mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-09-19 12:34:44 -04:00
api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429)
This commit is contained in:
parent
0c89f57ac5
commit
5819a11d25
11 changed files with 211 additions and 110 deletions
20
.github/actions/e2e_verify/action.yml
vendored
20
.github/actions/e2e_verify/action.yml
vendored
|
@ -66,18 +66,14 @@ runs:
|
|||
forwarderPID=$!
|
||||
sleep 5
|
||||
|
||||
verifyOut=$(constellation verify --cluster-id "${clusterID}" --force --node-endpoint localhost:9090)
|
||||
|
||||
kill $forwarderPID
|
||||
|
||||
if [[ ${{ inputs.cloudProvider }} != "azure" ]]; then
|
||||
continue
|
||||
if [[ ${{ inputs.cloudProvider }} == "azure" ]]; then
|
||||
echo "Extracting Azure TCB versions for API update"
|
||||
constellation verify --cluster-id "${clusterID}" --force --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
|
||||
else
|
||||
constellation verify --cluster-id "${clusterID}" --force --node-endpoint localhost:9090
|
||||
fi
|
||||
|
||||
echo "Extracting TCB versions for API update"
|
||||
startMAAToken="Microsoft Azure Attestation Token:"
|
||||
endMAAToken="Verification OK"
|
||||
sed -n "/${startMAAToken}/,/${endMAAToken}/ { /${startMAAToken}/d; /${endMAAToken}/d; p }" <<< "${verifyOut}" > "maa-claims-${node}.json"
|
||||
kill $forwarderPID
|
||||
done
|
||||
|
||||
- name: Login to AWS
|
||||
|
@ -94,8 +90,8 @@ runs:
|
|||
COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
|
||||
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
|
||||
run: |
|
||||
for file in $(ls maa-claims-*.json); do
|
||||
for file in $(ls snp-report-*.json); do
|
||||
path=$(realpath "${file}")
|
||||
cat "${path}"
|
||||
bazel run //internal/api/attestationconfigapi/cli -- --maa-claims-path "${path}"
|
||||
bazel run //internal/api/attestationconfigapi/cli -- --snp-report-path "${path}"
|
||||
done
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue