From 43c4fc456b0bae2fbe0fd2cbc46af3c788f24a90 Mon Sep 17 00:00:00 2001 From: Tobin Feldman-Fitzthum Date: Thu, 30 Mar 2023 21:22:12 +0000 Subject: [PATCH 01/10] Signatures: add resources with new URI scheme Keep existing resources in place so that CI does not break. The test tag is hard-coded in image-rs. Fixes: #5576 Signed-off-by: Tobin Feldman-Fitzthum --- .../offline-fs-kbc/aa-offline_fs_kbc-resources.json.in | 9 +++++++-- .../s390x/aa-offline_fs_kbc-resources.json | 5 ++++- .../x86_64/aa-offline_fs_kbc-resources.json | 7 +++++-- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/integration/confidential/fixtures/offline-fs-kbc/aa-offline_fs_kbc-resources.json.in b/integration/confidential/fixtures/offline-fs-kbc/aa-offline_fs_kbc-resources.json.in index 7236dad72..d20c4acda 100644 --- a/integration/confidential/fixtures/offline-fs-kbc/aa-offline_fs_kbc-resources.json.in +++ b/integration/confidential/fixtures/offline-fs-kbc/aa-offline_fs_kbc-resources.json.in @@ -3,5 +3,10 @@ "Sigstore Config": "${SIGSTORE_CONFIG}", "GPG Keyring": "${GPG_KEYRING}", "Cosign Key": "${COSIGN_KEY}", - "Credential": "${CREDENTIAL}" -} \ No newline at end of file + "Credential": "${CREDENTIAL}", + "default/security-policy/test": "${POLICY}", + "default/sigstore-config/test": "${SIGSTORE_CONFIG}", + "default/gpg-public-config/test": "${GPG_KEYRING}", + "default/cosign-public-key/test": "${COSIGN_KEY}", + "default/credential/test": "${CREDENTIAL}" +} diff --git a/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json b/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json index f0cd72599..651b9f0c4 100644 --- a/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json +++ b/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json @@ -1,5 +1,8 @@ { "Policy": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", "Sigstore Config": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", - "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==" + "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==", + "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", + "default/sigstore-config/test": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", + "default/sigstore-config/test": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==" } diff --git a/integration/confidential/fixtures/offline-fs-kbc/x86_64/aa-offline_fs_kbc-resources.json b/integration/confidential/fixtures/offline-fs-kbc/x86_64/aa-offline_fs_kbc-resources.json index 68b5ade51..9b298552d 100644 --- a/integration/confidential/fixtures/offline-fs-kbc/x86_64/aa-offline_fs_kbc-resources.json +++ b/integration/confidential/fixtures/offline-fs-kbc/x86_64/aa-offline_fs_kbc-resources.json @@ -1,5 +1,8 @@ { "Policy": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", "Sigstore Config": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", - "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdGTVZFZ0JFQUN6ZC9ISno2bnE4R0FqRm9XdDIwUGhBeTRScDhxNHFlRkUzSkorbHdoUHprSmRiTDNaClFKMzFURUNyYktVeW8zTElRMzFCNzVBWXczdm5FSVVPY3V0U0UxaThvNTU3SW94eGxHNFN3dGtSVmRVUGVFN2UKdElOMm1aKzJHd25nQW1KRUgxNWtNQUZzVVFhNG4rWE9WUU9aSTNRWWVsWWpMd0thbXFBa3dFdjAzSmpHaTIrbQo0a0ZITzBmMy9lc0pmZXhVd3hLMHdQazJ4emlvZ2FpTzN6NDViTkoxMDZwSC95NGhRMHBWbWZJSHpPVjZwRHN2ClVHcTFxdnZlL2dDRXFZZWYvcUgyNzJoRkdNTE1qRy8yOStwVmZ1bEJ2YnpiUUhNUHlIaTFBdTVwemJWVUhxOUEKOURoWXhmWllpN2MreXU5Y1h0cngzQmlXSG52NzlBRUtWZDhCdkVucE02dGNIOWMvVFJlakd6VjF0cThva05wMwpXaXp6T0ZzVXBpaXVYVVo5ZlVlQ0s5YnVEaXdsdDF2ZGQ2OG5RZ3o2YkdIOEZqbVd2UXU4eTNVZEZRSTUwQkNVCmVEeFZEcHIzRXhjNER6MWxnU0pNV0wya2NJRy8wVllGU2hkRXUxL2lnNmdLUlpGcm1XN2hnSU51V1ZwWUNoZGkKK0I3Rkg1UDhGUlBiN0YrZFdyY0o3M3A1WXJLMzhHbnpadTNtdmZSUnk5Q0FpU1NFNFpEd0JuMjMzSCtlMFFzWAptT2lIcW1LSVZTbnhVa1hoTktXWm9LUDVQRlBHWE9YSEFNaWRnWC8wT0UxOEc2WmREMEYvRVNuYVdUL2lwNzNNCk1EYU5tVENlL2JZdW9TZy9oVUdCMEtENUx2aFZaT01haTh1MkYwQnJFYWdPRnQ3SkZjbUVwd2pXWndBUkFRQUIKdEVsVGRHVjJaVzRnU0c5eWMyMWhiaUFvUjFCSElHdGxlU0JtYjNJZ2MybG5ibWx1WnlCcllYUmhJSFJsYzNRZwphVzFoWjJWektTQThjM1JsZG1WdVFIVnJMbWxpYlM1amIyMCtpUUpZQkJNQkNBQkNGaUVFWjdKS3JNUlpaNTRDCmc5ZnVXUGJ0Qis2bXRDa0ZBbUZNVkVnQ0d3TUZDUUhoTTRBRkN3a0lCd0lESWdJQkJoVUtDUWdMQWdRV0FnTUIKQWg0SEFoZUFBQW9KRUZqMjdRZnVwclFwc3ZBUC8zTit5RGRlRkRMaVdSS21YbEhzbWRuT3dlYVdxQjdzUWJ0SQpJTFh6RVFCY1pIWjFRNUxna0o2bzlHUlJlK0pPVmFsQUQ5QXdPQjg4Z0hNVVptR2hmQU05dnY3R3RWWGdpQkNmCi9mNDE0TTFueS9xMUgwZG1wRnF4b3FaYzlXNlhaU1pFVC8yNVFPUlMzYkxIK0dFdnQ4enZaUkFLVU9WRUhPZTQKbHRocmNuY21uaFd4ZWc0ZFJGWEZRczJZSW41VzZiOTd4SzN4emF0bDlyTVgwd2s4L2xweDlHQ0tLalZ3OVpQcwpUZ25kcmlMTnUzaGJOeWFXaEhlTHFUT1hEOUU0WUNjM3FMc0MvZW5Hclh6Si91bWdpaHUvRy9iNWFsZWZ6U09xCnh0MHI2ejdSbk85OXJVdEtDYW0rNUVEa0t6VXZoamdSM2oyTGtHWkMxZnFBTnQ2TEtPK0MwT3FtMEpUMm1UZGEKdGEveDdCdGozNktJYjN1TlNSdDJiRHJGWXhPajZzRnlQVlRVbHpOZ2l0bkszVHFJeG5teWlHZGhPVUcyc1p5OAowSTFaNHZaT0JGdzIzWE9qYzRUVGRWU29BbUxSZkhOeWZtYXlHbS9ja2xlTjV2T2xiVzlPOXREa0M0alo2WkZNCjFxZzEyUkxvS1dxRXRodmlzOVhzV0xieEFBaG0xbkZKV0VpTlhzdW1NUDc0U1cwLy9qYmRFT0xObzBXRG5TTmIKZ3U2a2hVYXJIR0dpUEJzeFc4cURGdXNIWFplMEpDSVFRUTBDZVh3T1owaXFINC9tQ0lKQnlId2dEdExnbnNUTQo2a2hnU2VhMXk1a3RRQnZSdU1QODg5ZWJQSEoyNjFqeUl5OXV5K25oaUt5cG9PK3lqMWYvUm5qNWtLS3Y3Mm5LCjV1RVNwSkJUCj1CN3ZRCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K" -} \ No newline at end of file + "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdGTVZFZ0JFQUN6ZC9ISno2bnE4R0FqRm9XdDIwUGhBeTRScDhxNHFlRkUzSkorbHdoUHprSmRiTDNaClFKMzFURUNyYktVeW8zTElRMzFCNzVBWXczdm5FSVVPY3V0U0UxaThvNTU3SW94eGxHNFN3dGtSVmRVUGVFN2UKdElOMm1aKzJHd25nQW1KRUgxNWtNQUZzVVFhNG4rWE9WUU9aSTNRWWVsWWpMd0thbXFBa3dFdjAzSmpHaTIrbQo0a0ZITzBmMy9lc0pmZXhVd3hLMHdQazJ4emlvZ2FpTzN6NDViTkoxMDZwSC95NGhRMHBWbWZJSHpPVjZwRHN2ClVHcTFxdnZlL2dDRXFZZWYvcUgyNzJoRkdNTE1qRy8yOStwVmZ1bEJ2YnpiUUhNUHlIaTFBdTVwemJWVUhxOUEKOURoWXhmWllpN2MreXU5Y1h0cngzQmlXSG52NzlBRUtWZDhCdkVucE02dGNIOWMvVFJlakd6VjF0cThva05wMwpXaXp6T0ZzVXBpaXVYVVo5ZlVlQ0s5YnVEaXdsdDF2ZGQ2OG5RZ3o2YkdIOEZqbVd2UXU4eTNVZEZRSTUwQkNVCmVEeFZEcHIzRXhjNER6MWxnU0pNV0wya2NJRy8wVllGU2hkRXUxL2lnNmdLUlpGcm1XN2hnSU51V1ZwWUNoZGkKK0I3Rkg1UDhGUlBiN0YrZFdyY0o3M3A1WXJLMzhHbnpadTNtdmZSUnk5Q0FpU1NFNFpEd0JuMjMzSCtlMFFzWAptT2lIcW1LSVZTbnhVa1hoTktXWm9LUDVQRlBHWE9YSEFNaWRnWC8wT0UxOEc2WmREMEYvRVNuYVdUL2lwNzNNCk1EYU5tVENlL2JZdW9TZy9oVUdCMEtENUx2aFZaT01haTh1MkYwQnJFYWdPRnQ3SkZjbUVwd2pXWndBUkFRQUIKdEVsVGRHVjJaVzRnU0c5eWMyMWhiaUFvUjFCSElHdGxlU0JtYjNJZ2MybG5ibWx1WnlCcllYUmhJSFJsYzNRZwphVzFoWjJWektTQThjM1JsZG1WdVFIVnJMbWxpYlM1amIyMCtpUUpZQkJNQkNBQkNGaUVFWjdKS3JNUlpaNTRDCmc5ZnVXUGJ0Qis2bXRDa0ZBbUZNVkVnQ0d3TUZDUUhoTTRBRkN3a0lCd0lESWdJQkJoVUtDUWdMQWdRV0FnTUIKQWg0SEFoZUFBQW9KRUZqMjdRZnVwclFwc3ZBUC8zTit5RGRlRkRMaVdSS21YbEhzbWRuT3dlYVdxQjdzUWJ0SQpJTFh6RVFCY1pIWjFRNUxna0o2bzlHUlJlK0pPVmFsQUQ5QXdPQjg4Z0hNVVptR2hmQU05dnY3R3RWWGdpQkNmCi9mNDE0TTFueS9xMUgwZG1wRnF4b3FaYzlXNlhaU1pFVC8yNVFPUlMzYkxIK0dFdnQ4enZaUkFLVU9WRUhPZTQKbHRocmNuY21uaFd4ZWc0ZFJGWEZRczJZSW41VzZiOTd4SzN4emF0bDlyTVgwd2s4L2xweDlHQ0tLalZ3OVpQcwpUZ25kcmlMTnUzaGJOeWFXaEhlTHFUT1hEOUU0WUNjM3FMc0MvZW5Hclh6Si91bWdpaHUvRy9iNWFsZWZ6U09xCnh0MHI2ejdSbk85OXJVdEtDYW0rNUVEa0t6VXZoamdSM2oyTGtHWkMxZnFBTnQ2TEtPK0MwT3FtMEpUMm1UZGEKdGEveDdCdGozNktJYjN1TlNSdDJiRHJGWXhPajZzRnlQVlRVbHpOZ2l0bkszVHFJeG5teWlHZGhPVUcyc1p5OAowSTFaNHZaT0JGdzIzWE9qYzRUVGRWU29BbUxSZkhOeWZtYXlHbS9ja2xlTjV2T2xiVzlPOXREa0M0alo2WkZNCjFxZzEyUkxvS1dxRXRodmlzOVhzV0xieEFBaG0xbkZKV0VpTlhzdW1NUDc0U1cwLy9qYmRFT0xObzBXRG5TTmIKZ3U2a2hVYXJIR0dpUEJzeFc4cURGdXNIWFplMEpDSVFRUTBDZVh3T1owaXFINC9tQ0lKQnlId2dEdExnbnNUTQo2a2hnU2VhMXk1a3RRQnZSdU1QODg5ZWJQSEoyNjFqeUl5OXV5K25oaUt5cG9PK3lqMWYvUm5qNWtLS3Y3Mm5LCjV1RVNwSkJUCj1CN3ZRCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K", + "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", + "default/sigstore-config/test": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", + "default/gpg-public-config/test": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdGTVZFZ0JFQUN6ZC9ISno2bnE4R0FqRm9XdDIwUGhBeTRScDhxNHFlRkUzSkorbHdoUHprSmRiTDNaClFKMzFURUNyYktVeW8zTElRMzFCNzVBWXczdm5FSVVPY3V0U0UxaThvNTU3SW94eGxHNFN3dGtSVmRVUGVFN2UKdElOMm1aKzJHd25nQW1KRUgxNWtNQUZzVVFhNG4rWE9WUU9aSTNRWWVsWWpMd0thbXFBa3dFdjAzSmpHaTIrbQo0a0ZITzBmMy9lc0pmZXhVd3hLMHdQazJ4emlvZ2FpTzN6NDViTkoxMDZwSC95NGhRMHBWbWZJSHpPVjZwRHN2ClVHcTFxdnZlL2dDRXFZZWYvcUgyNzJoRkdNTE1qRy8yOStwVmZ1bEJ2YnpiUUhNUHlIaTFBdTVwemJWVUhxOUEKOURoWXhmWllpN2MreXU5Y1h0cngzQmlXSG52NzlBRUtWZDhCdkVucE02dGNIOWMvVFJlakd6VjF0cThva05wMwpXaXp6T0ZzVXBpaXVYVVo5ZlVlQ0s5YnVEaXdsdDF2ZGQ2OG5RZ3o2YkdIOEZqbVd2UXU4eTNVZEZRSTUwQkNVCmVEeFZEcHIzRXhjNER6MWxnU0pNV0wya2NJRy8wVllGU2hkRXUxL2lnNmdLUlpGcm1XN2hnSU51V1ZwWUNoZGkKK0I3Rkg1UDhGUlBiN0YrZFdyY0o3M3A1WXJLMzhHbnpadTNtdmZSUnk5Q0FpU1NFNFpEd0JuMjMzSCtlMFFzWAptT2lIcW1LSVZTbnhVa1hoTktXWm9LUDVQRlBHWE9YSEFNaWRnWC8wT0UxOEc2WmREMEYvRVNuYVdUL2lwNzNNCk1EYU5tVENlL2JZdW9TZy9oVUdCMEtENUx2aFZaT01haTh1MkYwQnJFYWdPRnQ3SkZjbUVwd2pXWndBUkFRQUIKdEVsVGRHVjJaVzRnU0c5eWMyMWhiaUFvUjFCSElHdGxlU0JtYjNJZ2MybG5ibWx1WnlCcllYUmhJSFJsYzNRZwphVzFoWjJWektTQThjM1JsZG1WdVFIVnJMbWxpYlM1amIyMCtpUUpZQkJNQkNBQkNGaUVFWjdKS3JNUlpaNTRDCmc5ZnVXUGJ0Qis2bXRDa0ZBbUZNVkVnQ0d3TUZDUUhoTTRBRkN3a0lCd0lESWdJQkJoVUtDUWdMQWdRV0FnTUIKQWg0SEFoZUFBQW9KRUZqMjdRZnVwclFwc3ZBUC8zTit5RGRlRkRMaVdSS21YbEhzbWRuT3dlYVdxQjdzUWJ0SQpJTFh6RVFCY1pIWjFRNUxna0o2bzlHUlJlK0pPVmFsQUQ5QXdPQjg4Z0hNVVptR2hmQU05dnY3R3RWWGdpQkNmCi9mNDE0TTFueS9xMUgwZG1wRnF4b3FaYzlXNlhaU1pFVC8yNVFPUlMzYkxIK0dFdnQ4enZaUkFLVU9WRUhPZTQKbHRocmNuY21uaFd4ZWc0ZFJGWEZRczJZSW41VzZiOTd4SzN4emF0bDlyTVgwd2s4L2xweDlHQ0tLalZ3OVpQcwpUZ25kcmlMTnUzaGJOeWFXaEhlTHFUT1hEOUU0WUNjM3FMc0MvZW5Hclh6Si91bWdpaHUvRy9iNWFsZWZ6U09xCnh0MHI2ejdSbk85OXJVdEtDYW0rNUVEa0t6VXZoamdSM2oyTGtHWkMxZnFBTnQ2TEtPK0MwT3FtMEpUMm1UZGEKdGEveDdCdGozNktJYjN1TlNSdDJiRHJGWXhPajZzRnlQVlRVbHpOZ2l0bkszVHFJeG5teWlHZGhPVUcyc1p5OAowSTFaNHZaT0JGdzIzWE9qYzRUVGRWU29BbUxSZkhOeWZtYXlHbS9ja2xlTjV2T2xiVzlPOXREa0M0alo2WkZNCjFxZzEyUkxvS1dxRXRodmlzOVhzV0xieEFBaG0xbkZKV0VpTlhzdW1NUDc0U1cwLy9qYmRFT0xObzBXRG5TTmIKZ3U2a2hVYXJIR0dpUEJzeFc4cURGdXNIWFplMEpDSVFRUTBDZVh3T1owaXFINC9tQ0lKQnlId2dEdExnbnNUTQo2a2hnU2VhMXk1a3RRQnZSdU1QODg5ZWJQSEoyNjFqeUl5OXV5K25oaUt5cG9PK3lqMWYvUm5qNWtLS3Y3Mm5LCjV1RVNwSkJUCj1CN3ZRCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K" +} From f9b180b58b3466b8d490243c9c64772f679a2eed Mon Sep 17 00:00:00 2001 From: Tobin Feldman-Fitzthum Date: Thu, 30 Mar 2023 21:22:12 +0000 Subject: [PATCH 02/10] fixtures/cosign: add KBS URI resources to offline_fs_kbc.json These are needed for the cosign tests. Fixes: #5576 Signed-off-by: Jeremi Piotrowski --- .../cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/integration/confidential/fixtures/cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json b/integration/confidential/fixtures/cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json index d7f0c0b3d..55f11c9d7 100644 --- a/integration/confidential/fixtures/cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json +++ b/integration/confidential/fixtures/cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json @@ -1,4 +1,7 @@ { "Policy": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvc2ltcGxlX3NpZ25pbmcvcHVia2V5LmdwZyIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgXSwKICAgICAgICAgICAgInF1YXkuaW8va2F0YS1jb250YWluZXJzL2NvbmZpZGVudGlhbC1jb250YWluZXJzOmNvc2lnbi1zaWduZWQiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnc3RvcmVTaWduZWQiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvY29zaWduL2Nvc2lnbi5wdWIiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJxdWF5LmlvL2thdGEtY29udGFpbmVycy9jb25maWRlbnRpYWwtY29udGFpbmVyczpjb3NpZ24tc2lnbmVkLWtleTIiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnc3RvcmVTaWduZWQiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvY29zaWduL2Nvc2lnbi5wdWIiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICB9Cn0=", - "Cosign Key": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMWdIR2JmazFBcU93ZUxFTThIZlQwYm1mUUUzYgo5ZmNwL0xVNzVGTWZ4VlpYbU5WdFVwcnNITTF0aHV1aUJLT29mdjhLVjdUckZsNHA4TkpDaVhVa2hBPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==" -} \ No newline at end of file + "Cosign Key": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMWdIR2JmazFBcU93ZUxFTThIZlQwYm1mUUUzYgo5ZmNwL0xVNzVGTWZ4VlpYbU5WdFVwcnNITTF0aHV1aUJLT29mdjhLVjdUckZsNHA4TkpDaVhVa2hBPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==", + "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvc2ltcGxlX3NpZ25pbmcvcHVia2V5LmdwZyIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgXSwKICAgICAgICAgICAgInF1YXkuaW8va2F0YS1jb250YWluZXJzL2NvbmZpZGVudGlhbC1jb250YWluZXJzOmNvc2lnbi1zaWduZWQiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnc3RvcmVTaWduZWQiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvY29zaWduL2Nvc2lnbi5wdWIiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJxdWF5LmlvL2thdGEtY29udGFpbmVycy9jb25maWRlbnRpYWwtY29udGFpbmVyczpjb3NpZ24tc2lnbmVkLWtleTIiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnc3RvcmVTaWduZWQiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvY29zaWduL2Nvc2lnbi5wdWIiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICB9Cn0=", + "default/cosign-public-key/test": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMWdIR2JmazFBcU93ZUxFTThIZlQwYm1mUUUzYgo5ZmNwL0xVNzVGTWZ4VlpYbU5WdFVwcnNITTF0aHV1aUJLT29mdjhLVjdUckZsNHA4TkpDaVhVa2hBPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==", + "default/credential/test": "" +} From 32816c2b678dc47a2b5f247774c5ccc8b3aa03f7 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Fri, 31 Mar 2023 15:11:21 +0200 Subject: [PATCH 03/10] fixtures/cosign: Use KBS URI in keyPath attributes of policy Previous keyPath value referenced paths on the filesystem, which are not there anymore with KBS resource URI. Signed-off-by: Jeremi Piotrowski --- .../cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration/confidential/fixtures/cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json b/integration/confidential/fixtures/cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json index 55f11c9d7..dc5b7708a 100644 --- a/integration/confidential/fixtures/cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json +++ b/integration/confidential/fixtures/cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json @@ -1,7 +1,7 @@ { "Policy": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvc2ltcGxlX3NpZ25pbmcvcHVia2V5LmdwZyIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgXSwKICAgICAgICAgICAgInF1YXkuaW8va2F0YS1jb250YWluZXJzL2NvbmZpZGVudGlhbC1jb250YWluZXJzOmNvc2lnbi1zaWduZWQiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnc3RvcmVTaWduZWQiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvY29zaWduL2Nvc2lnbi5wdWIiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJxdWF5LmlvL2thdGEtY29udGFpbmVycy9jb25maWRlbnRpYWwtY29udGFpbmVyczpjb3NpZ24tc2lnbmVkLWtleTIiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnc3RvcmVTaWduZWQiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvY29zaWduL2Nvc2lnbi5wdWIiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICB9Cn0=", "Cosign Key": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMWdIR2JmazFBcU93ZUxFTThIZlQwYm1mUUUzYgo5ZmNwL0xVNzVGTWZ4VlpYbU5WdFVwcnNITTF0aHV1aUJLT29mdjhLVjdUckZsNHA4TkpDaVhVa2hBPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==", - "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvc2ltcGxlX3NpZ25pbmcvcHVia2V5LmdwZyIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgXSwKICAgICAgICAgICAgInF1YXkuaW8va2F0YS1jb250YWluZXJzL2NvbmZpZGVudGlhbC1jb250YWluZXJzOmNvc2lnbi1zaWduZWQiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnc3RvcmVTaWduZWQiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvY29zaWduL2Nvc2lnbi5wdWIiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJxdWF5LmlvL2thdGEtY29udGFpbmVycy9jb25maWRlbnRpYWwtY29udGFpbmVyczpjb3NpZ24tc2lnbmVkLWtleTIiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnc3RvcmVTaWduZWQiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ydW4vaW1hZ2Utc2VjdXJpdHkvY29zaWduL2Nvc2lnbi5wdWIiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICB9Cn0=", + "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogImticzovLy9kZWZhdWx0L2dwZy1wdWJsaWMtY29uZmlnL3Rlc3QiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJxdWF5LmlvL2thdGEtY29udGFpbmVycy9jb25maWRlbnRpYWwtY29udGFpbmVyczpjb3NpZ24tc2lnbmVkIjogWwogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJ0eXBlIjogInNpZ3N0b3JlU2lnbmVkIiwKICAgICAgICAgICAgICAgICAgICAia2V5UGF0aCI6ICJrYnM6Ly8vZGVmYXVsdC9jb3NpZ24tcHVibGljLWtleS90ZXN0IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdLAogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6Y29zaWduLXNpZ25lZC1rZXkyIjogWwogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJ0eXBlIjogInNpZ3N0b3JlU2lnbmVkIiwKICAgICAgICAgICAgICAgICAgICAia2V5UGF0aCI6ICJrYnM6Ly8vZGVmYXVsdC9jb3NpZ24tcHVibGljLWtleS90ZXN0IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", "default/cosign-public-key/test": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMWdIR2JmazFBcU93ZUxFTThIZlQwYm1mUUUzYgo5ZmNwL0xVNzVGTWZ4VlpYbU5WdFVwcnNITTF0aHV1aUJLT29mdjhLVjdUckZsNHA4TkpDaVhVa2hBPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==", "default/credential/test": "" } From 11ade3173db01a3db2db5070f0dacbf528a6696e Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Mon, 3 Apr 2023 13:22:58 +0200 Subject: [PATCH 04/10] kubernetes/confidential: Use resources from clone repo setup_decryption_files_in_guest() current curls a file from github, while we fetch the corresponding repo just a couple of lines later in kubernetes_create_ssh_demo_pod(). Rewrite it to use checkout_doc_repo_dir() so that the "depends-on" mechanism for changes to various repos works. It doesn't work yet because checkout_doc_repo_dir() expects to make changes in the clone, but this way there is a single point in the code where changes need to be made. Signed-off-by: Jeremi Piotrowski --- integration/kubernetes/confidential/lib.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/integration/kubernetes/confidential/lib.sh b/integration/kubernetes/confidential/lib.sh index c9dd1e98c..81a62cac4 100755 --- a/integration/kubernetes/confidential/lib.sh +++ b/integration/kubernetes/confidential/lib.sh @@ -118,8 +118,7 @@ assert_pod_fail() { } setup_decryption_files_in_guest() { + checkout_doc_repo_dir add_kernel_params "agent.aa_kbc_params=offline_fs_kbc::null" - - curl -Lo "${HOME}/aa-offline_fs_kbc-keys.json" https://raw.githubusercontent.com/confidential-containers/documentation/main/demos/ssh-demo/aa-offline_fs_kbc-keys.json - cp_to_guest_img "etc" "${HOME}/aa-offline_fs_kbc-keys.json" + cp_to_guest_img "etc" "${doc_repo_dir}/demos/ssh-demo/aa-offline_fs_kbc-keys.json" } From 4c1def220967cdde6744fca7d6167b7549e294c0 Mon Sep 17 00:00:00 2001 From: Tobin Feldman-Fitzthum Date: Mon, 3 Apr 2023 13:38:55 +0000 Subject: [PATCH 05/10] SEV: Make SEV tests work with resource URI Switch to container image with resource URI format and modify resource names to use new URI format. Fixes: #5583 Signed-off-by: Tobin Feldman-Fitzthum --- integration/kubernetes/confidential/sev.bats | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/integration/kubernetes/confidential/sev.bats b/integration/kubernetes/confidential/sev.bats index 2c63bfa39..8fd98fbb2 100644 --- a/integration/kubernetes/confidential/sev.bats +++ b/integration/kubernetes/confidential/sev.bats @@ -29,7 +29,7 @@ test_tag="[cc][kubernetes][containerd][sev]" export SEV_CONFIG="/opt/confidential-containers/share/defaults/kata-containers/configuration-qemu-sev.toml" export RUNTIMECLASS=${RUNTIMECLASS:-"kata"} export FIXTURES_DIR="${TESTS_REPO_DIR}/integration/kubernetes/confidential/fixtures" -export IMAGE_REPO="ghcr.io/fitzthum/encrypted-image-tests" +export IMAGE_REPO="ghcr.io/confidential-containers/test-container" esudo() { sudo -E PATH=$PATH "$@" @@ -254,12 +254,12 @@ add_key_to_kbs_db() { # Add key and keyset to DB; If set, add policy with measurement to DB if [ -n "${measurement}" ]; then mysql -u${KBS_DB_USER} -p${KBS_DB_PW} -h ${KBS_DB_HOST} -D ${KBS_DB} < Date: Mon, 3 Apr 2023 16:49:34 +0800 Subject: [PATCH 06/10] ci: Set cc_kbc as the AA_KBC type for TDX CoCo v0.5.0 will release general CC_KBC with TDX support, we will also to use cc_kbc for TDX CI Fixes: #5581 Signed-off-by: Wang, Arron --- .ci/ci_job_flags.sh | 4 ++-- .ci/install_kata_image.sh | 2 +- integration/confidential/lib.sh | 21 ++++++++++++------- .../kubernetes/confidential/agent_image.bats | 10 +++++---- .../confidential/agent_image_encrypted.bats | 8 ++++--- integration/kubernetes/confidential/lib.sh | 2 +- 6 files changed, 28 insertions(+), 19 deletions(-) diff --git a/.ci/ci_job_flags.sh b/.ci/ci_job_flags.sh index 8df89917e..7df1b15af 100755 --- a/.ci/ci_job_flags.sh +++ b/.ci/ci_job_flags.sh @@ -134,7 +134,7 @@ case "${CI_JOB}" in export CRI_RUNTIME="containerd" export KATA_HYPERVISOR="qemu" export KATA_BUILD_CC="yes" - export AA_KBC="eaa_kbc" + export AA_KBC="cc_kbc" export TEE_TYPE="tdx" export KATA_BUILD_KERNEL_TYPE="tdx" export KATA_BUILD_QEMU_TYPE="tdx" @@ -156,7 +156,7 @@ case "${CI_JOB}" in export TEE_TYPE="tdx" export KATA_BUILD_KERNEL_TYPE="tdx" export KATA_BUILD_QEMU_TYPE="tdx" - export AA_KBC="eaa_kbc" + export AA_KBC="cc_kbc" elif [[ "${CI_JOB}" =~ _SE_ ]]; then if grep -q 'prot_virt=1' /proc/cmdline && grep -Eq '^facilities.* 158 .*' /proc/cpuinfo; then export TEE_TYPE="se" diff --git a/.ci/install_kata_image.sh b/.ci/install_kata_image.sh index 2fde8d5d3..67cff3cbc 100755 --- a/.ci/install_kata_image.sh +++ b/.ci/install_kata_image.sh @@ -83,7 +83,7 @@ build_image_for_cc () { if [ "${TEE_TYPE}" == "tdx" ] && [ "${KATA_HYPERVISOR}" == "qemu" ]; then # Cloud Hypervisor is still using `offline_fs_kbc`, so it has to # use the generic image. QEMU, on the other hand, is using - # `eaa_kbc` and it requires the `tdx-rootfs-image`. + # `cc_kbc` and it requires the `tdx-rootfs-image`. build_static_artifact_and_install "tdx-rootfs-image" elif [ "${TEE_TYPE}" == "se" ]; then build_static_artifact_and_install "rootfs-initrd" diff --git a/integration/confidential/lib.sh b/integration/confidential/lib.sh index 7092c93af..601e7d5b3 100644 --- a/integration/confidential/lib.sh +++ b/integration/confidential/lib.sh @@ -266,16 +266,18 @@ setup_offline_fs_kbc_signature_files_in_guest() { cp_to_guest_img "etc" "${SHARED_FIXTURES_DIR}/offline-fs-kbc/$(uname -m)/aa-offline_fs_kbc-resources.json" } -setup_eaa_kbc_signature_files_in_guest() { +setup_cc_kbc_signature_files_in_guest() { # Enable signature verification via kata-configuration by removing the param that disables it remove_kernel_param "agent.enable_signature_verification" # Set-up required files in guest image setup_common_signature_files_in_guest - # EAA KBC is specified as: eaa_kbc::host_ip:port, and 50000 is the default port used + # CC KBC is specified as: cc_kbc::http://host_ip:port/, and 60000 is the default port used # by the service, as well as the one configured in the Kata Containers rootfs. - add_kernel_params "agent.aa_kbc_params=eaa_kbc::$(hostname -I | awk '{print $1}'):50000" + CC_KBS_IP=${CC_KBS_IP:-"$(hostname -I | awk '{print $1}')"} + CC_KBS_PORT=${CC_KBS_PORT:-"60000"} + add_kernel_params "agent.aa_kbc_params=cc_kbc::http://${CC_KBS_IP}:${CC_KBS_PORT}/" } setup_cosign_signatures_files() { @@ -295,10 +297,13 @@ setup_cosign_signatures_files() { add_kernel_params "agent.aa_kbc_params=offline_fs_kbc::null" cp_to_guest_img "etc" "${SHARED_FIXTURES_DIR}/cosign/offline-fs-kbc/aa-offline_fs_kbc-resources.json" ;; - "eaa_kbc") - # EAA KBC is specified as: eaa_kbc::host_ip:port, and 50000 is the default port used + "cc_kbc") + # CC KBC is specified as: cc_kbc::host_ip:port, and 60000 is the default port used # by the service, as well as the one configured in the Kata Containers rootfs. - add_kernel_params "agent.aa_kbc_params=eaa_kbc::$(hostname -I | awk '{print $1}'):50000" + + CC_KBS_IP=${CC_KBS_IP:-"$(hostname -I | awk '{print $1}')"} + CC_KBS_PORT=${CC_KBS_PORT:-"60000"} + add_kernel_params "agent.aa_kbc_params=cc_kbc::http://${CC_KBS_IP}:${CC_KBS_PORT}/" ;; *) ;; @@ -310,8 +315,8 @@ setup_signature_files() { "offline_fs_kbc") setup_offline_fs_kbc_signature_files_in_guest ;; - "eaa_kbc") - setup_eaa_kbc_signature_files_in_guest + "cc_kbc") + setup_cc_kbc_signature_files_in_guest ;; *) ;; diff --git a/integration/kubernetes/confidential/agent_image.bats b/integration/kubernetes/confidential/agent_image.bats index 369a5bbed..93f42254b 100644 --- a/integration/kubernetes/confidential/agent_image.bats +++ b/integration/kubernetes/confidential/agent_image.bats @@ -185,10 +185,12 @@ assert_logs_contain() { @test "$test_tag Test pull an unencrypted unsigned image from an authenticated registry with correct credentials" { if [ "${AA_KBC}" = "offline_fs_kbc" ]; then setup_credentials_files "quay.io/kata-containers/confidential-containers-auth" - elif [ "${AA_KBC}" = "eaa_kbc" ]; then - # EAA KBC is specified as: eaa_kbc::host_ip:port, and 50000 is the default port used + elif [ "${AA_KBC}" = "cc_kbc" ]; then + # CC KBC is specified as: cc_kbc::http://host_ip:port/, and 60000 is the default port used # by the service, as well as the one configured in the Kata Containers rootfs. - add_kernel_params "agent.aa_kbc_params=eaa_kbc::$(hostname -I | awk '{print $1}'):50000" + CC_KBS_IP=${CC_KBS_IP:-"$(hostname -I | awk '{print $1}')"} + CC_KBS_PORT=${CC_KBS_PORT:-"60000"} + add_kernel_params "agent.aa_kbc_params=cc_kbc::http://${CC_KBS_IP}:${CC_KBS_PORT}/" fi pod_config="$(new_pod_config "${image_authenticated}")" @@ -198,7 +200,7 @@ assert_logs_contain() { } @test "$test_tag Test cannot pull an image from an authenticated registry with incorrect credentials" { - if [ "${AA_KBC}" = "eaa_kbc" ]; then + if [ "${AA_KBC}" = "cc_kbc" ]; then skip "As the test requires changing verdictd configuration and restarting its service" fi diff --git a/integration/kubernetes/confidential/agent_image_encrypted.bats b/integration/kubernetes/confidential/agent_image_encrypted.bats index 8544ea5f1..b8d842ed9 100644 --- a/integration/kubernetes/confidential/agent_image_encrypted.bats +++ b/integration/kubernetes/confidential/agent_image_encrypted.bats @@ -37,10 +37,12 @@ setup() { @test "$test_tag Test can pull an encrypted image inside the guest with decryption key" { if [ "${AA_KBC}" = "offline_fs_kbc" ]; then setup_decryption_files_in_guest - elif [ "${AA_KBC}" = "eaa_kbc" ]; then - # EAA KBC is specified as: eaa_kbc::host_ip:port, and 50000 is the default port used + elif [ "${AA_KBC}" = "cc_kbc" ]; then + # CC KBC is specified as: cc_kbc::http://host_ip:port/, and 60000 is the default port used # by the service, as well as the one configured in the Kata Containers rootfs. - add_kernel_params "agent.aa_kbc_params=eaa_kbc::$(hostname -I | awk '{print $1}'):50000" + CC_KBS_IP=${CC_KBS_IP:-"$(hostname -I | awk '{print $1}')"} + CC_KBS_PORT=${CC_KBS_PORT:-"60000"} + add_kernel_params "agent.aa_kbc_params=cc_kbc::http://${CC_KBS_IP}:${CC_KBS_PORT}/" fi kubernetes_create_ssh_demo_pod diff --git a/integration/kubernetes/confidential/lib.sh b/integration/kubernetes/confidential/lib.sh index 81a62cac4..8258d48cb 100755 --- a/integration/kubernetes/confidential/lib.sh +++ b/integration/kubernetes/confidential/lib.sh @@ -83,7 +83,7 @@ checkout_doc_repo_dir() { kubernetes_create_ssh_demo_pod() { checkout_doc_repo_dir - [ "${AA_KBC:-}" == "eaa_kbc" ] && sed -i 's#katadocker/ccv0-ssh#katadocker/ssh-demo-eaa-kbc#g' "${doc_repo_dir}/demos/ssh-demo/k8s-cc-ssh.yaml" + [ "${AA_KBC:-}" == "cc_kbc" ] && sed -i 's#katadocker/ccv0-ssh#ghcr.io/confidential-containers/test-container:encrypted#g' "${doc_repo_dir}/demos/ssh-demo/k8s-cc-ssh.yaml" kubectl apply -f "${doc_repo_dir}/demos/ssh-demo/k8s-cc-ssh.yaml" && pod=$(kubectl get pods -o jsonpath='{.items..metadata.name}') && kubectl wait --timeout=120s --for=condition=ready pods/$pod kubectl get pod $pod } From e8a31d420953bb32637e4c85118980bf4e1976db Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Tue, 4 Apr 2023 11:55:25 +0200 Subject: [PATCH 07/10] fixtures/offline-fs-kbc: Fix resource id for gpg-public-key in s390x Accidentally had two entries called 'default/sigstore-config/test'. Signed-off-by: Jeremi Piotrowski --- .../offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json b/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json index 651b9f0c4..680b5098d 100644 --- a/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json +++ b/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json @@ -4,5 +4,5 @@ "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==", "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", "default/sigstore-config/test": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", - "default/sigstore-config/test": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==" + "default/gpg-public-config/test": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==" } From 3751f9b548f78739b0ec11c7f4cf82cce168d592 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Tue, 4 Apr 2023 13:52:39 +0200 Subject: [PATCH 08/10] fixtures/offline-fs-kbc: Fix default/security-policy/test field The security-policy needs to reference the gpg key using KBS uri format. Signed-off-by: Jeremi Piotrowski --- .../offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json | 2 +- .../offline-fs-kbc/x86_64/aa-offline_fs_kbc-resources.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json b/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json index 680b5098d..78e2d58e9 100644 --- a/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json +++ b/integration/confidential/fixtures/offline-fs-kbc/s390x/aa-offline_fs_kbc-resources.json @@ -2,7 +2,7 @@ "Policy": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", "Sigstore Config": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==", - "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", + "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogImticzovLy9kZWZhdWx0L2dwZy1wdWJsaWMtY29uZmlnL3Rlc3QiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICB9Cn0K", "default/sigstore-config/test": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", "default/gpg-public-config/test": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==" } diff --git a/integration/confidential/fixtures/offline-fs-kbc/x86_64/aa-offline_fs_kbc-resources.json b/integration/confidential/fixtures/offline-fs-kbc/x86_64/aa-offline_fs_kbc-resources.json index 9b298552d..c0f3bafbb 100644 --- a/integration/confidential/fixtures/offline-fs-kbc/x86_64/aa-offline_fs_kbc-resources.json +++ b/integration/confidential/fixtures/offline-fs-kbc/x86_64/aa-offline_fs_kbc-resources.json @@ -2,7 +2,7 @@ "Policy": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", "Sigstore Config": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdGTVZFZ0JFQUN6ZC9ISno2bnE4R0FqRm9XdDIwUGhBeTRScDhxNHFlRkUzSkorbHdoUHprSmRiTDNaClFKMzFURUNyYktVeW8zTElRMzFCNzVBWXczdm5FSVVPY3V0U0UxaThvNTU3SW94eGxHNFN3dGtSVmRVUGVFN2UKdElOMm1aKzJHd25nQW1KRUgxNWtNQUZzVVFhNG4rWE9WUU9aSTNRWWVsWWpMd0thbXFBa3dFdjAzSmpHaTIrbQo0a0ZITzBmMy9lc0pmZXhVd3hLMHdQazJ4emlvZ2FpTzN6NDViTkoxMDZwSC95NGhRMHBWbWZJSHpPVjZwRHN2ClVHcTFxdnZlL2dDRXFZZWYvcUgyNzJoRkdNTE1qRy8yOStwVmZ1bEJ2YnpiUUhNUHlIaTFBdTVwemJWVUhxOUEKOURoWXhmWllpN2MreXU5Y1h0cngzQmlXSG52NzlBRUtWZDhCdkVucE02dGNIOWMvVFJlakd6VjF0cThva05wMwpXaXp6T0ZzVXBpaXVYVVo5ZlVlQ0s5YnVEaXdsdDF2ZGQ2OG5RZ3o2YkdIOEZqbVd2UXU4eTNVZEZRSTUwQkNVCmVEeFZEcHIzRXhjNER6MWxnU0pNV0wya2NJRy8wVllGU2hkRXUxL2lnNmdLUlpGcm1XN2hnSU51V1ZwWUNoZGkKK0I3Rkg1UDhGUlBiN0YrZFdyY0o3M3A1WXJLMzhHbnpadTNtdmZSUnk5Q0FpU1NFNFpEd0JuMjMzSCtlMFFzWAptT2lIcW1LSVZTbnhVa1hoTktXWm9LUDVQRlBHWE9YSEFNaWRnWC8wT0UxOEc2WmREMEYvRVNuYVdUL2lwNzNNCk1EYU5tVENlL2JZdW9TZy9oVUdCMEtENUx2aFZaT01haTh1MkYwQnJFYWdPRnQ3SkZjbUVwd2pXWndBUkFRQUIKdEVsVGRHVjJaVzRnU0c5eWMyMWhiaUFvUjFCSElHdGxlU0JtYjNJZ2MybG5ibWx1WnlCcllYUmhJSFJsYzNRZwphVzFoWjJWektTQThjM1JsZG1WdVFIVnJMbWxpYlM1amIyMCtpUUpZQkJNQkNBQkNGaUVFWjdKS3JNUlpaNTRDCmc5ZnVXUGJ0Qis2bXRDa0ZBbUZNVkVnQ0d3TUZDUUhoTTRBRkN3a0lCd0lESWdJQkJoVUtDUWdMQWdRV0FnTUIKQWg0SEFoZUFBQW9KRUZqMjdRZnVwclFwc3ZBUC8zTit5RGRlRkRMaVdSS21YbEhzbWRuT3dlYVdxQjdzUWJ0SQpJTFh6RVFCY1pIWjFRNUxna0o2bzlHUlJlK0pPVmFsQUQ5QXdPQjg4Z0hNVVptR2hmQU05dnY3R3RWWGdpQkNmCi9mNDE0TTFueS9xMUgwZG1wRnF4b3FaYzlXNlhaU1pFVC8yNVFPUlMzYkxIK0dFdnQ4enZaUkFLVU9WRUhPZTQKbHRocmNuY21uaFd4ZWc0ZFJGWEZRczJZSW41VzZiOTd4SzN4emF0bDlyTVgwd2s4L2xweDlHQ0tLalZ3OVpQcwpUZ25kcmlMTnUzaGJOeWFXaEhlTHFUT1hEOUU0WUNjM3FMc0MvZW5Hclh6Si91bWdpaHUvRy9iNWFsZWZ6U09xCnh0MHI2ejdSbk85OXJVdEtDYW0rNUVEa0t6VXZoamdSM2oyTGtHWkMxZnFBTnQ2TEtPK0MwT3FtMEpUMm1UZGEKdGEveDdCdGozNktJYjN1TlNSdDJiRHJGWXhPajZzRnlQVlRVbHpOZ2l0bkszVHFJeG5teWlHZGhPVUcyc1p5OAowSTFaNHZaT0JGdzIzWE9qYzRUVGRWU29BbUxSZkhOeWZtYXlHbS9ja2xlTjV2T2xiVzlPOXREa0M0alo2WkZNCjFxZzEyUkxvS1dxRXRodmlzOVhzV0xieEFBaG0xbkZKV0VpTlhzdW1NUDc0U1cwLy9qYmRFT0xObzBXRG5TTmIKZ3U2a2hVYXJIR0dpUEJzeFc4cURGdXNIWFplMEpDSVFRUTBDZVh3T1owaXFINC9tQ0lKQnlId2dEdExnbnNUTQo2a2hnU2VhMXk1a3RRQnZSdU1QODg5ZWJQSEoyNjFqeUl5OXV5K25oaUt5cG9PK3lqMWYvUm5qNWtLS3Y3Mm5LCjV1RVNwSkJUCj1CN3ZRCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K", - "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", + "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogImticzovLy9kZWZhdWx0L2dwZy1wdWJsaWMtY29uZmlnL3Rlc3QiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICB9Cn0K", "default/sigstore-config/test": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", "default/gpg-public-config/test": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdGTVZFZ0JFQUN6ZC9ISno2bnE4R0FqRm9XdDIwUGhBeTRScDhxNHFlRkUzSkorbHdoUHprSmRiTDNaClFKMzFURUNyYktVeW8zTElRMzFCNzVBWXczdm5FSVVPY3V0U0UxaThvNTU3SW94eGxHNFN3dGtSVmRVUGVFN2UKdElOMm1aKzJHd25nQW1KRUgxNWtNQUZzVVFhNG4rWE9WUU9aSTNRWWVsWWpMd0thbXFBa3dFdjAzSmpHaTIrbQo0a0ZITzBmMy9lc0pmZXhVd3hLMHdQazJ4emlvZ2FpTzN6NDViTkoxMDZwSC95NGhRMHBWbWZJSHpPVjZwRHN2ClVHcTFxdnZlL2dDRXFZZWYvcUgyNzJoRkdNTE1qRy8yOStwVmZ1bEJ2YnpiUUhNUHlIaTFBdTVwemJWVUhxOUEKOURoWXhmWllpN2MreXU5Y1h0cngzQmlXSG52NzlBRUtWZDhCdkVucE02dGNIOWMvVFJlakd6VjF0cThva05wMwpXaXp6T0ZzVXBpaXVYVVo5ZlVlQ0s5YnVEaXdsdDF2ZGQ2OG5RZ3o2YkdIOEZqbVd2UXU4eTNVZEZRSTUwQkNVCmVEeFZEcHIzRXhjNER6MWxnU0pNV0wya2NJRy8wVllGU2hkRXUxL2lnNmdLUlpGcm1XN2hnSU51V1ZwWUNoZGkKK0I3Rkg1UDhGUlBiN0YrZFdyY0o3M3A1WXJLMzhHbnpadTNtdmZSUnk5Q0FpU1NFNFpEd0JuMjMzSCtlMFFzWAptT2lIcW1LSVZTbnhVa1hoTktXWm9LUDVQRlBHWE9YSEFNaWRnWC8wT0UxOEc2WmREMEYvRVNuYVdUL2lwNzNNCk1EYU5tVENlL2JZdW9TZy9oVUdCMEtENUx2aFZaT01haTh1MkYwQnJFYWdPRnQ3SkZjbUVwd2pXWndBUkFRQUIKdEVsVGRHVjJaVzRnU0c5eWMyMWhiaUFvUjFCSElHdGxlU0JtYjNJZ2MybG5ibWx1WnlCcllYUmhJSFJsYzNRZwphVzFoWjJWektTQThjM1JsZG1WdVFIVnJMbWxpYlM1amIyMCtpUUpZQkJNQkNBQkNGaUVFWjdKS3JNUlpaNTRDCmc5ZnVXUGJ0Qis2bXRDa0ZBbUZNVkVnQ0d3TUZDUUhoTTRBRkN3a0lCd0lESWdJQkJoVUtDUWdMQWdRV0FnTUIKQWg0SEFoZUFBQW9KRUZqMjdRZnVwclFwc3ZBUC8zTit5RGRlRkRMaVdSS21YbEhzbWRuT3dlYVdxQjdzUWJ0SQpJTFh6RVFCY1pIWjFRNUxna0o2bzlHUlJlK0pPVmFsQUQ5QXdPQjg4Z0hNVVptR2hmQU05dnY3R3RWWGdpQkNmCi9mNDE0TTFueS9xMUgwZG1wRnF4b3FaYzlXNlhaU1pFVC8yNVFPUlMzYkxIK0dFdnQ4enZaUkFLVU9WRUhPZTQKbHRocmNuY21uaFd4ZWc0ZFJGWEZRczJZSW41VzZiOTd4SzN4emF0bDlyTVgwd2s4L2xweDlHQ0tLalZ3OVpQcwpUZ25kcmlMTnUzaGJOeWFXaEhlTHFUT1hEOUU0WUNjM3FMc0MvZW5Hclh6Si91bWdpaHUvRy9iNWFsZWZ6U09xCnh0MHI2ejdSbk85OXJVdEtDYW0rNUVEa0t6VXZoamdSM2oyTGtHWkMxZnFBTnQ2TEtPK0MwT3FtMEpUMm1UZGEKdGEveDdCdGozNktJYjN1TlNSdDJiRHJGWXhPajZzRnlQVlRVbHpOZ2l0bkszVHFJeG5teWlHZGhPVUcyc1p5OAowSTFaNHZaT0JGdzIzWE9qYzRUVGRWU29BbUxSZkhOeWZtYXlHbS9ja2xlTjV2T2xiVzlPOXREa0M0alo2WkZNCjFxZzEyUkxvS1dxRXRodmlzOVhzV0xieEFBaG0xbkZKV0VpTlhzdW1NUDc0U1cwLy9qYmRFT0xObzBXRG5TTmIKZ3U2a2hVYXJIR0dpUEJzeFc4cURGdXNIWFplMEpDSVFRUTBDZVh3T1owaXFINC9tQ0lKQnlId2dEdExnbnNUTQo2a2hnU2VhMXk1a3RRQnZSdU1QODg5ZWJQSEoyNjFqeUl5OXV5K25oaUt5cG9PK3lqMWYvUm5qNWtLS3Y3Mm5LCjV1RVNwSkJUCj1CN3ZRCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K" } From efe0a84bf8ac502f4856e85987ce779472605008 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Wed, 5 Apr 2023 14:45:04 +0200 Subject: [PATCH 09/10] kubernetes/confidential/sev: Use :multi-arch-encrypted image tag Use the same image for ssh-demo on SEV as on other platforms. Signed-off-by: Jeremi Piotrowski --- integration/kubernetes/confidential/sev.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/integration/kubernetes/confidential/sev.bats b/integration/kubernetes/confidential/sev.bats index 8fd98fbb2..f6621f1db 100644 --- a/integration/kubernetes/confidential/sev.bats +++ b/integration/kubernetes/confidential/sev.bats @@ -314,13 +314,13 @@ setup_file() { pull_unencrypted_image_and_set_keys generate_service_yaml "unencrypted-image-tests" "${IMAGE_REPO}:unencrypted" - generate_service_yaml "encrypted-image-tests" "${IMAGE_REPO}:encrypted" + generate_service_yaml "encrypted-image-tests" "${IMAGE_REPO}:multi-arch-encrypted" # SEV-ES policy is 7: # - NODBG (1): Debugging of the guest is disallowed when set # - NOKS (2): Sharing keys with other guests is disallowed when set # - ES (4): SEV-ES is required when set - generate_service_yaml "encrypted-image-tests-es" "${IMAGE_REPO}:encrypted" "7" + generate_service_yaml "encrypted-image-tests-es" "${IMAGE_REPO}:multi-arch-encrypted" "7" echo "SETUP FILE - COMPLETE" echo "###############################################################################" From 80478a2502e020c931c4bdc0eb11b072e6230f01 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Wed, 5 Apr 2023 14:41:55 +0200 Subject: [PATCH 10/10] kubernetes/confidential: Remove special handling for image The are now using this image: ghcr.io/confidential-containers/test-container:multi-arch-encrypted This should work for all configurations, we no longer need an override for cc_kbc and we no longer need to override the tag for non-x86_64. Signed-off-by: Jeremi Piotrowski --- integration/kubernetes/confidential/lib.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/integration/kubernetes/confidential/lib.sh b/integration/kubernetes/confidential/lib.sh index 8258d48cb..79f788e47 100755 --- a/integration/kubernetes/confidential/lib.sh +++ b/integration/kubernetes/confidential/lib.sh @@ -74,16 +74,12 @@ checkout_doc_repo_dir() { git clone https://${doc_repo} "${doc_repo_dir}" # Update runtimeClassName from kata-cc to "$RUNTIMECLASS" sudo sed -i -e 's/\([[:blank:]]*runtimeClassName: \).*/\1'${RUNTIMECLASS:-kata}'/g' "${doc_repo_dir}/demos/ssh-demo/k8s-cc-ssh.yaml" - if [ "$(uname -m)" != "x86_64" ]; then - sudo sed -i -e 's/^\(.*image: docker\.io.*\)$/\1:'$(uname -m)'/g' "${doc_repo_dir}/demos/ssh-demo/k8s-cc-ssh.yaml" - fi chmod 600 ${doc_repo_dir}/demos/ssh-demo/ccv0-ssh fi } kubernetes_create_ssh_demo_pod() { checkout_doc_repo_dir - [ "${AA_KBC:-}" == "cc_kbc" ] && sed -i 's#katadocker/ccv0-ssh#ghcr.io/confidential-containers/test-container:encrypted#g' "${doc_repo_dir}/demos/ssh-demo/k8s-cc-ssh.yaml" kubectl apply -f "${doc_repo_dir}/demos/ssh-demo/k8s-cc-ssh.yaml" && pod=$(kubectl get pods -o jsonpath='{.items..metadata.name}') && kubectl wait --timeout=120s --for=condition=ready pods/$pod kubectl get pod $pod }