Skip to content

Add state to avoid exiting on wrong attestation#1093

Merged
sarroutbi merged 1 commit intokeylime:masterfrom
sarroutbi:202508281212-add-state-to-avoid-exit-on-wrong-attestation
Aug 28, 2025
Merged

Add state to avoid exiting on wrong attestation#1093
sarroutbi merged 1 commit intokeylime:masterfrom
sarroutbi:202508281212-add-state-to-avoid-exit-on-wrong-attestation

Conversation

@sarroutbi
Copy link
Copy Markdown
Contributor

@sarroutbi sarroutbi commented Aug 28, 2025
edited
Loading

This patch refactors the agent's state machine to make it more resilient
by preventing it from exiting on recoverable attestation or negotiation
errors. Previously, any failure during these stages would transition the
agent to a terminal Failed state.

This change ensures that the agent can recover from transient issues
(like network hiccups or temporary verifier unavailability) without
needing to be restarted. This is the list of the key changes:

  • New AttestationFailed State: A new, non-terminal state
    AttestationFailed(error, context) has been introduced to specifically
    handle recoverable errors that occur during communication with the
    verifier.

  • Retry Logic: The main run loop now handles the AttestationFailed
    state. When this state is reached, the agent will:

  • Log the error: Wait for the default attestation interval.

  • Transition: go back to the Negotiating state to retry the process.

  • State Transitions: The handle_negotiation and attest methods have
    been updated. Instead of transitioning to the terminal Failed state on
    network errors or non-successful HTTP status codes, they now transition
    to the new AttestationFailed state, enabling the retry loop.

@sarroutbi
Add state to avoid exiting on wrong attestation
468e781 
This patch refactors the agent's state machine to make it more resilient
by preventing it from exiting on recoverable attestation or negotiation
errors. Previously, any failure during these stages would transition the
agent to a terminal Failed state.

This change ensures that the agent can recover from transient issues
(like network hiccups or temporary verifier unavailability) without
needing to be restarted. This is the list of the key changes:

* New AttestationFailed State: A new, non-terminal state
AttestationFailed(error, context) has been introduced to specifically
handle recoverable errors that occur during communication with the
verifier.

* Retry Logic: The main run loop now handles the AttestationFailed
state. When this state is reached, the agent will:

* Log the error: Wait for the default attestation interval.

* Transition: go back to the Negotiating state to retry the process.

* State Transitions: The handle_negotiation and attest methods have
been updated. Instead of transitioning to the terminal Failed state on
network errors or non-successful HTTP status codes, they now transition
to the new AttestationFailed state, enabling the retry loop.

Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
@sarroutbi sarroutbi force-pushed the 202508281212-add-state-to-avoid-exit-on-wrong-attestation branch from b6889b1 to 468e781 Compare August 28, 2025 10:17
@sarroutbi sarroutbi marked this pull request as ready for review August 28, 2025 10:58
@sarroutbi
Copy link
Copy Markdown
Contributor Author

sarroutbi commented Aug 28, 2025

/packit retest-failed

@codecov
Copy link
Copy Markdown

codecov Bot commented Aug 28, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 37 lines in your changes missing coverage. Please review.
✅ Project coverage is 58.80%. Comparing base (df8e56e) to head (468e781).
⚠️ Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
keylime-push-model-agent/src/state_machine.rs 0.00% 37 Missing ⚠️
Additional details and impacted files
Flag Coverage Δ
e2e-testsuite 58.80% <0.00%> (-0.14%) ⬇️
upstream-unit-tests 58.80% <0.00%> (-0.14%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
keylime-push-model-agent/src/state_machine.rs 18.43% <0.00%> (-2.59%) ⬇️

... and 5 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

ansasaki
ansasaki approved these changes Aug 28, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@ansasaki ansasaki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@sarroutbi sarroutbi merged commit 7a059e5 into keylime:master Aug 28, 2025
18 of 19 checks passed
@sarroutbi sarroutbi deleted the 202508281212-add-state-to-avoid-exit-on-wrong-attestation branch August 28, 2025 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ansasaki ansasaki ansasaki approved these changes

@sergio-correia sergio-correia Awaiting requested review from sergio-correia

Assignees

@sergio-correia sergio-correia

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sarroutbi @ansasaki @sergio-correia