Skip to content

UID2-4808 Add AKS protocol for AzureCCCoreAttestationService #374

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cYKatherine merged 20 commits into from
Feb 6, 2025
Merged

UID2-4808 Add AKS protocol for AzureCCCoreAttestationService #374

cYKatherine merged 20 commits into from
Feb 6, 2025

Conversation

@cYKatherine
Copy link
Contributor

@cYKatherine cYKatherine commented Feb 3, 2025
edited
Loading

@cYKatherine cYKatherine self-assigned this Feb 3, 2025
@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch from 71335dc to 79b38c1 Compare February 4, 2025 00:19
@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch from 79b38c1 to 25ef824 Compare February 4, 2025 02:46
cYKatherine
cYKatherine commented Feb 4, 2025
View reviewed changes
src/test/java/com/uid2/shared/secure/AzureCCAksCoreAttestationServiceTest.java Outdated

@Test
public void testHappyPath() throws AttestationException {
var provider = new AzureCCAksCoreAttestationService(alwaysPassTokenValidator, alwaysPassPolicyValidator);
Copy link
Contributor Author

@cYKatherine cYKatherine Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file is exactly the same as src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java, except testing on AzureCCAksCoreAttestationService

cYKatherine
cYKatherine commented Feb 4, 2025
View reviewed changes
src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java Outdated
.vmDebuggable(false)
.runtimeData(generateBasicRuntimeData())
.ccePolicyDigest(CCE_POLICY_DIGEST)
.azureProtocol("azure-cc")
Copy link
Contributor Author

@cYKatherine cYKatherine Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By default set it to be azure-cc. Test AKS in the tests below.

Copy link
Contributor

@mcollins-ttd mcollins-ttd Feb 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use MaaTokenPayload.AZURE_CC_ACI_PROTOCOL here?

cody-constine-ttd
cody-constine-ttd reviewed Feb 4, 2025
View reviewed changes
src/main/java/com/uid2/shared/secure/AzureCCAksCoreAttestationService.java Outdated

// CC stands for Confidential Container
@Slf4j
public class AzureCCAksCoreAttestationService extends AzureCCCoreAttestationServiceBase {
Copy link
Collaborator

@cody-constine-ttd cody-constine-ttd Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we actually need child classes for these? Could they just be one class that takes in the AZURE_CC_PROTOCOL?

@cYKatherine cYKatherine changed the title UID2-4808 Add paraent class for AzureCCCoreAttestationService UID2-4808 Add AKS protocol for AzureCCCoreAttestationService Feb 4, 2025
sunnywu
sunnywu reviewed Feb 5, 2025
View reviewed changes
mcollins-ttd
mcollins-ttd reviewed Feb 5, 2025
View reviewed changes
mcollins-ttd
mcollins-ttd reviewed Feb 5, 2025
View reviewed changes
src/main/java/com/uid2/shared/secure/azurecc/IMaaTokenSignatureValidator.java
* @throws AttestationException
*/
MaaTokenPayload validate(String tokenString) throws AttestationException;
MaaTokenPayload validate(String tokenString, String protocol) throws AttestationException;
Copy link
Contributor

@mcollins-ttd mcollins-ttd Feb 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we introduce an enum for the protocols instead of using a String?

mcollins-ttd
mcollins-ttd reviewed Feb 5, 2025
View reviewed changes
@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch 3 times, most recently from c0056d8 to 8b3af91 Compare February 5, 2025 22:35
@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch from 8b3af91 to a34056a Compare February 5, 2025 22:38
mcollins-ttd
mcollins-ttd reviewed Feb 6, 2025
View reviewed changes
src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java Outdated
.vmDebuggable(false)
.runtimeData(generateBasicRuntimeData())
.ccePolicyDigest(CCE_POLICY_DIGEST)
.azureProtocol("azure-cc")
Copy link
Contributor

@mcollins-ttd mcollins-ttd Feb 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use MaaTokenPayload.AZURE_CC_ACI_PROTOCOL here?

@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch from ffeb876 to ed3c07d Compare February 6, 2025 02:39
@cYKatherine cYKatherine merged commit 4d8dd46 into main Feb 6, 2025
3 checks passed
@cYKatherine cYKatherine deleted the kcc-UID2-4808-add-enclave-id-aks branch February 6, 2025 02:58
mcollins-ttd added a commit that referenced this pull request Mar 18, 2025
@mcollins-ttd
Revert "UID2-4808 Add AKS protocol for AzureCCCoreAttestationService (
13ff31d 
#374)"

This reverts commit 4d8dd46.

# Conflicts:
#	pom.xml
mcollins-ttd added a commit that referenced this pull request Mar 18, 2025
@mcollins-ttd
Merge pull request #402 from IABTechLab/mkc-UID2-4963-remove-azure-cc…
203a178 
…-aks-attestation

Revert "UID2-4808 Add AKS protocol for `AzureCCCoreAttestationService`" (#374)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cody-constine-ttd cody-constine-ttd cody-constine-ttd left review comments

@sunnywu sunnywu sunnywu approved these changes

@mcollins-ttd mcollins-ttd mcollins-ttd approved these changes

@thomasm-ttd thomasm-ttd Awaiting requested review from thomasm-ttd

@asloobq asloobq Awaiting requested review from asloobq

@vishalegbert-ttd vishalegbert-ttd Awaiting requested review from vishalegbert-ttd

@abuabraham-ttd abuabraham-ttd Awaiting requested review from abuabraham-ttd

Assignees

@cYKatherine cYKatherine

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cYKatherine @sunnywu @cody-constine-ttd @mcollins-ttd