* feat(kbs): implement KBS client for attestation and resource retrieval
- Added KBS client implementation in pkg/kbs/client.go with methods for attestation and resource retrieval.
- Introduced necessary data structures for requests and responses.
- Implemented error handling for various scenarios.
test(kbs): add unit tests for KBS client
- Created comprehensive tests for the KBS client in pkg/kbs/client_test.go.
- Included tests for attestation success and failure cases, as well as resource retrieval.
feat(registry): introduce HTTP and S3 registry implementations
- Added HTTPRegistry for downloading resources over HTTP/HTTPS with retry logic in pkg/registry/http.go.
- Implemented S3Registry for downloading resources from AWS S3 and S3-compatible services in pkg/registry/s3.go.
- Included error handling and configuration options for both registries.
chore(registry): define registry interface and configuration
- Created registry interface and configuration struct in pkg/registry/registry.go.
- Added default configuration settings for registry clients.
docs(cvms): update README for CVMS server configuration and usage
- Enhanced documentation for CVMS server with detailed command-line flags and usage examples.
- Clarified direct upload and remote resource modes, including KBS integration.
fix(cvms): integrate KBS for remote resource handling in main.go
- Updated main.go to support remote datasets and algorithms using KBS.
- Added validation for command-line flags to ensure proper configuration.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: Move ifeq conditional outside define block in attestation-service.mk
Make conditionals cannot be evaluated inside define...endef blocks
when used as recipe bodies. Restructured to define the
ATTESTATION_SERVICE_INSTALL_INIT_SYSTEMD block conditionally based
on BR2_PACKAGE_CC_ATTESTATION_AGENT configuration.
* feat: Implement remote resource downloading for algorithms and datasets using AWS S3/MinIO credentials.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add comprehensive documentation and agent support for testing remote resource download with KBS attestation.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Improve agent logging for remote resource configuration and KBS status, and add a testing guide for remote resource downloads with KBS attestation.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add a comprehensive guide for testing remote resource download with KBS attestation and update multiple package versions to a specific commit.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add failure transitions for resource reception states and a comprehensive guide for testing remote resource downloads with KBS attestation.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Implement remote resource download with KBS attestation in the agent and add a comprehensive testing guide.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* test: Add comprehensive guide for testing remote resource download with KBS attestation and include a debug log in the attestation client.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Delegate KBS attestation and token retrieval to a new attestation-agent service and document remote resource testing.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* client fixes
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* raw evidence
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: Build all Go files in cmd directories, not just main.go
This fixes the issue where fetch_raw_evidence.go wasn't being included
in the attestation-service build.
* fix: Wrap binary evidence in JSON for KBS compatibility
Fixes 'invalid character' error by wrapping raw binary evidence
in a JSON structure with base64 encoding, as expected by KBS.
* chore: Update buildroot packages to c28cefae
Includes fixes for:
1. attestation-service build (including fetch_raw_evidence.go)
2. Agent KBS evidence format (wrapping binary in JSON)
* fix: Implement KBS RCAR handshake with cookies
Fixes 'cookie not found' error (401) from KBS by:
1. Adding CookieJar support to KBS client
2. Implementing GetChallenge() to perform /auth handshake and capture session cookie
3. Updating Agent to get challenge, decode nonce, and use it for evidence generation
4. Regenerating mocks
* chore: Update buildroot packages to f6981ac5
Includes KBS RCAR handshake fix (cookie support + GetChallenge loop)
* fix: Update KBS client JSON tags to kebab-case
Fixes deserialization error (401) from KBS by:
1. Using kebab-case (e.g. extra-params) for JSON tags as per protocol.
2. Initializing ExtraParams as empty object {} instead of null/omitted.
* fix: Wrap attestation evidence in primary_evidence format
Updates Agent to construct 'tee-evidence' payload with:
- primary_evidence: containing the actual quote/data
- additional_evidence: empty JSON object
This matches the Confidential Containers KBS Attestation Protocol requirements.
* fix: Update KBS protocol version to 0.4.0
KBS rejected 0.1.0 with a version mismatch error. Bumping to 0.4.0 to match server expectation.
* fix: Generate ephemeral key for KBS RuntimeData
Updates RuntimeData to include a valid ephemeral EC P-256 public key in JWK format, as required by the KBS RCAR protocol.
Also fixes the KBS client struct to support TEEPubKey as an object.
* fix: Update sample attestation quote to valid JSON
The default attestation.bin was binary, but the KBS Sample Verifier expects a valid JSON quote containing 'svn' and 'report_data'.
Updated the embedded bin file to contain this JSON structure.
* fix: Generate dynamic JSON quote for Sample TEE in FetchRawEvidence
The KBS Sample Verifier expects a JSON object with 'svn' and 'report_data'.
Previously, we were returning raw binary data (reportData+nonce).
This commit updates FetchRawEvidence to return a marshaled JSON structure with:
- svn: "1"
- report_data: base64(req.ReportData)
* refactor: Delegate Sample Attestation to Provider
Refactored sample attestation logic:
- Moved JSON Quote generation into EmptyProvider (standalone mode).
- Updated FetchRawEvidence to call provider.TeeAttestation instead of manual generation.
This enables using the real CC Attestation Agent for UNSPECIFIED platform if configured.
* feat: Add comprehensive debug logging and enforce CC AA usage
Changes:
- Updated EmptyProvider to return error instead of generating mock data
This forces proper use of CC Attestation Agent's sample attester
- Added detailed logging to attestation-service FetchRawEvidence:
* Hex dump of evidence (first 200 bytes)
* String preview of evidence
* Total evidence length
- Added detailed logging to agent service:
* Raw evidence hex and string previews
* KBS evidence JSON preview (first 500 bytes)
* Evidence lengths at each transformation step
This logging will help diagnose why KBS Sample Verifier is rejecting evidence.
* fix: Enable CC AA by default and add attestation-service log forwarding
Changes:
- Set USE_CC_ATTESTATION_AGENT=true by default in systemd service
- Added StandardOutput/StandardError to forward logs to /var/log/cocos/
- Updated HAL makefile to handle new default value
- This ensures attestation-service uses CC AA's sample attester
- Logs will now be visible in CVMS output for debugging
* feat: Add gRPC log forwarding to attestation-service
Implemented the same log forwarding mechanism used by the agent:
- Added ProtoHandler to write logs to both stdout and logQueue
- Connected to log client (/run/cocos/log.sock) for gRPC forwarding
- Added goroutine to forward logs to CVMS via log client
- Logs will now appear in CVMS output during computation runs
This enables visibility into attestation-service debug output including:
- CC AA connection status
- Evidence generation details (hex dumps, string previews)
- Any errors from providers
* fix: Parse sample evidence JSON instead of base64-encoding it
The attestation-service returns sample evidence as JSON:
{"svn":"1","report_data":"base64..."}
The agent was incorrectly base64-encoding this JSON string again.
KBS Sample Verifier expects the parsed JSON object directly.
Fixed by:
- Parsing the JSON evidence from attestation-service
- Passing the parsed object directly in primary_evidence.evidence
- This matches what KBS Sample Verifier expects
* debug: Increase KBS evidence logging preview to 1000 bytes
Show the complete JSON structure being sent to KBS to debug
the attestation failure.
* debug: Add comprehensive CC AA configuration logging
Added debug logs to show:
- Whether CC AA is enabled in config
- CC AA address being used
- Connection success/failure
- Which provider is ultimately selected
- Warning when falling back to EmptyProvider
This will help diagnose why EmptyProvider is being used
instead of CC Attestation Agent.
* debug: Add startup logging for log client connection
Added log message to show if log client connection succeeds
at attestation-service startup. This will help diagnose why
logs aren't appearing in CVMS output.
* feat: Add retry logic with exponential backoff to log client
Added simple retry mechanism to handle concurrent log requests:
- 3 retry attempts with exponential backoff (10ms, 20ms, 40ms)
- Applies to both SendLog and SendEvent methods
- Centralized in log client so all services benefit
- Should eliminate 'failed to send log' errors from concurrent requests
This fixes the issue where attestation-service logs weren't
appearing in CVMS output due to dropped messages.
* fix: Flatten sample evidence fields in primary_evidence for KBS
KBS Sample Verifier expects svn and report_data at the top level
of primary_evidence, not nested under an 'evidence' key.
Changed structure from:
{"primary_evidence": {"tee": "sample", "evidence": {"svn": "1", ...}}}
To:
{"primary_evidence": {"tee": "sample", "svn": "1", "report_data": "...", ...}}
This matches what KBS expects when deserializing the Quote structure.
* fix: Use sample quote directly as primary_evidence per KBS protocol
According to KBS attestation protocol spec, for sample TEE type,
primary_evidence should be the sample quote JSON directly:
{"svn": "1", "report_data": "..."}
Removed extra 'tee' and 'platform' fields that were causing KBS
to fail deserializing the Quote structure. The 'tee' field is
already sent in the Request payload during RCAR handshake.
Refs:
- https://github.com/confidential-containers/trustee/blob/main/kbs/docs/kbs_attestation_protocol.md
- https://github.com/confidential-containers/guest-components/blob/main/attestation-agent/attester/src/sample/mod.rs
* fix: Make CC AA required for sample attestation when configured
When USE_CC_ATTESTATION_AGENT=true, attestation-service now
requires AA to be available for NoCC/sample platform. This ensures
sample evidence always comes from AA with the correct KBS format.
Changes:
- Error out if AA connection fails for NoCC platform when AA is configured
- Only use EmptyProvider if AA is explicitly NOT configured
- Prevents incorrect sample evidence format from EmptyProvider
This ensures attestation-service delegates to AA for sample evidence
generation instead of creating it itself.
* fix: Implement proper RCAR protocol with tee-pubkey and runtime-data hash
Fixed KBS attestation error 'REPORT_DATA is different from that in Sample Quote'
Changes:
1. Generate ephemeral EC key pair BEFORE getting evidence from AA
2. Create runtime-data with nonce + tee-pubkey (JWK format)
3. Hash runtime-data (SHA-256) and use as report_data for AA
4. This binds the tee-pubkey to the TEE evidence per RCAR protocol
The report_data in the evidence now matches what KBS expects:
hash(runtime-data) instead of computation ID.
This completes the full RCAR protocol implementation:
- Request → Challenge → Attestation (with bound tee-pubkey) → Response
* fix(agent): use simple nonce for Sample attestation report_data
For Sample/NoCC attestation, use the raw nonce bytes directly as
report_data instead of hashing runtime-data. This avoids JSON
serialization mismatches with the KBS Sample verifier.
Real TEEs (TDX/SNP) still use runtime-data hash binding to
cryptographically bind the ephemeral tee-pubkey to the evidence.
* fix(agent): use RFC 8785 canonical JSON for runtime-data hashing
The KBS Sample attestation verifier (and likely others) expects the
report_data to be the SHA-256 hash of the *canonical* JSON serialization
(RFC 8785) of the runtime-data. Standard Go JSON marshaling does not
guarantee key ordering, leading to hash mismatches.
This change uses github.com/gowebpki/jcs to canonicalize the runtime-data
before hashing, ensuring compatibility with the KBS RCAR implementation.
Also reverted the temporary 'simple nonce' workaround.
* feat(hal): add CoCo Keyprovider and Skopeo packages
- Add coco-keyprovider buildroot package with systemd service
- Add skopeo buildroot package for OCI image handling
- Add ocicrypt_keyprovider.conf for encrypted image decryption
- Update Config.in to include new packages
This enables standard CoCo ecosystem integration for encrypted
OCI images instead of custom S3/HTTP registry clients.
* feat(oci): add OCI image handling package with Skopeo integration
- Add pkg/oci/types.go with ResourceSource and ImageManifest types
- Add pkg/oci/skopeo.go with Skopeo wrapper for pull/decrypt
- Add pkg/oci/extract.go for extracting algorithms and datasets from layers
This package provides OCI image handling using Skopeo and CoCo
Keyprovider for encrypted image decryption, replacing custom
S3/HTTP registry clients.
* chore: regenerate protobuf files for updated cvms.proto
* refactor(agent): replace S3/HTTP/KBS with OCI package
- Remove pkg/kbs and pkg/registry imports
- Add pkg/oci import for OCI image handling
- Replace downloadAndDecryptResource with OCI-based implementation
- Use Skopeo + CoCo Keyprovider for automatic decryption
- Reduce code from ~240 lines to ~70 lines
This eliminates custom KBS RCAR handshake, S3/HTTP registry clients,
and manual decryption logic. CoCo Keyprovider handles all decryption
automatically via ocicrypt protocol.
* chore: remove obsolete pkg/kbs and pkg/registry packages
- Delete pkg/kbs/ (custom KBS client, ~300 lines)
- Delete pkg/registry/ (S3/HTTP registry clients, ~400 lines)
- Remove unused imports from agent/service.go
- Run go mod tidy to clean up dependencies
These packages have been replaced by pkg/oci with Skopeo and
CoCo Keyprovider for standard CoCo ecosystem integration.
* fix(agent): update ResourceSource struct to include type and encryption fields
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix(hal): update CoCo Keyprovider to v0.16.0 and fix build path
- Update version from v0.11.0 to v0.16.0 (matches attestation agent)
- Fix install path: target is at repo root, not in coco_keyprovider subdir
- This fixes the build error where coco_keyprovider binary wasn't found
The cargo workspace in guest-components builds to a shared target/
directory at the repository root, not within each crate's subdirectory.
* feat: Update remote resources testing guide to use kbs-client and coco-keyprovider for key management and encryption, enable insecure TLS for Skopeo, and enhance CVMS with
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Update component versions, revise image encryption documentation, and sanitize OCI image paths for Skopeo compatibility.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add `decompress` option to Dataset and `algo_type`/`algo_args` to Algorithm protobuf messages, updating client, test, and build configurations.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update multiple package versions and enhance OCI image extraction error reporting for missing algorithm files.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* chore: Bump package versions, improve OCI image extraction debugging by returning seen files, and remove unused dataset type parsing from test code.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* refactor: Migrate OCI extraction to use structured logging with `slog` and `context`, and update package versions.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Bump multiple component versions, add encrypted status for computation inputs and algorithms, and refine OCI layer extraction warnings.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* logging
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add `Encrypted` field to algorithm and dataset resource sources and update all component versions.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: update component versions, integrate coco-keyprovider service, and configure ocicrypt key provider.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: add support for KBS parameters and dataset/algorithm hash calculations in CVMS
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: update resource download and extraction logic to support requirements.txt and improve hash verification
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* chore: Update dependencies, improve code style, and add GetRawEvidence to attestation client mocks.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor code structure for improved readability and maintainability
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: update golangci configuration to include errcheck for build path and remove unnecessary exclusions
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: streamline kernel command line handling in QEMU args construction
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: add attestation binary and update checksum tests and policy structure
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add unit tests for attestation agent, attestation, log, crypto, OCI, and Skopeo clients
- Implement tests for the attestation agent client including Unix socket and TCP address handling, token retrieval, and error scenarios.
- Enhance attestation client tests to cover fetching raw evidence for various platforms (SNP, TDX, VTPM, SNPvTPM) and validate error handling.
- Introduce log client tests to verify retry behavior for sending logs and events.
- Create comprehensive tests for crypto package focusing on AES-GCM decryption, encrypted resource parsing, and key unwrapping.
- Add tests for OCI package to validate algorithm and dataset extraction, including JSON serialization of OCILayout.
- Implement Skopeo client tests to ensure proper functionality for image pulling, inspecting, and resource source handling.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: handle JSON marshal errors in test cases for decrypt and extract functions
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* test: add comprehensive tests for algorithm and dataset extraction with various scenarios
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* refactor: replace hardcoded Python script content with constant variable
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: remove redundant mock expectation for SendAgentConfig in TestCreateVMWithAaKbsParams
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* test: add tests for event sending failure, dataset extraction with path traversal, and Skopeo client behavior
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* test: add tests for download and decryption of resources with various URL formats
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* refactor: Introduce OCIClient interface for agent service to improve testability of OCI image operations and enhance related tests.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* refactor: Change `get_uint64_from_tcb` to accept `TcbVersion` by value and use `u64::from` for type conversions.
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Implement EAT (Evidence Attestation Token) generation and verification for attestation responses, replacing raw quotes with EAT tokens in the attestation service and protobuf.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* style: standardize comment formatting and fix a debug log format specifier.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix pkg test
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Introduce named constants for OEM IDs and use them in attestation claim extraction.
Signed-off-by: SammyOina <sammyoina@gmail.com>
* feat: Implement and test minimum length validation for EAT nonce in `NewEATClaims`.
Signed-off-by: SammyOina <sammyoina@gmail.com>
* feat: Add EATClaims.Sanitize method and integrate it into the validator to enforce claim dependencies.
Signed-off-by: SammyOina <sammyoina@gmail.com>
* feat: Add Signature field to SNPExtensions and TDXExtensions for enhanced claim validation
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Update dependencies and improve code structure in attestation package
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Introduce comprehensive test suites for EAT, ATLS, TDX, Azure SNP, and vTPM attestation, and improve EAT decoder robustness.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add encryption and admin keys, an encrypted algorithm file, and update go.mod to use go-jose/v4.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: add new encryption and KBS admin keys while improving TDX attestation test error handling.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add new KBS admin and encryption keys, an encrypted linear regression algorithm, and refactor TDX test error message checks.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Implement Azure SNP attestation policy, update certificate verification, and add key management.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* refactor: replace hardcoded string literals with variables in Azure SNP attestation tests.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Refactor TDX EAT claims to use individual RTMR fields with `tdx_` prefixes and add an `IntUse` field.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Signed-off-by: SammyOina <sammyoina@gmail.com>
* Update dependencies and refactor certificate generation to include context
- Updated `cloud.google.com/go/compute/metadata` from v0.8.0 to v0.9.0.
- Updated `github.com/absmach/certs` from v0.18.0 to v0.18.2.
- Updated `github.com/absmach/supermq` from v0.18.1 to v0.18.2.
- Updated `github.com/go-logfmt/logfmt` from v0.6.0 to v0.6.1.
- Updated `github.com/grpc-ecosystem/grpc-gateway/v2` from v2.27.2 to v2.27.3.
- Updated `github.com/prometheus/common` from v0.66.1 to v0.67.1.
- Updated `github.com/rogpeppe/go-internal` from v1.13.1 to v1.14.1.
- Updated `github.com/segmentio/asm` from v1.2.0 to v1.2.1.
- Updated `go.opentelemetry.io/auto/sdk` from v1.1.0 to v1.2.1.
- Updated `go.opentelemetry.io/proto/otlp` from v1.7.1 to v1.8.0.
- Updated `golang.org/x/net` from v0.45.0 to v0.46.0.
- Updated `golang.org/x/oauth2` from v0.30.0 to v0.32.0.
- Updated `google.golang.org/genproto/googleapis/api` and `google.golang.org/genproto/googleapis/rpc` to the latest versions.
- Refactored `generateCASignedCertificate` method in `certificate_provider.go` to accept a context parameter.
- Updated calls to `generateCASignedCertificate` in `GetCertificate` and `TestCASignedCertificateErrors` to pass the context.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update mockSDK method signatures in certificate error tests to include additional parameters
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor mock interfaces to use 'any' instead of 'interface{}' for improved type safety and readability across multiple files in the manager and pkg directories.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update Go version to 1.25.x in CI workflows and remove obsolete Go package files
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add mock implementations for various components in the attestation and SDK packages
- Created mock for MeasurementProvider in pkg/attestation/cmdconfig/mocks/mocks_test.go
- Created mock for Provider in pkg/attestation/mocks/mocks_test.go
- Created mock for Client in pkg/clients/grpc/mocks/mocks_test.go
- Created mock for SDK in pkg/sdk/mocks/mocks_test.go
These mocks are generated using mockery and are intended for unit testing purposes.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Remove autogenerated mock files and update mock usage in tests
- Deleted mocks for gRPC clients in pkg/clients/grpc/mocks/mocks_test.go and pkg/sdk/mocks/mocks_test.go.
- Updated test files in pkg/progressbar/progress_test.go to use the new mock structure without type parameters for gRPC client interfaces.
- Refactored mock generation in pkg/sdk/mocks/sdk.go to streamline the mock creation process and ensure consistency across mock methods.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update protobuf generated files for events and manager
- Bump protoc-gen-go version from v1.36.5 to v1.36.8 in events.pb.go and manager.pb.go.
- Refactor raw descriptor definitions in events.pb.go and manager.pb.go to use string concatenation for better readability and maintainability.
- Ensure compatibility with the latest protobuf specifications and improve code generation consistency.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update test commands to use GOTOOLCHAIN for consistent Go version handling
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Fix GOTOOLCHAIN usage in test command for consistency
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update Go version to 1.24.x in CI workflows and fix supermq version in go.mod
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor CI workflow to separate linting and testing jobs, and streamline test execution for multiple modules
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Downgrade Go version from 1.23.10 to 1.23.8 in go.mod
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor and update dependencies in the project
- Updated go.sum to replace `github.com/absmach/magistrala` with `github.com/absmach/supermq` across various modules.
- Removed VSock configuration from environment variables and QEMU arguments.
- Updated QEMU configuration and related tests to remove references to guest CID and VSock.
- Added new HTTP transport layer for API endpoints in the manager.
- Introduced Prometheus monitoring configuration with alert rules and Alertmanager setup.
- Updated service and VM interfaces to remove unused methods and references.
- Refactored tests to align with the new structure and dependencies.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add MaxVMs configuration and enforce limit on VM creation
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add comprehensive tests for HTTP transport handlers and endpoints
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add test case for exceeding maximum number of VMs in TestRun
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Improve error handling in TestHandlerWithCustomRouter to ensure response writing is checked
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update dependencies to latest versions
- Upgrade cel.dev/expr from v0.23.0 to v0.24.0
- Upgrade github.com/absmach/supermq from v0.16.0 to v0.17.0
- Upgrade github.com/cenkalti/backoff from v4.3.0 to v5.0.2
- Upgrade github.com/cncf/xds/go to v0.0.0-20250501225837-2ac532fd4443
- Upgrade github.com/go-chi/chi/v5 from v5.2.1 to v5.2.2
- Upgrade github.com/go-jose/go-jose/v3 from v3.0.3 to v3.0.4
- Upgrade github.com/gofrs/uuid/v5 from v5.3.0 to v5.3.2
- Upgrade github.com/prometheus/client_golang from v1.22.0 to v1.23.0
- Upgrade github.com/prometheus/client_model from v0.6.1 to v0.6.2
- Upgrade github.com/prometheus/common from v0.62.0 to v0.65.0
- Upgrade github.com/prometheus/procfs from v0.15.1 to v0.16.1
- Upgrade go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from v0.60.0 to v0.62.0
- Upgrade go.opentelemetry.io/otel/exporters/otlp/otlptrace from v1.36.0 to v1.37.0
- Upgrade golang.org/x/crypto from v0.39.0 to v0.40.0
- Upgrade golang.org/x/sys from v0.33.0 to v0.34.0
- Upgrade golang.org/x/text from v0.26.0 to v0.27.0
- Upgrade golang.org/x/time from v0.11.0 to v0.12.0
- Upgrade google.golang.org/grpc from v1.73.0 to v1.74.2
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Implement IMAMeasurements method in agentSDK and add corresponding unit tests
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add unit tests for NewIMAMeasurements command in CLI
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add error assertion for command execution in NewIMAMeasurements test
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Fix nil pointer dereference in Close method and update NewCreateVMCmd logic for manager client initialization
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor file permission settings to use octal notation and improve cleanup handling in NewCreateVMCmd test
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add comprehensive unit tests for state machine functionality
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add mock implementation for Algorithm interface and corresponding test cases
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor file permission settings to use octal notation in TestStopComputationIntegration
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Remove redundant reset test cases from TestStateMachine_Reset
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Fix race condition in action call verification in TestStateMachine_HandleEvent
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Enhance state machine with reset functionality and improve thread safety in event handling
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Improve error handling in state machine start function during tests
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Remove concurrent reset and send event test from state machine tests
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Remove error logging for Start function in transition tests
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add mock implementations for AgentService_IMAMeasurementsClient and Service Shutdown method; enhance progress tests for IMA measurements handling
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add comprehensive tests for FileStorage functionality including loading, saving, and concurrent access
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Enhance tests by adding dataset and algorithm hashes in handleRunReqChunks; improve error handling in TestFileStorage_ErrorHandling cleanup
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Enhance TestManagerClient_Process by adding new test cases for Agent state and Disconnect requests; update setupMocks to include grpcClient
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Fix graceful shutdown in gRPC server by adding nil checks for health and server instances
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Enhance TestAttestation by adding mock expectations for VTpmAttestation and Attestation methods; update service call to include platform parameter
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Enhance gRPC Server by adding synchronization for start/stop methods; prevent multiple starts and ensure graceful shutdown
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add unit tests for gRPC server methods including VM creation, removal, and info retrieval
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add tests for SEVSNP and TDX host capabilities; remove unused vsock code
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add a newline for better readability in vm_test.go
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add integration tests for gRPC client in cvm_test.go
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Remove unused vsock dependencies and add comprehensive unit tests for GCP attestation functions
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Skip GCP tests if credentials are not set
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add tests for error handling in attestation configuration and GCP commands
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Improve error handling in Azure VM test response writing
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Skip tests in GCP functions if credentials are not set
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add comprehensive unit tests for Azure attestation provider and verifier
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add unit tests for TPM functionality and improve error handling
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add comprehensive tests for attestation functionality and improve error handling
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add validation for teeNonce in TeeAttestation and implement comprehensive tests for provider methods
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor error messages in TDX attestation tests for clarity
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Fix error message in TeeAttestation test for valid nonce case
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add MeasurementProvider mock and update mockery configuration
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add logging for product in parseUints and rename test functions for clarity
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor TestSevsnpverify to reset configuration and improve error logging
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Sammy Kerata Oina
dependabot[bot]
Danko Miladinovic
Washington Kigani Kamadi