GPA service to use host-date-time for signed http requests#335
Merged
ZhidongPeng merged 10 commits intoAzure:devfrom Apr 24, 2026
Merged
GPA service to use host-date-time for signed http requests#335ZhidongPeng merged 10 commits intoAzure:devfrom
ZhidongPeng merged 10 commits intoAzure:devfrom
Conversation
LittleBoxOfSunshine
previously approved these changes
Apr 20, 2026
Bumps [rand](https://github.com/rust-random/rand) from 0.8.5 to 0.8.6. - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md) - [Commits](rust-random/rand@0.8.5...0.8.6) --- updated-dependencies: - dependency-name: rand dependency-version: 0.8.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.73 to 0.10.78. - [Release notes](https://github.com/rust-openssl/rust-openssl/releases) - [Commits](rust-openssl/rust-openssl@openssl-v0.10.73...openssl-v0.10.78) --- updated-dependencies: - dependency-name: openssl dependency-version: 0.10.78 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Zhidong Peng <zpeng@microsoft.com>
Co-authored-by: Copilot <copilot@github.com>
srikrishnaveturi
approved these changes
Apr 24, 2026
ZhidongPeng
added a commit
that referenced
this pull request
Apr 27, 2026
* Report eBPF service statuses instead of checking installation (#334) * Report eBPF service statuses instead of checking installation --------- Co-authored-by: Srikrishna Veturi <sveturi@microsoft.com> * Fix clippy::unnecessary_sort_by (#336) * Bump rand from 0.8.5 to 0.8.6 (#339) Bumps [rand](https://github.com/rust-random/rand) from 0.8.5 to 0.8.6. - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md) - [Commits](rust-random/rand@0.8.5...0.8.6) --- updated-dependencies: - dependency-name: rand dependency-version: 0.8.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump openssl from 0.10.73 to 0.10.78 (#338) Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.73 to 0.10.78. - [Release notes](https://github.com/rust-openssl/rust-openssl/releases) - [Commits](rust-openssl/rust-openssl@openssl-v0.10.73...openssl-v0.10.78) --- updated-dependencies: - dependency-name: openssl dependency-version: 0.10.78 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Zhidong Peng <zpeng@microsoft.com> * GPA service to use host-date-time for signed http requests (#335) * GPA service to use host-date-time for signed http requests * add logging * fix typo * Bump rand from 0.8.5 to 0.8.6 (#339) Bumps [rand](https://github.com/rust-random/rand) from 0.8.5 to 0.8.6. - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md) - [Commits](rust-random/rand@0.8.5...0.8.6) --- updated-dependencies: - dependency-name: rand dependency-version: 0.8.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump openssl from 0.10.73 to 0.10.78 (#338) Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.73 to 0.10.78. - [Release notes](https://github.com/rust-openssl/rust-openssl/releases) - [Commits](rust-openssl/rust-openssl@openssl-v0.10.73...openssl-v0.10.78) --- updated-dependencies: - dependency-name: openssl dependency-version: 0.10.78 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Zhidong Peng <zpeng@microsoft.com> * resolve comments Co-authored-by: Copilot <copilot@github.com> * fix spelling --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Zhidong Peng <zpeng@micrsoft.com> Co-authored-by: Copilot <copilot@github.com> * Add local file-based access-control rule support. (#329) * Add local file-based access-control rule support. * formatting * resolve comments and validate the parsed local rules. * fix formatting. * fix case-insensitive match * prefix_local_rule_names Co-authored-by: Copilot <copilot@github.com> * Display useLocalFileRules. * update log level at attemptting Co-authored-by: Copilot <copilot@github.com> * fix formatting --------- Co-authored-by: Zhidong Peng <zpeng@micrsoft.com> Co-authored-by: Copilot <copilot@github.com> * cmdline to take the first 4 arguments (#340) * cmdline to take the first 4 arguments * fix in common code path * Update version to 1.0.43 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Srikrishna Veturi <veturi.srikrishna@gmail.com> Co-authored-by: Srikrishna Veturi <sveturi@microsoft.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Zhidong Peng <zpeng@micrsoft.com> Co-authored-by: Copilot <copilot@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When GPA proxy server constructs the http requests to Host endpoints, it must add new http request header
x-ms-azure-host-date.Currently, it uses local utc time in RFC1123 format, while if the VM is just provisioned and the local time clock not synced yet, the time may not pass the validation at host side.
To fix this issue, GPA needs to sync and cache the host time at
GET /secure-channel/statusAPI every 15 minutes. and then use the synced host-time to http request headerx-ms-azure-host-date.When reads the host time from http response header, it first uses the custom date header
x-ms-azure-host-date, if it is not available, fallbacks to standard http data headerdate.