Add optional "signature" field for digitalocean_custom_image resources
#1130
Labels
do-api
Depends on changes to the DigitalOcean API
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Referencing custom images via URL is inherently insecure; a mechanism is needed to verify such network.
Describe the solution you'd like
Adding an optional "signature" field would let developers encode verification within their deployment.
Describe alternatives you've considered
One alternative might be to virtualize (or containerize) the desired runtime environment within an existing image, where (for example)
cloud-initcould be used to do so procedurally and with a step for verifying that reference before it is initialized. This does, however, compromise the potential advantages of performance and reduction in resource overhead from minimizing system abstraction layers.Another alternative is to upload (or manage) the image using a spaces bucket, for which credentials would be shared internally between Terraform resources. (This is the approach I am currently exploring, but I think you'll agree it's a little more onerous than would be ideal.)
Another alternative that just occurred to me is, to manually upload the image using the DigitalOcean API via
curlcommand (see: https://docs.digitalocean.com/products/images/custom-images/how-to/upload/ ); automation-friendly solutions are definitely advantageous here, though hardly idea when custom images resources are already supported by the Terraform provider.Additional context
AWS and Azure both have mechanisms to verify custom image integrity:
https://docs.aws.amazon.com/signer/latest/developerguide/image-verification.html
https://learn.microsoft.com/en-us/azure/aks/image-integrity?tabs=azure-cli
GCP does not, to the best of my knowledge (and quick-searching).
The text was updated successfully, but these errors were encountered: