Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-16 11:24:35 -05:00
Code Issues Packages Projects Releases Wiki Activity
f2c1bdbf82
constellation/terraform-provider-constellation/docs/data-sources/attestation.md
Moritz Sanft af791bd221
terraform-provider: add usage examples (#2713) 
* terraform-provider: add usage example for Azure

* terraform-provider: add usage example for AWS

* terraform-provider: add usage example for GCP

* terraform-provider: update usage example for Azure

* terraform-provider: update generated documentation

* docs: adjust creation on Azure and link to examples

* terraform-provider: unify image in-/output (#2725)

* terraform-provider: check for returned error when converting microservices

* terraform-provider: use state values for outputs after creation

* terraform-provider: ignore invalid upgrades (#2728)

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-18 10:15:54 +01:00

3.2 KiB
Raw Blame History

page_title subcategory description
constellation_attestation Data Source - constellation Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image.

constellation_attestation (Data Source)

Data source to fetch an attestation configuration for a given cloud service provider, attestation variant, and OS image.

Example Usage

data "constellation_attestation" "test" {
  csp                 = "aws"
  attestation_variant = "aws-sev-snp"
  image_version       = "v2.13.0"
}

Schema

Required

  • attestation_variant (String) Attestation variant the image should work with. Can be one of:
    • aws-sev-snp
    • aws-nitro-tpm
    • azure-sev-snp
    • gcp-sev-es
  • csp (String) CSP (Cloud Service Provider) to use. (e.g. azure) See the full list of CSPs that Constellation supports.
  • image (Attributes) Constellation OS Image to use on the nodes. (see below for nested schema)

Optional

  • insecure (Boolean) DON'T USE IN PRODUCTION Skip the signature verification when fetching measurements for the image.
  • maa_url (String) For Azure only, the URL of the Microsoft Azure Attestation service

Read-Only

  • attestation (Attributes) Attestation comprises the measurements and SEV-SNP specific parameters. (see below for nested schema)

Nested Schema for image

Required:

  • reference (String) CSP-specific unique reference to the image. The format differs per CSP.
  • short_path (String) CSP-agnostic short path to the image. The format is vX.Y.Z for release images and ref/$GIT_REF/stream/$STREAM/$SEMANTIC_VERSION for pre-release images.
  • $GIT_REF is the git reference (i.e. branch name) the image was built on, e.g. main.
  • $STREAM is the stream the image was built on, e.g. nightly.
  • $SEMANTIC_VERSION is the semantic version of the image, e.g. vX.Y.Z or vX.Y.Z-pre....
  • version (String) Semantic version of the image.

Nested Schema for attestation

Read-Only:

  • amd_root_key (String)
  • azure_firmware_signer_config (Attributes) (see below for nested schema)
  • bootloader_version (Number)
  • measurements (Attributes Map) (see below for nested schema)
  • microcode_version (Number)
  • snp_version (Number)
  • tee_version (Number)
  • variant (String) Attestation variant the image should work with. Can be one of:
    • aws-sev-snp
    • aws-nitro-tpm
    • azure-sev-snp
    • gcp-sev-es

Nested Schema for attestation.azure_firmware_signer_config

Read-Only:

  • accepted_key_digests (List of String)
  • enforcement_policy (String)
  • maa_url (String)

Nested Schema for attestation.measurements

Read-Only:

  • expected (String)
  • warn_only (Boolean)