COCOS-584 - Support multiple kbs#587
Merged
Merged
Conversation
jovan-djukic
approved these changes
Mar 27, 2026
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #587 +/- ##
==========================================
- Coverage 68.61% 68.47% -0.15%
==========================================
Files 121 121
Lines 7612 7654 +42
==========================================
+ Hits 5223 5241 +18
- Misses 1796 1818 +22
- Partials 593 595 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…nd datasets to specify individual KBS URLs. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…thin the CLI struct, and add algorithm type to agent's algorithm structure. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…as a parameter and adjust related tests Signed-off-by: Sammy Oina <sammyoina@gmail.com>
smithjilks
requested changes
May 4, 2026
| AwsEndpointUrl string | ||
| AwsRegion string | ||
| AaKbsParams string | ||
| } |
Contributor
There was a problem hiding this comment.
Does it make sense to group these into multiple structs to reduce cognitive load?
…skopeo decryption key handling Signed-off-by: Sammy Oina <sammyoina@gmail.com>
smithjilks
approved these changes
May 4, 2026
drasko
pushed a commit
that referenced
this pull request
May 8, 2026
* Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commit d81d67e. * Revert "Bug" This reverts commit 5e566d5. * Revert "Possible bug" This reverts commit 47d13fe. * Revert "Possible IGVM script bug" This reverts commit 3fb1b79. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commit f9f11ed. * Revert "Added command for installing all services" This reverts commit 5dcf7a5. * NOISSUE - Enforce binding label check (#589) * NOISSUE - Implement extensible resource downloader framework with support for S3, GCS, and OCI sources (#590) * feat: implement extensible resource downloader framework with support for S3, GCS, and OCI sources Signed-off-by: SammyOina <sammyoina@gmail.com> * refactor: improve resource URL parsing and add support for bare OCI image references Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix: add empty string check and slash requirement for OCI image inference, and update python unit tests with event mock expectations Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: introduce OCIClient interface, add test coverage for decryption, and improve resource download error handling Signed-off-by: Sammy Oina <sammyoina@gmail.com> * chore: remove trailing whitespace in OCI downloader and HTTP tests Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: SammyOina <sammyoina@gmail.com> Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Refactored baed on comments * Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commit d81d67e. * Revert "Bug" This reverts commit 5e566d5. * Revert "Possible bug" This reverts commit 47d13fe. * Revert "Possible IGVM script bug" This reverts commit 3fb1b79. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commit f9f11ed. * Revert "Added command for installing all services" This reverts commit 5dcf7a5. * Refactored baed on comments * fixed lint error * fixed tests * Fixed according to comments * COCOS-584 - Support multiple kbs (#587) * feat: Implement per-resource KBS configuration, allowing algorithms and datasets to specify individual KBS URLs. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: Encapsulate CLI error handling and CVM certificate paths within the CLI struct, and add algorithm type to agent's algorithm structure. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * style: Remove blank lines and fix indentation in CLI commands. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: Update downloadAndDecryptGenericResource to accept KBS URL as a parameter and adjust related tests Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: group CLI configuration into structured types and simplify skopeo decryption key handling Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commit d81d67e. * Revert "Bug" This reverts commit 5e566d5. * Revert "Possible bug" This reverts commit 47d13fe. * Revert "Possible IGVM script bug" This reverts commit 3fb1b79. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commit f9f11ed. * Revert "Added command for installing all services" This reverts commit 5dcf7a5. * Refactored baed on comments * Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commit d81d67e. * Revert "Bug" This reverts commit 5e566d5. * Revert "Possible bug" This reverts commit 47d13fe. * Revert "Possible IGVM script bug" This reverts commit 3fb1b79. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commit f9f11ed. * Revert "Added command for installing all services" This reverts commit 5dcf7a5. * Refactored baed on comments * fixed lint error * fixed tests * Fixed according to comments --------- Signed-off-by: SammyOina <sammyoina@gmail.com> Signed-off-by: Sammy Oina <sammyoina@gmail.com> Co-authored-by: Danko Miladinovic <72250944+danko-miladinovic@users.noreply.github.com> Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
What does this do?
Per-resource KBS configuration: algorithm and dataset KBS URLs now specified individually instead of globally
Which issue(s) does this PR fix/relate to?
Have you included tests for your changes?
Did you document any new/modified feature?
Notes
sequenceDiagram participant Client participant AgentService participant RemoteSource participant KBS participant Algorithm Client->>AgentService: InitComputation (with per-resource KBS) rect rgba(100, 150, 200, 0.5) note over AgentService: Download Algorithm AgentService->>RemoteSource: Fetch Algorithm alt Algorithm.KBS enabled RemoteSource->>KBS: Fetch decryption key (per-algo KBS URL) KBS-->>RemoteSource: Decryption provider end RemoteSource-->>AgentService: Encrypted algorithm AgentService->>AgentService: Decrypt & extract (type-aware) end rect rgba(150, 100, 200, 0.5) note over AgentService: Download Datasets loop Each Dataset AgentService->>RemoteSource: Fetch Dataset alt Dataset.KBS enabled RemoteSource->>KBS: Fetch decryption key (per-dataset KBS URL) KBS-->>RemoteSource: Decryption provider end RemoteSource-->>AgentService: Encrypted dataset AgentService->>AgentService: Decrypt & decompress end end rect rgba(200, 150, 100, 0.5) note over Algorithm,AgentService: Run with Concurrency Safety AgentService->>Algorithm: Run (mutex-protected) Algorithm->>Algorithm: Lock mutex Algorithm->>Algorithm: Start process Algorithm->>Algorithm: Unlock mutex Algorithm-->>AgentService: Running AgentService->>Algorithm: Stop (when needed) Algorithm->>Algorithm: Lock mutex Algorithm->>Algorithm: Kill process Algorithm->>Algorithm: Unlock mutex end AgentService->>AgentService: Cleanup (remove temp files) AgentService-->>Client: Results