Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce API endpoints for SEV attestation #7197

Merged
merged 12 commits into from
Jun 30, 2023
Merged

Introduce API endpoints for SEV attestation #7197

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
825bf0f
Allow to request SEV attestation in VMI spec
vasiliy-ul Feb 7, 2022
5c6ceee
Add VMI admitter for SEV attestation
vasiliy-ul Feb 7, 2022
6d682a0
Allow to fetch the SEV platfrom certificates
vasiliy-ul Feb 7, 2022
a66769a
Allow to query launch measurement of a SEV guest
vasiliy-ul Feb 9, 2022
3913f87
Allow to setup SEV session for a scheduled guest
vasiliy-ul Mar 8, 2022
23f24a9
Allow to inject SEV launch secret into a guest
vasiliy-ul Mar 9, 2022
38424c8
Add functional test for SEV attestation API
vasiliy-ul Mar 16, 2022
a32b3f0
Fetch platform certificates by calling libvirt API
vasiliy-ul May 10, 2022
41e3df4
Extend vnc and console subresource unit tests
vasiliy-ul May 31, 2022
0d64f69
Query SEV attestation settings in the tests
vasiliy-ul Jan 17, 2023
f981a39
Do not hardcode SEV session in the tests
vasiliy-ul Feb 1, 2023
f8464bd
Expect SEV test to fail on non-amd64 architectures
vasiliy-ul Feb 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
475 changes: 475 additions & 0 deletions api/openapi-spec/swagger.json
View file
Open in desktop

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions cmd/virt-handler/virt-handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -614,6 +614,9 @@ func (app *virtHandlerApp) runServer(errCh chan error, consoleHandler *rest.Cons
ws.Route(ws.GET("/v1/namespaces/{namespace}/virtualmachineinstances/{name}/userlist").To(lifecycleHandler.GetUsers).Produces(restful.MIME_JSON).Consumes(restful.MIME_JSON).Returns(http.StatusOK, "OK", v1.VirtualMachineInstanceGuestOSUserList{}))
ws.Route(ws.GET("/v1/namespaces/{namespace}/virtualmachineinstances/{name}/filesystemlist").To(lifecycleHandler.GetFilesystems).Produces(restful.MIME_JSON).Consumes(restful.MIME_JSON).Returns(http.StatusOK, "OK", v1.VirtualMachineInstanceFileSystemList{}))
ws.Route(ws.GET("/v1/namespaces/{namespace}/virtualmachineinstances/{name}/vsock").Param(restful.QueryParameter("port", "Target VSOCK port")).To(consoleHandler.VSOCKHandler))
ws.Route(ws.GET("/v1/namespaces/{namespace}/virtualmachineinstances/{name}/sev/fetchcertchain").To(lifecycleHandler.SEVFetchCertChainHandler).Produces(restful.MIME_JSON).Consumes(restful.MIME_JSON).Returns(http.StatusOK, "OK", v1.SEVPlatformInfo{}))
ws.Route(ws.GET("/v1/namespaces/{namespace}/virtualmachineinstances/{name}/sev/querylaunchmeasurement").To(lifecycleHandler.SEVQueryLaunchMeasurementHandler).Produces(restful.MIME_JSON).Consumes(restful.MIME_JSON).Returns(http.StatusOK, "OK", v1.SEVMeasurementInfo{}))
ws.Route(ws.PUT("/v1/namespaces/{namespace}/virtualmachineinstances/{name}/sev/injectlaunchsecret").To(lifecycleHandler.SEVInjectLaunchSecretHandler))
restful.DefaultContainer.Add(ws)
server := &http.Server{
Addr: fmt.Sprintf("%s:%d", app.ServiceListen.BindAddress, app.consoleServerPort),
Expand Down
12 changes: 12 additions & 0 deletions manifests/generated/operator-csv.yaml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -651,6 +651,8 @@ spec:
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/sev/setupsession
- virtualmachineinstances/sev/injectlaunchsecret
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -884,6 +886,8 @@ spec:
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
verbs:
- get
- apiGroups:
Expand All @@ -896,6 +900,8 @@ spec:
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/sev/setupsession
- virtualmachineinstances/sev/injectlaunchsecret
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -1029,6 +1035,8 @@ spec:
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
verbs:
- get
- apiGroups:
Expand All @@ -1041,6 +1049,8 @@ spec:
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/sev/setupsession
- virtualmachineinstances/sev/injectlaunchsecret
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -1172,6 +1182,8 @@ spec:
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
verbs:
- get
- apiGroups:
Expand Down
12 changes: 12 additions & 0 deletions manifests/generated/rbac-operator.authorization.k8s.yaml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -579,6 +579,8 @@ rules:
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/sev/setupsession
- virtualmachineinstances/sev/injectlaunchsecret
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -812,6 +814,8 @@ rules:
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
verbs:
- get
- apiGroups:
Expand All @@ -824,6 +828,8 @@ rules:
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/sev/setupsession
- virtualmachineinstances/sev/injectlaunchsecret
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -957,6 +963,8 @@ rules:
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
verbs:
- get
- apiGroups:
Expand All @@ -969,6 +977,8 @@ rules:
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/sev/setupsession
- virtualmachineinstances/sev/injectlaunchsecret
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -1100,6 +1110,8 @@ rules:
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
verbs:
- get
- apiGroups:
Expand Down