* feat: Add Confidential Containers attestation agent as an alternative attestation backend with new proto definitions and build system integration.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: Update protoc-gen-go and protoc-gen-go-grpc versions in CI workflow
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add mock implementation for AttestationAgentServiceClient and corresponding tests
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: Add missing periods to test function comments in provider_test.go
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor attestation handling to remove quoteprovider dependency
- Removed references to quoteprovider in various files, replacing them with vtpm where necessary.
- Updated function signatures and implementations to use SEVNonce instead of quoteprovider.Nonce.
- Introduced new vtpm package to handle SEV-related attestation logic, including fetching and verifying attestation reports.
- Adjusted tests to reflect changes in the attestation logic and ensure compatibility with the new structure.
- Deleted the now redundant quoteprovider/sev_test.go file.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: Add veraison/go-cose dependency to go.mod
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Introduce TLS package for enhanced security configuration and refactor client code to utilize new TLS utilities
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Implement EAT (Evidence Attestation Token) generation and verification for attestation responses, replacing raw quotes with EAT tokens in the attestation service and protobuf.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* style: standardize comment formatting and fix a debug log format specifier.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix pkg test
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Introduce named constants for OEM IDs and use them in attestation claim extraction.
Signed-off-by: SammyOina <sammyoina@gmail.com>
* feat: Implement and test minimum length validation for EAT nonce in `NewEATClaims`.
Signed-off-by: SammyOina <sammyoina@gmail.com>
* feat: Add EATClaims.Sanitize method and integrate it into the validator to enforce claim dependencies.
Signed-off-by: SammyOina <sammyoina@gmail.com>
* feat: Add Signature field to SNPExtensions and TDXExtensions for enhanced claim validation
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Update dependencies and improve code structure in attestation package
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Introduce comprehensive test suites for EAT, ATLS, TDX, Azure SNP, and vTPM attestation, and improve EAT decoder robustness.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add encryption and admin keys, an encrypted algorithm file, and update go.mod to use go-jose/v4.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: add new encryption and KBS admin keys while improving TDX attestation test error handling.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Add new KBS admin and encryption keys, an encrypted linear regression algorithm, and refactor TDX test error message checks.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Implement Azure SNP attestation policy, update certificate verification, and add key management.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* refactor: replace hardcoded string literals with variables in Azure SNP attestation tests.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Refactor TDX EAT claims to use individual RTMR fields with `tdx_` prefixes and add an `IntUse` field.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Signed-off-by: SammyOina <sammyoina@gmail.com>
* feat: Introduce computation runner, log forwarder, ingress, and egress proxy services.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Update Go environment variable parsing and build system to use new architecture and repository.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Update package sources to `sammyoina/cocos-ai` at a specific commit, add log-forwarder pre-start hook, and rename proxy binaries.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* chore: Update build system references to a specific commit and enhance logging for service connections and message processing.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* build: Update package source repositories and versions, migrate client logging to slog, and adjust ingress/egress proxy build and install steps.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* debug stuck
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* debug
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* debug
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: add HTTP/2 support to egress proxy and update build system to use specific commit hashes
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: enhance egress proxy CONNECT handling, update package sources, and add gRPC test utility
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Update build system for various services to a specific commit from a new repository, change agent gRPC port to 7001, and add a gRPC test client.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Migrate agent-internal gRPC communication to Unix sockets, set ingress proxy to port 7002, and update build hashes.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* refactor: Remove standalone ingress-proxy systemd service and update component versions.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix: Prevent computation re-initialization in agent and update component versions across several packages.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: update package versions and enable h2c support in ingress proxy.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: refactor ingress proxy to support HTTP/2 over Unix sockets and update component versions.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: Update build system package sources to `ultravioletrs/cocos` and reduce agent logging verbosity.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* refactor: improve error handling in proxy commands and remove unused gRPC test
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* test: add mock service state return value in handleRunReqChunks test
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* feat: add comprehensive tests for service and proxy components
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* fix linter
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* improve coverage
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* test: add gRPC client and ingress adapter tests, and update egress proxy tests.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* improve coverage
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update dependencies and refactor certificate generation to include context
- Updated `cloud.google.com/go/compute/metadata` from v0.8.0 to v0.9.0.
- Updated `github.com/absmach/certs` from v0.18.0 to v0.18.2.
- Updated `github.com/absmach/supermq` from v0.18.1 to v0.18.2.
- Updated `github.com/go-logfmt/logfmt` from v0.6.0 to v0.6.1.
- Updated `github.com/grpc-ecosystem/grpc-gateway/v2` from v2.27.2 to v2.27.3.
- Updated `github.com/prometheus/common` from v0.66.1 to v0.67.1.
- Updated `github.com/rogpeppe/go-internal` from v1.13.1 to v1.14.1.
- Updated `github.com/segmentio/asm` from v1.2.0 to v1.2.1.
- Updated `go.opentelemetry.io/auto/sdk` from v1.1.0 to v1.2.1.
- Updated `go.opentelemetry.io/proto/otlp` from v1.7.1 to v1.8.0.
- Updated `golang.org/x/net` from v0.45.0 to v0.46.0.
- Updated `golang.org/x/oauth2` from v0.30.0 to v0.32.0.
- Updated `google.golang.org/genproto/googleapis/api` and `google.golang.org/genproto/googleapis/rpc` to the latest versions.
- Refactored `generateCASignedCertificate` method in `certificate_provider.go` to accept a context parameter.
- Updated calls to `generateCASignedCertificate` in `GetCertificate` and `TestCASignedCertificateErrors` to pass the context.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update mockSDK method signatures in certificate error tests to include additional parameters
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor ATLS and gRPC server to use CertificateProvider interface
- Removed unused test cases and mock dependencies in atls_test.go.
- Updated TestGetPlatformVerifier to use CertificateVerifier struct.
- Introduced CertificateProvider interface for better abstraction in TLS handling.
- Refactored gRPC server to accept CertificateProvider and configure TLS accordingly.
- Simplified TLS configuration logic in both gRPC and HTTP servers.
- Removed unnecessary parameters from server initialization in tests and main function.
- Enhanced logging for TLS configurations.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Fix comments for consistency and clarity in atls.go
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update expected error messages in VM command tests for clarity
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Enhance tests by integrating mock providers and improving error messages for clarity
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add comprehensive tests for certificate generation and attestation providers
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Implement certificate and attestation providers with unified generation logic
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor certificate and attestation provider structures for consistency; implement CertificateVerifier interface and related methods
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor attestation and certificate provider methods for consistency; rename methods and update related logic
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Implement gRPC server with TLS and mTLS support
- Added gRPC server implementation in pkg/server/grpc.
- Introduced server configuration options for TLS and mTLS.
- Implemented health check service for gRPC.
- Created tests for server initialization, startup, and shutdown scenarios.
- Added mock server for testing purposes.
- Implemented graceful shutdown handling for the server.
- Included documentation for the server package.
Signed-off-by: SammyOina <sammyoina@gmail.com>
* Add TLS and ATLS support to gRPC and HTTP clients; refactor security handling
Signed-off-by: SammyOina <sammyoina@gmail.com>
* Refactor server configuration structure to use Config instead of BaseConfig
Signed-off-by: SammyOina <sammyoina@gmail.com>
* Fix comments for consistency and clarity in TLS-related code
Signed-off-by: SammyOina <sammyoina@gmail.com>
* Add comprehensive tests for TLS and ATLS configurations in clients package
Signed-off-by: SammyOina <sammyoina@gmail.com>
* Refactor file permission constants in client tests to use octal notation
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add tests for HTTP server's TLS configuration and lifecycle management
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add comprehensive tests for TLS certificate handling and configuration
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add comprehensive tests for HTTP client configuration and transport
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor AttestationReportSize constant declaration for clarity
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor client configuration structure and update gRPC client implementations
- Consolidated client configuration types into a unified structure with BaseConfig.
- Introduced AttestedClientConfig and StandardClientConfig for specific use cases.
- Updated gRPC client creation functions to utilize new configuration types.
- Refactored tests to align with the new configuration structure.
- Removed redundant ClientConfiguration interface and related methods.
- Simplified TLS configuration loading logic for both standard and attested clients.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor client configuration structure and TLS handling
- Introduced StandardClientConfig to replace BaseConfig, simplifying client configuration.
- Updated AttestedClientConfig to embed StandardClientConfig instead of BaseConfig.
- Modified ClientConfiguration interface to use Config() method instead of GetBaseConfig().
- Refactored various client tests to accommodate changes in configuration structure.
- Added new TLS handling functions to support basic and attested TLS configurations.
- Implemented comprehensive tests for TLS loading and configuration validation.
- Removed deprecated methods and unnecessary code related to BaseConfig.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: SammyOina <sammyoina@gmail.com>
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Refactor mock interfaces to use 'any' instead of 'interface{}' for improved type safety and readability across multiple files in the manager and pkg directories.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update Go version to 1.25.x in CI workflows and remove obsolete Go package files
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Add mock implementations for various components in the attestation and SDK packages
- Created mock for MeasurementProvider in pkg/attestation/cmdconfig/mocks/mocks_test.go
- Created mock for Provider in pkg/attestation/mocks/mocks_test.go
- Created mock for Client in pkg/clients/grpc/mocks/mocks_test.go
- Created mock for SDK in pkg/sdk/mocks/mocks_test.go
These mocks are generated using mockery and are intended for unit testing purposes.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Remove autogenerated mock files and update mock usage in tests
- Deleted mocks for gRPC clients in pkg/clients/grpc/mocks/mocks_test.go and pkg/sdk/mocks/mocks_test.go.
- Updated test files in pkg/progressbar/progress_test.go to use the new mock structure without type parameters for gRPC client interfaces.
- Refactored mock generation in pkg/sdk/mocks/sdk.go to streamline the mock creation process and ensure consistency across mock methods.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update protobuf generated files for events and manager
- Bump protoc-gen-go version from v1.36.5 to v1.36.8 in events.pb.go and manager.pb.go.
- Refactor raw descriptor definitions in events.pb.go and manager.pb.go to use string concatenation for better readability and maintainability.
- Ensure compatibility with the latest protobuf specifications and improve code generation consistency.
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Update test commands to use GOTOOLCHAIN for consistent Go version handling
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
* Fix GOTOOLCHAIN usage in test command for consistency
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---------
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Sammy Kerata Oina
dusan
dependabot[bot]
Danko Miladinovic
Jovan Djukic
Washington Kigani Kamadi