NOISSUE - Enforce binding label check#589
Merged
Merged
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #589 +/- ##
==========================================
+ Coverage 68.36% 68.41% +0.04%
==========================================
Files 116 116
Lines 7344 7358 +14
==========================================
+ Hits 5021 5034 +13
- Misses 1746 1748 +2
+ Partials 577 576 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
SammyOina
approved these changes
Apr 27, 2026
drasko
pushed a commit
that referenced
this pull request
May 8, 2026
* Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commit d81d67e. * Revert "Bug" This reverts commit 5e566d5. * Revert "Possible bug" This reverts commit 47d13fe. * Revert "Possible IGVM script bug" This reverts commit 3fb1b79. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commit f9f11ed. * Revert "Added command for installing all services" This reverts commit 5dcf7a5. * NOISSUE - Enforce binding label check (#589) * NOISSUE - Implement extensible resource downloader framework with support for S3, GCS, and OCI sources (#590) * feat: implement extensible resource downloader framework with support for S3, GCS, and OCI sources Signed-off-by: SammyOina <sammyoina@gmail.com> * refactor: improve resource URL parsing and add support for bare OCI image references Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix: add empty string check and slash requirement for OCI image inference, and update python unit tests with event mock expectations Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: introduce OCIClient interface, add test coverage for decryption, and improve resource download error handling Signed-off-by: Sammy Oina <sammyoina@gmail.com> * chore: remove trailing whitespace in OCI downloader and HTTP tests Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: SammyOina <sammyoina@gmail.com> Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Refactored baed on comments * Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commit d81d67e. * Revert "Bug" This reverts commit 5e566d5. * Revert "Possible bug" This reverts commit 47d13fe. * Revert "Possible IGVM script bug" This reverts commit 3fb1b79. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commit f9f11ed. * Revert "Added command for installing all services" This reverts commit 5dcf7a5. * Refactored baed on comments * fixed lint error * fixed tests * Fixed according to comments * COCOS-584 - Support multiple kbs (#587) * feat: Implement per-resource KBS configuration, allowing algorithms and datasets to specify individual KBS URLs. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: Encapsulate CLI error handling and CVM certificate paths within the CLI struct, and add algorithm type to agent's algorithm structure. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * style: Remove blank lines and fix indentation in CLI commands. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: Update downloadAndDecryptGenericResource to accept KBS URL as a parameter and adjust related tests Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: group CLI configuration into structured types and simplify skopeo decryption key handling Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commit d81d67e. * Revert "Bug" This reverts commit 5e566d5. * Revert "Possible bug" This reverts commit 47d13fe. * Revert "Possible IGVM script bug" This reverts commit 3fb1b79. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commit f9f11ed. * Revert "Added command for installing all services" This reverts commit 5dcf7a5. * Refactored baed on comments * Added GPU evidence collection * Added GPU evidence verification * Added make command for nvattest helper * Added command for installing all services * changed attestion-service.service so it knows where the helper is * Possible IGVM script bug * Possible bug * Bug * bug * Revert "bug" This reverts commit d81d67e. * Revert "Bug" This reverts commit 5e566d5. * Revert "Possible bug" This reverts commit 47d13fe. * Revert "Possible IGVM script bug" This reverts commit 3fb1b79. * Revert "changed attestion-service.service so it knows where the helper is" This reverts commit f9f11ed. * Revert "Added command for installing all services" This reverts commit 5dcf7a5. * Refactored baed on comments * fixed lint error * fixed tests * Fixed according to comments --------- Signed-off-by: SammyOina <sammyoina@gmail.com> Signed-off-by: Sammy Oina <sammyoina@gmail.com> Co-authored-by: Danko Miladinovic <72250944+danko-miladinovic@users.noreply.github.com> Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
This is a bug fix because it enforces
ExporterLabelAttestationcheck on attestation verification.What does this do?
Enforces the server and the client to use
ExporterLabelAttestationduring attestation binding process of attested TLS.Which issue(s) does this PR fix/relate to?
No issue.
Have you included tests for your changes?
Yes, I have included tests for my changes.
Did you document any new/modified feature?
Documentation is not needed.
Notes