xuy-UID2-4719 use operator-key as name

clarkxuyang · clarkxuyang · commit 91def1e7ba31 · 2025-01-24T09:55:35.000-08:00
diff --git a/scripts/aws/ec2.py b/scripts/aws/ec2.py
@@ -16,7 +16,7 @@
 import yaml
 
 sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
-from confidential_compute import ConfidentialCompute, ConfidentialComputeConfig, MissingInstanceProfile, ApiTokenNotFound, InvalidConfigValue, ConfidentialComputeStartupException
+from confidential_compute import ConfidentialCompute, ConfidentialComputeConfig, MissingInstanceProfile, OperatorKeyNotFound, InvalidConfigValue, ConfidentialComputeStartupException
 
 class AWSConfidentialComputeConfig(ConfidentialComputeConfig):
     enclave_memory_mb: int
@@ -103,7 +103,7 @@ def add_defaults(configs: Dict[str, any]) ->  None:
         except NoCredentialsError as _:
             raise MissingInstanceProfile(self.__class__.__name__)
         except ClientError as _:
-            raise ApiTokenNotFound(self.__class__.__name__, f"Secret Manager {secret_identifier} in {region}")
+            raise OperatorKeyNotFound(self.__class__.__name__, f"Secret Manager {secret_identifier} in {region}")
         
     @staticmethod
     def __get_max_capacity():
diff --git a/scripts/azure-cc/azureEntryPoint.py b/scripts/azure-cc/azureEntryPoint.py
@@ -10,7 +10,7 @@
 import logging
 
 sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
-from confidential_compute import ConfidentialCompute, MissingConfig, MissingInstanceProfile, AuxiliariesException, SecretAccessDenied, ApiTokenNotFound, ConfidentialComputeStartupException 
+from confidential_compute import ConfidentialCompute, MissingConfig, MissingInstanceProfile, AuxiliariesException, OperatorKeyAccessDenied, OperatorKeyNotFound, ConfidentialComputeStartupException 
 from azure.keyvault.secrets import SecretClient
 from azure.identity import DefaultAzureCredential, CredentialUnavailableError
 from azure.core.exceptions import ResourceNotFoundError, ClientAuthenticationError
@@ -73,30 +73,30 @@ def __set_base_urls(self):
             self.configs["core_base_url"] = jdata["core_attest_url"]
             self.configs["optout_base_url"] = jdata["optout_api_uri"]
 
-    def __set_api_token(self):
+    def __set_operator_key(self):
         try:
             credential = DefaultAzureCredential()
             kv_URL = f"https://{AzureEntryPoint.kv_name}.vault.azure.net"
             secret_client = SecretClient(vault_url=kv_URL, credential=credential)
             secret = secret_client.get_secret(AzureEntryPoint.secret_name)
             # print(f"Secret Value: {secret.value}")
-            self.configs["api_token"] = secret.value
+            self.configs["operator_key"] = secret.value
 
         except (CredentialUnavailableError, ClientAuthenticationError) as auth_error:
             logging.error(f"Read operator key, authentication error: {auth_error}")
-            raise SecretAccessDenied(self.__class__.__name__, str(auth_error))
+            raise OperatorKeyAccessDenied(self.__class__.__name__, str(auth_error))
         except ResourceNotFoundError as not_found_error:
             logging.error(f"Read operator key, secret not found: {AzureEntryPoint.secret_name}. Error: {not_found_error}")
-            raise ApiTokenNotFound(self.__class__.__name__, str(not_found_error))
+            raise OperatorKeyNotFound(self.__class__.__name__, str(not_found_error))
         
 
     def _set_confidential_config(self, secret_identifier: str = None):
         self.configs["skip_validations"] = os.getenv("SKIP_VALIDATIONS", "false").lower() == "true"
         self.configs["debug_mode"] = os.getenv("DEBUG_MODE", "false").lower() == "true"
         self.configs["environment"] = AzureEntryPoint.env_name
 
-        # set self.configs["api_token"]
-        self.__set_api_token()
+        # set self.configs["operator_key"]
+        self.__set_operator_key()
         # set base urls from final config file
         self.__set_base_urls()
 
diff --git a/scripts/confidential_compute.py b/scripts/confidential_compute.py
@@ -8,7 +8,7 @@
 import logging
 
 class ConfidentialComputeConfig(TypedDict):
-    api_token: str
+    operator_key: str
     core_base_url: str
     optout_base_url: str
     environment: str
@@ -29,7 +29,7 @@ class MissingInstanceProfile(ConfidentialComputeStartupException):
     def __init__(self, cls, message = None):
         super().__init__(error_name=f"E01: {self.__class__.__name__}", provider=cls, extra_message=message)
 
-class ApiTokenNotFound(ConfidentialComputeStartupException):
+class OperatorKeyNotFound(ConfidentialComputeStartupException):
     def __init__(self, cls, message = None):
         super().__init__(error_name=f"E02: {self.__class__.__name__}", provider=cls, extra_message=message)
 
@@ -53,7 +53,7 @@ class AuxiliariesException(ConfidentialComputeStartupException):
     def __init__(self, cls, inner_message = None):
         super().__init__(error_name=f"E07: {self.__class__.__name__}", provider=cls, extra_message=inner_message)
 
-class SecretAccessDenied(ConfidentialComputeStartupException):
+class OperatorKeyAccessDenied(ConfidentialComputeStartupException):
     def __init__(self, cls, message = None):
         super().__init__(error_name=f"E08: {self.__class__.__name__}", provider=cls, extra_message=message)
 
@@ -67,7 +67,7 @@ def validate_configuration(self):
         logging.info("Validating configurations provided")
         def validate_operator_key():
             """ Validates the operator key format and its environment alignment."""
-            operator_key = self.configs.get("api_token")
+            operator_key = self.configs.get("operator_key")
             pattern = r"^(UID2|EUID)-.\-(I|P|L)-\d+-.*$"
             if re.match(pattern, operator_key):
                 env = self.configs.get("environment", "").lower()
diff --git a/scripts/gcp-oidc/gcp.py b/scripts/gcp-oidc/gcp.py
@@ -10,7 +10,7 @@
 from google.api_core.exceptions import PermissionDenied, NotFound
 
 sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
-from confidential_compute import ConfidentialCompute, ConfidentialComputeConfig, MissingConfig, ApiTokenNotFound, SecretAccessDenied, ConfidentialComputeStartupException
+from confidential_compute import ConfidentialCompute, ConfidentialComputeConfig, MissingConfig, OperatorKeyNotFound, OperatorKeyAccessDenied, ConfidentialComputeStartupException
 
 class GCPEntryPoint(ConfidentialCompute):
 
@@ -39,10 +39,10 @@ def _set_confidential_config(self, secret_identifier=None) -> None:
             response = client.access_secret_version(name=secret_version_name)
             secret_value = response.payload.data.decode("UTF-8")
         except (PermissionDenied, DefaultCredentialsError) as e:
-            raise SecretAccessDenied(self.__class__.__name__, str(e))
+            raise OperatorKeyAccessDenied(self.__class__.__name__, str(e))
         except NotFound:
-            raise ApiTokenNotFound(self.__class__.__name__, f"Secret Manager {os.getenv("API_TOKEN_SECRET_NAME")}")
-        self.config["api_token"] = secret_value
+            raise OperatorKeyNotFound(self.__class__.__name__, f"Secret Manager {os.getenv("API_TOKEN_SECRET_NAME")}")
+        self.config["operator_key"] = secret_value
     
     def __populate_operator_config(self, destination):
         target_config = f"/app/conf/{self.configs["environment"].lower()}-config.json"
