attestation: add name to Validator as unique identifier #1095
+58
−22
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jmxnzo
force-pushed
the
logging/attestation-jla
branch
from
c5805b5 to
dde0de0
Compare
jmxnzo
changed the title
jmxnzo
force-pushed
the
logging/attestation-jla
branch
from
dde0de0 to
e243f98
Compare
|
Wait for merge of #1082 |
…tor as unique identifier
jmxnzo
force-pushed
the
logging/attestation-jla
branch
from
e243f98 to
98e66b7
Compare
burgerdev
reviewed
Dec 20, 2024
| @@ -86,10 +88,11 @@ func (c *Credentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.A | |||
| return nil, nil, fmt.Errorf("generating SNP validation options: %w", err) | |||
| } | |||
|
|
|||
| for _, opt := range opts { | |||
| for i, opt := range opts { | |||
| name := "snp-" + strconv.Itoa(i) + "-" + strings.TrimPrefix(opt.VerifyOpts.Product.Name.String(), "SEV_PRODUCT_") | |||
There was a problem hiding this comment.
Suggested change
| name := "snp-" + strconv.Itoa(i) + "-" + strings.TrimPrefix(opt.VerifyOpts.Product.Name.String(), "SEV_PRODUCT_") | |
| name := fmt.Sprintf("snp-%d-%s", i, strings.TrimPrefix(opt.VerifyOpts.Product.Name.String(), "SEV_PRODUCT_")) |
| @@ -98,9 +101,10 @@ func (c *Credentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.A | |||
| log.Error("Could not generate TDX validation options", "error", err) | |||
| return nil, nil, fmt.Errorf("generating TDX validation options: %w", err) | |||
| } | |||
| for _, opt := range tdxOpts { | |||
| for i, opt := range tdxOpts { | |||
| name := "tdx" + strconv.Itoa(i) | |||
There was a problem hiding this comment.
Suggested change
| name := "tdx" + strconv.Itoa(i) | |
| name := fmt.Sprintf("tdx-%d", i) |
| @@ -94,6 +95,7 @@ type Issuer interface { | |||
| type Validator interface { | |||
| Getter | |||
| Validate(attDoc []byte, nonce []byte, peerPublicKey []byte) error | |||
| Name() string | |||
There was a problem hiding this comment.
More idiomatic might be to implement fmt.Stringer.
Comment on lines
+253
to
+254
| // The joined error should reveal the atls nonce once to maintain readability. Because the error is only revealed if all validators fail, | ||
| // we can implicitly include the nonce in the first validator error and the concatenate the other errors. |
There was a problem hiding this comment.
I think it would make more sense to first collect the errors with Join, and then wrap them with a message that contains the nonce before returning from this function.
| } | ||
| } | ||
|
|
||
| // OID returns the OID of the validator. | ||
| // OID returns the root OID for the raw SNP report extension used by the validator. |
There was a problem hiding this comment.
Why root? And, if you are changing the docstring here, please also change it for TDX.
There was a problem hiding this comment.
There was a problem hiding this comment.
Hm. I'd say it's technically a node, but not the root node.
| opt.ValidateOpts.HostData = coordinatorPolicyChecksum | ||
| name := "snp-" + strconv.Itoa(i) + "-" + strings.TrimPrefix(opt.VerifyOpts.Product.Name.String(), "SEV_PRODUCT_") |
burgerdev
reviewed
Dec 20, 2024
| @@ -86,10 +88,11 @@ func (c *Credentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.A | |||
| return nil, nil, fmt.Errorf("generating SNP validation options: %w", err) | |||
| } | |||
|
|
|||
| for _, opt := range opts { | |||
| for i, opt := range opts { | |||
| name := "snp-" + strconv.Itoa(i) + "-" + strings.TrimPrefix(opt.VerifyOpts.Product.Name.String(), "SEV_PRODUCT_") | |||
| validator := snp.NewValidatorWithReportSetter(opt.VerifyOpts, opt.ValidateOpts, | |||
| logger.NewWithAttrs(logger.NewNamed(c.logger, "validator"), map[string]string{"tee-type": "snp"}), | |||
There was a problem hiding this comment.
Now that we have a name in the constructor, we could remove the attrs here and add them there?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a follow-up on #1027 and aims to enhance the logging of the different validation processes on the coordinator to reach better readability of the logs.
<attestation>-<reference-values-index>[-<product>]The index corresponds to the position of the reference value separated by attestation type in manifest.json.