api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429)

This commit is contained in:
Adrian Stobbe 2023-10-17 17:36:50 +02:00 committed by GitHub
parent 0c89f57ac5
commit 5819a11d25
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 211 additions and 110 deletions

View file

@ -66,18 +66,14 @@ runs:
forwarderPID=$!
sleep 5
verifyOut=$(constellation verify --cluster-id "${clusterID}" --force --node-endpoint localhost:9090)
kill $forwarderPID
if [[ ${{ inputs.cloudProvider }} != "azure" ]]; then
continue
if [[ ${{ inputs.cloudProvider }} == "azure" ]]; then
echo "Extracting Azure TCB versions for API update"
constellation verify --cluster-id "${clusterID}" --force --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
else
constellation verify --cluster-id "${clusterID}" --force --node-endpoint localhost:9090
fi
echo "Extracting TCB versions for API update"
startMAAToken="Microsoft Azure Attestation Token:"
endMAAToken="Verification OK"
sed -n "/${startMAAToken}/,/${endMAAToken}/ { /${startMAAToken}/d; /${endMAAToken}/d; p }" <<< "${verifyOut}" > "maa-claims-${node}.json"
kill $forwarderPID
done
- name: Login to AWS
@ -94,8 +90,8 @@ runs:
COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
run: |
for file in $(ls maa-claims-*.json); do
for file in $(ls snp-report-*.json); do
path=$(realpath "${file}")
cat "${path}"
bazel run //internal/api/attestationconfigapi/cli -- --maa-claims-path "${path}"
bazel run //internal/api/attestationconfigapi/cli -- --snp-report-path "${path}"
done