Skip to content

refactor: deduplicate KMS auth helpers#581

Open
kvinwang wants to merge 2 commits intomasterfrom
refactor/dedup-kms-auth-helpers
Open

refactor: deduplicate KMS auth helpers#581
kvinwang wants to merge 2 commits intomasterfrom
refactor/dedup-kms-auth-helpers

Conversation

@kvinwang
Copy link
Collaborator

@kvinwang kvinwang commented Mar 19, 2026

Summary

  • Move shared helper functions (dstack_client, app_attest, pad64, ensure_self_kms_allowed, ensure_kms_allowed) from onboard_service.rs into upgrade_authority.rs and reuse them
  • Remove the no-op ensure_remote_kms_allowed wrapper that just delegated to ensure_kms_allowed
  • Clean up unused imports (DstackGuestClient, AttestResponse, RawQuoteArgs, PrpcClient)

Net result: -23 lines, no behavior change.

Follow-up to #573.

Test plan

  • cargo check -p dstack-kms passes
  • cargo clippy -p dstack-kms --all-targets -- -D warnings passes

kvinwang added 2 commits March 19, 2026 14:11
@kvinwang
refactor: deduplicate KMS auth helpers between onboard and upgrade_au…
d647792 
…thority

Move shared helper functions (dstack_client, app_attest, pad64,
ensure_self_kms_allowed, ensure_kms_allowed) into upgrade_authority.rs
and reuse them from onboard_service.rs. Remove the no-op
ensure_remote_kms_allowed wrapper.
@kvinwang
docs: update KMS test guides with findings from integration run
c561a7f 
- Add QEMU user-mode networking note (host at 10.0.2.2 from CVM)
- Document empty osImageHash in remote KMS attestation and the need
  for "0x" in osImages for receiver-side onboard checks
- Recommend port forwarding over gateway for simpler test setup
- Note that source_url must be CVM-reachable, not 127.0.0.1
- Update auth config templates with "0x" in osImages
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kvinwang