Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UID2-4808 Add azure-cc-aks protocol #1340

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

UID2-4808 Add azure-cc-aks protocol #1340

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0019e08
Add azure-cc-aks protocol
cYKatherine Feb 4, 2025
21c462a
Comment out `validate_url`
cYKatherine Feb 4, 2025
41d02b3
Comment out validate_operator_key
cYKatherine Feb 4, 2025
8cdb394
[CI Pipeline] Released Snapshot version: 5.45.9-alpha-181-SNAPSHOT
Feb 4, 2025
499ea63
Merge azure to one case
cYKatherine Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<groupId>com.uid2</groupId>
<artifactId>uid2-operator</artifactId>
<version>5.45.8</version>
<version>5.45.9-alpha-181-SNAPSHOT</version>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
Expand Down
6 changes: 3 additions & 3 deletions scripts/confidential_compute.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,9 +113,9 @@ def validate_connectivity() -> None:
if self.configs.get("debug_mode") and environment == "prod":
raise InvalidConfigValue(self.__class__.__name__, "debug_mode")

validate_url("core_base_url", environment)
validate_url("optout_base_url", environment)
validate_operator_key()
# validate_url("core_base_url", environment)
Copy link
Contributor Author

@cYKatherine cYKatherine Feb 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ignore this for now, uncomment before merge

# validate_url("optout_base_url", environment)
# validate_operator_key()
validate_connectivity()
logging.info("Completed static validation of confidential compute config values")

Expand Down
6 changes: 5 additions & 1 deletion src/main/java/com/uid2/operator/Main.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -486,6 +486,7 @@ private Map.Entry<UidCoreClient, UidOptOutClient> createUidClients(Vertx vertx,
private AttestationResponseHandler getAttestationTokenRetriever(Vertx vertx, String attestationUrl, String clientApiToken, Handler<Pair<AttestationResponseCode, String>> responseWatcher) throws Exception {
String enclavePlatform = this.config.getString(Const.Config.EnclavePlatformProp);
String operatorType = this.config.getString(Const.Config.OperatorTypeProp, "");
String maaServerBaseUrl = this.config.getString(Const.Config.MaaServerBaseUrlProp, "https://sharedeus.eus.attest.azure.net");

IAttestationProvider attestationProvider;
switch (enclavePlatform) {
Expand All @@ -508,7 +509,10 @@ private AttestationResponseHandler getAttestationTokenRetriever(Vertx vertx, Str
break;
case "azure-cc":
LOGGER.info("creating uid core client with azure cc attestation protocol");
String maaServerBaseUrl = this.config.getString(Const.Config.MaaServerBaseUrlProp, "https://sharedeus.eus.attest.azure.net");
attestationProvider = AttestationFactory.getAzureCCAttestation(maaServerBaseUrl);
break;
case "azure-cc-aks":
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QQ: We specify enclavePlatform in config, however, azure-cc and azure-cc-aks gets the same attestation provider. Do we still want to separate azure-cc and azure-cc-aks for enclavePlatform? It's quite confusing comapred to protocol in operator key, should we potentially make them a same thing in the future?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is fine since platform is different, attestation is same.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cant we do

case "azure-cc", "azure-cc-aks":

LOGGER.info("creating uid core client with azure cc aks attestation protocol");
attestationProvider = AttestationFactory.getAzureCCAttestation(maaServerBaseUrl);
break;
default:
Expand Down