Documentation ¶
Overview ¶
Package attestation implements the Azure ARM Attestation service API version 2022-08-01.
Describes the interface for the per-tenant enclave service.
Index ¶
- func UserAgent() string
- func Version() string
- type AttestOpenEnclaveRequest
- type AttestSevSnpVMRequest
- type AttestSgxEnclaveRequest
- type BaseClient
- type CertificateManagementBody
- type CertificateModification
- type Client
- func (client Client) AttestOpenEnclave(ctx context.Context, instanceURL string, request AttestOpenEnclaveRequest) (result Response, err error)
- func (client Client) AttestOpenEnclavePreparer(ctx context.Context, instanceURL string, request AttestOpenEnclaveRequest) (*http.Request, error)
- func (client Client) AttestOpenEnclaveResponder(resp *http.Response) (result Response, err error)
- func (client Client) AttestOpenEnclaveSender(req *http.Request) (*http.Response, error)
- func (client Client) AttestSevSnpVM(ctx context.Context, instanceURL string, request AttestSevSnpVMRequest) (result Response, err error)
- func (client Client) AttestSevSnpVMPreparer(ctx context.Context, instanceURL string, request AttestSevSnpVMRequest) (*http.Request, error)
- func (client Client) AttestSevSnpVMResponder(resp *http.Response) (result Response, err error)
- func (client Client) AttestSevSnpVMSender(req *http.Request) (*http.Response, error)
- func (client Client) AttestSgxEnclave(ctx context.Context, instanceURL string, request AttestSgxEnclaveRequest) (result Response, err error)
- func (client Client) AttestSgxEnclavePreparer(ctx context.Context, instanceURL string, request AttestSgxEnclaveRequest) (*http.Request, error)
- func (client Client) AttestSgxEnclaveResponder(resp *http.Response) (result Response, err error)
- func (client Client) AttestSgxEnclaveSender(req *http.Request) (*http.Response, error)
- func (client Client) AttestTpm(ctx context.Context, instanceURL string, request TpmAttestationRequest) (result TpmAttestationResponse, err error)
- func (client Client) AttestTpmPreparer(ctx context.Context, instanceURL string, request TpmAttestationRequest) (*http.Request, error)
- func (client Client) AttestTpmResponder(resp *http.Response) (result TpmAttestationResponse, err error)
- func (client Client) AttestTpmSender(req *http.Request) (*http.Response, error)
- type CloudError
- type CloudErrorBody
- type DataType
- type InitTimeData
- type JSONWebKey
- type JSONWebKeySet
- type MetadataConfigurationClient
- func (client MetadataConfigurationClient) Get(ctx context.Context, instanceURL string) (result OpenIDConfigurationResponse, err error)
- func (client MetadataConfigurationClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)
- func (client MetadataConfigurationClient) GetResponder(resp *http.Response) (result OpenIDConfigurationResponse, err error)
- func (client MetadataConfigurationClient) GetSender(req *http.Request) (*http.Response, error)
- type OpenIDConfigurationResponse
- type PolicyCertificatesClient
- func (client PolicyCertificatesClient) Add(ctx context.Context, instanceURL string, policyCertificateToAdd string) (result PolicyCertificatesModifyResponse, err error)
- func (client PolicyCertificatesClient) AddPreparer(ctx context.Context, instanceURL string, policyCertificateToAdd string) (*http.Request, error)
- func (client PolicyCertificatesClient) AddResponder(resp *http.Response) (result PolicyCertificatesModifyResponse, err error)
- func (client PolicyCertificatesClient) AddSender(req *http.Request) (*http.Response, error)
- func (client PolicyCertificatesClient) Get(ctx context.Context, instanceURL string) (result PolicyCertificatesResponse, err error)
- func (client PolicyCertificatesClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)
- func (client PolicyCertificatesClient) GetResponder(resp *http.Response) (result PolicyCertificatesResponse, err error)
- func (client PolicyCertificatesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client PolicyCertificatesClient) Remove(ctx context.Context, instanceURL string, policyCertificateToRemove string) (result PolicyCertificatesModifyResponse, err error)
- func (client PolicyCertificatesClient) RemovePreparer(ctx context.Context, instanceURL string, policyCertificateToRemove string) (*http.Request, error)
- func (client PolicyCertificatesClient) RemoveResponder(resp *http.Response) (result PolicyCertificatesModifyResponse, err error)
- func (client PolicyCertificatesClient) RemoveSender(req *http.Request) (*http.Response, error)
- type PolicyCertificatesModificationResult
- type PolicyCertificatesModifyResponse
- type PolicyCertificatesResponse
- type PolicyCertificatesResult
- type PolicyClient
- func (client PolicyClient) Get(ctx context.Context, instanceURL string, attestationType Type) (result PolicyResponse, err error)
- func (client PolicyClient) GetPreparer(ctx context.Context, instanceURL string, attestationType Type) (*http.Request, error)
- func (client PolicyClient) GetResponder(resp *http.Response) (result PolicyResponse, err error)
- func (client PolicyClient) GetSender(req *http.Request) (*http.Response, error)
- func (client PolicyClient) Reset(ctx context.Context, instanceURL string, attestationType Type, ...) (result PolicyResponse, err error)
- func (client PolicyClient) ResetPreparer(ctx context.Context, instanceURL string, attestationType Type, ...) (*http.Request, error)
- func (client PolicyClient) ResetResponder(resp *http.Response) (result PolicyResponse, err error)
- func (client PolicyClient) ResetSender(req *http.Request) (*http.Response, error)
- func (client PolicyClient) Set(ctx context.Context, instanceURL string, attestationType Type, ...) (result PolicyResponse, err error)
- func (client PolicyClient) SetPreparer(ctx context.Context, instanceURL string, attestationType Type, ...) (*http.Request, error)
- func (client PolicyClient) SetResponder(resp *http.Response) (result PolicyResponse, err error)
- func (client PolicyClient) SetSender(req *http.Request) (*http.Response, error)
- type PolicyModification
- type PolicyResponse
- type PolicyResult
- type Response
- type Result
- type RuntimeData
- type SigningCertificatesClient
- func (client SigningCertificatesClient) Get(ctx context.Context, instanceURL string) (result JSONWebKeySet, err error)
- func (client SigningCertificatesClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)
- func (client SigningCertificatesClient) GetResponder(resp *http.Response) (result JSONWebKeySet, err error)
- func (client SigningCertificatesClient) GetSender(req *http.Request) (*http.Response, error)
- type StoredAttestationPolicy
- type TpmAttestationRequest
- type TpmAttestationResponse
- type Type
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func UserAgent ¶
func UserAgent() string
UserAgent returns the UserAgent string to use when sending http.Requests.
func Version ¶
func Version() string
Version returns the semantic version (see http://semver.org) of the client.
Types ¶
type AttestOpenEnclaveRequest ¶
type AttestOpenEnclaveRequest struct { // Report - OpenEnclave report from the enclave to be attested (a URL-encoded base64 string) Report *string `json:"report,omitempty"` // RuntimeData - Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. RuntimeData *RuntimeData `json:"runtimeData,omitempty"` // InitTimeData - Base64Url encoded "InitTime data". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. InitTimeData *InitTimeData `json:"initTimeData,omitempty"` // DraftPolicyForAttestation - Attest against the provided draft policy. Note that the resulting token cannot be validated. DraftPolicyForAttestation *string `json:"draftPolicyForAttestation,omitempty"` // Nonce - Nonce for incoming request - emitted in the generated attestation token Nonce *string `json:"nonce,omitempty"` }
AttestOpenEnclaveRequest attestation request for Intel SGX enclaves
type AttestSevSnpVMRequest ¶
type AttestSevSnpVMRequest struct { // Report - Hardware rooted report of the virtual machine being attested along with the signing certificate chain and optionally, additional endorsements Report *string `json:"report,omitempty"` // RuntimeData - Runtime data provided by the enclave at the time of report generation. The MAA will verify that the run time data is known to the attestation target. RuntimeData *RuntimeData `json:"runtimeData,omitempty"` // InitTimeData - Initialization data provided by the enclave at the time of report generation. The MAA will verify that the init time data is known to the attestation target. InitTimeData *InitTimeData `json:"initTimeData,omitempty"` // DraftPolicyForAttestation - Attest against the provided draft policy. Note that the resulting token cannot be validated. DraftPolicyForAttestation *string `json:"draftPolicyForAttestation,omitempty"` // Nonce - Nonce for incoming request - emitted in the generated attestation token Nonce *string `json:"nonce,omitempty"` }
AttestSevSnpVMRequest attestation request for AMD SEV SNP Virtual Machine
type AttestSgxEnclaveRequest ¶
type AttestSgxEnclaveRequest struct { // Quote - Quote of the enclave to be attested (a URL-encoded base64 string) Quote *string `json:"quote,omitempty"` // RuntimeData - Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. RuntimeData *RuntimeData `json:"runtimeData,omitempty"` // InitTimeData - Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. InitTimeData *InitTimeData `json:"initTimeData,omitempty"` // DraftPolicyForAttestation - Attest against the provided draft policy. Note that the resulting token cannot be validated. DraftPolicyForAttestation *string `json:"draftPolicyForAttestation,omitempty"` // Nonce - Nonce for incoming request - emitted in the generated attestation token Nonce *string `json:"nonce,omitempty"` }
AttestSgxEnclaveRequest attestation request for Intel SGX enclaves
type BaseClient ¶
BaseClient is the base client for Attestation.
func NewWithoutDefaults ¶
func NewWithoutDefaults() BaseClient
NewWithoutDefaults creates an instance of the BaseClient client.
type CertificateManagementBody ¶
type CertificateManagementBody struct { // PolicyCertificate - RFC 7517 Json Web Key describing the certificate. PolicyCertificate *JSONWebKey `json:"policyCertificate,omitempty"` }
CertificateManagementBody the body of the JWT used for the PolicyCertificates APIs
type CertificateModification ¶
type CertificateModification string
CertificateModification enumerates the values for certificate modification.
const ( // CertificateModificationIsAbsent After the operation was performed, the certificate is no longer present // in the set of certificates. CertificateModificationIsAbsent CertificateModification = "IsAbsent" // CertificateModificationIsPresent After the operation was performed, the certificate is in the set of // certificates. CertificateModificationIsPresent CertificateModification = "IsPresent" )
func PossibleCertificateModificationValues ¶
func PossibleCertificateModificationValues() []CertificateModification
PossibleCertificateModificationValues returns an array of possible values for the CertificateModification const type.
type Client ¶
type Client struct {
BaseClient
}
Client is the describes the interface for the per-tenant enclave service.
func (Client) AttestOpenEnclave ¶
func (client Client) AttestOpenEnclave(ctx context.Context, instanceURL string, request AttestOpenEnclaveRequest) (result Response, err error)
AttestOpenEnclave processes an OpenEnclave report , producing an artifact. The type of artifact produced is dependent upon attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object containing the quote
func (Client) AttestOpenEnclavePreparer ¶
func (client Client) AttestOpenEnclavePreparer(ctx context.Context, instanceURL string, request AttestOpenEnclaveRequest) (*http.Request, error)
AttestOpenEnclavePreparer prepares the AttestOpenEnclave request.
func (Client) AttestOpenEnclaveResponder ¶
AttestOpenEnclaveResponder handles the response to the AttestOpenEnclave request. The method always closes the http.Response Body.
func (Client) AttestOpenEnclaveSender ¶
AttestOpenEnclaveSender sends the AttestOpenEnclave request. The method will close the http.Response Body if it receives an error.
func (Client) AttestSevSnpVM ¶
func (client Client) AttestSevSnpVM(ctx context.Context, instanceURL string, request AttestSevSnpVMRequest) (result Response, err error)
AttestSevSnpVM processes a SEV SNP Boot chain. The type of artifact produced is dependent upon attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object containing the quote
func (Client) AttestSevSnpVMPreparer ¶
func (client Client) AttestSevSnpVMPreparer(ctx context.Context, instanceURL string, request AttestSevSnpVMRequest) (*http.Request, error)
AttestSevSnpVMPreparer prepares the AttestSevSnpVM request.
func (Client) AttestSevSnpVMResponder ¶
AttestSevSnpVMResponder handles the response to the AttestSevSnpVM request. The method always closes the http.Response Body.
func (Client) AttestSevSnpVMSender ¶
AttestSevSnpVMSender sends the AttestSevSnpVM request. The method will close the http.Response Body if it receives an error.
func (Client) AttestSgxEnclave ¶
func (client Client) AttestSgxEnclave(ctx context.Context, instanceURL string, request AttestSgxEnclaveRequest) (result Response, err error)
AttestSgxEnclave processes an SGX enclave quote, producing an artifact. The type of artifact produced is dependent upon attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object containing the quote
func (Client) AttestSgxEnclavePreparer ¶
func (client Client) AttestSgxEnclavePreparer(ctx context.Context, instanceURL string, request AttestSgxEnclaveRequest) (*http.Request, error)
AttestSgxEnclavePreparer prepares the AttestSgxEnclave request.
func (Client) AttestSgxEnclaveResponder ¶
AttestSgxEnclaveResponder handles the response to the AttestSgxEnclave request. The method always closes the http.Response Body.
func (Client) AttestSgxEnclaveSender ¶
AttestSgxEnclaveSender sends the AttestSgxEnclave request. The method will close the http.Response Body if it receives an error.
func (Client) AttestTpm ¶
func (client Client) AttestTpm(ctx context.Context, instanceURL string, request TpmAttestationRequest) (result TpmAttestationResponse, err error)
AttestTpm processes attestation evidence from a VBS enclave, producing an attestation result. The attestation result produced is dependent upon the attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object
func (Client) AttestTpmPreparer ¶
func (client Client) AttestTpmPreparer(ctx context.Context, instanceURL string, request TpmAttestationRequest) (*http.Request, error)
AttestTpmPreparer prepares the AttestTpm request.
func (Client) AttestTpmResponder ¶
func (client Client) AttestTpmResponder(resp *http.Response) (result TpmAttestationResponse, err error)
AttestTpmResponder handles the response to the AttestTpm request. The method always closes the http.Response Body.
type CloudError ¶
type CloudError struct {
Error *CloudErrorBody `json:"error,omitempty"`
}
CloudError an error response from Attestation.
type CloudErrorBody ¶
type CloudErrorBody struct { // Code - An identifier for the error. Codes are invariant and are intended to be consumed programmatically. Code *string `json:"code,omitempty"` // Message - A message describing the error, intended to be suitable for displaying in a user interface. Message *string `json:"message,omitempty"` }
CloudErrorBody an error response from Attestation.
type DataType ¶
type DataType string
DataType enumerates the values for data type.
const ( // DataTypeBinary The field's content should be treated as binary and not interpreted by MAA. DataTypeBinary DataType = "Binary" // DataTypeJSON The field's content should be treated as UTF-8 JSON text that may be further interpreted by // MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. DataTypeJSON DataType = "JSON" )
func PossibleDataTypeValues ¶
func PossibleDataTypeValues() []DataType
PossibleDataTypeValues returns an array of possible values for the DataType const type.
type InitTimeData ¶
type InitTimeData struct { // Data - Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. (a URL-encoded base64 string) Data *string `json:"data,omitempty"` // DataType - The type of data contained within the "data" field. Possible values include: 'DataTypeBinary', 'DataTypeJSON' DataType DataType `json:"dataType,omitempty"` }
InitTimeData initialization time data are a conduit for any configuration information that is unknown when building the Trusted Execution Environment (TEE) and is defined at TEE launch time. This data can be used with confidential container or VM scenarios to capture configuration settings such as disk volume content, network configuration, etc.
type JSONWebKey ¶
type JSONWebKey struct { // Alg - The "alg" (algorithm) parameter identifies the algorithm intended for // use with the key. The values used should either be registered in the // IANA "JSON Web Signature and Encryption Algorithms" registry // established by [JWA] or be a value that contains a Collision- // Resistant Name. Alg *string `json:"alg,omitempty"` // Crv - The "crv" (curve) parameter identifies the curve type Crv *string `json:"crv,omitempty"` // D - RSA private exponent or ECC private key D *string `json:"d,omitempty"` // Dp - RSA Private Key Parameter Dp *string `json:"dp,omitempty"` // Dq - RSA Private Key Parameter Dq *string `json:"dq,omitempty"` // E - RSA public exponent, in Base64 E *string `json:"e,omitempty"` // K - Symmetric key K *string `json:"k,omitempty"` // Kid - The "kid" (key ID) parameter is used to match a specific key. This // is used, for instance, to choose among a set of keys within a JWK Set // during key rollover. The structure of the "kid" value is // unspecified. When "kid" values are used within a JWK Set, different // keys within the JWK Set SHOULD use distinct "kid" values. (One // example in which different keys might use the same "kid" value is if // they have different "kty" (key type) values but are considered to be // equivalent alternatives by the application using them.) The "kid" // value is a case-sensitive string. Kid *string `json:"kid,omitempty"` // Kty - The "kty" (key type) parameter identifies the cryptographic algorithm // family used with the key, such as "RSA" or "EC". "kty" values should // either be registered in the IANA "JSON Web Key Types" registry // established by [JWA] or be a value that contains a Collision- // Resistant Name. The "kty" value is a case-sensitive string. Kty *string `json:"kty,omitempty"` // N - RSA modulus, in Base64 N *string `json:"n,omitempty"` // P - RSA secret prime P *string `json:"p,omitempty"` // Q - RSA secret prime, with p < q Q *string `json:"q,omitempty"` // Qi - RSA Private Key Parameter Qi *string `json:"qi,omitempty"` // Use - Use ("public key use") identifies the intended use of // the public key. The "use" parameter is employed to indicate whether // a public key is used for encrypting data or verifying the signature // on data. Values are commonly "sig" (signature) or "enc" (encryption). Use *string `json:"use,omitempty"` // X - X coordinate for the Elliptic Curve point X *string `json:"x,omitempty"` // X5c - The "x5c" (X.509 certificate chain) parameter contains a chain of one // or more PKIX certificates [RFC5280]. The certificate chain is // represented as a JSON array of certificate value strings. Each // string in the array is a base64-encoded (Section 4 of [RFC4648] -- // not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. // The PKIX certificate containing the key value MUST be the first // certificate. X5c *[]string `json:"x5c,omitempty"` // Y - Y coordinate for the Elliptic Curve point Y *string `json:"y,omitempty"` }
JSONWebKey ...
type JSONWebKeySet ¶
type JSONWebKeySet struct { autorest.Response `json:"-"` // Keys - The value of the "keys" parameter is an array of JWK values. By // default, the order of the JWK values within the array does not imply // an order of preference among them, although applications of JWK Sets // can choose to assign a meaning to the order for their purposes, if // desired. Keys *[]JSONWebKey `json:"keys,omitempty"` }
JSONWebKeySet ...
type MetadataConfigurationClient ¶
type MetadataConfigurationClient struct {
BaseClient
}
MetadataConfigurationClient is the describes the interface for the per-tenant enclave service.
func NewMetadataConfigurationClient ¶
func NewMetadataConfigurationClient() MetadataConfigurationClient
NewMetadataConfigurationClient creates an instance of the MetadataConfigurationClient client.
func (MetadataConfigurationClient) Get ¶
func (client MetadataConfigurationClient) Get(ctx context.Context, instanceURL string) (result OpenIDConfigurationResponse, err error)
Get retrieves metadata about the attestation signing keys in use by the attestation service Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net.
func (MetadataConfigurationClient) GetPreparer ¶
func (client MetadataConfigurationClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)
GetPreparer prepares the Get request.
func (MetadataConfigurationClient) GetResponder ¶
func (client MetadataConfigurationClient) GetResponder(resp *http.Response) (result OpenIDConfigurationResponse, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
type OpenIDConfigurationResponse ¶
type OpenIDConfigurationResponse struct { autorest.Response `json:"-"` // ResponseTypesSupported - Types supported in the OpenID metadata API ResponseTypesSupported *[]string `json:"response_types_supported,omitempty"` // IDTokenSigningAlgValuesSupported - List of the supported signing algorithms IDTokenSigningAlgValuesSupported *[]string `json:"id_token_signing_alg_values_supported,omitempty"` // RevocationEndpoint - Revocation endpoint RevocationEndpoint *string `json:"revocation_endpoint,omitempty"` // Issuer - Issuer tenant base endpoint Issuer *string `json:"issuer,omitempty"` // JwksURI - The URI to retrieve the signing keys JwksURI *string `json:"jwks_uri,omitempty"` // ClaimsSupported - Set of claims supported by the OpenID metadata endpoint ClaimsSupported *[]string `json:"claims_supported,omitempty"` }
OpenIDConfigurationResponse the response to the OpenID metadata description document API
type PolicyCertificatesClient ¶
type PolicyCertificatesClient struct {
BaseClient
}
PolicyCertificatesClient is the describes the interface for the per-tenant enclave service.
func NewPolicyCertificatesClient ¶
func NewPolicyCertificatesClient() PolicyCertificatesClient
NewPolicyCertificatesClient creates an instance of the PolicyCertificatesClient client.
func (PolicyCertificatesClient) Add ¶
func (client PolicyCertificatesClient) Add(ctx context.Context, instanceURL string, policyCertificateToAdd string) (result PolicyCertificatesModifyResponse, err error)
Add sends the add request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. policyCertificateToAdd - an RFC7519 JSON Web Token whose body is an RFC7517 JSON Web Key object. The RFC7519 JWT must be signed with one of the existing signing certificates
func (PolicyCertificatesClient) AddPreparer ¶
func (client PolicyCertificatesClient) AddPreparer(ctx context.Context, instanceURL string, policyCertificateToAdd string) (*http.Request, error)
AddPreparer prepares the Add request.
func (PolicyCertificatesClient) AddResponder ¶
func (client PolicyCertificatesClient) AddResponder(resp *http.Response) (result PolicyCertificatesModifyResponse, err error)
AddResponder handles the response to the Add request. The method always closes the http.Response Body.
func (PolicyCertificatesClient) AddSender ¶
AddSender sends the Add request. The method will close the http.Response Body if it receives an error.
func (PolicyCertificatesClient) Get ¶
func (client PolicyCertificatesClient) Get(ctx context.Context, instanceURL string) (result PolicyCertificatesResponse, err error)
Get sends the get request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net.
func (PolicyCertificatesClient) GetPreparer ¶
func (client PolicyCertificatesClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)
GetPreparer prepares the Get request.
func (PolicyCertificatesClient) GetResponder ¶
func (client PolicyCertificatesClient) GetResponder(resp *http.Response) (result PolicyCertificatesResponse, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (PolicyCertificatesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (PolicyCertificatesClient) Remove ¶
func (client PolicyCertificatesClient) Remove(ctx context.Context, instanceURL string, policyCertificateToRemove string) (result PolicyCertificatesModifyResponse, err error)
Remove sends the remove request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. policyCertificateToRemove - an RFC7519 JSON Web Token whose body is an AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the existing signing certificates
func (PolicyCertificatesClient) RemovePreparer ¶
func (client PolicyCertificatesClient) RemovePreparer(ctx context.Context, instanceURL string, policyCertificateToRemove string) (*http.Request, error)
RemovePreparer prepares the Remove request.
func (PolicyCertificatesClient) RemoveResponder ¶
func (client PolicyCertificatesClient) RemoveResponder(resp *http.Response) (result PolicyCertificatesModifyResponse, err error)
RemoveResponder handles the response to the Remove request. The method always closes the http.Response Body.
func (PolicyCertificatesClient) RemoveSender ¶
RemoveSender sends the Remove request. The method will close the http.Response Body if it receives an error.
type PolicyCertificatesModificationResult ¶
type PolicyCertificatesModificationResult struct { // CertificateThumbprint - Hex encoded SHA1 Hash of the binary representation certificate which was added or removed CertificateThumbprint *string `json:"x-ms-certificate-thumbprint,omitempty"` // CertificateResolution - The result of the operation. Possible values include: 'CertificateModificationIsPresent', 'CertificateModificationIsAbsent' CertificateResolution CertificateModification `json:"x-ms-policycertificates-result,omitempty"` }
PolicyCertificatesModificationResult the result of a policy certificate modification
type PolicyCertificatesModifyResponse ¶
type PolicyCertificatesModifyResponse struct { autorest.Response `json:"-"` // Token - An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object. Token *string `json:"token,omitempty"` }
PolicyCertificatesModifyResponse the response to an attestation policy management API
type PolicyCertificatesResponse ¶
type PolicyCertificatesResponse struct { autorest.Response `json:"-"` // Token - An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object which contains the certificates used to validate policy changes Token *string `json:"token,omitempty"` }
PolicyCertificatesResponse the response to an attestation policy management API
type PolicyCertificatesResult ¶
type PolicyCertificatesResult struct { // PolicyCertificates - SHA256 Hash of the binary representation certificate which was added or removed PolicyCertificates *JSONWebKeySet `json:"x-ms-policy-certificates,omitempty"` }
PolicyCertificatesResult the result of a call to retrieve policy certificates.
type PolicyClient ¶
type PolicyClient struct {
BaseClient
}
PolicyClient is the describes the interface for the per-tenant enclave service.
func NewPolicyClient ¶
func NewPolicyClient() PolicyClient
NewPolicyClient creates an instance of the PolicyClient client.
func (PolicyClient) Get ¶
func (client PolicyClient) Get(ctx context.Context, instanceURL string, attestationType Type) (result PolicyResponse, err error)
Get sends the get request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. attestationType - specifies the trusted execution environment to be used to validate the evidence
func (PolicyClient) GetPreparer ¶
func (client PolicyClient) GetPreparer(ctx context.Context, instanceURL string, attestationType Type) (*http.Request, error)
GetPreparer prepares the Get request.
func (PolicyClient) GetResponder ¶
func (client PolicyClient) GetResponder(resp *http.Response) (result PolicyResponse, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (PolicyClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (PolicyClient) Reset ¶
func (client PolicyClient) Reset(ctx context.Context, instanceURL string, attestationType Type, policyJws string) (result PolicyResponse, err error)
Reset sends the reset request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. attestationType - specifies the trusted execution environment to be used to validate the evidence policyJws - JSON Web Signature with an empty policy document
func (PolicyClient) ResetPreparer ¶
func (client PolicyClient) ResetPreparer(ctx context.Context, instanceURL string, attestationType Type, policyJws string) (*http.Request, error)
ResetPreparer prepares the Reset request.
func (PolicyClient) ResetResponder ¶
func (client PolicyClient) ResetResponder(resp *http.Response) (result PolicyResponse, err error)
ResetResponder handles the response to the Reset request. The method always closes the http.Response Body.
func (PolicyClient) ResetSender ¶
ResetSender sends the Reset request. The method will close the http.Response Body if it receives an error.
func (PolicyClient) Set ¶
func (client PolicyClient) Set(ctx context.Context, instanceURL string, attestationType Type, newAttestationPolicy string) (result PolicyResponse, err error)
Set sends the set request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. attestationType - specifies the trusted execution environment to be used to validate the evidence newAttestationPolicy - JWT Expressing the new policy whose body is a StoredAttestationPolicy object.
func (PolicyClient) SetPreparer ¶
func (client PolicyClient) SetPreparer(ctx context.Context, instanceURL string, attestationType Type, newAttestationPolicy string) (*http.Request, error)
SetPreparer prepares the Set request.
func (PolicyClient) SetResponder ¶
func (client PolicyClient) SetResponder(resp *http.Response) (result PolicyResponse, err error)
SetResponder handles the response to the Set request. The method always closes the http.Response Body.
type PolicyModification ¶
type PolicyModification string
PolicyModification enumerates the values for policy modification.
const ( // PolicyModificationRemoved The specified policy object was removed. PolicyModificationRemoved PolicyModification = "Removed" // PolicyModificationUpdated The specified policy object was updated. PolicyModificationUpdated PolicyModification = "Updated" )
func PossiblePolicyModificationValues ¶
func PossiblePolicyModificationValues() []PolicyModification
PossiblePolicyModificationValues returns an array of possible values for the PolicyModification const type.
type PolicyResponse ¶
type PolicyResponse struct { autorest.Response `json:"-"` // Token - An RFC7519 JSON Web Token structure whose body is an PolicyResult object. Token *string `json:"token,omitempty"` }
PolicyResponse the response to an attestation policy operation
type PolicyResult ¶
type PolicyResult struct { // PolicyResolution - The result of the operation. Possible values include: 'PolicyModificationUpdated', 'PolicyModificationRemoved' PolicyResolution PolicyModification `json:"x-ms-policy-result,omitempty"` // PolicyTokenHash - The SHA256 hash of the policy object modified (a URL-encoded base64 string) PolicyTokenHash *string `json:"x-ms-policy-token-hash,omitempty"` // PolicySigner - The certificate used to sign the policy object, if specified PolicySigner *JSONWebKey `json:"x-ms-policy-signer,omitempty"` // Policy - A JSON Web Token containing a StoredAttestationPolicy object with the attestation policy Policy *string `json:"x-ms-policy,omitempty"` }
PolicyResult the result of a policy certificate modification
type Response ¶
type Response struct { autorest.Response `json:"-"` // Token - An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. Token *string `json:"token,omitempty"` }
Response the result of an attestation operation
type Result ¶
type Result struct { // Jti - Unique Identifier for the token Jti *string `json:"jti,omitempty"` // Iss - The Principal who issued the token Iss *string `json:"iss,omitempty"` // Iat - The time at which the token was issued, in the number of seconds since 1970-01-0T00:00:00Z UTC Iat *float64 `json:"iat,omitempty"` // Exp - The expiration time after which the token is no longer valid, in the number of seconds since 1970-01-0T00:00:00Z UTC Exp *float64 `json:"exp,omitempty"` // Nbf - The not before time before which the token cannot be considered valid, in the number of seconds since 1970-01-0T00:00:00Z UTC Nbf *float64 `json:"nbf,omitempty"` // Cnf - An RFC 7800 Proof of Possession Key Cnf interface{} `json:"cnf,omitempty"` // Nonce - The Nonce input to the attestation request, if provided. Nonce *string `json:"nonce,omitempty"` // Version - The Schema version of this structure. Current Value: 1.0 Version *string `json:"x-ms-ver,omitempty"` // RuntimeClaims - Runtime Claims RuntimeClaims interface{} `json:"x-ms-runtime,omitempty"` // InittimeClaims - Inittime Claims InittimeClaims interface{} `json:"x-ms-inittime,omitempty"` // PolicyClaims - Policy Generated Claims PolicyClaims interface{} `json:"x-ms-policy,omitempty"` // VerifierType - The Attestation type being attested. VerifierType *string `json:"x-ms-attestation-type,omitempty"` // PolicySigner - The certificate used to sign the policy object, if specified. PolicySigner *JSONWebKey `json:"x-ms-policy-signer,omitempty"` // PolicyHash - The SHA256 hash of the BASE64URL encoded policy text used for attestation (a URL-encoded base64 string) PolicyHash *string `json:"x-ms-policy-hash,omitempty"` // IsDebuggable - True if the enclave is debuggable, false otherwise IsDebuggable *bool `json:"x-ms-sgx-is-debuggable,omitempty"` // ProductID - The SGX Product ID for the enclave. ProductID *float64 `json:"x-ms-sgx-product-id,omitempty"` // MrEnclave - The HEX encoded SGX MRENCLAVE value for the enclave. MrEnclave *string `json:"x-ms-sgx-mrenclave,omitempty"` // MrSigner - The HEX encoded SGX MRSIGNER value for the enclave. MrSigner *string `json:"x-ms-sgx-mrsigner,omitempty"` // Svn - The SGX SVN value for the enclave. Svn *float64 `json:"x-ms-sgx-svn,omitempty"` // EnclaveHeldData - A copy of the RuntimeData specified as an input to the attest call. (a URL-encoded base64 string) EnclaveHeldData *string `json:"x-ms-sgx-ehd,omitempty"` // SgxCollateral - The SGX SVN value for the enclave. SgxCollateral interface{} `json:"x-ms-sgx-collateral,omitempty"` // DeprecatedVersion - DEPRECATED: Private Preview version of x-ms-ver claim. DeprecatedVersion *string `json:"ver,omitempty"` // DeprecatedIsDebuggable - DEPRECATED: Private Preview version of x-ms-sgx-is-debuggable claim. DeprecatedIsDebuggable *bool `json:"is-debuggable,omitempty"` // DeprecatedSgxCollateral - DEPRECATED: Private Preview version of x-ms-sgx-collateral claim. DeprecatedSgxCollateral interface{} `json:"maa-attestationcollateral,omitempty"` // DeprecatedEnclaveHeldData - DEPRECATED: Private Preview version of x-ms-sgx-ehd claim. (a URL-encoded base64 string) DeprecatedEnclaveHeldData *string `json:"aas-ehd,omitempty"` // DeprecatedEnclaveHeldData2 - DEPRECATED: Private Preview version of x-ms-sgx-ehd claim. (a URL-encoded base64 string) DeprecatedEnclaveHeldData2 *string `json:"maa-ehd,omitempty"` // DeprecatedProductID - DEPRECATED: Private Preview version of x-ms-sgx-product-id DeprecatedProductID *float64 `json:"product-id,omitempty"` // DeprecatedMrEnclave - DEPRECATED: Private Preview version of x-ms-sgx-mrenclave. DeprecatedMrEnclave *string `json:"sgx-mrenclave,omitempty"` // DeprecatedMrSigner - DEPRECATED: Private Preview version of x-ms-sgx-mrsigner. DeprecatedMrSigner *string `json:"sgx-mrsigner,omitempty"` // DeprecatedSvn - DEPRECATED: Private Preview version of x-ms-sgx-svn. DeprecatedSvn *float64 `json:"svn,omitempty"` // DeprecatedTee - DEPRECATED: Private Preview version of x-ms-tee. DeprecatedTee *string `json:"tee,omitempty"` // DeprecatedPolicySigner - DEPRECATED: Private Preview version of x-ms-policy-signer DeprecatedPolicySigner *JSONWebKey `json:"policy_signer,omitempty"` // DeprecatedPolicyHash - DEPRECATED: Private Preview version of x-ms-policy-hash (a URL-encoded base64 string) DeprecatedPolicyHash *string `json:"policy_hash,omitempty"` // DeprecatedRpData - DEPRECATED: Private Preview version of nonce DeprecatedRpData *string `json:"rp_data,omitempty"` }
Result a Microsoft Azure Attestation response token body - the body of a response token issued by MAA
type RuntimeData ¶
type RuntimeData struct { // Data - Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. (a URL-encoded base64 string) Data *string `json:"data,omitempty"` // DataType - The type of data contained within the "data" field. Possible values include: 'DataTypeBinary', 'DataTypeJSON' DataType DataType `json:"dataType,omitempty"` }
RuntimeData runtime data are a conduit for any information defined by the Trusted Execution Environment (TEE) when actually running.
type SigningCertificatesClient ¶
type SigningCertificatesClient struct {
BaseClient
}
SigningCertificatesClient is the describes the interface for the per-tenant enclave service.
func NewSigningCertificatesClient ¶
func NewSigningCertificatesClient() SigningCertificatesClient
NewSigningCertificatesClient creates an instance of the SigningCertificatesClient client.
func (SigningCertificatesClient) Get ¶
func (client SigningCertificatesClient) Get(ctx context.Context, instanceURL string) (result JSONWebKeySet, err error)
Get retrieves metadata signing certificates in use by the attestation service Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net.
func (SigningCertificatesClient) GetPreparer ¶
func (client SigningCertificatesClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)
GetPreparer prepares the Get request.
func (SigningCertificatesClient) GetResponder ¶
func (client SigningCertificatesClient) GetResponder(resp *http.Response) (result JSONWebKeySet, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
type StoredAttestationPolicy ¶
type StoredAttestationPolicy struct { // AttestationPolicy - Policy text to set as a sequence of UTF-8 encoded octets. (a URL-encoded base64 string) AttestationPolicy *string `json:"AttestationPolicy,omitempty"` }
StoredAttestationPolicy ...
type TpmAttestationRequest ¶
type TpmAttestationRequest struct { // Data - Protocol data containing artifacts for attestation. (a URL-encoded base64 string) Data *string `json:"data,omitempty"` }
TpmAttestationRequest attestation request for Trusted Platform Module (TPM) attestation.
type TpmAttestationResponse ¶
type TpmAttestationResponse struct { autorest.Response `json:"-"` // Data - Protocol data containing attestation service response. (a URL-encoded base64 string) Data *string `json:"data,omitempty"` }
TpmAttestationResponse attestation response for Trusted Platform Module (TPM) attestation.
type Type ¶
type Type string
Type enumerates the values for type.
const ( // TypeOpenEnclave OpenEnclave extensions to SGX TypeOpenEnclave Type = "OpenEnclave" // TypeSevSnpVM AMD SEV SNP Virtual Machine TypeSevSnpVM Type = "SevSnpVm" // TypeSgxEnclave Intel Software Guard eXtensions TypeSgxEnclave Type = "SgxEnclave" // TypeTpm Edge TPM Virtualization Based Security TypeTpm Type = "Tpm" )
func PossibleTypeValues ¶
func PossibleTypeValues() []Type
PossibleTypeValues returns an array of possible values for the Type const type.