Add attester specific option support #40
Open
+794
−65
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Endpoint chares now gathers the output of GetEvidence() from each sub-attesters, combines them into a CMW collection, and wrap it as an EAT in its response. If there are multiple supported format available from a sub-attesters, ratsd core picks the first available format from GetSupportedFormats() Signed-off-by: Ian Chin Wang <[email protected]>
Signed-off-by: Ian Chin Wang <[email protected]>
Add MockTSM attester as the wrapper of the faketsm from google/go-configfs-tsm repo to enable mock mode Signed-off-by: Ian Chin Wang <[email protected]>
Signed-off-by: Ian Chin Wang <[email protected]>
Add a way for users to specify attester-specific options in /chares endpoint. Each attesters is responsible for parsing the parameters. If the options are not supplied in the request, the attester should continue with the default options. Options specified for unavailable attesters are ignored by ratsd. Signed-off-by: Ian Chin Wang <[email protected]>
MockTSM now takes the support of options, only privilege_level is
supported at this time. The schema is defined as the following:
mocktsm:{"privilege_level": "$level"}. Replace $level with number 0-3
Signed-off-by: Ian Chin Wang <[email protected]>
cowbon
requested review from
thomas-fossati,
deeglaze,
iolivergithub and
jraman567
as code owners
| if err != nil { | ||
| errMsg := fmt.Sprintf( | ||
| "failed to parse attester selection: %s", err.Error()) | ||
| p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg) |
There was a problem hiding this comment.
this is a client error (4xx) rather than a server error (5xx)
| in := &compositor.EvidenceIn{ | ||
| ContentType: formatOut.Formats[0].ContentType, | ||
| Nonce: nonce, | ||
| Options: string(params), |
There was a problem hiding this comment.
The JSON raw message is a []byte, so there should be no need to wrap it into a string.
| }{ | ||
| { | ||
| "no params", | ||
| fmt.Sprintf("{\"nonce\": \"%s\"}", validNonce), |
There was a problem hiding this comment.
You can avoid escaping by using "backtick-strings”:
testMetaValid = []byte(`{
"signer": {
"name": "ACME Ltd signing key",
"uri": "https://acme.example"
},
"validity": {
"not-before": "2021-12-31T00:00:00Z",
"not-after": "2025-12-31T00:00:00Z"
}
}`)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It's not a simple task to deal with exposing the custom options for each attester. This PR assumes the users will know the input format of each attester beforehand. The following is an example of the request with the options
The selection of what goes into the EAT, however, is beyond the scope of this PR, and will be added soon.