Daniel Weiße 5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257)
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-21 12:46:49 +01:00

36 lines
599 B
Go

/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package snp
import (
"context"
"fmt"
"github.com/edgelesssys/constellation/v2/internal/cloud/azure"
)
const tagMAAURL = "constellation-maa-url"
type imdsClient struct {
imdsClient *azure.IMDSClient
}
func newIMDSClient() *imdsClient {
return &imdsClient{
imdsClient: azure.NewIMDSClient(),
}
}
func (c *imdsClient) getMAAURL(ctx context.Context) (string, error) {
tags, err := c.imdsClient.Tags(ctx)
if err != nil {
return "", fmt.Errorf("getting tags: %w", err)
}
return tags[tagMAAURL], nil
}