Skip to content

Commit

Permalink
e2e-tests: add option to deploy kbs with custom pccs_url
Browse files Browse the repository at this point in the history
TDX attestation requires a pccs_url to be set. we'll introduce a flag
CUSTOM_PCCS_URL that will configure kbs to use the it.

Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
  • Loading branch information
mkulke committed Aug 2, 2024
1 parent 9337394 commit fead4d8
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
1 change: 1 addition & 0 deletions .github/workflows/azure-e2e-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,7 @@ jobs:
env:
TEST_PROVISION: "no"
DEPLOY_KBS: "yes"
CUSTOM_PCCS_URL: "https://global.acccache.azure.net/sgx/certification/v4"
run: |
# Since we install the cluster in parallel, we need to get the credentials here.
echo "running e2e test for ${{ matrix.parameters.id }} machine"
Expand Down
23 changes: 22 additions & 1 deletion src/cloud-api-adaptor/test/provisioner/trustee_kbs.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,18 @@ func NewKeyBrokerService(clusterName string, cfg *envconf.Config) (*KeyBrokerSer

}

customPCCSURL := os.Getenv("CUSTOM_PCCS_URL")
if customPCCSURL != "" {
log.Info("CUSTOM_PCCS_URL is provided, write custom PCCS config")
configFilePath := filepath.Join(TRUSTEE_REPO_PATH, "/kbs/config/kubernetes/custom_pccs/sgx_default_qcnl.conf")
collateralUrl := "https://api.trustedservices.intel.com/sgx/certification/v4/"
config := fmt.Sprintf(`{ "pccs_url": "%s", "collateral_service": "%s"}`, customPCCSURL, collateralUrl)
err = saveToFile(configFilePath, []byte(config))
if err != nil {
return nil, err
}
}

// IBM_SE_CREDS_DIR describe at https://github.com/confidential-containers/trustee/blob/main/kbs/config/kubernetes/README.md#deploy-kbs
ibmseCredsDir := os.Getenv("IBM_SE_CREDS_DIR")
if ibmseCredsDir != "" {
Expand Down Expand Up @@ -306,7 +318,16 @@ func NewKbsInstallOverlay(installDir string) (InstallOverlay, error) {
if err != nil {
return nil, err
}
overlay, err := NewKustomizeOverlay(filepath.Join(installDir, "kbs/config/kubernetes/nodeport/"+platform))

var overlayFolder string
if platform == "x86_64" && os.Getenv("CUSTOM_PCCS_URL") != "" {
log.Info("CUSTOM_PCCS_URL is provided on x86_64, deploy with custom pccs config")
overlayFolder = "kbs/config/kubernetes/custom_pccs"
} else {
overlayFolder = "kbs/config/kubernetes/nodeport/" + platform
}

overlay, err := NewKustomizeOverlay(filepath.Join(installDir, overlayFolder))
if err != nil {
return nil, err
}
Expand Down

0 comments on commit fead4d8

Please sign in to comment.