Skip to content

COCOS-394 Cloud Provider Attestation Service Integration #421

Merged
drasko merged 9 commits into
ultravioletrs:mainfrom
dorcaslitunya:dorcaslitunya/feature/cocos-394
May 21, 2025
Merged

COCOS-394 Cloud Provider Attestation Service Integration #421
drasko merged 9 commits into
ultravioletrs:mainfrom
dorcaslitunya:dorcaslitunya/feature/cocos-394

Conversation

@dorcaslitunya

Copy link
Copy Markdown
Contributor

What type of PR is this?

This is a feature because it adds the following functionality: Ability to validate an azure attestation report using Azure Attestation Verification Service.

-->

What does this do?

Adds the ability for the agent to get the verification token from the CVM and verify it on the CLI.

Which issue(s) does this PR fix/relate to

Have you included tests for your changes?

No, I have not included tests because it is a work in progress.

Did you document any new/modified feature?

No, I have not updated the documentation because it is a work in progress.

Comment thread pkg/attestation/vtpm/vtpm.go Outdated
Comment thread pkg/attestation/vtpm/vtpm.go Outdated
@codecov

codecov Bot commented Apr 16, 2025

Copy link
Copy Markdown

Codecov Report

Attention: Patch coverage is 71.63462% with 59 lines in your changes missing coverage. Please review.

Project coverage is 48.62%. Comparing base (3102114) to head (5edb086).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
cli/attestation.go 79.56% 14 Missing and 5 partials ⚠️
pkg/attestation/vtpm/vtpm.go 0.00% 12 Missing ⚠️
agent/api/grpc/server.go 67.74% 7 Missing and 3 partials ⚠️
pkg/attestation/azure/snp.go 0.00% 6 Missing ⚠️
pkg/sdk/agent.go 60.00% 4 Missing and 2 partials ⚠️
agent/api/grpc/endpoint.go 72.72% 2 Missing and 1 partial ⚠️
pkg/attestation/emptyprovider.go 0.00% 2 Missing ⚠️
agent/api/grpc/requests.go 85.71% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #421      +/-   ##
==========================================
+ Coverage   47.98%   48.62%   +0.63%     
==========================================
  Files          63       64       +1     
  Lines        5912     6096     +184     
==========================================
+ Hits         2837     2964     +127     
- Misses       2769     2815      +46     
- Partials      306      317      +11     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dorcaslitunya dorcaslitunya changed the title [Draft]COCOS-394 Cloud Provider Attestation Service Integration COCOS-394 Cloud Provider Attestation Service Integration Apr 23, 2025
Comment thread agent/agent.proto Outdated
Comment thread pkg/attestation/vtpm/vtpm.go Outdated
Comment thread pkg/attestation/vtpm/vtpm.go Outdated
Comment thread agent/service.go Outdated
Comment thread cli/attestation.go
Comment thread cli/attestation.go Outdated
Comment thread cli/attestation_test.go
Comment thread cmd/agent/main.go Outdated
Comment thread pkg/attestation/vtpm/vtpm.go Outdated
Comment thread pkg/attestation/vtpm/vtpm.go Outdated
Comment thread pkg/attestation/vtpm/vtpm.go Outdated
Comment thread pkg/sdk/agent.go Outdated
Comment thread pkg/sdk/agent.go Outdated
Comment thread agent/agent.proto Outdated
@dorcaslitunya dorcaslitunya force-pushed the dorcaslitunya/feature/cocos-394 branch from 657cc63 to 7592e4f Compare May 16, 2025 11:17
dorcaslitunya and others added 5 commits May 21, 2025 05:44
Add Azure cloud attestation fetching

Add ability to fetch azure attestation token

Remove gcp changes

Remove gcp changes

Add Azure attestation support

Modify pipeline proto checks

Update protoc version

Fix failing CI

fetch token as a file

Convert jwt to json

Small bug fix -- correct file name for attestation token

Fix failing CI

Modify protoc version

Update protoc version

Update protoc version

Update protoc version

Add changes to allow passing vtpm nonce

Add PR review changes to refactor the code

Refactor name change to AttestationResult

Refactor name change to AttestationResult

Return report as json

Format files properly

Fix attestaton changes

Modify changes based on PR review

Add more test coverage

Correct bug in Server test

Rename "FetchAttestationResult" to "AttestationResult"

Send token as part of stream

Fix CI

NOISSUE -  Add DisconnectReq message and TTL support for VM creation (ultravioletrs#428)

* feat: Add DisconnectReq message and TTL support for VM creation

- Introduced DisconnectReq message in cvms.proto to handle disconnection requests.
- Enhanced CreateReq in manager.proto to include a TTL field for virtual machines.
- Updated CLI to accept TTL as a command-line flag during VM creation.
- Modified manager service to remove VMs after the specified TTL duration.
- Adjusted gRPC client connection handling in agent main.go to support new client structure.
- Added mock implementation for gRPC client to facilitate testing.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix: Mark server URL flag as required with error handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

COCOS-407 - Add support for Linux IMA (ultravioletrs#429)

* Added a feature which enables users to fetch IMA measurements and verify them

* Added a feature which enables users to fetch IMA measurements and verify them

* fixed lint error

* fixed according to comments

* fixed according to comments

* fixed according to comments

* fixed according to comments

* final bug fix

Add token measurement command

Add Azure cloud attestation fetching

Add ability to fetch azure attestation token

Remove gcp changes

Remove gcp changes

Add Azure attestation support

Modify pipeline proto checks

Update protoc version

Fix failing CI

fetch token as a file

Convert jwt to json

Small bug fix -- correct file name for attestation token

Fix failing CI

Modify protoc version

Update protoc version

Update protoc version

Update protoc version

Add changes to allow passing vtpm nonce

Add PR review changes to refactor the code

Refactor name change to AttestationResult

Refactor name change to AttestationResult

Return report as json

Format files properly

Fix attestaton changes

Modify changes based on PR review

Add more test coverage

Correct bug in Server test

Rename "FetchAttestationResult" to "AttestationResult"

Send token as part of stream

Fix CI

Rebase changes to main

Refactor after rebase
* add CC platform identification capability

* add token verification

* add snp azure

* add azure snp report verification

* fix linter errors

* fix agent tests

* expand the CC provider

* fix azure atls

* rebase branch

* add nonce check for azure token

* rename package attestations

* remove alias attestations

---------

Co-authored-by: Ubuntu <azureuser@UVCTestCVM.bu0p0zdolasezg1jifpyqhaxuc.dx.internal.cloudapp.net>
Add Azure cloud attestation fetching

Add ability to fetch azure attestation token

Remove gcp changes

Remove gcp changes

Add Azure attestation support

Modify pipeline proto checks

Update protoc version

Fix failing CI

fetch token as a file

Convert jwt to json

Small bug fix -- correct file name for attestation token

Fix failing CI

Modify protoc version

Update protoc version

Update protoc version

Update protoc version

Add changes to allow passing vtpm nonce

Add PR review changes to refactor the code

Refactor name change to AttestationResult

Refactor name change to AttestationResult

Return report as json

Format files properly

Fix attestaton changes

Modify changes based on PR review

Add more test coverage

Correct bug in Server test

Rename "FetchAttestationResult" to "AttestationResult"

Send token as part of stream

Fix CI

NOISSUE -  Add DisconnectReq message and TTL support for VM creation (ultravioletrs#428)

* feat: Add DisconnectReq message and TTL support for VM creation

- Introduced DisconnectReq message in cvms.proto to handle disconnection requests.
- Enhanced CreateReq in manager.proto to include a TTL field for virtual machines.
- Updated CLI to accept TTL as a command-line flag during VM creation.
- Modified manager service to remove VMs after the specified TTL duration.
- Adjusted gRPC client connection handling in agent main.go to support new client structure.
- Added mock implementation for gRPC client to facilitate testing.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix: Mark server URL flag as required with error handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

COCOS-407 - Add support for Linux IMA (ultravioletrs#429)

* Added a feature which enables users to fetch IMA measurements and verify them

* Added a feature which enables users to fetch IMA measurements and verify them

* fixed lint error

* fixed according to comments

* fixed according to comments

* fixed according to comments

* fixed according to comments

* final bug fix

Add token measurement command

Add Azure cloud attestation fetching

Add ability to fetch azure attestation token

Remove gcp changes

Remove gcp changes

Add Azure attestation support

Modify pipeline proto checks

Update protoc version

Fix failing CI

fetch token as a file

Convert jwt to json

Small bug fix -- correct file name for attestation token

Fix failing CI

Modify protoc version

Update protoc version

Update protoc version

Update protoc version

Add changes to allow passing vtpm nonce

Add PR review changes to refactor the code

Refactor name change to AttestationResult

Refactor name change to AttestationResult

Return report as json

Format files properly

Fix attestaton changes

Modify changes based on PR review

Add more test coverage

Correct bug in Server test

Rename "FetchAttestationResult" to "AttestationResult"

Send token as part of stream

Fix CI

Rebase changes to main

Refactor after rebase
@dorcaslitunya dorcaslitunya force-pushed the dorcaslitunya/feature/cocos-394 branch from a71c9e1 to a33526f Compare May 21, 2025 06:21
Comment thread agent/cvms/cvms.proto Outdated
Comment thread cmd/agent/main.go Outdated
Comment thread agent/api/grpc/server.go Outdated

@drasko drasko left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@drasko drasko merged commit 94c169f into ultravioletrs:main May 21, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Feature: Cloud Provider Attestation Service Integration

4 participants