-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
In the e2e test, we use a given SNP evidence to request the CoCoAS in both grpc and restful, and try to get the result token. But still, the evidence is not generated runtime. Fixes: #232 Signed-off-by: Xynnn007 <[email protected]>
- Loading branch information
Showing
7 changed files
with
194 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
name: CoCo-AS e2e | ||
|
||
on: | ||
pull_request: | ||
branches: [ "main" ] | ||
|
||
# Self-hosted runners do not set -o pipefail otherwise | ||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
e2e-test: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
include: | ||
# TODO: Add real HW-TEE test | ||
# See https://github.com/confidential-containers/kbs/issues/223 | ||
# - runner: self-hosted | ||
# generate_evidence: true | ||
# grpc_tee_enum: 3 | ||
# restful_tee_enum: tdx | ||
- runner: ubuntu-22.04 | ||
generate_evidence: false | ||
grpc_tee_enum: 2 | ||
restful_tee_enum: snp | ||
name: TEE=${{ matrix.restful_tee_enum }} Generate Evidence Dynamically=${{ matrix.generate_evidence }} | ||
runs-on: ${{ matrix.runner }} | ||
env: | ||
GRPC_TEE_ENUM: ${{ matrix.grpc_tee_enum }} | ||
RESTFUL_TEE_ENUM: ${{ matrix.restful_tee_enum }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- uses: actions-rs/toolchain@v1 | ||
with: | ||
profile: minimal | ||
toolchain: stable | ||
|
||
- uses: actions/setup-go@v5 | ||
with: | ||
go-version: stable | ||
|
||
- name: Set up rust build cache | ||
uses: actions/cache@v3 | ||
continue-on-error: false | ||
with: | ||
path: | | ||
~/.cargo/registry/index/ | ||
~/.cargo/registry/cache/ | ||
target/ | ||
key: rust-${{ hashFiles('./Cargo.lock') }} | ||
|
||
- name: Install dependencies | ||
if: ${{ matrix.runner == 'ubuntu-22.04' }} | ||
working-directory: attestation-service/tests/e2e | ||
run: | | ||
make install-dependencies | ||
go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest | ||
- name: Run e2e test (gRPC) | ||
working-directory: attestation-service/tests/e2e | ||
run: make e2e-grpc-test | ||
|
||
- name: Run e2e test (RESTful) | ||
working-directory: attestation-service/tests/e2e | ||
run: make e2e-restful-test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
OS := $(shell lsb_release -si) | ||
RELEASE := $(shell lsb_release -sr) | ||
SGX_REPO_URL := https://download.01.org/intel-sgx/sgx_repo/ubuntu | ||
MAKEFILE_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) | ||
PROJECT_DIR := $(MAKEFILE_DIR)/../.. | ||
RESTFUL_BIN := /usr/local/bin/restful-as | ||
GRPC_BIN := /usr/local/bin/grpc-as | ||
AS_CACHE_PATH := /opt/confidential-containers/attestation-service | ||
BOLD := $(shell tput bold) | ||
SGR0 := $(shell tput sgr0) | ||
EVIDENCE_FILE ?= $(MAKEFILE_DIR)/evidence.json | ||
RAW_RUNTIME_DATA_FILE ?= $(MAKEFILE_DIR)/raw-runtime-data | ||
|
||
RAW_RUNTIME_DATA := $(shell cat $(RAW_RUNTIME_DATA_FILE) | base64 -w0 | tr -d '=' | sed -e "s/+/-/g" -e "s/\//_/g") | ||
EVIDENCE := $(shell cat $(EVIDENCE_FILE) | base64 -w0 | tr -d '=' | sed -e "s/+/-/g" -e "s/\//_/g") | ||
|
||
GRPC_TEE_ENUM ?= 2 | ||
GRPC_REQUEST := $(MAKEFILE_DIR)/grpc-request.json | ||
|
||
RESTFUL_TEE_ENUM ?= snp | ||
RESTFUL_REQUEST := $(MAKEFILE_DIR)/restful-request.json | ||
|
||
.PHONY: install-dependencies | ||
install-dependencies: | ||
curl -L "$(SGX_REPO_URL)/intel-sgx-deb.key" | sudo apt-key add - && \ | ||
echo "deb [arch=amd64] $(SGX_REPO_URL) jammy main" \ | ||
| sudo tee /etc/apt/sources.list.d/intel-sgx.list && \ | ||
sudo apt-get update && \ | ||
sudo apt-get install -y \ | ||
protobuf-compiler \ | ||
clang \ | ||
libtss2-dev \ | ||
libtdx-attest-dev \ | ||
libsgx-dcap-quote-verify-dev \ | ||
libsgx-dcap-default-qpl | ||
|
||
$(RESTFUL_BIN) $(GRPC_BIN): | ||
cd $(PROJECT_DIR) && $(MAKE) build && $(MAKE) install | ||
|
||
restful.pid: $(RESTFUL_BIN) | ||
@printf "${BOLD}start restful-coco-as${SGR0}\n" | ||
{ \ | ||
RUST_LOG=info \ | ||
$(RESTFUL_BIN) --socket 127.0.0.1:8080 \ | ||
& echo $$! > $@; \ | ||
} && \ | ||
sleep 2 | ||
|
||
grpc.pid: $(GRPC_BIN) | ||
@printf "${BOLD}start grpc-coco-as${SGR0}\n" | ||
{ \ | ||
RUST_LOG=info \ | ||
$(GRPC_BIN) --socket 127.0.0.1:50004 \ | ||
& echo $$! > $@; \ | ||
} && \ | ||
sleep 2 | ||
|
||
$(RESTFUL_REQUEST): $(RESTFUL_REQUEST).template | ||
sed -e "s/%RESTFUL_TEE_ENUM%/$(RESTFUL_TEE_ENUM)/g" \ | ||
-e "s/%RUNTIME_DATA%/$(RAW_RUNTIME_DATA)/g" \ | ||
-e "s/%EVIDENCE%/$(EVIDENCE)/g" \ | ||
$(RESTFUL_REQUEST).template > $(RESTFUL_REQUEST) | ||
|
||
.PHONY: restful-test | ||
restful-test: restful.pid $(RESTFUL_REQUEST) | ||
curl -k -X POST http://127.0.0.1:8080/attestation \ | ||
-i \ | ||
-H 'Content-Type: application/json' \ | ||
-d @$(RESTFUL_REQUEST) | ||
|
||
$(GRPC_REQUEST): $(GRPC_REQUEST).template | ||
sed -e "s/%GRPC_TEE_ENUM%/$(GRPC_TEE_ENUM)/g" \ | ||
-e "s/%RUNTIME_DATA%/$(RAW_RUNTIME_DATA)/g" \ | ||
-e "s/%EVIDENCE%/$(EVIDENCE)/g" \ | ||
$(GRPC_REQUEST).template > $(GRPC_REQUEST) | ||
|
||
.PHONY: grpc-test | ||
grpc-test: grpc.pid $(GRPC_REQUEST) | ||
echo $$(cat $(GRPC_REQUEST)) \ | ||
| grpcurl -plaintext -import-path ../../protos -proto ../../protos/attestation.proto -d @ 127.0.0.1:50004 attestation.AttestationService/AttestationEvaluate | ||
|
||
.PHONY: stop-restful-as | ||
stop-restful-as: restful.pid | ||
@printf "${BOLD}stop restful-as${SGR0}\n" | ||
kill $$(cat $<) && rm $< | ||
rm -rf $(AS_CACHE_PATH) | ||
|
||
.PHONY: stop-grpc-as | ||
stop-grpc-as: grpc.pid | ||
@printf "${BOLD}stop grpc-as${SGR0}\n" | ||
kill $$(cat $<) && rm $< | ||
rm -rf $(AS_CACHE_PATH) | ||
|
||
.PHONY: e2e-restful-test | ||
e2e-restful-test: restful-test stop-restful-as | ||
|
||
.PHONY: e2e-grpc-test | ||
e2e-grpc-test: grpc-test stop-grpc-as | ||
|
||
.PHONY: clean | ||
clean: | ||
rm -f \ | ||
$(RESTFUL_BIN) \ | ||
$(GRPC_BIN) \ | ||
grpc.pid \ | ||
restful.pid \ | ||
$(RESTFUL_REQUEST) \ | ||
$(GRPC_REQUEST) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"attestation_report":{"version":2,"guest_svn":4,"policy":196639,"family_id":[1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"image_id":[2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"vmpl":0,"sig_algo":1,"current_tcb":{"bootloader":3,"tee":0,"_reserved":[0,0,0,0],"snp":8,"microcode":206},"plat_info":1,"_author_key_en":0,"_reserved_0":0,"report_data":[236,108,82,215,83,60,194,196,244,91,231,132,156,241,18,171,130,178,0,159,231,189,67,231,30,208,140,20,64,10,215,226,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"measurement":[161,243,147,4,19,36,123,179,140,252,23,21,121,234,60,18,213,254,73,1,240,199,146,246,63,215,93,152,241,239,130,124,35,80,6,68,224,230,146,230,190,145,127,144,80,211,211,140],"host_data":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"id_key_digest":[3,86,33,88,130,168,37,39,154,133,179,0,176,183,66,147,29,17,59,247,227,45,222,46,80,255,222,126,199,67,202,73,30,205,215,243,54,220,40,166,224,178,187,87,175,122,68,163],"author_key_digest":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"report_id":[56,94,186,129,33,109,228,119,101,72,252,184,111,142,173,3,193,235,201,43,98,7,243,33,13,156,206,187,137,201,144,5],"report_id_ma":[255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255],"reported_tcb":{"bootloader":3,"tee":0,"_reserved":[0,0,0,0],"snp":8,"microcode":115},"_reserved_1":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"chip_id":[195,132,39,163,13,76,122,249,217,111,122,21,185,114,105,130,90,100,203,118,162,53,47,253,93,24,17,93,137,173,71,63,142,140,11,205,154,93,146,134,97,43,173,74,173,251,68,38,32,90,59,158,79,234,130,48,17,53,161,112,228,119,82,78],"committed_tcb":{"bootloader":3,"tee":0,"_reserved":[0,0,0,0],"snp":8,"microcode":115},"current_build":4,"current_minor":52,"current_major":1,"_reserved_2":0,"committed_build":4,"committed_minor":52,"committed_major":1,"_reserved_3":0,"launch_tcb":{"bootloader":3,"tee":0,"_reserved":[0,0,0,0],"snp":8,"microcode":115},"_reserved_4":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"signature":{"r":[6,235,220,79,78,65,67,204,98,254,21,185,242,209,236,45,84,212,171,23,102,158,81,40,34,22,22,94,179,27,95,89,225,98,1,170,220,164,251,220,217,65,241,50,104,57,8,80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s":[64,99,120,212,26,38,98,60,91,173,154,184,206,152,214,205,49,67,144,43,145,107,199,163,52,188,209,106,129,214,199,20,161,48,86,167,146,20,181,188,85,112,249,181,20,93,207,228,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"_reserved":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]}},"cert_chain":[{"cert_type":"VCEK","data":[48,130,5,76,48,130,2,251,160,3,2,1,2,2,1,0,48,70,6,9,42,134,72,134,247,13,1,1,10,48,57,160,15,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,161,28,48,26,6,9,42,134,72,134,247,13,1,1,8,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,162,3,2,1,48,163,3,2,1,1,48,123,49,20,48,18,6,3,85,4,11,12,11,69,110,103,105,110,101,101,114,105,110,103,49,11,48,9,6,3,85,4,6,19,2,85,83,49,20,48,18,6,3,85,4,7,12,11,83,97,110,116,97,32,67,108,97,114,97,49,11,48,9,6,3,85,4,8,12,2,67,65,49,31,48,29,6,3,85,4,10,12,22,65,100,118,97,110,99,101,100,32,77,105,99,114,111,32,68,101,118,105,99,101,115,49,18,48,16,6,3,85,4,3,12,9,83,69,86,45,77,105,108,97,110,48,30,23,13,50,51,48,49,50,52,49,55,53,56,50,54,90,23,13,51,48,48,49,50,52,49,55,53,56,50,54,90,48,122,49,20,48,18,6,3,85,4,11,12,11,69,110,103,105,110,101,101,114,105,110,103,49,11,48,9,6,3,85,4,6,19,2,85,83,49,20,48,18,6,3,85,4,7,12,11,83,97,110,116,97,32,67,108,97,114,97,49,11,48,9,6,3,85,4,8,12,2,67,65,49,31,48,29,6,3,85,4,10,12,22,65,100,118,97,110,99,101,100,32,77,105,99,114,111,32,68,101,118,105,99,101,115,49,17,48,15,6,3,85,4,3,12,8,83,69,86,45,86,67,69,75,48,118,48,16,6,7,42,134,72,206,61,2,1,6,5,43,129,4,0,34,3,98,0,4,198,97,181,101,187,168,1,2,189,221,68,145,201,148,28,179,42,27,125,182,128,18,130,132,16,183,255,140,173,253,112,229,73,183,91,120,179,205,214,92,205,235,168,134,210,238,161,212,29,12,63,20,108,142,189,214,132,82,206,126,195,12,105,9,103,195,158,98,76,1,15,156,182,6,106,128,49,10,135,83,106,148,235,174,41,194,170,217,128,22,19,151,19,31,187,7,163,130,1,22,48,130,1,18,48,16,6,9,43,6,1,4,1,156,120,1,1,4,3,2,1,0,48,23,6,9,43,6,1,4,1,156,120,1,2,4,10,22,8,77,105,108,97,110,45,66,48,48,17,6,10,43,6,1,4,1,156,120,1,3,1,4,3,2,1,3,48,17,6,10,43,6,1,4,1,156,120,1,3,2,4,3,2,1,0,48,17,6,10,43,6,1,4,1,156,120,1,3,4,4,3,2,1,0,48,17,6,10,43,6,1,4,1,156,120,1,3,5,4,3,2,1,0,48,17,6,10,43,6,1,4,1,156,120,1,3,6,4,3,2,1,0,48,17,6,10,43,6,1,4,1,156,120,1,3,7,4,3,2,1,0,48,17,6,10,43,6,1,4,1,156,120,1,3,3,4,3,2,1,8,48,17,6,10,43,6,1,4,1,156,120,1,3,8,4,3,2,1,115,48,77,6,9,43,6,1,4,1,156,120,1,4,4,64,195,132,39,163,13,76,122,249,217,111,122,21,185,114,105,130,90,100,203,118,162,53,47,253,93,24,17,93,137,173,71,63,142,140,11,205,154,93,146,134,97,43,173,74,173,251,68,38,32,90,59,158,79,234,130,48,17,53,161,112,228,119,82,78,48,70,6,9,42,134,72,134,247,13,1,1,10,48,57,160,15,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,161,28,48,26,6,9,42,134,72,134,247,13,1,1,8,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,162,3,2,1,48,163,3,2,1,1,3,130,2,1,0,2,128,38,162,247,31,3,1,108,215,255,98,30,148,213,166,138,219,132,5,40,170,244,47,94,14,112,68,114,68,24,138,64,33,61,171,31,106,9,232,88,80,45,42,239,217,89,50,135,139,224,76,110,18,176,179,0,82,241,109,6,215,44,34,113,69,134,151,56,160,35,139,93,199,23,245,96,18,114,10,132,210,54,203,18,108,169,136,135,152,222,152,23,235,188,128,104,215,33,29,249,238,122,100,147,29,132,223,30,251,21,148,110,250,47,80,45,191,236,57,123,233,252,192,104,0,139,74,138,217,82,254,87,60,156,10,95,1,14,30,142,197,33,196,68,142,134,103,249,242,163,37,57,230,117,119,30,208,176,250,245,17,235,250,191,156,123,33,59,246,9,138,223,86,200,244,54,34,38,130,248,45,225,157,93,157,224,48,229,67,71,83,167,14,139,57,148,224,92,87,234,174,39,162,110,142,152,7,119,216,55,73,174,195,187,186,110,176,63,69,117,170,125,242,135,25,178,84,95,22,49,98,255,253,152,117,83,56,48,166,234,232,140,41,96,208,126,216,240,132,40,208,187,73,246,206,54,6,88,38,227,217,156,207,240,86,33,18,253,195,251,49,147,73,212,165,10,4,143,114,135,164,230,149,43,25,100,231,37,24,155,235,58,192,89,138,100,215,164,4,227,116,211,45,114,91,138,194,160,20,83,54,16,153,78,219,127,100,204,116,229,242,3,216,135,231,2,41,143,89,22,24,77,85,184,80,3,76,162,11,145,55,58,47,50,243,57,96,168,124,188,95,162,120,83,181,32,237,204,139,255,185,233,121,227,177,153,170,175,171,85,27,230,34,39,132,184,75,195,17,60,46,162,137,31,87,170,174,220,63,253,42,228,171,247,24,179,158,97,32,199,41,238,119,247,249,219,152,233,164,147,28,15,250,31,109,12,84,102,225,138,189,189,223,223,60,190,104,188,106,137,218,23,238,7,26,217,119,125,143,37,50,229,143,252,223,230,77,111,62,15,103,31,53,80,156,215,84,143,64,4,72,124,255,24,165,1,56,117,103,19,158,61,48,73,140,222,229,130,189,37,94,210,152,141,95,248,223,44,177,129,70,43,92,214,82,160,180,134,217,210,194,43,217,163,142,182,143,141,171,183,225]}]} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
{ | ||
"tee": "%GRPC_TEE_ENUM%", | ||
"evidence": "%EVIDENCE%", | ||
"raw_runtime_data": "%RUNTIME_DATA%", | ||
"policy_ids": [] | ||
} |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
{ | ||
"tee": "%RESTFUL_TEE_ENUM%", | ||
"evidence": "%EVIDENCE%", | ||
"runtime_data": { | ||
"raw": "%RUNTIME_DATA%" | ||
}, | ||
"policy_ids": [] | ||
} |