-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
attestationconfigapi: revise upload frequency (#3238)
* Add attestationconfigapi compare command * Only upload the lowest version for each verify test --------- Signed-off-by: Daniel Weiße <[email protected]>
- Loading branch information
1 parent
a6b0885
commit 6c24963
Showing
8 changed files
with
153 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
/* | ||
Copyright (c) Edgeless Systems GmbH | ||
SPDX-License-Identifier: AGPL-3.0-only | ||
*/ | ||
package main | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
"slices" | ||
|
||
"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi/cli/client" | ||
"github.com/edgelesssys/constellation/v2/internal/attestation/variant" | ||
"github.com/edgelesssys/constellation/v2/internal/file" | ||
"github.com/edgelesssys/constellation/v2/internal/verify" | ||
"github.com/google/go-tdx-guest/proto/tdx" | ||
"github.com/spf13/afero" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
func newCompareCmd() *cobra.Command { | ||
cmd := &cobra.Command{ | ||
Use: "compare VARIANT FILE [FILE...]", | ||
Short: "Returns the minimum version of all given attestation reports.", | ||
Long: "Compare a list of attestation reports and return the report with the minimum version.", | ||
Example: "cli compare azure-sev-snp report1.json report2.json", | ||
Args: cobra.MatchAll(cobra.MinimumNArgs(2), arg0isAttestationVariant()), | ||
RunE: runCompare, | ||
} | ||
|
||
return cmd | ||
} | ||
|
||
func runCompare(cmd *cobra.Command, args []string) error { | ||
cmd.SetOut(os.Stdout) | ||
|
||
variant, err := variant.FromString(args[0]) | ||
if err != nil { | ||
return fmt.Errorf("parsing variant: %w", err) | ||
} | ||
|
||
return compare(cmd, variant, args[1:], file.NewHandler(afero.NewOsFs())) | ||
} | ||
|
||
func compare(cmd *cobra.Command, attestationVariant variant.Variant, files []string, fs file.Handler) (retErr error) { | ||
if !slices.Contains([]variant.Variant{variant.AWSSEVSNP{}, variant.AzureSEVSNP{}, variant.GCPSEVSNP{}, variant.AzureTDX{}}, attestationVariant) { | ||
return fmt.Errorf("variant %s not supported", attestationVariant) | ||
} | ||
|
||
lowestVersion, err := compareVersions(attestationVariant, files, fs) | ||
if err != nil { | ||
return fmt.Errorf("comparing versions: %w", err) | ||
} | ||
|
||
cmd.Println(lowestVersion) | ||
return nil | ||
} | ||
|
||
func compareVersions(attestationVariant variant.Variant, files []string, fs file.Handler) (string, error) { | ||
readReport := readSNPReport | ||
if attestationVariant.Equal(variant.AzureTDX{}) { | ||
readReport = readTDXReport | ||
} | ||
|
||
lowestVersion := files[0] | ||
lowestReport, err := readReport(files[0], fs) | ||
if err != nil { | ||
return "", fmt.Errorf("reading tdx report: %w", err) | ||
} | ||
|
||
for _, file := range files[1:] { | ||
report, err := readReport(file, fs) | ||
if err != nil { | ||
return "", fmt.Errorf("reading tdx report: %w", err) | ||
} | ||
|
||
if client.IsInputNewerThanOtherVersion(attestationVariant, lowestReport, report) { | ||
lowestVersion = file | ||
lowestReport = report | ||
} | ||
} | ||
|
||
return lowestVersion, nil | ||
} | ||
|
||
func readSNPReport(file string, fs file.Handler) (any, error) { | ||
var report verify.Report | ||
if err := fs.ReadJSON(file, &report); err != nil { | ||
return nil, fmt.Errorf("reading snp report: %w", err) | ||
} | ||
return convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB), nil | ||
} | ||
|
||
func readTDXReport(file string, fs file.Handler) (any, error) { | ||
var report *tdx.QuoteV4 | ||
if err := fs.ReadJSON(file, &report); err != nil { | ||
return nil, fmt.Errorf("reading tdx report: %w", err) | ||
} | ||
return convertQuoteToTDXVersion(report), nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters