From c690f90d828ad4caae70f93a4f5c67aae0e080b3 Mon Sep 17 00:00:00 2001 From: Xu Yang <58192524+clarkxuyang@users.noreply.github.com> Date: Fri, 24 Jan 2025 15:20:05 -0800 Subject: [PATCH] xuy-UID2-4719 use operator-key as name (#1318) --- scripts/aws/ec2.py | 4 ++-- scripts/azure-cc/azureEntryPoint.py | 14 +++++++------- scripts/confidential_compute.py | 8 ++++---- scripts/gcp-oidc/gcp.py | 8 ++++---- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/scripts/aws/ec2.py b/scripts/aws/ec2.py index 31cc77461..14eb998a1 100644 --- a/scripts/aws/ec2.py +++ b/scripts/aws/ec2.py @@ -16,7 +16,7 @@ import yaml sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) -from confidential_compute import ConfidentialCompute, ConfidentialComputeConfig, MissingInstanceProfile, ApiTokenNotFound, InvalidConfigValue, ConfidentialComputeStartupException +from confidential_compute import ConfidentialCompute, ConfidentialComputeConfig, MissingInstanceProfile, OperatorKeyNotFound, InvalidConfigValue, ConfidentialComputeStartupException class AWSConfidentialComputeConfig(ConfidentialComputeConfig): enclave_memory_mb: int @@ -103,7 +103,7 @@ def add_defaults(configs: Dict[str, any]) -> None: except NoCredentialsError as _: raise MissingInstanceProfile(self.__class__.__name__) except ClientError as _: - raise ApiTokenNotFound(self.__class__.__name__, f"Secret Manager {secret_identifier} in {region}") + raise OperatorKeyNotFound(self.__class__.__name__, f"Secret Manager {secret_identifier} in {region}") @staticmethod def __get_max_capacity(): diff --git a/scripts/azure-cc/azureEntryPoint.py b/scripts/azure-cc/azureEntryPoint.py index 9332dec83..534525d86 100644 --- a/scripts/azure-cc/azureEntryPoint.py +++ b/scripts/azure-cc/azureEntryPoint.py @@ -10,7 +10,7 @@ import logging sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) -from confidential_compute import ConfidentialCompute, MissingConfig, MissingInstanceProfile, AuxiliariesException, SecretAccessDenied, ApiTokenNotFound, ConfidentialComputeStartupException +from confidential_compute import ConfidentialCompute, MissingConfig, MissingInstanceProfile, AuxiliariesException, OperatorKeyAccessDenied, OperatorKeyNotFound, ConfidentialComputeStartupException from azure.keyvault.secrets import SecretClient from azure.identity import DefaultAzureCredential, CredentialUnavailableError from azure.core.exceptions import ResourceNotFoundError, ClientAuthenticationError @@ -73,21 +73,21 @@ def __set_base_urls(self): self.configs["core_base_url"] = jdata["core_attest_url"] self.configs["optout_base_url"] = jdata["optout_api_uri"] - def __set_api_token(self): + def __set_operator_key(self): try: credential = DefaultAzureCredential() kv_URL = f"https://{AzureEntryPoint.kv_name}.vault.azure.net" secret_client = SecretClient(vault_url=kv_URL, credential=credential) secret = secret_client.get_secret(AzureEntryPoint.secret_name) # print(f"Secret Value: {secret.value}") - self.configs["api_token"] = secret.value + self.configs["operator_key"] = secret.value except (CredentialUnavailableError, ClientAuthenticationError) as auth_error: logging.error(f"Read operator key, authentication error: {auth_error}") - raise SecretAccessDenied(self.__class__.__name__, str(auth_error)) + raise OperatorKeyAccessDenied(self.__class__.__name__, str(auth_error)) except ResourceNotFoundError as not_found_error: logging.error(f"Read operator key, secret not found: {AzureEntryPoint.secret_name}. Error: {not_found_error}") - raise ApiTokenNotFound(self.__class__.__name__, str(not_found_error)) + raise OperatorKeyNotFound(self.__class__.__name__, str(not_found_error)) def _set_confidential_config(self, secret_identifier: str = None): @@ -95,8 +95,8 @@ def _set_confidential_config(self, secret_identifier: str = None): self.configs["debug_mode"] = os.getenv("DEBUG_MODE", "false").lower() == "true" self.configs["environment"] = AzureEntryPoint.env_name - # set self.configs["api_token"] - self.__set_api_token() + # set self.configs["operator_key"] + self.__set_operator_key() # set base urls from final config file self.__set_base_urls() diff --git a/scripts/confidential_compute.py b/scripts/confidential_compute.py index 9872abe62..e156758ee 100644 --- a/scripts/confidential_compute.py +++ b/scripts/confidential_compute.py @@ -8,7 +8,7 @@ import logging class ConfidentialComputeConfig(TypedDict): - api_token: str + operator_key: str core_base_url: str optout_base_url: str environment: str @@ -29,7 +29,7 @@ class MissingInstanceProfile(ConfidentialComputeStartupException): def __init__(self, cls, message = None): super().__init__(error_name=f"E01: {self.__class__.__name__}", provider=cls, extra_message=message) -class ApiTokenNotFound(ConfidentialComputeStartupException): +class OperatorKeyNotFound(ConfidentialComputeStartupException): def __init__(self, cls, message = None): super().__init__(error_name=f"E02: {self.__class__.__name__}", provider=cls, extra_message=message) @@ -53,7 +53,7 @@ class AuxiliariesException(ConfidentialComputeStartupException): def __init__(self, cls, inner_message = None): super().__init__(error_name=f"E07: {self.__class__.__name__}", provider=cls, extra_message=inner_message) -class SecretAccessDenied(ConfidentialComputeStartupException): +class OperatorKeyAccessDenied(ConfidentialComputeStartupException): def __init__(self, cls, message = None): super().__init__(error_name=f"E08: {self.__class__.__name__}", provider=cls, extra_message=message) @@ -67,7 +67,7 @@ def validate_configuration(self): logging.info("Validating configurations provided") def validate_operator_key(): """ Validates the operator key format and its environment alignment.""" - operator_key = self.configs.get("api_token") + operator_key = self.configs.get("operator_key") pattern = r"^(UID2|EUID)-.\-(I|P|L)-\d+-.*$" if re.match(pattern, operator_key): env = self.configs.get("environment", "").lower() diff --git a/scripts/gcp-oidc/gcp.py b/scripts/gcp-oidc/gcp.py index a74becadf..8e76e9c4f 100644 --- a/scripts/gcp-oidc/gcp.py +++ b/scripts/gcp-oidc/gcp.py @@ -10,7 +10,7 @@ from google.api_core.exceptions import PermissionDenied, NotFound sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) -from confidential_compute import ConfidentialCompute, ConfidentialComputeConfig, MissingConfig, ApiTokenNotFound, SecretAccessDenied, ConfidentialComputeStartupException +from confidential_compute import ConfidentialCompute, ConfidentialComputeConfig, MissingConfig, OperatorKeyNotFound, OperatorKeyAccessDenied, ConfidentialComputeStartupException class GCPEntryPoint(ConfidentialCompute): @@ -39,10 +39,10 @@ def _set_confidential_config(self, secret_identifier=None) -> None: response = client.access_secret_version(name=secret_version_name) secret_value = response.payload.data.decode("UTF-8") except (PermissionDenied, DefaultCredentialsError) as e: - raise SecretAccessDenied(self.__class__.__name__, str(e)) + raise OperatorKeyAccessDenied(self.__class__.__name__, str(e)) except NotFound: - raise ApiTokenNotFound(self.__class__.__name__, f"Secret Manager {os.getenv("API_TOKEN_SECRET_NAME")}") - self.config["api_token"] = secret_value + raise OperatorKeyNotFound(self.__class__.__name__, f"Secret Manager {os.getenv("API_TOKEN_SECRET_NAME")}") + self.config["operator_key"] = secret_value def __populate_operator_config(self, destination): target_config = f"/app/conf/{self.configs["environment"].lower()}-config.json"