Skip to content

NOISSUE - Enforce binding label check#589

Merged
dborovcanin merged 1 commit into
ultravioletrs:mainfrom
danko-miladinovic:satls
Apr 27, 2026
Merged

NOISSUE - Enforce binding label check#589
dborovcanin merged 1 commit into
ultravioletrs:mainfrom
danko-miladinovic:satls

Conversation

@danko-miladinovic

Copy link
Copy Markdown
Contributor

What type of PR is this?

This is a bug fix because it enforces ExporterLabelAttestation check on attestation verification.

What does this do?

Enforces the server and the client to use ExporterLabelAttestation during attestation binding process of attested TLS.

Which issue(s) does this PR fix/relate to?

No issue.

Have you included tests for your changes?

Yes, I have included tests for my changes.

Did you document any new/modified feature?

Documentation is not needed.

Notes

@codecov

codecov Bot commented Apr 17, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 70.83333% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.41%. Comparing base (b44780d) to head (9cd6ac2).

Files with missing lines Patch % Lines
pkg/atls/eaattestation/types.go 66.66% 1 Missing and 1 partial ⚠️
pkg/atls/eaattestation/verify.go 75.00% 2 Missing ⚠️
pkg/atls/internal_transport/conn.go 0.00% 1 Missing and 1 partial ⚠️
pkg/atls/ea/cmw_attestation.go 66.66% 0 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #589      +/-   ##
==========================================
+ Coverage   68.36%   68.41%   +0.04%     
==========================================
  Files         116      116              
  Lines        7344     7358      +14     
==========================================
+ Hits         5021     5034      +13     
- Misses       1746     1748       +2     
+ Partials      577      576       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dborovcanin dborovcanin merged commit 3b9841a into ultravioletrs:main Apr 27, 2026
10 checks passed
drasko pushed a commit that referenced this pull request May 8, 2026
* Added GPU evidence collection

* Added GPU evidence verification

* Added make command for nvattest helper

* Added command for installing all services

* changed attestion-service.service so it knows where the helper is

* Possible IGVM script bug

* Possible bug

* Bug

* bug

* Revert "bug"

This reverts commit d81d67e.

* Revert "Bug"

This reverts commit 5e566d5.

* Revert "Possible bug"

This reverts commit 47d13fe.

* Revert "Possible IGVM script bug"

This reverts commit 3fb1b79.

* Revert "changed attestion-service.service so it knows where the helper is"

This reverts commit f9f11ed.

* Revert "Added command for installing all services"

This reverts commit 5dcf7a5.

* NOISSUE - Enforce binding label check (#589)

* NOISSUE - Implement extensible resource downloader framework with support for S3, GCS, and OCI sources (#590)

* feat: implement extensible resource downloader framework with support for S3, GCS, and OCI sources

Signed-off-by: SammyOina <sammyoina@gmail.com>

* refactor: improve resource URL parsing and add support for bare OCI image references

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix: add empty string check and slash requirement for OCI image inference, and update python unit tests with event mock expectations

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: introduce OCIClient interface, add test coverage for decryption, and improve resource download error handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* chore: remove trailing whitespace in OCI downloader and HTTP tests

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: SammyOina <sammyoina@gmail.com>
Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Refactored baed on comments

* Added GPU evidence collection

* Added GPU evidence verification

* Added make command for nvattest helper

* Added command for installing all services

* changed attestion-service.service so it knows where the helper is

* Possible IGVM script bug

* Possible bug

* Bug

* bug

* Revert "bug"

This reverts commit d81d67e.

* Revert "Bug"

This reverts commit 5e566d5.

* Revert "Possible bug"

This reverts commit 47d13fe.

* Revert "Possible IGVM script bug"

This reverts commit 3fb1b79.

* Revert "changed attestion-service.service so it knows where the helper is"

This reverts commit f9f11ed.

* Revert "Added command for installing all services"

This reverts commit 5dcf7a5.

* Refactored baed on comments

* fixed lint error

* fixed tests

* Fixed according to comments

* COCOS-584 - Support multiple kbs (#587)

* feat: Implement per-resource KBS configuration, allowing algorithms and datasets to specify individual KBS URLs.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: Encapsulate CLI error handling and CVM certificate paths within the CLI struct, and add algorithm type to agent's algorithm structure.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* style: Remove blank lines and fix indentation in CLI commands.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: Update downloadAndDecryptGenericResource to accept KBS URL as a parameter and adjust related tests

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: group CLI configuration into structured types and simplify skopeo decryption key handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Added GPU evidence collection

* Added GPU evidence verification

* Added make command for nvattest helper

* Added command for installing all services

* changed attestion-service.service so it knows where the helper is

* Possible IGVM script bug

* Possible bug

* Bug

* bug

* Revert "bug"

This reverts commit d81d67e.

* Revert "Bug"

This reverts commit 5e566d5.

* Revert "Possible bug"

This reverts commit 47d13fe.

* Revert "Possible IGVM script bug"

This reverts commit 3fb1b79.

* Revert "changed attestion-service.service so it knows where the helper is"

This reverts commit f9f11ed.

* Revert "Added command for installing all services"

This reverts commit 5dcf7a5.

* Refactored baed on comments

* Added GPU evidence collection

* Added GPU evidence verification

* Added make command for nvattest helper

* Added command for installing all services

* changed attestion-service.service so it knows where the helper is

* Possible IGVM script bug

* Possible bug

* Bug

* bug

* Revert "bug"

This reverts commit d81d67e.

* Revert "Bug"

This reverts commit 5e566d5.

* Revert "Possible bug"

This reverts commit 47d13fe.

* Revert "Possible IGVM script bug"

This reverts commit 3fb1b79.

* Revert "changed attestion-service.service so it knows where the helper is"

This reverts commit f9f11ed.

* Revert "Added command for installing all services"

This reverts commit 5dcf7a5.

* Refactored baed on comments

* fixed lint error

* fixed tests

* Fixed according to comments

---------

Signed-off-by: SammyOina <sammyoina@gmail.com>
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Co-authored-by: Danko Miladinovic <72250944+danko-miladinovic@users.noreply.github.com>
Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants