues are enforced according to the 'enforcementPolicy'\n - 'equal' : Error if the reported signing key digest does not match any of the values in 'acceptedKeyDigests'\n - 'maaFallback' : Use 'equal' checking for validation, but fallback to using Microsoft Azure Attestation (MAA) for validation if the reported digest does not match any of the values in 'acceptedKeyDigests'. See the Azure docs for more details: https://learn.microsoft.com/en-us/azure/attestation/overview#amd-sev-snp-attestation\n - 'warnOnly' : Same as 'equal', but only prints a warning instead of returning an error if no match is found"
|
|
SNPFirmwareSignerConfigDoc.Fields[0].Comments[encoder.LineComment] = "List of accepted values for the firmware signing key digest.\nValues are enforced according to the 'enforcementPolicy'\n - 'equal' : Error if the reported signing key digest does not match any of the values in 'acceptedKeyDigests'\n - 'maaFallback' : Use 'equal' checking for validation, but fallback to using Microsoft Azure Attestation (MAA) for validation if the reported digest does not match any of the values in 'acceptedKeyDigests'. See the Azure docs for more details: https://learn.microsoft.com/en-us/azure/attestation/overview#amd-sev-snp-attestation\n - 'warnOnly' : Same as 'equal', but only prints a warning instead of returning an error if no match is found"
|
|
SNPFirmwareSignerConfigDoc.Fields[1].Name = "enforcementPolicy"
|
|
SNPFirmwareSignerConfigDoc.Fields[1].Type = "Enforcement"
|
|
SNPFirmwareSignerConfigDoc.Fields[1].Note = ""
|
|
SNPFirmwareSignerConfigDoc.Fields[1].Description = "Key digest enforcement policy. One of {'equal', 'maaFallback', 'warnOnly'}"
|
|
SNPFirmwareSignerConfigDoc.Fields[1].Comments[encoder.LineComment] = "Key digest enforcement policy. One of {'equal', 'maaFallback', 'warnOnly'}"
|
|
SNPFirmwareSignerConfigDoc.Fields[2].Name = "maaURL"
|
|
SNPFirmwareSignerConfigDoc.Fields[2].Type = "string"
|
|
SNPFirmwareSignerConfigDoc.Fields[2].Note = ""
|
|
SNPFirmwareSignerConfigDoc.Fields[2].Description = "URL of the Microsoft Azure Attestation (MAA) instance to use for fallback validation. Only used if 'enforcementPolicy' is set to 'maaFallback'."
|
|
SNPFirmwareSignerConfigDoc.Fields[2].Comments[encoder.LineComment] = "URL of the Microsoft Azure Attestation (MAA) instance to use for fallback validation. Only used if 'enforcementPolicy' is set to 'maaFallback'."
|
|
|
|
GCPSEVESDoc.Type = "GCPSEVES"
|
|
GCPSEVESDoc.Comments[encoder.LineComment] = "GCPSEVES is the configuration for GCP SEV-ES attestation."
|
|
GCPSEVESDoc.Description = "GCPSEVES is the configuration for GCP SEV-ES attestation."
|
|
GCPSEVESDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "AttestationConfig",
|
|
FieldName: "gcpSEVES",
|
|
},
|
|
}
|
|
GCPSEVESDoc.Fields = make([]encoder.Doc, 1)
|
|
GCPSEVESDoc.Fields[0].Name = "measurements"
|
|
GCPSEVESDoc.Fields[0].Type = "M"
|
|
GCPSEVESDoc.Fields[0].Note = ""
|
|
GCPSEVESDoc.Fields[0].Description = "Expected TPM measurements."
|
|
GCPSEVESDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
|
|
|
|
QEMUVTPMDoc.Type = "QEMUVTPM"
|
|
QEMUVTPMDoc.Comments[encoder.LineComment] = "QEMUVTPM is the configuration for QEMU vTPM attestation."
|
|
QEMUVTPMDoc.Description = "QEMUVTPM is the configuration for QEMU vTPM attestation."
|
|
QEMUVTPMDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "AttestationConfig",
|
|
FieldName: "qemuVTPM",
|
|
},
|
|
}
|
|
QEMUVTPMDoc.Fields = make([]encoder.Doc, 1)
|
|
QEMUVTPMDoc.Fields[0].Name = "measurements"
|
|
QEMUVTPMDoc.Fields[0].Type = "M"
|
|
QEMUVTPMDoc.Fields[0].Note = ""
|
|
QEMUVTPMDoc.Fields[0].Description = "Expected TPM measurements."
|
|
QEMUVTPMDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
|
|
|
|
QEMUTDXDoc.Type = "QEMUTDX"
|
|
QEMUTDXDoc.Comments[encoder.LineComment] = "QEMUTDX is the configuration for QEMU TDX attestation."
|
|
QEMUTDXDoc.Description = "QEMUTDX is the configuration for QEMU TDX attestation."
|
|
QEMUTDXDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "AttestationConfig",
|
|
FieldName: "qemuTDX",
|
|
},
|
|
}
|
|
QEMUTDXDoc.Fields = make([]encoder.Doc, 1)
|
|
QEMUTDXDoc.Fields[0].Name = "measurements"
|
|
QEMUTDXDoc.Fields[0].Type = "M"
|
|
QEMUTDXDoc.Fields[0].Note = ""
|
|
QEMUTDXDoc.Fields[0].Description = "Expected TDX measurements."
|
|
QEMUTDXDoc.Fields[0].Comments[encoder.LineComment] = "Expected TDX measurements."
|
|
|
|
AzureSEVSNPDoc.Type = "AzureSEVSNP"
|
|
AzureSEVSNPDoc.Comments[encoder.LineComment] = "AzureSEVSNP is the configuration for Azure SEV-SNP attestation."
|
|
AzureSEVSNPDoc.Description = "AzureSEVSNP is the configuration for Azure SEV-SNP attestation."
|
|
AzureSEVSNPDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "AttestationConfig",
|
|
FieldName: "azureSEVSNP",
|
|
},
|
|
}
|
|
AzureSEVSNPDoc.Fields = make([]encoder.Doc, 7)
|
|
AzureSEVSNPDoc.Fields[0].Name = "measurements"
|
|
AzureSEVSNPDoc.Fields[0].Type = "M"
|
|
AzureSEVSNPDoc.Fields[0].Note = ""
|
|
AzureSEVSNPDoc.Fields[0].Description = "Expected TPM measurements."
|
|
AzureSEVSNPDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
|
|
AzureSEVSNPDoc.Fields[1].Name = "bootloaderVersion"
|
|
AzureSEVSNPDoc.Fields[1].Type = "AttestationVersion"
|
|
AzureSEVSNPDoc.Fields[1].Note = ""
|
|
AzureSEVSNPDoc.Fields[1].Description = "Lowest acceptable bootloader version."
|
|
AzureSEVSNPDoc.Fields[1].Comments[encoder.LineComment] = "Lowest acceptable bootloader version."
|
|
AzureSEVSNPDoc.Fields[2].Name = "teeVersion"
|
|
AzureSEVSNPDoc.Fields[2].Type = "AttestationVersion"
|
|
AzureSEVSNPDoc.Fields[2].Note = ""
|
|
AzureSEVSNPDoc.Fields[2].Description = "Lowest acceptable TEE version."
|
|
AzureSEVSNPDoc.Fields[2].Comments[encoder.LineComment] = "Lowest acceptable TEE version."
|
|
AzureSEVSNPDoc.Fields[3].Name = "snpVersion"
|
|
AzureSEVSNPDoc.Fields[3].Type = "AttestationVersion"
|
|
AzureSEVSNPDoc.Fields[3].Note = ""
|
|
AzureSEVSNPDoc.Fields[3].Description = "Lowest acceptable SEV-SNP version."
|
|
AzureSEVSNPDoc.Fields[3].Comments[encoder.LineComment] = "Lowest acceptable SEV-SNP version."
|
|
AzureSEVSNPDoc.Fields[4].Name = "microcodeVersion"
|
|
AzureSEVSNPDoc.Fields[4].Type = "AttestationVersion"
|
|
AzureSEVSNPDoc.Fields[4].Note = ""
|
|
AzureSEVSNPDoc.Fields[4].Description = "Lowest acceptable microcode version."
|
|
AzureSEVSNPDoc.Fields[4].Comments[encoder.LineComment] = "Lowest acceptable microcode version."
|
|
AzureSEVSNPDoc.Fields[5].Name = "firmwareSignerConfig"
|
|
AzureSEVSNPDoc.Fields[5].Type = "SNPFirmwareSignerConfig"
|
|
AzureSEVSNPDoc.Fields[5].Note = ""
|
|
AzureSEVSNPDoc.Fields[5].Description = "Configuration for validating the firmware signature."
|
|
AzureSEVSNPDoc.Fields[5].Comments[encoder.LineComment] = "Configuration for validating the firmware signature."
|
|
AzureSEVSNPDoc.Fields[6].Name = "amdRootKey"
|
|
AzureSEVSNPDoc.Fields[6].Type = "Certificate"
|
|
AzureSEVSNPDoc.Fields[6].Note = ""
|
|
AzureSEVSNPDoc.Fields[6].Description = "AMD Root Key certificate used to verify the SEV-SNP certificate chain."
|
|
AzureSEVSNPDoc.Fields[6].Comments[encoder.LineComment] = "AMD Root Key certificate used to verify the SEV-SNP certificate chain."
|
|
|
|
AzureTrustedLaunchDoc.Type = "AzureTrustedLaunch"
|
|
AzureTrustedLaunchDoc.Comments[encoder.LineComment] = "AzureTrustedLaunch is the configuration for Azure Trusted Launch attestation."
|
|
AzureTrustedLaunchDoc.Description = "AzureTrustedLaunch is the configuration for Azure Trusted Launch attestation."
|
|
AzureTrustedLaunchDoc.AppearsIn = []encoder.Appearance{
|
|
{
|
|
TypeName: "AttestationConfig",
|
|
FieldName: "azureTrustedLaunch",
|
|
},
|
|
}
|
|
AzureTrustedLaunchDoc.Fields = make([]encoder.Doc, 1)
|
|
AzureTrustedLaunchDoc.Fields[0].Name = "measurements"
|
|
AzureTrustedLaunchDoc.Fields[0].Type = "M"
|
|
AzureTrustedLaunchDoc.Fields[0].Note = ""
|
|
AzureTrustedLaunchDoc.Fields[0].Description = "Expected TPM measurements."
|
|
AzureTrustedLaunchDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
|
|
}
|
|
|
|
func (_ Config) Doc() *encoder.Doc {
|
|
return &ConfigDoc
|
|
}
|
|
|
|
func (_ ProviderConfig) Doc() *encoder.Doc {
|
|
return &ProviderConfigDoc
|
|
}
|
|
|
|
func (_ AWSConfig) Doc() *encoder.Doc {
|
|
return &AWSConfigDoc
|
|
}
|
|
|
|
func (_ AzureConfig) Doc() *encoder.Doc {
|
|
return &AzureConfigDoc
|
|
}
|
|
|
|
func (_ GCPConfig) Doc() *encoder.Doc {
|
|
return &GCPConfigDoc
|
|
}
|
|
|
|
func (_ OpenStackConfig) Doc() *encoder.Doc {
|
|
return &OpenStackConfigDoc
|
|
}
|
|
|
|
func (_ QEMUConfig) Doc() *encoder.Doc {
|
|
return &QEMUConfigDoc
|
|
}
|
|
|
|
func (_ AttestationConfig) Doc() *encoder.Doc {
|
|
return &AttestationConfigDoc
|
|
}
|
|
|
|
func (_ UnsupportedAppRegistrationError) Doc() *encoder.Doc {
|
|
return &UnsupportedAppRegistrationErrorDoc
|
|
}
|
|
|
|
func (_ AWSSEVSNP) Doc() *encoder.Doc {
|
|
return &AWSSEVSNPDoc
|
|
}
|
|
|
|
func (_ AWSNitroTPM) Doc() *encoder.Doc {
|
|
return &AWSNitroTPMDoc
|
|
}
|
|
|
|
func (_ SNPFirmwareSignerConfig) Doc() *encoder.Doc {
|
|
return &SNPFirmwareSignerConfigDoc
|
|
}
|
|
|
|
func (_ GCPSEVES) Doc() *encoder.Doc {
|
|
return &GCPSEVESDoc
|
|
}
|
|
|
|
func (_ QEMUVTPM) Doc() *encoder.Doc {
|
|
return &QEMUVTPMDoc
|
|
}
|
|
|
|
func (_ QEMUTDX) Doc() *encoder.Doc {
|
|
return &QEMUTDXDoc
|
|
}
|
|
|
|
func (_ AzureSEVSNP) Doc() *encoder.Doc {
|
|
return &AzureSEVSNPDoc
|
|
}
|
|
|
|
func (_ AzureTrustedLaunch) Doc() *encoder.Doc {
|
|
return &AzureTrustedLaunchDoc
|
|
}
|
|
|
|
// GetConfigurationDoc returns documentation for the file ./config_doc.go.
|
|
func GetConfigurationDoc() *encoder.FileDoc {
|
|
return &encoder.FileDoc{
|
|
Name: "Configuration",
|
|
Description: "Definitions for Constellation's user config file.\n\nThe config file is used by the CLI to create and manage a Constellation cluster.\n\nAll config relevant definitions, parsing and validation functions should go here.\n",
|
|
Structs: []*encoder.Doc{
|
|
&ConfigDoc,
|
|
&ProviderConfigDoc,
|
|
&AWSConfigDoc,
|
|
&AzureConfigDoc,
|
|
&GCPConfigDoc,
|
|
&OpenStackConfigDoc,
|
|
&QEMUConfigDoc,
|
|
&AttestationConfigDoc,
|
|
&UnsupportedAppRegistrationErrorDoc,
|
|
&AWSSEVSNPDoc,
|
|
&AWSNitroTPMDoc,
|
|
&SNPFirmwareSignerConfigDoc,
|
|
&GCPSEVESDoc,
|
|
&QEMUVTPMDoc,
|
|
&QEMUTDXDoc,
|
|
&AzureSEVSNPDoc,
|
|
&AzureTrustedLaunchDoc,
|
|
},
|
|
}
|
|
}
|