# Confidential containers on ACI Demo

### Step 1 : Build and deploy container image 
In this step we are going to build and push to the container registry a container image that takes in two numbers and calculates the sum of the two numbers. We will then deploy the "sum" container image to ACI along with a helper sidecar container that can help get us a Microsoft Azure Attestation ( MAA ) attestation token. 

In [None]:
import subprocess
import json
import base64
from hashlib import sha256
# TODO: update this to demo registry name
registry_name = 'docker.io/pawankhandavillims'

# deploy sum + skr container with ARM Template from CLI
subprocess.run(f'docker build -t {registry_name}/cacidemo:latest ./sum', capture_output=True)

subprocess.run(f'docker push {registry_name}/cacidemo:latest', capture_output=True)

# generate security policy
subprocess.run('az confcom acipolicygen -a ./sum/template.json', capture_output=True, shell=True)

# # deploy ARM Template
subprocess.run('az deployment group create -g akhandavilli-rg -f ./sum/template.json', capture_output=True, shell=True)

# get the hash of the security policy
with open("./sum/template.json", "r") as f:
    # open the template and grab the cce policy
    template = json.loads(f.read())
    security_policy = template.get('resources')[0]['properties']['confidentialComputeProperties']['ccePolicy']
    # decode the base64 encoded policy and hash it
    sha256_hash_sum = sha256(base64.b64decode(security_policy)).hexdigest()
    # print the hash
    print("hash of security policy: ", sha256_hash_sum)


### Step 2 : Check for successful deployment on Azure Portal and get attestation token
In this step we will check for the successful deployment and get the attestation token verified by MAA. We will compare the contents of the "x-ms-sevsnpvm-hostdata" claim and check whether it matches the policy hash from step 1

In [None]:
import requests
import jwt
import json
# TODO: update the public_ip_address

public_ip_address = '4.157.61.66'
runtime_data = 'eyJrZXlzIjpbeyJlIjoiQVFBQiIsImtleV9vcHMiOlsiZW5jcnlwdCJdLCJraWQiOiJOdmhmdXEyY0NJT0FCOFhSNFhpOVByME5QXzlDZU16V1FHdFdfSEFMel93Iiwia3R5IjoiUlNBIiwibiI6InY5NjVTUm15cDh6Ykc1ZU5GdURDbW1pU2VhSHB1akcyYkNfa2VMU3V6dkRNTE8xV3lyVUp2ZWFhNWJ6TW9PMHBBNDZwWGttYnFIaXNvelZ6cGlORExDbzZkM3o0VHJHTWVGUGYyQVBJTXUtUlNyek41NnF2SFZ5SXI1Y2FXZkhXay1GTVJEd0FlZnlOWVJIa2RZWWtnbUZLNDRoaFVkdGxDQUtFdjVVUXBGWmp2aDRpSTlqVkJkR1lNeUJhS1FMaGpJNVdJaC1RRzZaYTVzU3VPQ0ZNbm11eXV2TjVEZmxwTEZ6NTk1U3MtRW9CSVktTmlsNmxDdHZjR2dSLUlialVZSEFPczVhamFtVHpnZU84a3gzVkNFOUhjeUtteVVac2l5aUY2SURScDJCcHkzTkhUakl6N3Rta3BUSHg3dEhuUnRsZkUyRlV2MEI2aV9RWWxfWkE1USJ9XX0='
maa_endpoint = 'sharedeus2.eus2.test.attest.azure.net'

# call the maa endpoint
maa_response = requests.post(f'http://{public_ip_address}/attest/maa', 
                            json={"runtime_data": runtime_data, "maa_endpoint": maa_endpoint})

token = json.loads(maa_response.json().get("result")).get("token")
decoded_token = jwt.decode(token, options={"verify_signature": False}, algorithms=['RS256'])
print("SEV-SNP Host Data:\n", decoded_token.get("x-ms-sevsnpvm-hostdata"))
if(sha256_hash_sum == decoded_token.get("x-ms-sevsnpvm-hostdata")):
    print("Security Policy Hash Matches")
    print("Host is Trusted")
else:
    print("Security Policy Hash Does Not Match")
    print("Host is Not Trusted")



### Step 3 : Error scenario : Attempt to deploy an image different than what is captured in the security policy 
We want to break the deployment by deploying a different image, in this case a container image that calculates the product of two numbers instead of the sum with the same repository and tag.

Once the container group restarts, the new image will break the policy.
This is why the `latest` tag is not recommended for Confidential ACI


In [None]:
import subprocess
import json
import base64
from hashlib import sha256

# deploy multiple + skr container with ARM Template from CLI
subprocess.run('docker build -t pawankhandavillims/cacidemo:latest ./product')
subprocess.run('docker push pawankhandavillims/cacidemo:latest')

### Step 5 : Deploy updated image with the updated security policy 
We want to fix our deployment by generating a new security policy to reflect the updated image, then uploading the ARM Template with the new policy.

In [None]:
# generate new security policy and have it injected into the ARM template
subprocess.run('az confcom acipolicygen -a ./product/template.json', shell=True)
# deploy product + skr container with ARM Template from CLI
subprocess.run('az deployment group create -g aci-demo -f ./product/template.json', shell=True)

# get the hash of the security policy
with open("./product/template.json", "r") as f:
    # open the template and grab the cce policy
    template = json.loads(f.read())
    security_policy = template.get('resources')[0]['properties']['confidentialComputeProperties']['ccePolicy']
    # decode the base64 encoded policy and hash it
    sha256_hash = sha256(base64.b64decode(security_policy)).hexdigest()
    # print the hash
    print("hash of security policy: ", sha256_hash)


### Step 6 : Check deployment is successful and get attestation token 
In this step the security policy hash as part of the attestation token will not match the one generated by the tooling in step 1 as the image has changed. 

In [None]:
# Call the attestation endpoint and pretty print the parsed jwt token from MAA
import requests
import jwt
import json
# TODO: update the public_ip_address

public_ip_address = '20.75.212.210'
runtime_data = 'eyJrZXlzIjpbeyJlIjoiQVFBQiIsImtleV9vcHMiOlsiZW5jcnlwdCJdLCJraWQiOiJOdmhmdXEyY0NJT0FCOFhSNFhpOVByME5QXzlDZU16V1FHdFdfSEFMel93Iiwia3R5IjoiUlNBIiwibiI6InY5NjVTUm15cDh6Ykc1ZU5GdURDbW1pU2VhSHB1akcyYkNfa2VMU3V6dkRNTE8xV3lyVUp2ZWFhNWJ6TW9PMHBBNDZwWGttYnFIaXNvelZ6cGlORExDbzZkM3o0VHJHTWVGUGYyQVBJTXUtUlNyek41NnF2SFZ5SXI1Y2FXZkhXay1GTVJEd0FlZnlOWVJIa2RZWWtnbUZLNDRoaFVkdGxDQUtFdjVVUXBGWmp2aDRpSTlqVkJkR1lNeUJhS1FMaGpJNVdJaC1RRzZaYTVzU3VPQ0ZNbm11eXV2TjVEZmxwTEZ6NTk1U3MtRW9CSVktTmlsNmxDdHZjR2dSLUlialVZSEFPczVhamFtVHpnZU84a3gzVkNFOUhjeUtteVVac2l5aUY2SURScDJCcHkzTkhUakl6N3Rta3BUSHg3dEhuUnRsZkUyRlV2MEI2aV9RWWxfWkE1USJ9XX0='
maa_endpoint = 'sharedeus2.eus2.test.attest.azure.net'

# call the maa endpoint
maa_response = requests.post(f'http://{public_ip_address}/attest/maa', 
                            json={"runtime_data": runtime_data, "maa_endpoint": maa_endpoint})

token = json.loads(maa_response.json().get("result")).get("token")
decoded_token = jwt.decode(token, options={"verify_signature": False}, algorithms=['RS256'])
print("SEV-SNP Host Data:\n", decoded_token.get("x-ms-sevsnpvm-hostdata"))
if(sha256_hash_sum == decoded_token.get("x-ms-sevsnpvm-hostdata")):
    print("Security Policy Hash Matches")
    print("Host is Trusted")
else:
    print("Security Policy Hash Does Not Match")
    print("Host is Untrusted")