COCOS-394 Cloud Provider Attestation Service Integration #421
Merged
drasko merged 9 commits intoMay 21, 2025
Conversation
SammyOina
requested changes
Apr 9, 2025
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #421 +/- ##
==========================================
+ Coverage 47.98% 48.62% +0.63%
==========================================
Files 63 64 +1
Lines 5912 6096 +184
==========================================
+ Hits 2837 2964 +127
- Misses 2769 2815 +46
- Partials 306 317 +11 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
SammyOina
requested changes
May 6, 2025
657cc63 to
7592e4f
Compare
Add Azure cloud attestation fetching Add ability to fetch azure attestation token Remove gcp changes Remove gcp changes Add Azure attestation support Modify pipeline proto checks Update protoc version Fix failing CI fetch token as a file Convert jwt to json Small bug fix -- correct file name for attestation token Fix failing CI Modify protoc version Update protoc version Update protoc version Update protoc version Add changes to allow passing vtpm nonce Add PR review changes to refactor the code Refactor name change to AttestationResult Refactor name change to AttestationResult Return report as json Format files properly Fix attestaton changes Modify changes based on PR review Add more test coverage Correct bug in Server test Rename "FetchAttestationResult" to "AttestationResult" Send token as part of stream Fix CI NOISSUE - Add DisconnectReq message and TTL support for VM creation (ultravioletrs#428) * feat: Add DisconnectReq message and TTL support for VM creation - Introduced DisconnectReq message in cvms.proto to handle disconnection requests. - Enhanced CreateReq in manager.proto to include a TTL field for virtual machines. - Updated CLI to accept TTL as a command-line flag during VM creation. - Modified manager service to remove VMs after the specified TTL duration. - Adjusted gRPC client connection handling in agent main.go to support new client structure. - Added mock implementation for gRPC client to facilitate testing. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix: Mark server URL flag as required with error handling Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> COCOS-407 - Add support for Linux IMA (ultravioletrs#429) * Added a feature which enables users to fetch IMA measurements and verify them * Added a feature which enables users to fetch IMA measurements and verify them * fixed lint error * fixed according to comments * fixed according to comments * fixed according to comments * fixed according to comments * final bug fix Add token measurement command Add Azure cloud attestation fetching Add ability to fetch azure attestation token Remove gcp changes Remove gcp changes Add Azure attestation support Modify pipeline proto checks Update protoc version Fix failing CI fetch token as a file Convert jwt to json Small bug fix -- correct file name for attestation token Fix failing CI Modify protoc version Update protoc version Update protoc version Update protoc version Add changes to allow passing vtpm nonce Add PR review changes to refactor the code Refactor name change to AttestationResult Refactor name change to AttestationResult Return report as json Format files properly Fix attestaton changes Modify changes based on PR review Add more test coverage Correct bug in Server test Rename "FetchAttestationResult" to "AttestationResult" Send token as part of stream Fix CI Rebase changes to main Refactor after rebase
* add CC platform identification capability * add token verification * add snp azure * add azure snp report verification * fix linter errors * fix agent tests * expand the CC provider * fix azure atls * rebase branch * add nonce check for azure token * rename package attestations * remove alias attestations --------- Co-authored-by: Ubuntu <azureuser@UVCTestCVM.bu0p0zdolasezg1jifpyqhaxuc.dx.internal.cloudapp.net>
Add Azure cloud attestation fetching Add ability to fetch azure attestation token Remove gcp changes Remove gcp changes Add Azure attestation support Modify pipeline proto checks Update protoc version Fix failing CI fetch token as a file Convert jwt to json Small bug fix -- correct file name for attestation token Fix failing CI Modify protoc version Update protoc version Update protoc version Update protoc version Add changes to allow passing vtpm nonce Add PR review changes to refactor the code Refactor name change to AttestationResult Refactor name change to AttestationResult Return report as json Format files properly Fix attestaton changes Modify changes based on PR review Add more test coverage Correct bug in Server test Rename "FetchAttestationResult" to "AttestationResult" Send token as part of stream Fix CI NOISSUE - Add DisconnectReq message and TTL support for VM creation (ultravioletrs#428) * feat: Add DisconnectReq message and TTL support for VM creation - Introduced DisconnectReq message in cvms.proto to handle disconnection requests. - Enhanced CreateReq in manager.proto to include a TTL field for virtual machines. - Updated CLI to accept TTL as a command-line flag during VM creation. - Modified manager service to remove VMs after the specified TTL duration. - Adjusted gRPC client connection handling in agent main.go to support new client structure. - Added mock implementation for gRPC client to facilitate testing. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix: Mark server URL flag as required with error handling Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> COCOS-407 - Add support for Linux IMA (ultravioletrs#429) * Added a feature which enables users to fetch IMA measurements and verify them * Added a feature which enables users to fetch IMA measurements and verify them * fixed lint error * fixed according to comments * fixed according to comments * fixed according to comments * fixed according to comments * final bug fix Add token measurement command Add Azure cloud attestation fetching Add ability to fetch azure attestation token Remove gcp changes Remove gcp changes Add Azure attestation support Modify pipeline proto checks Update protoc version Fix failing CI fetch token as a file Convert jwt to json Small bug fix -- correct file name for attestation token Fix failing CI Modify protoc version Update protoc version Update protoc version Update protoc version Add changes to allow passing vtpm nonce Add PR review changes to refactor the code Refactor name change to AttestationResult Refactor name change to AttestationResult Return report as json Format files properly Fix attestaton changes Modify changes based on PR review Add more test coverage Correct bug in Server test Rename "FetchAttestationResult" to "AttestationResult" Send token as part of stream Fix CI Rebase changes to main Refactor after rebase
a71c9e1 to
a33526f
Compare
SammyOina
requested changes
May 21, 2025
SammyOina
approved these changes
May 21, 2025
drasko
requested changes
May 21, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
This is a feature because it adds the following functionality: Ability to validate an azure attestation report using Azure Attestation Verification Service.
-->
What does this do?
Adds the ability for the agent to get the verification token from the CVM and verify it on the CLI.
Which issue(s) does this PR fix/relate to
Have you included tests for your changes?
No, I have not included tests because it is a work in progress.
Did you document any new/modified feature?
No, I have not updated the documentation because it is a work in progress.