mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-14 10:24:24 -05:00
4.0 KiB
4.0 KiB
page_title | subcategory | description |
---|---|---|
constellation_attestation Data Source - constellation | Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image. |
constellation_attestation (Data Source)
Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image.
Example Usage
data "constellation_image" "example" {} # Fill accordingly for the CSP
data "constellation_attestation" "test" {
csp = "aws"
attestation_variant = "aws-sev-snp"
image = data.constellation_image.example.image
}
Schema
Required
attestation_variant
(String) Attestation variant the image should work with. Can be one of:aws-sev-snp
aws-nitro-tpm
azure-sev-snp
azure-tdx
gcp-sev-snp
gcp-sev-es
qemu-vtpm
csp
(String) CSP (Cloud Service Provider) to use. (e.g.azure
) See the full list of CSPs that Constellation supports.image
(Attributes) Constellation OS Image to use on the nodes. (see below for nested schema)
Optional
insecure
(Boolean) DON'T USE IN PRODUCTION Skip the signature verification when fetching measurements for the image.maa_url
(String) For Azure only, the URL of the Microsoft Azure Attestation service. The MAA's policy needs to be patched manually to work with Constellation OS images. See the Constellation documentation for more information.
Read-Only
attestation
(Attributes) Attestation comprises the measurements and CVM specific parameters. (see below for nested schema)
Nested Schema for image
Required:
reference
(String) CSP-specific unique reference to the image. The format differs per CSP.short_path
(String) CSP-agnostic short path to the image. The format isvX.Y.Z
for release images andref/$GIT_REF/stream/$STREAM/$SEMANTIC_VERSION
for pre-release images.$GIT_REF
is the git reference (i.e. branch name) the image was built on, e.g.main
.$STREAM
is the stream the image was built on, e.g.nightly
.$SEMANTIC_VERSION
is the semantic version of the image, e.g.vX.Y.Z
orvX.Y.Z-pre...
.version
(String) Semantic version of the image.
Optional:
marketplace_image
(Boolean) Whether a marketplace image should be used.
Nested Schema for attestation
Read-Only:
amd_root_key
(String)azure_firmware_signer_config
(Attributes) (see below for nested schema)bootloader_version
(Number)measurements
(Attributes Map) (see below for nested schema)microcode_version
(Number)snp_version
(Number)tdx
(Attributes) (see below for nested schema)tee_version
(Number)variant
(String) Attestation variant the image should work with. Can be one of:aws-sev-snp
aws-nitro-tpm
azure-sev-snp
azure-tdx
gcp-sev-snp
gcp-sev-es
qemu-vtpm
Nested Schema for attestation.azure_firmware_signer_config
Read-Only:
accepted_key_digests
(List of String)enforcement_policy
(String)maa_url
(String)
Nested Schema for attestation.measurements
Read-Only:
expected
(String)warn_only
(Boolean)
Nested Schema for attestation.tdx
Read-Only:
intel_root_key
(String)mr_seam
(String)pce_svn
(Number)qe_svn
(Number)qe_vendor_id
(String)tee_tcb_svn
(String)xfam
(String)