From 0e7d50b465197bc04e97229e0d3136b6f6de70e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Fri, 12 May 2023 11:06:49 +0200 Subject: [PATCH] Select attestation variant for verify test (#1755) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/actions/e2e_verify/action.yml | 46 +++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/.github/actions/e2e_verify/action.yml b/.github/actions/e2e_verify/action.yml index 5a39d2264..332002b33 100644 --- a/.github/actions/e2e_verify/action.yml +++ b/.github/actions/e2e_verify/action.yml @@ -15,7 +15,16 @@ runs: - name: Clear current measurements shell: bash run: | - yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml + if [[ $(yq '.version' constellation-conf.yaml) == "v2" ]] + then + yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml + else + yq -i 'del(.attestation.awsNitroTPM.measurements)' constellation-conf.yaml + yq -i 'del(.attestation.azureSEVSNP.measurements)' constellation-conf.yaml + yq -i 'del(.attestation.azureTrustedLaunch.measurements)' constellation-conf.yaml + yq -i 'del(.attestation.gcpSEVES.measurements)' constellation-conf.yaml + yq -i 'del(.attestation.qemuVTPM.measurements)' constellation-conf.yaml + fi - name: Expand version path id: expand-version @@ -23,6 +32,26 @@ runs: with: shortname: ${{ inputs.osImage }} + - name: Get attestation variant + id: get-variant + shell: bash + run: | + # TODO(AB#3144): Refactor when API is update for attestation variants + case ${{ inputs.cloudProvider }} in + aws) + echo ATTESTATION_VARIANT=awsNitroTPM >> $GITHUB_OUTPUT + ;; + azure) + echo ATTESTATION_VARIANT=azureSEVSNP >> $GITHUB_OUTPUT + ;; + gcp) + echo ATTESTATION_VARIANT=gcpSEVES >> $GITHUB_OUTPUT + ;; + qemu) + echo ATTESTATION_VARIANT=qemuVTPM >> $GITHUB_OUTPUT + ;; + esac + - name: Fetch & write measurements shell: bash run: | @@ -33,9 +62,20 @@ runs: MEASUREMENTS=$(curl -fsSL https://cdn.confidential.cloud/constellation/v1/${verPath}/image/csp/${{ inputs.cloudProvider }}/measurements.json | jq '.measurements' -r) for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r) - yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml + if [[ $(yq '.version' constellation-conf.yaml) == "v2" ]] + then + yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml + else + yq -i ".attestation.${{ steps.get-variant.outputs.ATTESTATION_VARIANT }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml + fi done - yq -i '.provider.${{ inputs.cloudProvider }}.measurements |= array_to_map' constellation-conf.yaml + + if [[ $(yq '.version' constellation-conf.yaml) == "v2" ]] + then + yq -i '.provider.${{ inputs.cloudProvider }}.measurements |= array_to_map' constellation-conf.yaml + else + yq -i '.attestation.${{ steps.get-variant.outputs.ATTESTATION_VARIANT }}.measurements |= array_to_map' constellation-conf.yaml + fi cat constellation-conf.yaml - name: Constellation verify