Skip to content

COCOS-584 - Support multiple kbs#587

Merged
drasko merged 5 commits into
ultravioletrs:mainfrom
SammyOina:multi-kbs-2
May 5, 2026
Merged

COCOS-584 - Support multiple kbs#587
drasko merged 5 commits into
ultravioletrs:mainfrom
SammyOina:multi-kbs-2

Conversation

@SammyOina

@SammyOina SammyOina commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

What type of PR is this?

What does this do?

Per-resource KBS configuration: algorithm and dataset KBS URLs now specified individually instead of globally

Which issue(s) does this PR fix/relate to?

Have you included tests for your changes?

Did you document any new/modified feature?

Notes

sequenceDiagram
    participant Client
    participant AgentService
    participant RemoteSource
    participant KBS
    participant Algorithm
    
    Client->>AgentService: InitComputation (with per-resource KBS)
    
    rect rgba(100, 150, 200, 0.5)
    note over AgentService: Download Algorithm
    AgentService->>RemoteSource: Fetch Algorithm
    alt Algorithm.KBS enabled
        RemoteSource->>KBS: Fetch decryption key (per-algo KBS URL)
        KBS-->>RemoteSource: Decryption provider
    end
    RemoteSource-->>AgentService: Encrypted algorithm
    AgentService->>AgentService: Decrypt & extract (type-aware)
    end
    
    rect rgba(150, 100, 200, 0.5)
    note over AgentService: Download Datasets
    loop Each Dataset
        AgentService->>RemoteSource: Fetch Dataset
        alt Dataset.KBS enabled
            RemoteSource->>KBS: Fetch decryption key (per-dataset KBS URL)
            KBS-->>RemoteSource: Decryption provider
        end
        RemoteSource-->>AgentService: Encrypted dataset
        AgentService->>AgentService: Decrypt & decompress
    end
    end
    
    rect rgba(200, 150, 100, 0.5)
    note over Algorithm,AgentService: Run with Concurrency Safety
    AgentService->>Algorithm: Run (mutex-protected)
    Algorithm->>Algorithm: Lock mutex
    Algorithm->>Algorithm: Start process
    Algorithm->>Algorithm: Unlock mutex
    Algorithm-->>AgentService: Running
    AgentService->>Algorithm: Stop (when needed)
    Algorithm->>Algorithm: Lock mutex
    Algorithm->>Algorithm: Kill process
    Algorithm->>Algorithm: Unlock mutex
    end
    
    AgentService->>AgentService: Cleanup (remove temp files)
    AgentService-->>Client: Results
Loading

@codecov

codecov Bot commented Mar 27, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 69.58763% with 59 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.47%. Comparing base (c59a413) to head (d775e36).

Files with missing lines Patch % Lines
agent/service.go 72.83% 19 Missing and 3 partials ⚠️
cli/keys.go 18.18% 9 Missing ⚠️
cli/attestation.go 36.36% 7 Missing ⚠️
cli/attestation_policy.go 25.00% 6 Missing ⚠️
agent/cvms/api/grpc/client.go 66.66% 3 Missing and 1 partial ⚠️
cli/manager.go 91.42% 3 Missing ⚠️
cli/datasets.go 71.42% 2 Missing ⚠️
cli/ima_measurements.go 66.66% 2 Missing ⚠️
cli/result.go 66.66% 2 Missing ⚠️
cli/algorithms.go 83.33% 1 Missing ⚠️
... and 1 more
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #587      +/-   ##
==========================================
- Coverage   68.61%   68.47%   -0.15%     
==========================================
  Files         121      121              
  Lines        7612     7654      +42     
==========================================
+ Hits         5223     5241      +18     
- Misses       1796     1818      +22     
- Partials      593      595       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

…nd datasets to specify individual KBS URLs.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…thin the CLI struct, and add algorithm type to agent's algorithm structure.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…as a parameter and adjust related tests

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Comment thread cli/sdk.go
AwsEndpointUrl string
AwsRegion string
AaKbsParams string
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to group these into multiple structs to reduce cognitive load?

…skopeo decryption key handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
@drasko drasko merged commit d5badba into ultravioletrs:main May 5, 2026
9 of 10 checks passed
drasko pushed a commit that referenced this pull request May 8, 2026
* Added GPU evidence collection

* Added GPU evidence verification

* Added make command for nvattest helper

* Added command for installing all services

* changed attestion-service.service so it knows where the helper is

* Possible IGVM script bug

* Possible bug

* Bug

* bug

* Revert "bug"

This reverts commit d81d67e.

* Revert "Bug"

This reverts commit 5e566d5.

* Revert "Possible bug"

This reverts commit 47d13fe.

* Revert "Possible IGVM script bug"

This reverts commit 3fb1b79.

* Revert "changed attestion-service.service so it knows where the helper is"

This reverts commit f9f11ed.

* Revert "Added command for installing all services"

This reverts commit 5dcf7a5.

* NOISSUE - Enforce binding label check (#589)

* NOISSUE - Implement extensible resource downloader framework with support for S3, GCS, and OCI sources (#590)

* feat: implement extensible resource downloader framework with support for S3, GCS, and OCI sources

Signed-off-by: SammyOina <sammyoina@gmail.com>

* refactor: improve resource URL parsing and add support for bare OCI image references

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix: add empty string check and slash requirement for OCI image inference, and update python unit tests with event mock expectations

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: introduce OCIClient interface, add test coverage for decryption, and improve resource download error handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* chore: remove trailing whitespace in OCI downloader and HTTP tests

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: SammyOina <sammyoina@gmail.com>
Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Refactored baed on comments

* Added GPU evidence collection

* Added GPU evidence verification

* Added make command for nvattest helper

* Added command for installing all services

* changed attestion-service.service so it knows where the helper is

* Possible IGVM script bug

* Possible bug

* Bug

* bug

* Revert "bug"

This reverts commit d81d67e.

* Revert "Bug"

This reverts commit 5e566d5.

* Revert "Possible bug"

This reverts commit 47d13fe.

* Revert "Possible IGVM script bug"

This reverts commit 3fb1b79.

* Revert "changed attestion-service.service so it knows where the helper is"

This reverts commit f9f11ed.

* Revert "Added command for installing all services"

This reverts commit 5dcf7a5.

* Refactored baed on comments

* fixed lint error

* fixed tests

* Fixed according to comments

* COCOS-584 - Support multiple kbs (#587)

* feat: Implement per-resource KBS configuration, allowing algorithms and datasets to specify individual KBS URLs.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: Encapsulate CLI error handling and CVM certificate paths within the CLI struct, and add algorithm type to agent's algorithm structure.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* style: Remove blank lines and fix indentation in CLI commands.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: Update downloadAndDecryptGenericResource to accept KBS URL as a parameter and adjust related tests

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: group CLI configuration into structured types and simplify skopeo decryption key handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Added GPU evidence collection

* Added GPU evidence verification

* Added make command for nvattest helper

* Added command for installing all services

* changed attestion-service.service so it knows where the helper is

* Possible IGVM script bug

* Possible bug

* Bug

* bug

* Revert "bug"

This reverts commit d81d67e.

* Revert "Bug"

This reverts commit 5e566d5.

* Revert "Possible bug"

This reverts commit 47d13fe.

* Revert "Possible IGVM script bug"

This reverts commit 3fb1b79.

* Revert "changed attestion-service.service so it knows where the helper is"

This reverts commit f9f11ed.

* Revert "Added command for installing all services"

This reverts commit 5dcf7a5.

* Refactored baed on comments

* Added GPU evidence collection

* Added GPU evidence verification

* Added make command for nvattest helper

* Added command for installing all services

* changed attestion-service.service so it knows where the helper is

* Possible IGVM script bug

* Possible bug

* Bug

* bug

* Revert "bug"

This reverts commit d81d67e.

* Revert "Bug"

This reverts commit 5e566d5.

* Revert "Possible bug"

This reverts commit 47d13fe.

* Revert "Possible IGVM script bug"

This reverts commit 3fb1b79.

* Revert "changed attestion-service.service so it knows where the helper is"

This reverts commit f9f11ed.

* Revert "Added command for installing all services"

This reverts commit 5dcf7a5.

* Refactored baed on comments

* fixed lint error

* fixed tests

* Fixed according to comments

---------

Signed-off-by: SammyOina <sammyoina@gmail.com>
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Co-authored-by: Danko Miladinovic <72250944+danko-miladinovic@users.noreply.github.com>
Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Support multiple KBS per resource

4 participants