Skip to content

NOISSUE - Implement structured logging with log forwarding for ingress-proxy and computation-runner, update component versions, and improve aTLS initialization and error handling.#583

Merged
drasko merged 6 commits into
ultravioletrs:mainfrom
SammyOina:fix-atls
Mar 23, 2026

Conversation

@SammyOina

@SammyOina SammyOina commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

What type of PR is this?

What does this do?

Which issue(s) does this PR fix/relate to?

  • Related Issue #
  • Resolves #

Have you included tests for your changes?

Did you document any new/modified feature?

Notes

image

…roxy` and `computation-runner`, update component versions, and improve aTLS initialization and error handling.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…component versions.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…nternal CVM server TLS to Ingress Proxy, and update component versions.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
@SammyOina SammyOina changed the title feat: Implement structured logging with log forwarding for ingress-proxy and computation-runner, update component versions, and improve aTLS initialization and error handling. NOISSUE - Implement structured logging with log forwarding for ingress-proxy and computation-runner, update component versions, and improve aTLS initialization and error handling. Mar 23, 2026
…h and remove local development keys and encrypted algorithm.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
@codecov

codecov Bot commented Mar 23, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 80.82192% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.54%. Comparing base (c1cbcec) to head (aa644b6).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
agent/cvms/server/cvm.go 66.66% 6 Missing and 5 partials ⚠️
pkg/atls/certificate_verifier.go 89.65% 3 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #583      +/-   ##
==========================================
+ Coverage   73.49%   73.54%   +0.04%     
==========================================
  Files          99       96       -3     
  Lines        6358     6123     -235     
==========================================
- Hits         4673     4503     -170     
+ Misses       1265     1205      -60     
+ Partials      420      415       -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

teeNonce := append(pubKey, nonce...)
hashNonce := sha3.Sum512(teeNonce)
// The attestation provider truncates the 64-byte hash to 32 bytes before sending it to the TEE
expectedNonce := hashNonce[:32]

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the hash nonce 32 bytes? Is there a specific reason.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason we truncate the 64-byte sha3.Sum512 hash to 32 bytes is to satisfy the AttestationService gRPC API and the EAT token claims standard (RFC 9711).

API Consistency: The AttestationService interface specifically defines the Nonce field as 32 bytes (256 bits).

I will add a comment as well

…erver implementations.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Signed-off-by: Sammy Oina <sammyoina@gmail.com>

@danko-miladinovic danko-miladinovic left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@SammyOina SammyOina self-assigned this Mar 23, 2026
@drasko drasko merged commit 42b0552 into ultravioletrs:main Mar 23, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants