linter fixes

edgelesssys · Apr 5, 2024 · 837d417 · 837d417
1 parent c08f039
commit 837d417
Show file tree

Hide file tree

Showing 8 changed files with 41 additions and 28 deletions.
diff --git a/internal/attestation/gcp/es/validator_test.go b/internal/attestation/gcp/es/validator_test.go
@@ -89,7 +89,7 @@ Y+t5OxL3kL15VzY1Ob0d5cMCAwEAAQ==
 
 	testCases := map[string]struct {
 		instanceInfo []byte
-		getClient    func(ctx context.Context, opts ...option.ClientOption) (gcp.GCPRESTClient, error)
+		getClient    func(ctx context.Context, opts ...option.ClientOption) (gcp.CVMRestClient, error)
 		wantErr      bool
 	}{
 		"success": {
@@ -177,8 +177,8 @@ type fakeInstanceClient struct {
 	ident       *computepb.ShieldedInstanceIdentity
 }
 
-func prepareFakeClient(ident *computepb.ShieldedInstanceIdentity, newErr, getIdentErr error) func(ctx context.Context, opts ...option.ClientOption) (gcp.GCPRESTClient, error) {
-	return func(_ context.Context, _ ...option.ClientOption) (gcp.GCPRESTClient, error) {
+func prepareFakeClient(ident *computepb.ShieldedInstanceIdentity, newErr, getIdentErr error) func(ctx context.Context, opts ...option.ClientOption) (gcp.CVMRestClient, error) {
+	return func(_ context.Context, _ ...option.ClientOption) (gcp.CVMRestClient, error) {
 		return &fakeInstanceClient{
 			getIdentErr: getIdentErr,
 			ident:       ident,

diff --git a/internal/attestation/gcp/metadata.go b/internal/attestation/gcp/metadata.go
@@ -50,17 +50,20 @@ type gcpMetadataClient interface {
 	Zone() (string, error)
 }
 
-// a MetadataClient fetches metadata from the GCE Metadata API.
+// A MetadataClient fetches metadata from the GCE Metadata API.
 type MetadataClient struct{}
 
+// ProjectID returns the project ID of the GCE instance.
 func (c MetadataClient) ProjectID() (string, error) {
 	return metadata.ProjectID()
 }
 
+// InstanceName returns the instance name of the GCE instance.
 func (c MetadataClient) InstanceName() (string, error) {
 	return metadata.InstanceName()
 }
 
+// Zone returns the zone the GCE instance is located in.
 func (c MetadataClient) Zone() (string, error) {
 	return metadata.Zone()
 }
diff --git a/internal/attestation/gcp/restclient.go b/internal/attestation/gcp/restclient.go
@@ -30,16 +30,16 @@ type RESTClient struct {
 }
 
 // NewRESTClient creates a new RESTClient.
-func NewRESTClient(ctx context.Context, opts ...option.ClientOption) (GCPRESTClient, error) {
+func NewRESTClient(ctx context.Context, opts ...option.ClientOption) (CVMRestClient, error) {
 	c, err := compute.NewInstancesRESTClient(ctx, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return &RESTClient{c}, nil
 }
 
-// GCPRESTClient is the interface a GCP REST client must implement.
-type GCPRESTClient interface {
+// CVMRestClient is the interface a GCP REST client for a CVM must implement.
+type CVMRestClient interface {
 	GetShieldedInstanceIdentity(ctx context.Context, req *computepb.GetShieldedInstanceIdentityInstanceRequest, opts ...gax.CallOption) (*computepb.ShieldedInstanceIdentity, error)
 	Close() error
 }
@@ -48,7 +48,7 @@ type GCPRESTClient interface {
 // This key can be used to verify attestation statements issued by the VM.
 func TrustedKeyGetter(
 	attestationVariant variant.Variant,
-	newRESTClient func(ctx context.Context, opts ...option.ClientOption) (GCPRESTClient, error),
+	newRESTClient func(ctx context.Context, opts ...option.ClientOption) (CVMRestClient, error),
 ) (func(ctx context.Context, attDoc vtpm.AttestationDocument, _ []byte) (crypto.PublicKey, error), error) {
 	return func(ctx context.Context, attDoc vtpm.AttestationDocument, _ []byte) (crypto.PublicKey, error) {
 		client, err := newRESTClient(ctx)

diff --git a/internal/attestation/gcp/snp/validator.go b/internal/attestation/gcp/snp/validator.go
@@ -79,7 +79,7 @@ func (v *Validator) getTrustedKey(ctx context.Context, attDoc vtpm.AttestationDo
 }
 
 // validateCVM validates the SEV-SNP attestation document.
-func (v *Validator) validateCVM(attDoc vtpm.AttestationDocument, state *attest.MachineState) error {
+func (v *Validator) validateCVM(attDoc vtpm.AttestationDocument, _ *attest.MachineState) error {
 	pubArea, err := tpm2.DecodePublic(attDoc.Attestation.AkPub)
 	if err != nil {
 		return fmt.Errorf("decoding public area: %w", err)

diff --git a/terraform/infrastructure/iam/gcp/.terraform.lock.hcl b/terraform/infrastructure/iam/gcp/.terraform.lock.hcl
diff --git a/terraform/infrastructure/iam/gcp/main.tf b/terraform/infrastructure/iam/gcp/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "5.17.0"
+      version = "5.23.0"
     }
   }
 }

diff --git a/terraform/legacy-module/gcp-constellation/main.tf b/terraform/legacy-module/gcp-constellation/main.tf
@@ -41,6 +41,7 @@ module "gcp" {
   zone            = var.zone
   debug           = var.debug
   custom_endpoint = var.custom_endpoint
+  cc_technology   = var.cc_technology
 }
 
 module "constellation" {

diff --git a/terraform/legacy-module/gcp-constellation/variables.tf b/terraform/legacy-module/gcp-constellation/variables.tf
@@ -70,3 +70,12 @@ variable "internal_load_balancer" {
   default     = false
   description = "Use an internal load balancer."
 }
+
+variable "cc_technology" {
+  type        = string
+  description = "The confidential computing technology to use for the nodes. One of `SEV`, `SEV_SNP`."
+  validation {
+    condition     = contains(["SEV", "SEV_SNP"], var.cc_technology)
+    error_message = "The confidential computing technology has to be 'SEV' or 'SEV_SNP'."
+  }
+}