diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml index ec764e1..4d6a979 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yaml +++ b/.github/ISSUE_TEMPLATE/bug_report.yaml @@ -1,5 +1,5 @@ name: Bug Report -description: Create a bug report to help improve CCNP +description: Create a bug report to help improve CIMA labels: kind/bug body: - type: textarea diff --git a/.github/cspell.json b/.github/cspell.json index 5c31953..13e02df 100644 --- a/.github/cspell.json +++ b/.github/cspell.json @@ -13,7 +13,7 @@ "dictionarydefinitions": [], "dictionaries": [], "words": [ - "ccnp", + "cima", "containerd", "daemonset", "Eventlog", diff --git a/.github/workflows/e2e-test-k8s.yaml b/.github/workflows/e2e-test-k8s.yaml index 3bb548d..95940be 100644 --- a/.github/workflows/e2e-test-k8s.yaml +++ b/.github/workflows/e2e-test-k8s.yaml @@ -1,4 +1,4 @@ -name: Run CCNP E2E test +name: Run CIMA E2E test on: schedule: - cron: '0 7 * * *' @@ -16,15 +16,15 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4.1.1 - - name: Build and push CCNP images + - name: Build and push CIMA images run: | sudo ./container/build.sh -r gar-registry.caas.intel.com/cpio -g latest - - name: Deploy CCNP server + - name: Deploy CIMA server run: | - sudo ./deployment/kubernetes/script/deploy-ccnp.sh -r gar-registry.caas.intel.com/cpio -g latest -d - - name: Deploy CCNP test pod + sudo ./deployment/kubernetes/script/deploy-cima.sh -r gar-registry.caas.intel.com/cpio -g latest -d + - name: Deploy CIMA test pod run: | - sudo ./deployment/kubernetes/script/deploy-ccnp-example.sh -r gar-registry.caas.intel.com/cpio -g latest -d + sudo ./deployment/kubernetes/script/deploy-cima-example.sh -r gar-registry.caas.intel.com/cpio -g latest -d - name: Run Test run: | sudo ./test/ci-test/ci-e2e-test.sh diff --git a/.github/workflows/pr-check-rust.yaml b/.github/workflows/pr-check-rust.yaml index 7bc4d93..3fce311 100644 --- a/.github/workflows/pr-check-rust.yaml +++ b/.github/workflows/pr-check-rust.yaml @@ -5,11 +5,11 @@ on: branches: - main paths: - - 'service/ccnp-server/**.rs' + - 'service/cima-server/**.rs' - '.github/workflows/pr-check-rust.yaml' pull_request: paths: - - 'service/ccnp-server/**.rs' + - 'service/cima-server/**.rs' - '.github/workflows/pr-check-rust.yaml' workflow_dispatch: @@ -32,7 +32,7 @@ jobs: sudo mv bin/protoc /usr/bin/protoc && sudo mv include/google/protobuf/* /usr/include/google/protobuf/ - name: Run cargo check run: | - cd service/ccnp-server + cd service/cima-server cargo check cargo fmt -- --check cargo clippy diff --git a/.github/workflows/pr-golang-check.yaml b/.github/workflows/pr-golang-check.yaml index a1baa4d..97e589a 100644 --- a/.github/workflows/pr-golang-check.yaml +++ b/.github/workflows/pr-golang-check.yaml @@ -8,17 +8,17 @@ on: - '.github/workflows/pr-golang-check.yaml' - 'service/eventlog-server/**.go' - 'service/measurement-server/**.go' - - 'sdk/golang/ccnp/measurement/**.go' - - 'sdk/golang/ccnp/quote/**.go' - - 'sdk/golang/ccnp/eventlog/**.go' + - 'sdk/golang/cima/measurement/**.go' + - 'sdk/golang/cima/quote/**.go' + - 'sdk/golang/cima/eventlog/**.go' pull_request: paths: - '.github/workflows/pr-golang-check.yaml' - 'service/eventlog-server/**.go' - 'service/measurement-server/**.go' - - 'sdk/golang/ccnp/measurement/**.go' - - 'sdk/golang/ccnp/quote/**.go' - - 'sdk/golang/ccnp/eventlog/**.go' + - 'sdk/golang/cima/measurement/**.go' + - 'sdk/golang/cima/quote/**.go' + - 'sdk/golang/cima/eventlog/**.go' workflow_dispatch: permissions: diff --git a/.github/workflows/pr-pylint.yaml b/.github/workflows/pr-pylint.yaml index 9ea23df..5eb02bf 100644 --- a/.github/workflows/pr-pylint.yaml +++ b/.github/workflows/pr-pylint.yaml @@ -5,10 +5,10 @@ on: branches: - main paths: - - 'sdk/python3/ccnp/**.py' + - 'sdk/python3/cima/**.py' pull_request: paths: - - 'sdk/python3/ccnp/**.py' + - 'sdk/python3/cima/**.py' workflow_dispatch: jobs: @@ -31,7 +31,7 @@ jobs: - name: Analyze python code run: | set -ex - export PYTHONPATH=$PWD/ccnp:$PYTHONPATH + export PYTHONPATH=$PWD/cima:$PYTHONPATH python_files=$(find . -path ./sdk/python3/tests -prune -o -name "*.py" -print) if [[ -n "$python_files" ]]; then echo "$python_files" | xargs -n 1 python3 -m pylint --rcfile=.github/pylintrc diff --git a/.github/workflows/publish-ccnp.yaml b/.github/workflows/publish-ccnp.yaml index 2a47d51..ad394e1 100644 --- a/.github/workflows/publish-ccnp.yaml +++ b/.github/workflows/publish-ccnp.yaml @@ -1,11 +1,11 @@ -name: Publish ccnp package to PyPI +name: Publish cima package to PyPI on: workflow_dispatch: jobs: publish_pypi: - name: Publish ccnp package + name: Publish cima package runs-on: ubuntu-latest steps: - name: Checkout Code diff --git a/.gitignore b/.gitignore index 52cb214..60a0a2d 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,6 @@ tools/cvm-image-rewriter/pre-stage/05-readonly-data/cloud-init/x-shellscript/01- tools/cvm-image-rewriter/pre-stage/07-install-mvp-guest/cloud-init/ tools/cvm-image-rewriter/pre-stage/07-install-mvp-guest/artifacts/* -service/ccnp-server/target/ -service/ccnp-server/Cargo.lock -service/ccnp-server/.cargo +service/cima-server/target/ +service/cima-server/Cargo.lock +service/cima-server/.cargo diff --git a/README.md b/README.md index a553f61..40042a7 100755 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ -# Confidential Cloud-Native Primitives (CCNP) - -![CI Check License](https://github.com/cc-api/confidential-cloud-native-primitives/actions/workflows/pr-license-python.yaml/badge.svg) -![CI Check Spelling](https://github.com/cc-api/confidential-cloud-native-primitives/actions/workflows/pr-doclint.yaml/badge.svg) -![CI Check Python](https://github.com/cc-api/confidential-cloud-native-primitives/actions/workflows/pr-pylint.yaml/badge.svg) -![CI Check Shell](https://github.com/cc-api/confidential-cloud-native-primitives/actions/workflows/pr-shell-check.yaml/badge.svg) -![CI Check Rust](https://github.com/cc-api/confidential-cloud-native-primitives/actions/workflows/pr-check-rust.yaml/badge.svg) -![CI Check Golang](https://github.com/cc-api/confidential-cloud-native-primitives/actions/workflows/pr-golang-check.yaml/badge.svg) -![CI Check Container](https://github.com/cc-api/confidential-cloud-native-primitives/actions/workflows/pr-container-check.yaml/badge.svg) +# Container Integrity Measurement Agent (CIMA) + +![CI Check License](https://github.com/cc-api/container-integrity-measurement-agent/actions/workflows/pr-license-python.yaml/badge.svg) +![CI Check Spelling](https://github.com/cc-api/container-integrity-measurement-agent/actions/workflows/pr-doclint.yaml/badge.svg) +![CI Check Python](https://github.com/cc-api/container-integrity-measurement-agent/actions/workflows/pr-pylint.yaml/badge.svg) +![CI Check Shell](https://github.com/cc-api/container-integrity-measurement-agent/actions/workflows/pr-shell-check.yaml/badge.svg) +![CI Check Rust](https://github.com/cc-api/container-integrity-measurement-agent/actions/workflows/pr-check-rust.yaml/badge.svg) +![CI Check Golang](https://github.com/cc-api/container-integrity-measurement-agent/actions/workflows/pr-golang-check.yaml/badge.svg) +![CI Check Container](https://github.com/cc-api/container-integrity-measurement-agent/actions/workflows/pr-container-check.yaml/badge.svg) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8325/badge)](https://www.bestpractices.dev/projects/8325) ## Introduction @@ -17,34 +17,34 @@ It requires a full chain integrity measurement on the launch-time or runtime env to guarantee "consistent behavior in an expected way" of confidential computing environment for tenant's zero-trust use case. -CCNP aims to help users establish a chain of trust for cloud-native workloads by providing -cloud-native level confidential computing primitives, including container measurements, +CIMA aims to help users establish a chain of trust for cloud-native workloads by providing +container level evidence, including container measurements, event logs, and confidential computing (CC) reports. -Find out more in [CCNP Design and Architecture](https://cc-api.github.io/confidential-cloud-native-primitives/) and [Container Measurement Design](docs/container-measurement-design.md). +Find out more in [CIMA Design and Architecture](https://cc-api.github.io/container-integrity-measurement-agent/) and [Container Measurement Design](docs/container-measurement-design.md). -## How to Install CCNP +## How to Install CIMA ### Configuration -CCNP support to run on Intel® TDX guest. Thus, you will need TDX host and guest for CCNP deployment and usage. Please see below recommended configuration. +CIMA support to run on Intel® TDX guest. Thus, you will need TDX host and guest for CIMA deployment and usage. Please see below recommended configuration. -| CPU | Host OS | Host packages | Guest OS | Guest packages | Attestation packages | CCNP Tag | +| CPU | Host OS | Host packages | Guest OS | Guest packages | Attestation packages | CIMA Tag | |---|---|---|---|---|---|---| -| Intel 4th Gen (only TDX SKUs) and 5th Gen Xeon Scalable Processors | Ubuntu 23.10| TDX early preview referring to [here](https://github.com/canonical/tdx?tab=readme-ov-file#4-setup-tdx-host) | Ubuntu 23.10 | Build a guest image for CCNP using [CVM image rewriter](https://github.com/cc-api/confidential-cloud-native-primitives/tree/v0.4.0/deployment#prepare-tdx-guest-image) | Setup remote attestation on host referring to [here](https://github.com/canonical/tdx?tab=readme-ov-file#8-setup-remote-attestation-on-host-and-td-guest)| [v0.4.0](https://github.com/cc-api/confidential-cloud-native-primitives/releases/tag/v0.4.0) -| Intel 4th Gen (only TDX SKUs) and 5th Gen Xeon Scalable Processors | Ubuntu 24.04| TDX early preview referring to [here](https://github.com/canonical/tdx/tree/2.0?tab=readme-ov-file#setup-tdx-host) | Ubuntu 24.04 | Build a guest image for CCNP using [CVM image rewriter](https://github.com/cc-api/confidential-cloud-native-primitives/tree/v0.5.0/deployment#prepare-tdx-guest-image) | Setup remote attestation on host referring to [here](https://github.com/cc-api/confidential-cloud-native-primitives/blob/v0.5.0/container/pccs/README.md) and [here](https://github.com/cc-api/confidential-cloud-native-primitives/blob/v0.5.0/container/qgs/README.md)| [v0.5.0](https://github.com/cc-api/confidential-cloud-native-primitives/releases/tag/v0.5.0) +| Intel 4th Gen (only TDX SKUs) and 5th Gen Xeon Scalable Processors | Ubuntu 23.10| TDX early preview referring to [here](https://github.com/canonical/tdx?tab=readme-ov-file#4-setup-tdx-host) | Ubuntu 23.10 | Build a guest image for CIMA using [CVM image rewriter](https://github.com/cc-api/container-integrity-measurement-agent/tree/v0.4.0/deployment#prepare-tdx-guest-image) | Setup remote attestation on host referring to [here](https://github.com/canonical/tdx?tab=readme-ov-file#8-setup-remote-attestation-on-host-and-td-guest)| [v0.4.0](https://github.com/cc-api/container-integrity-measurement-agent/releases/tag/v0.4.0) +| Intel 4th Gen (only TDX SKUs) and 5th Gen Xeon Scalable Processors | Ubuntu 24.04| TDX early preview referring to [here](https://github.com/canonical/tdx/tree/2.0?tab=readme-ov-file#setup-tdx-host) | Ubuntu 24.04 | Build a guest image for CIMA using [CVM image rewriter](https://github.com/cc-api/container-integrity-measurement-agent/tree/v0.5.0/deployment#prepare-tdx-guest-image) | Setup remote attestation on host referring to [here](https://github.com/cc-api/container-integrity-measurement-agent/blob/v0.5.0/container/pccs/README.md) and [here](https://github.com/cc-api/container-integrity-measurement-agent/blob/v0.5.0/container/qgs/README.md)| [v0.5.0](https://github.com/cc-api/container-integrity-measurement-agent/releases/tag/v0.5.0) -### CCNP Service Deployment in Confidential VM +### CIMA Service Deployment in Confidential VM -CCNP will run as a DaemonSet in a Kubernetes cluster or as a container in a docker environment on a single confidential VM (CVM). -Refer to [CCNP deployment guide](deployment/README.md) and choose a deployment model. +CIMA will run as a DaemonSet in a Kubernetes cluster or as a container in a docker environment on a single confidential VM (CVM). +Refer to [CIMA deployment guide](deployment/README.md) and choose a deployment model. -### CCNP SDK Usage +### CIMA SDK Usage -If you want to integrate CCNP SDK in the workload to get measurement and event logs, refer to [py_sdk_example.py](/sdk/python3/example/py_sdk_example.py). It is an example of using CCNP Python SDK. There are also Golang SDK and Rust SDK. Please see more details in [CCNP SDK](https://cc-api.github.io/confidential-cloud-native-primitives/sdk.html). +If you want to integrate CIMA SDK in the workload to get measurement and event logs, refer to [py_sdk_example.py](/sdk/python3/example/py_sdk_example.py). It is an example of using CIMA Python SDK. There are also Golang SDK and Rust SDK. Please see more details in [CIMA SDK](https://cc-api.github.io/container-integrity-measurement-agent/sdk.html). ## Contributing @@ -71,7 +71,7 @@ _Note: This is pre-production software. As such, it may be substantially modifie ## Reference -[CCNP Design and Architecture](https://cc-api.github.io/confidential-cloud-native-primitives/) +[CIMA Design and Architecture](https://cc-api.github.io/container-integrity-measurement-agent/) [Container Measurement Design](docs/container-measurement-design.md) diff --git a/container/README.md b/container/README.md index 7a67b4f..a28e7ce 100644 --- a/container/README.md +++ b/container/README.md @@ -4,11 +4,11 @@ There are several docker image files in the sub directories of current directory | Sub directory | Image name | Description | |---|---|---| -| ccnp-webhook | ccnp-webhook | CCNP webhook | -| ccnp-server | ccnp-server | CCNP server | -| ccnp-example | ccnp-example | Example image of getting eventlog and measurement using CCNP SDK | -| pccs | pccs | PCCS docker image for Intel® TDX remote attestation. Not required for CCNP usage.| -| qgs | qgs | QGS docker image for Intel® TDX remote attestation. Not required for CCNP usage. | +| cima-webhook | cima-webhook | CIMA webhook | +| cima-server | cima-server | CIMA server | +| cima-example | cima-example | Example image of getting eventlog and measurement using CIMA SDK | +| pccs | pccs | PCCS docker image for Intel® TDX remote attestation. Not required for CIMA usage.| +| qgs | qgs | QGS docker image for Intel® TDX remote attestation. Not required for CIMA usage. | ### Build Docker images @@ -33,14 +33,14 @@ _NOTE: please set `HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY` in docker daemon if th Below are usage examples for different scenarios. Please replace the parameters with your input. ``` -# Build all CCNP images with tag latest and push them to remote registry test-registry.intel.com +# Build all CIMA images with tag latest and push them to remote registry test-registry.intel.com $ sudo ./build.sh -r test-registry.intel.com/test -g latest # Build images only with tag latest $ sudo ./build.sh -a build -g latest -# Build ccnp-measurement-server image with tag latest and push them to remote registry test-registry.intel.com -$ sudo ./build.sh -c ccnp-measurement-server -r test-registry.intel.com/test -g latest +# Build cima-measurement-server image with tag latest and push them to remote registry test-registry.intel.com +$ sudo ./build.sh -c cima-measurement-server -r test-registry.intel.com/test -g latest # Build pccs image with tag latest and push it to remote registry test-registry.intel.com $ sudo ./build.sh -c pccs -r test-registry.intel.com/test -g latest -p @@ -51,11 +51,11 @@ $ sudo ./build.sh -c qgs -r test-registry.intel.com/test -g latest -q Note: For detailed PCCS and QGS service usage guide, please refer [PCCS Guide](pccs/README.md) and [QGS Guide](qgs/README.md). -After the script is running successfully, it's supposed to see corresponding CCNP docker images. +After the script is running successfully, it's supposed to see corresponding CIMA docker images. ``` $ sudo docker images -ccnp-example -ccnp-server -ccnp-webhook +cima-example +cima-server +cima-webhook ``` diff --git a/container/build.sh b/container/build.sh index 5d25d21..800e420 100755 --- a/container/build.sh +++ b/container/build.sh @@ -72,11 +72,11 @@ function process_args { fi if [[ "$registry" == "" ]]; then - if [[ -z "$CCNP_REGISTRY" ]]; then - echo "Error: Please specify your docker registry via -r or set environment variable CCNP_REGISTRY." + if [[ -z "$CIMA_REGISTRY" ]]; then + echo "Error: Please specify your docker registry via -r or set environment variable CIMA_REGISTRY." exit 1 else - registry=$CCNP_REGISTRY + registry=$CIMA_REGISTRY fi fi } @@ -147,7 +147,7 @@ function build_images { } # -# Publish a container image to given registry via "-r" or environment variable CCNP_REGISTRY +# Publish a container image to given registry via "-r" or environment variable CIMA_REGISTRY # # @param $1 the name of container # diff --git a/container/ccnp-webhook/Dockerfile b/container/ccnp-webhook/Dockerfile deleted file mode 100644 index ab09e85..0000000 --- a/container/ccnp-webhook/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -# Build golang example -FROM golang:1.22.1-alpine3.19 AS golang-builder -COPY service/ccnp-webhook ccnp-webhook -RUN cd ccnp-webhook && go mod tidy && go build -o ccnp-webhook - -# Copy & Install -FROM alpine:3.19 -ARG USER=ccnp -ARG GROUP=ccnp -ARG UID=1000 -ARG GID=1000 - -COPY --from=golang-builder /go/ccnp-webhook/ccnp-webhook /usr/bin/ - -USER $UID -CMD ["/usr/bin/ccnp-webhook"] diff --git a/container/ccnp-example/Dockerfile b/container/cima-example/Dockerfile similarity index 59% rename from container/ccnp-example/Dockerfile rename to container/cima-example/Dockerfile index ef34668..76f1706 100644 --- a/container/ccnp-example/Dockerfile +++ b/container/cima-example/Dockerfile @@ -8,42 +8,42 @@ RUN git clone https://github.com/cc-api/cc-trusted-api && \ cd cc-trusted-api/common/python && \ python3 -m build -COPY sdk/python3 ccnp-sdk -RUN cd ccnp-sdk && python3 -m build +COPY sdk/python3 cima-sdk +RUN cd cima-sdk && python3 -m build # Build golang example FROM golang:1.22.1-alpine3.19 AS golang-builder -COPY sdk/golang ccnp-sdk -RUN cd ccnp-sdk/example && go mod tidy && go build -o go-sdk-example +COPY sdk/golang cima-sdk +RUN cd cima-sdk/example && go mod tidy && go build -o go-sdk-example # Build rust example FROM rust:1.77.1-alpine3.19 AS rust-builder RUN apk update && apk add --no-cache make protobuf-dev musl-dev wget -COPY sdk/rust ccnp-sdk -COPY service/ccnp-server/proto/ccnp-server.proto ccnp-sdk/ccnp/proto/ccnp-server.proto -RUN cd ccnp-sdk/example && cargo build --release +COPY sdk/rust cima-sdk +COPY service/cima-server/proto/cima-server.proto cima-sdk/cima/proto/cima-server.proto +RUN cd cima-sdk/example && cargo build --release # Copy/Install FROM python:3.12.3-alpine3.19 -ARG USER=ccnp +ARG USER=cima ARG UID=1000 ARG GID=1000 -ARG GROUP=ccnp +ARG GROUP=cima -WORKDIR /run/ccnp +WORKDIR /run/cima RUN addgroup -S -g $GID $GROUP && adduser -S -u $UID -D -G $GROUP $USER -RUN chown $USER:$GROUP /run/ccnp +RUN chown $USER:$GROUP /run/cima COPY test ./ COPY sdk/python3/example/py_sdk_example.py ./ COPY --from=python-builder cc-trusted-api/common/python/dist/cctrusted_base*.whl ./ -COPY --from=python-builder ccnp-sdk/dist/ccnp*.whl ./ +COPY --from=python-builder cima-sdk/dist/cima*.whl ./ -COPY --from=golang-builder /go/ccnp-sdk/example/go-sdk-example ./ -COPY --from=rust-builder ccnp-sdk/example/target/release/rust-sdk-example ./ +COPY --from=golang-builder /go/cima-sdk/example/go-sdk-example ./ +COPY --from=rust-builder cima-sdk/example/target/release/rust-sdk-example ./ RUN apk update && apk add bash vim tar wget libexpat=2.6.2-r0 -RUN pip install ./cctrusted_base*.whl ./ccnp*.whl pytest && rm -f *.whl +RUN pip install ./cctrusted_base*.whl ./cima*.whl pytest && rm -f *.whl USER ${USER} ENTRYPOINT ["tail", "-f", "/dev/null"] diff --git a/container/ccnp-perf/Dockerfile b/container/cima-perf/Dockerfile similarity index 70% rename from container/ccnp-perf/Dockerfile rename to container/cima-perf/Dockerfile index 84c1a6a..bdeb2ae 100644 --- a/container/ccnp-perf/Dockerfile +++ b/container/cima-perf/Dockerfile @@ -6,21 +6,21 @@ RUN git clone https://github.com/cc-api/cc-trusted-api && \ cd cc-trusted-api/common/python && \ python3 -m build -COPY sdk/python3 ccnp-sdk -RUN cd ccnp-sdk && python3 -m build +COPY sdk/python3 cima-sdk +RUN cd cima-sdk && python3 -m build # ====================================================================================================================== FROM python:alpine -WORKDIR /run/ccnp +WORKDIR /run/cima -COPY container/ccnp-perf/ccnp_perf.py ./ +COPY container/cima-perf/cima_perf.py ./ COPY --from=python-builder cc-trusted-api/common/python/dist/cctrusted_base*.whl ./ -COPY --from=python-builder ccnp-sdk/dist/ccnp*.whl ./ +COPY --from=python-builder cima-sdk/dist/cima*.whl ./ RUN apk update && apk add bash vim RUN python3 -m pip install pytest -RUN pip install ./cctrusted_base*.whl ./ccnp*.whl && rm -f *.whl +RUN pip install ./cctrusted_base*.whl ./cima*.whl && rm -f *.whl ENTRYPOINT ["tail", "-f", "/dev/null"] diff --git a/container/ccnp-perf/ccnp_perf.py b/container/cima-perf/cima_perf.py similarity index 88% rename from container/ccnp-perf/ccnp_perf.py rename to container/cima-perf/cima_perf.py index 9b96192..f0819eb 100644 --- a/container/ccnp-perf/ccnp_perf.py +++ b/container/cima-perf/cima_perf.py @@ -1,5 +1,5 @@ """ -CCNP Performance Test. +CIMA Performance Test. """ import logging @@ -10,7 +10,7 @@ from threading import Event import time -from ccnp import CcnpSdk +from cima import CimaSdk LOG = logging.getLogger(__name__) @@ -176,7 +176,7 @@ def _test_throughput(svc_call): time_total = THROUGHPUT_TEST_TASK_TIME tasks = [] for _ in range(task_num): - # 2. Each process invokes the CCNP API (either via SDK or service directly) repeatedly + # 2. Each process invokes the CIMA API (either via SDK or service directly) repeatedly # until the timeout T expires (see our design details). p, res_queue = _start_proc(_cnt_operations, svc_call, time_total) tasks.append(PerfTask(p, res_queue)) @@ -205,7 +205,7 @@ def _test_response(svc_call): for _ in range(repeat_times): # Start a new process to simulate an app. In the process: # Begin timing. - # Call (one immediately after another) the CCNP API (either via SDK or + # Call (one immediately after another) the CIMA API (either via SDK or # request to service directly). # End timing. # Record the time consumption and exit. @@ -218,52 +218,52 @@ def _test_response(svc_call): LOG.info(f"Perf test average response time is: {t_cost_avg / 1000000} ms (milliseconds)") def _sdk_get_cc_measurement(): - """Using CCNP SDK to get CC measurement.""" + """Using CIMA SDK to get CC measurement.""" # Current just test the first IMR with index 0 and hash algorithm ID 12. - CcnpSdk.inst().get_cc_measurement([0, 12]) + CimaSdk.inst().get_cc_measurement([0, 12]) def _sdk_get_cc_eventlog(): - """Using CCNP SDK to get CC eventlog.""" - CcnpSdk.inst().get_cc_eventlog() + """Using CIMA SDK to get CC eventlog.""" + CimaSdk.inst().get_cc_eventlog() def _sdk_get_cc_report(): - """Using CCNP SDK to get CC report (i.e. quote).""" - CcnpSdk.inst().get_cc_report() + """Using CIMA SDK to get CC report (i.e. quote).""" + CimaSdk.inst().get_cc_report() def test_svc_get_cc_measurement_throughput(): - """Test the throughput of CCNP Service get_cc_measurement.""" + """Test the throughput of CIMA Service get_cc_measurement.""" _test_throughput(_sdk_get_cc_measurement) def test_svc_get_cc_measurement_response(): - """Test the response time of CCNP Service get_cc_measurement.""" + """Test the response time of CIMA Service get_cc_measurement.""" _test_response(_sdk_get_cc_measurement) def test_svc_get_cc_eventlog_throughput(): - """Test the throughput of CCNP Service get_cc_eventlog.""" + """Test the throughput of CIMA Service get_cc_eventlog.""" _test_throughput(_sdk_get_cc_eventlog) def test_svc_get_cc_eventlog_response(): - """Test the response time of CCNP Service get_cc_eventlog.""" + """Test the response time of CIMA Service get_cc_eventlog.""" _test_response(_sdk_get_cc_eventlog) def test_svc_get_cc_report_throughput(): - """Test the throughput of CCNP Service get_cc_report.""" + """Test the throughput of CIMA Service get_cc_report.""" _test_throughput(_sdk_get_cc_report) def test_svc_get_cc_report_response(): - """Test the response time of CCNP Service get_cc_report.""" + """Test the response time of CIMA Service get_cc_report.""" _test_response(_sdk_get_cc_report) -def test_ccnp_init(): - """Test the initialization time of CCNP. - i.e. The time cost of the initialization for CCNP Device Plugin and CCNP Service so +def test_cima_init(): + """Test the initialization time of CIMA. + i.e. The time cost of the initialization for CIMA Device Plugin and CIMA Service so they are ready for service requests. """ # TODO: # Repeat R times (R = 20 is the current setting) and calculate the average time # (total times divided by R): # Begin timing. - # Start CCNP deployment (incl. CCNP Device Plugin and CCNP Service). - # Polling the readiness of CCNP service until it's ready. + # Start CIMA deployment (incl. CIMA Webhook and CIMA Service). + # Polling the readiness of CIMA service until it's ready. # End timing. # Calculate the initialization time using end time subtracted by begin time. diff --git a/container/ccnp-server/Dockerfile b/container/cima-server/Dockerfile similarity index 57% rename from container/ccnp-server/Dockerfile rename to container/cima-server/Dockerfile index 0f3631f..231c62b 100644 --- a/container/ccnp-server/Dockerfile +++ b/container/cima-server/Dockerfile @@ -1,16 +1,16 @@ -FROM rust:1.77.1-alpine3.19 AS ccnp-server-builder +FROM rust:1.77.1-alpine3.19 AS cima-server-builder RUN apk update \ && apk add --no-cache make protobuf-dev musl-dev wget openssl-dev openssl-libs-static -COPY service/ccnp-server /ccnp-server -RUN cd /ccnp-server && make build +COPY service/cima-server /cima-server +RUN cd /cima-server && make build # ====================================================================================================================== FROM alpine:3.19 -ARG USER=ccnp -ARG GROUP=ccnp +ARG USER=cima +ARG GROUP=cima ARG UID=1000 ARG GID=1000 @@ -19,8 +19,8 @@ RUN apk update && apk add --no-cache openssl-libs-static RUN addgroup -S -g $GID $GROUP \ && adduser -S -u $UID -D -G $GROUP $USER -COPY --from=ccnp-server-builder /ccnp-server/target/release/ccnp_server /usr/bin -COPY --from=ccnp-server-builder /ccnp-server/configs/policy.yaml /etc +COPY --from=cima-server-builder /cima-server/target/release/cima_server /usr/bin +COPY --from=cima-server-builder /cima-server/configs/policy.yaml /etc USER $UID -CMD ["/usr/bin/ccnp_server", "-p", "/etc/policy.yaml"] +CMD ["/usr/bin/cima_server", "-p", "/etc/policy.yaml"] diff --git a/container/cima-webhook/Dockerfile b/container/cima-webhook/Dockerfile new file mode 100644 index 0000000..6a7e2b7 --- /dev/null +++ b/container/cima-webhook/Dockerfile @@ -0,0 +1,16 @@ +# Build golang example +FROM golang:1.22.1-alpine3.19 AS golang-builder +COPY service/cima-webhook cima-webhook +RUN cd cima-webhook && go mod tidy && go build -o cima-webhook + +# Copy & Install +FROM alpine:3.19 +ARG USER=cima +ARG GROUP=cima +ARG UID=1000 +ARG GID=1000 + +COPY --from=golang-builder /go/cima-webhook/cima-webhook /usr/bin/ + +USER $UID +CMD ["/usr/bin/cima-webhook"] diff --git a/deployment/README.md b/deployment/README.md index 70c25e0..b2223bb 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -1,12 +1,12 @@ -# CCNP Deployment Guide +# CIMA Deployment Guide -CCNP is designed for collecting confidential computing primitives in cloud native environments. It can run as DaemonSet in a Kubernetes cluster or containers in a Docker environment on confidential virtual machines, such as Intel TDX guest(TD). +CIMA is designed for collecting confidential computing primitives in cloud native environments. It can run as DaemonSet in a Kubernetes cluster or containers in a Docker environment on confidential virtual machines, such as Intel TDX guest(TD). -CCNP deployment supports to deploy on Ubuntu 24.04 and Ubuntu 23.10. The follows will use Ubuntu 24.04. Please see [deployment guide](https://github.com/cc-api/confidential-cloud-native-primitives/blob/v0.4.0/deployment/README.md) for Ubuntu 23.10. +CIMA deployment supports to deploy on Ubuntu 24.04 and Ubuntu 23.10. The follows will use Ubuntu 24.04. Please see [deployment guide](https://github.com/cc-api/container-integrity-measurement-agent/blob/v0.4.0/deployment/README.md) for Ubuntu 23.10. -## Build CCNP Kernel +## Build CIMA Kernel -Run [build.sh](../tools/build/build.sh) to build kernel packages for CCNP. It's recommended to run the tool on TDX host mentioned in [Configuration](../README.md#configuration). +Run [build.sh](../tools/build/build.sh) to build kernel packages for CIMA. It's recommended to run the tool on TDX host mentioned in [Configuration](../README.md#configuration). It will generate a `output` folder including kernel packages. The folder will be used in the next step. ``` @@ -15,13 +15,13 @@ $ sudo ./build.sh ``` **NOTE:** - - CCNP kernel patches are at [kernel](../tools/build/kernel/) + - CIMA kernel patches are at [kernel](../tools/build/kernel/) - The tool should be run on a Ubuntu 24.04 TDX host with TDX early preview packages installed. Please refer to [here](https://github.com/canonical/tdx) ## Prepare TDX guest image -Run [cvm image rewriter](https://github.com/cc-api/cvm-image-rewriter) to prepare a TDX guest image for CCNP deployment. The default user name is `tdx`. The password is `123456`. +Run [cvm image rewriter](https://github.com/cc-api/cvm-image-rewriter) to prepare a TDX guest image for CIMA deployment. The default user name is `tdx`. The password is `123456`. It's recommended to run the tool on TDX host mentioned in [Configuration](../README.md#configuration). @@ -42,7 +42,7 @@ $ export CVM_TDX_GUEST_REPO= # (Optional)Set image size $ export GUEST_SIZE=G -# Run CVM image rewriter to configure a TDX guest image for CCNP +# Run CVM image rewriter to configure a TDX guest image for CIMA $ cd cvm-image-rewriter $ ./run.sh -i -t ``` @@ -50,7 +50,7 @@ $ ./run.sh -i -t -ccnp-server -ccnp-webhook +cima-example +cima-server +cima-webhook ``` ## Setup QGS and PCCS on the Host -Intel Quote Generation Service(QGS) and Provisioning Certification Caching Service(PCCS) should be installed and configured on the host for getting TD Quote. Please refer to [PCCS](https://github.com/cc-api/confidential-cloud-native-primitives/blob/v0.5.0/container/pccs/README.md) and [QGS](https://github.com/cc-api/confidential-cloud-native-primitives/blob/v0.5.0/container/qgs/README.md) tp start PCCS and QGS container and register the platform. +Intel Quote Generation Service(QGS) and Provisioning Certification Caching Service(PCCS) should be installed and configured on the host for getting TD Quote. Please refer to [PCCS](https://github.com/cc-api/container-integrity-measurement-agent/blob/v0.5.0/container/pccs/README.md) and [QGS](https://github.com/cc-api/container-integrity-measurement-agent/blob/v0.5.0/container/qgs/README.md) tp start PCCS and QGS container and register the platform. -## Deploy CCNP in Kubernetes +## Deploy CIMA in Kubernetes -Below diagram illustrates CCNP deployment process in a Kubernetes cluster. If you want to install CCNP services as DamonSets in the Kubernetes cluster, please refer to [CCNP deployment in Kubernetes](./kubernetes/README.md). +Below diagram illustrates CIMA deployment process in a Kubernetes cluster. If you want to install CIMA services as DamonSets in the Kubernetes cluster, please refer to [CIMA deployment in Kubernetes](./kubernetes/README.md). -![Deployment diagram](../docs/ccnp-deployment-k8s.png) +![Deployment diagram](../docs/cima-deployment-k8s.png) -## Deploy CCNP in Docker +## Deploy CIMA in Docker -Below diagram illustrates CCNP deployment process using docker compose. If you want to setup CCNP services as docker containers, please refer to [CCNP deployment in Docker](./docker-compose/README.md). +Below diagram illustrates CIMA deployment process using docker compose. If you want to setup CIMA services as docker containers, please refer to [CIMA deployment in Docker](./docker-compose/README.md). -![Deployment diagram](../docs/ccnp-deployment-docker.png) +![Deployment diagram](../docs/cima-deployment-docker.png) diff --git a/deployment/docker-compose/README.md b/deployment/docker-compose/README.md index 356d70a..7caf2f5 100644 --- a/deployment/docker-compose/README.md +++ b/deployment/docker-compose/README.md @@ -1,18 +1,18 @@ # Docker Compose Deployment -The CCNP can be deployed in the confidential VMs using docker compose. In this document, it will use Intel TDX guest(TD) as an example of CVM and deploy CCNP on the TD using docker compose. +The CIMA can be deployed in the confidential VMs using docker compose. In this document, it will use Intel TDX guest(TD) as an example of CVM and deploy CIMA on the TD using docker compose. -![Deployment diagram](../../docs/ccnp-deployment-docker.png) +![Deployment diagram](../../docs/cima-deployment-docker.png) -## Deploy CCNP +## Deploy CIMA -The following scripts can help to generate CCNP images and deploy them in the TD nodes. `build.sh` can run on either host or TD. Other scripts are supposed to run in the TD. +The following scripts can help to generate CIMA images and deploy them in the TD nodes. `build.sh` can run on either host or TD. Other scripts are supposed to run in the TD. - [build.sh](../../container/build.sh): The tool will build docker images and push them to remote registry if required. Skip it if you already have docker images prepared. -- [prerequisite.sh](./prerequisite.sh): This tool will complete the prerequisites for deploying CCNP on Ubuntu. -- [deploy-ccnp.sh](./deploy-ccnp.sh): The tool will deploy CCNP service using docker compose. -- [exec-ccnp-example.sh](./exec-ccnp-example.sh): The tool will create a docker container, getting container event logs, measurement and performing verification using CCNP SDK. +- [prerequisite.sh](./prerequisite.sh): This tool will complete the prerequisites for deploying CIMA on Ubuntu. +- [deploy-cima.sh](./deploy-cima.sh): The tool will deploy CIMA service using docker compose. +- [exec-cima-example.sh](./exec-cima-example.sh): The tool will create a docker container, getting container event logs, measurement and performing verification using CIMA SDK. ### Prerequisite @@ -22,14 +22,14 @@ Run the script `prerequisite.sh` as below. $ sudo ./prerequisite.sh ``` -### Deploy CCNP Service +### Deploy CIMA Service -Use the script [deploy-ccnp.sh](./depoly-ccnp.sh) to deploy the CCNP services. +Use the script [deploy-cima.sh](./depoly-cima.sh) to deploy the CIMA services. ``` -# Deploy CCNP with user specified remote registry and image tag -$ sudo ./deploy-ccnp.sh -r -g +# Deploy CIMA with user specified remote registry and image tag +$ sudo ./deploy-cima.sh -r -g e.g. -$ sudo ./deploy-ccnp.sh -r test-registry.intel.com/test -g 0.5 +$ sudo ./deploy-cima.sh -r test-registry.intel.com/test -g 0.5 ``` This script has some options as below. @@ -44,16 +44,16 @@ You will see below container running after the deployment. ``` $ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -3a9de1a9c7d7 ccnp-server:0.5 "/usr/bin/ccnp_serve…" 36 seconds ago Up 34 seconds ccnp-server-ctr-ccnp-server-1 +3a9de1a9c7d7 cima-server:0.5 "/usr/bin/cima_serve…" 36 seconds ago Up 34 seconds cima-server-ctr-cima-server-1 ``` -### Deploy CCNP Usage Example +### Deploy CIMA Usage Example -The script [exec-ccnp-example.sh](./exec-ccnp-example.sh) will launch a container `ccnp-example`. -It will get measurement, event logs and cc_report using CCNP SDK and save the output in `/tmp/docker_ccnp/example.log`. +The script [exec-cima-example.sh](./exec-cima-example.sh) will launch a container `cima-example`. +It will get measurement, event logs and cc_report using CIMA SDK and save the output in `/tmp/docker_cima/example.log`. ``` -$ sudo ./exec-ccnp-example.sh -r test-registry.intel.com/test -g 0.5 +$ sudo ./exec-cima-example.sh -r test-registry.intel.com/test -g 0.5 ``` This script has some options as below. @@ -70,7 +70,7 @@ You will see below container running after the deployment. ``` $ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -e815b6edafcb ccnp-example:0.5 "tail -f /dev/null" 17 seconds ago Up 15 seconds ccnp-example-ctr-ccnp-example-1 +e815b6edafcb cima-example:0.5 "tail -f /dev/null" 17 seconds ago Up 15 seconds cima-example-ctr-cima-example-1 ``` ### Clean Up diff --git a/deployment/docker-compose/configs/ccnp-compose.yaml.template b/deployment/docker-compose/configs/cima-compose.yaml.template similarity index 64% rename from deployment/docker-compose/configs/ccnp-compose.yaml.template rename to deployment/docker-compose/configs/cima-compose.yaml.template index 0b1d945..bcdab12 100644 --- a/deployment/docker-compose/configs/ccnp-compose.yaml.template +++ b/deployment/docker-compose/configs/cima-compose.yaml.template @@ -1,6 +1,6 @@ -name: ccnp-server-ctr +name: cima-server-ctr services: - init-ccnp-server: + init-cima-server: image: busybox deploy: resources: @@ -11,39 +11,39 @@ services: sh -c " chmod -R 0444 /run/firmware/acpi/tables/CCEL && chmod -R 0444 /run/firmware/acpi/tables/data/CCEL && chmod -R 0444 /run/kernel/security/integrity/ima/ascii_runtime_measurements && - chmod -R 0757 /run/ccnp/uds && + chmod -R 0757 /run/cima/uds && chmod -R 0444 /etc/tdx-attest.conf && - chmod -R 0757 /run/kernel/config/tsm/report/ccnp && - chmod -R 0666 /run/kernel/config/tsm/report/ccnp/inblob" + chmod -R 0757 /run/kernel/config/tsm/report/cima && + chmod -R 0666 /run/kernel/config/tsm/report/cima/inblob" volumes: - /sys/firmware/acpi/tables/CCEL:/run/firmware/acpi/tables/CCEL - /sys/firmware/acpi/tables/data/CCEL:/run/firmware/acpi/tables/data/CCEL - /sys/kernel/security/integrity/ima/ascii_runtime_measurements:/run/kernel/security/integrity/ima/ascii_runtime_measurements - - /run/ccnp/uds:/run/ccnp/uds + - /run/cima/uds:/run/cima/uds - /etc/tdx-attest.conf:/etc/tdx-attest.conf - - /sys/kernel/config/tsm/report/ccnp:/run/kernel/config/tsm/report/ccnp - - /sys/kernel/config/tsm/report/ccnp/inblob:/run/kernel/config/tsm/report/ccnp/inblob + - /sys/kernel/config/tsm/report/cima:/run/kernel/config/tsm/report/cima + - /sys/kernel/config/tsm/report/cima/inblob:/run/kernel/config/tsm/report/cima/inblob - ccnp-server: - image: #CCNP_SERVER_IMAGE + cima-server: + image: #CIMA_SERVER_IMAGE deploy: resources: limits: cpus: '0.1' memory: 128M depends_on: - init-ccnp-server: + init-cima-server: condition: service_completed_successfully volumes: - /sys/firmware/acpi/tables/CCEL:/run/firmware/acpi/tables/CCEL - /sys/firmware/acpi/tables/data/CCEL:/run/firmware/acpi/tables/data/CCEL - /sys/kernel/security/integrity/ima/ascii_runtime_measurements:/run/kernel/security/integrity/ima/ascii_runtime_measurements - - /run/ccnp/uds:/run/ccnp/uds + - /run/cima/uds:/run/cima/uds - /etc/tdx-attest.conf:/etc/tdx-attest.conf - - /sys/kernel/config/tsm/report/ccnp:/run/kernel/config/tsm/report/ccnp - - /sys/kernel/config/tsm/report/ccnp/inblob:/run/kernel/config/tsm/report/ccnp/inblob + - /sys/kernel/config/tsm/report/cima:/run/kernel/config/tsm/report/cima + - /sys/kernel/config/tsm/report/cima/inblob:/run/kernel/config/tsm/report/cima/inblob environment: - - TSM_REPORT=/run/kernel/config/tsm/report/ccnp + - TSM_REPORT=/run/kernel/config/tsm/report/cima devices: - #DEV_TDX:#DEV_TDX security_opt: diff --git a/deployment/docker-compose/configs/ccnp-example.yaml.template b/deployment/docker-compose/configs/cima-example.yaml.template similarity index 85% rename from deployment/docker-compose/configs/ccnp-example.yaml.template rename to deployment/docker-compose/configs/cima-example.yaml.template index 0f3f5f4..f4b3e62 100644 --- a/deployment/docker-compose/configs/ccnp-example.yaml.template +++ b/deployment/docker-compose/configs/cima-example.yaml.template @@ -1,6 +1,6 @@ -name: ccnp-example-ctr +name: cima-example-ctr services: - init-ccnp-example: + init-cima-example: image: busybox deploy: resources: @@ -11,13 +11,13 @@ services: sh -c " chmod -R 0444 /run/firmware/acpi/tables/CCEL && chmod -R 0444 /run/firmware/acpi/tables/data/CCEL && chmod -R 0444 /run/kernel/security/integrity/ima/ascii_runtime_measurements && - chmod -R 0757 /run/ccnp/uds" + chmod -R 0757 /run/cima/uds" volumes: - /sys/firmware/acpi/tables/CCEL:/run/firmware/acpi/tables/CCEL - /sys/firmware/acpi/tables/data/CCEL:/run/firmware/acpi/tables/data/CCEL - /sys/kernel/security/integrity/ima/ascii_runtime_measurements:/run/kernel/security/integrity/ima/ascii_runtime_measurements - - /run/ccnp/uds:/run/ccnp/uds - ccnp-example: + - /run/cima/uds:/run/cima/uds + cima-example: image: #EXAMPLE_IMAGE deploy: resources: @@ -28,9 +28,9 @@ services: - /sys/firmware/acpi/tables/CCEL:/run/firmware/acpi/tables/CCEL - /sys/firmware/acpi/tables/data/CCEL:/run/firmware/acpi/tables/data/CCEL - /sys/kernel/security/integrity/ima/ascii_runtime_measurements:/run/kernel/security/integrity/ima/ascii_runtime_measurements - - /run/ccnp/uds:/run/ccnp/uds + - /run/cima/uds:/run/cima/uds devices: - #DEV_TDX:#DEV_TDX depends_on: - init-ccnp-example: + init-cima-example: condition: service_completed_successfully diff --git a/deployment/docker-compose/deploy-ccnp.sh b/deployment/docker-compose/deploy-cima.sh similarity index 84% rename from deployment/docker-compose/deploy-ccnp.sh rename to deployment/docker-compose/deploy-cima.sh index 049d7df..ddb7cc2 100755 --- a/deployment/docker-compose/deploy-ccnp.sh +++ b/deployment/docker-compose/deploy-cima.sh @@ -3,7 +3,7 @@ set -e TAG="latest" -CCNP_SERVER_IMAGE="ccnp-server" +CIMA_SERVER_IMAGE="cima-server" REGISTRY="" DIR=$(dirname "$(readlink -f "$0")") @@ -38,13 +38,13 @@ process_args() { esac done - CCNP_SERVER_IMAGE="$CCNP_SERVER_IMAGE:$TAG" + CIMA_SERVER_IMAGE="$CIMA_SERVER_IMAGE:$TAG" if [[ ${REGISTRY: -1} == "/" ]]; then REGISTRY="${REGISTRY%/}" fi if [[ $REGISTRY != "" ]]; then - CCNP_SERVER_IMAGE="$REGISTRY/$CCNP_SERVER_IMAGE" + CIMA_SERVER_IMAGE="$REGISTRY/$CIMA_SERVER_IMAGE" fi } @@ -56,6 +56,6 @@ create_cache_dir # shellcheck disable=SC1091 . "$DIR"/scripts/docker_compose.sh -create_composes "$CCNP_SERVER_IMAGE" +create_composes "$CIMA_SERVER_IMAGE" docker_compose_up diff --git a/deployment/docker-compose/exec-ccnp-example.sh b/deployment/docker-compose/exec-cima-example.sh similarity index 71% rename from deployment/docker-compose/exec-ccnp-example.sh rename to deployment/docker-compose/exec-cima-example.sh index 1932f2f..57d8fb5 100755 --- a/deployment/docker-compose/exec-ccnp-example.sh +++ b/deployment/docker-compose/exec-cima-example.sh @@ -7,7 +7,7 @@ DIR=$(dirname "$(readlink -f "$0")") . "$DIR"/scripts/device.sh CONFIG_DIR="$DIR"/configs -EXAMPLE_IMAGE=ccnp-example +EXAMPLE_IMAGE=cima-example TAG=latest REGISTRY="" DEV_TDX="/dev/tdx_guest" @@ -62,42 +62,42 @@ delete_example_ctr() { fi info "Example Container Being Deleted" - docker compose -f "$COMPOSE_CACHE_DIR"/ccnp-node-measurement-example.yaml down + docker compose -f "$COMPOSE_CACHE_DIR"/cima-node-measurement-example.yaml down ok "Example Container Deleted" } validate_on_container() { - info "Execute example Container ccnp-example" - ctr_id=$(docker ps | grep ccnp-example-ctr | awk '{print $1}') + info "Execute example Container cima-example" + ctr_id=$(docker ps | grep cima-example-ctr | awk '{print $1}') if [[ "$ctr_id" == "" ]]; then info "Example Container is NOT Avaliable. Deploying Example Container" - sed "s@\#EXAMPLE_IMAGE@$EXAMPLE_IMAGE@g" "$CONFIG_DIR"/ccnp-example.yaml.template \ - > "$COMPOSE_CACHE_DIR"/ccnp-example.yaml - sed -i "s@\#DEV_TDX@$DEV_TDX@g" "$COMPOSE_CACHE_DIR"/ccnp-example.yaml - docker compose -f "$COMPOSE_CACHE_DIR"/ccnp-example.yaml up -d + sed "s@\#EXAMPLE_IMAGE@$EXAMPLE_IMAGE@g" "$CONFIG_DIR"/cima-example.yaml.template \ + > "$COMPOSE_CACHE_DIR"/cima-example.yaml + sed -i "s@\#DEV_TDX@$DEV_TDX@g" "$COMPOSE_CACHE_DIR"/cima-example.yaml + docker compose -f "$COMPOSE_CACHE_DIR"/cima-example.yaml up -d fi - ctr_id=$(docker ps | grep ccnp-example-ctr | awk '{print $1}') + ctr_id=$(docker ps | grep cima-example-ctr | awk '{print $1}') if [[ "$ctr_id" == "" ]]; then error "Fail to deploy Example Container" fi - ok "Example Container Avaliable. Compose file: $COMPOSE_CACHE_DIR/ccnp-example.yaml" + ok "Example Container Avaliable. Compose file: $COMPOSE_CACHE_DIR/cima-example.yaml" ok "=============== Get Measurement ===============" - docker exec -it "$ctr_id" python3 py_sdk_example.py -m > "$CCNP_CACHE_DIR"/example.log - ok "Measurement is saved in file $CCNP_CACHE_DIR/example.log" + docker exec -it "$ctr_id" python3 py_sdk_example.py -m > "$CIMA_CACHE_DIR"/example.log + ok "Measurement is saved in file $CIMA_CACHE_DIR/example.log" ok "=============== Get Event Logs ===============" - docker exec -it "$ctr_id" python3 py_sdk_example.py -e >> "$CCNP_CACHE_DIR"/example.log - ok "Eventlog is saved in file $CCNP_CACHE_DIR/example.log" + docker exec -it "$ctr_id" python3 py_sdk_example.py -e >> "$CIMA_CACHE_DIR"/example.log + ok "Eventlog is saved in file $CIMA_CACHE_DIR/example.log" ok "=============== Get CC Report ===============" - docker exec -it "$ctr_id" python3 py_sdk_example.py -r >> "$CCNP_CACHE_DIR"/example.log - ok "CC Report is saved in file $CCNP_CACHE_DIR/example.log" + docker exec -it "$ctr_id" python3 py_sdk_example.py -r >> "$CIMA_CACHE_DIR"/example.log + ok "CC Report is saved in file $CIMA_CACHE_DIR/example.log" ok "=============== Verify Event Logs ===============" - docker exec -it "$ctr_id" python3 py_sdk_example.py -v >> "$CCNP_CACHE_DIR"/example.log - ok "Eventlog is verified in file $CCNP_CACHE_DIR/example.log" + docker exec -it "$ctr_id" python3 py_sdk_example.py -v >> "$CIMA_CACHE_DIR"/example.log + ok "Eventlog is verified in file $CIMA_CACHE_DIR/example.log" } process_args "$@" diff --git a/deployment/docker-compose/scripts/cache.sh b/deployment/docker-compose/scripts/cache.sh index c76daac..fef6154 100644 --- a/deployment/docker-compose/scripts/cache.sh +++ b/deployment/docker-compose/scripts/cache.sh @@ -5,28 +5,28 @@ DIR=$(dirname "$(readlink -f "$0")") . "$DIR"/scripts/comm.sh check_cache_dir() { - if [[ -d "$CCNP_CACHE_DIR" ]]; then - error "Cache Dir $CCNP_CACHE_DIR Exists. Please Back & Delete It" + if [[ -d "$CIMA_CACHE_DIR" ]]; then + error "Cache Dir $CIMA_CACHE_DIR Exists. Please Back & Delete It" fi } create_cache_dir() { - info "Cache Dir Being Created: $CCNP_CACHE_DIR" - mkdir -p "$CCNP_CACHE_DIR" - mkdir -p "$CCNP_CACHE_DIR/run/ccnp-eventlog" - mkdir -p "$CCNP_CACHE_DIR/run/ccnp/uds" - mkdir -p "$CCNP_CACHE_DIR/eventlog-entry-dir" - mkdir -p "$CCNP_CACHE_DIR/eventlog-data-dir" + info "Cache Dir Being Created: $CIMA_CACHE_DIR" + mkdir -p "$CIMA_CACHE_DIR" + mkdir -p "$CIMA_CACHE_DIR/run/cima-eventlog" + mkdir -p "$CIMA_CACHE_DIR/run/cima/uds" + mkdir -p "$CIMA_CACHE_DIR/eventlog-entry-dir" + mkdir -p "$CIMA_CACHE_DIR/eventlog-data-dir" mkdir -p "$COMPOSE_CACHE_DIR" - chmod 777 -R "$CCNP_CACHE_DIR" - ok "Cache Dir Created: $CCNP_CACHE_DIR" + chmod 777 -R "$CIMA_CACHE_DIR" + ok "Cache Dir Created: $CIMA_CACHE_DIR" } remove_cache_dir() { info "Cache Dir Being Removed" - if [[ -d "$CCNP_CACHE_DIR" ]]; then - rm -rf "$CCNP_CACHE_DIR" + if [[ -d "$CIMA_CACHE_DIR" ]]; then + rm -rf "$CIMA_CACHE_DIR" fi ok "Cache Dir Removed" } diff --git a/deployment/docker-compose/scripts/comm.sh b/deployment/docker-compose/scripts/comm.sh index 8b773f5..d6126bb 100644 --- a/deployment/docker-compose/scripts/comm.sh +++ b/deployment/docker-compose/scripts/comm.sh @@ -1,9 +1,9 @@ #!/bin/bash -CCNP_CACHE_DIR=/tmp/docker_ccnp +CIMA_CACHE_DIR=/tmp/docker_cima # shellcheck disable=SC2034 -COMPOSE_CACHE_DIR=$CCNP_CACHE_DIR/composes +COMPOSE_CACHE_DIR=$CIMA_CACHE_DIR/composes info() { echo -e "\e[1;33mINFO: $*\e[0;0m" diff --git a/deployment/docker-compose/scripts/docker_compose.sh b/deployment/docker-compose/scripts/docker_compose.sh index 6ac2551..d775818 100644 --- a/deployment/docker-compose/scripts/docker_compose.sh +++ b/deployment/docker-compose/scripts/docker_compose.sh @@ -7,14 +7,14 @@ DIR=$(dirname "$(readlink -f "$0")") CONFIG_DIR="$DIR/configs" create_composes() { - CCNP_SERVER_IMAGE=$1 + CIMA_SERVER_IMAGE=$1 DEV_TDX=$(check_dev_tdx) - sed "s@\#CCNP_SERVER_IMAGE@$CCNP_SERVER_IMAGE@g" "$CONFIG_DIR"/ccnp-compose.yaml.template \ - > "$COMPOSE_CACHE_DIR"/ccnp-compose.yaml + sed "s@\#CIMA_SERVER_IMAGE@$CIMA_SERVER_IMAGE@g" "$CONFIG_DIR"/cima-compose.yaml.template \ + > "$COMPOSE_CACHE_DIR"/cima-compose.yaml - sed -i "s@\#DEV_TDX@$DEV_TDX@g" "$COMPOSE_CACHE_DIR"/ccnp-compose.yaml + sed -i "s@\#DEV_TDX@$DEV_TDX@g" "$COMPOSE_CACHE_DIR"/cima-compose.yaml } diff --git a/deployment/kubernetes/README.md b/deployment/kubernetes/README.md index 6f6b713..f8917a0 100644 --- a/deployment/kubernetes/README.md +++ b/deployment/kubernetes/README.md @@ -1,13 +1,13 @@ -# CCNP Deployment Guide in Kubernetes Cluster +# CIMA Deployment Guide in Kubernetes Cluster -Below diagram illustrates CCNP deployment process. In this document, it will use Intel TDX guest(TD) as an example of CVM and deploy CCNP on Intel TD nodes. +Below diagram illustrates CIMA deployment process. In this document, it will use Intel TDX guest(TD) as an example of CVM and deploy CIMA on Intel TD nodes. -![Deployment diagram](../../docs/ccnp-deployment-k8s.png) +![Deployment diagram](../../docs/cima-deployment-k8s.png) ## Prepare a K8S cluster with TD as worker nodes -You can either create a K8S cluster in the TD or let the TD join an existing K8S cluster. Please choose one of the following step to make sure the K8S cluster is prepared with the TD running in it. CCNP will be deployed on the TD. +You can either create a K8S cluster in the TD or let the TD join an existing K8S cluster. Please choose one of the following step to make sure the K8S cluster is prepared with the TD running in it. CIMA will be deployed on the TD. ### Option 1: Create a K8S cluster on the TD After TDs are started, users need to setup a K8S cluster in the TDs. It's recommended to use [K3S](https://docs.k3s.io/) to start a lightweight Kubernetes cluster for experimental purpose. @@ -19,77 +19,77 @@ _NOTE: If the cluster has only one node (master node), the taint on the node nee ### Option 2: Add the TD to an existing K8S cluster After TDs are started, users can let the TDs join an existing K8S cluster. Please refer to the [k8s official documentation](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-join/) for detailed steps. -## Deploy CCNP +## Deploy CIMA -The following scripts can help to generate CCNP images and deploy them in the TD nodes. `build.sh` can run on either host or TD. Other scripts are supposed to run in the TD. +The following scripts can help to generate CIMA images and deploy them in the TD nodes. `build.sh` can run on either host or TD. Other scripts are supposed to run in the TD. - [build.sh](../../container/build.sh): The tool will build docker images and push them to remote registry if required. Skip it if you already have docker images prepared. -- [prerequisite.sh](../kubernetes/script/prerequisite.sh): This tool will complete the prerequisites for deploying CCNP on Ubuntu. -- [deploy-ccnp.sh](../kubernetes/script/deploy-ccnp.sh): The tool will deploy CCNP services as DaemonSet on TDs in the K8S cluster. -- [deploy-ccnp-example.sh](../kubernetes/script/deploy-ccnp-example.sh): The tool will deploy an example pod with CCNP SDK installed. -- [exec-ccnp-example.sh](../kubernetes/script/exec-ccnp-example.sh): The tool will show getting event logs, measurement and perform verification using CCNP in the pod. +- [prerequisite.sh](../kubernetes/script/prerequisite.sh): This tool will complete the prerequisites for deploying CIMA on Ubuntu. +- [deploy-cima.sh](../kubernetes/script/deploy-cima.sh): The tool will deploy CIMA services as DaemonSet on TDs in the K8S cluster. +- [deploy-cima-example.sh](../kubernetes/script/deploy-cima-example.sh): The tool will deploy an example pod with CIMA SDK installed. +- [exec-cima-example.sh](../kubernetes/script/exec-cima-example.sh): The tool will show getting event logs, measurement and perform verification using CIMA in the pod. ### Prerequisite -The prerequisite steps are required for CCNP deployment. Run `prerequisite.sh` in the TD. +The prerequisite steps are required for CIMA deployment. Run `prerequisite.sh` in the TD. ``` $ cd script $ sudo ./prerequisite.sh ``` -### Deploy CCNP services -CCNP deployment tool will deploy TDX device plugin and DaemonSets for CCNP event log, measurement and quote. +### Deploy CIMA services +CIMA deployment tool will deploy TDX device plugin and DaemonSets for CIMA event log, measurement and quote. Run below scripts on each TD node. ``` -# Deploy CCNP with user specified remote registry and image tag -$ sudo ./deploy-ccnp.sh -r -g +# Deploy CIMA with user specified remote registry and image tag +$ sudo ./deploy-cima.sh -r -g e.g. -$ sudo ./deploy-ccnp.sh -r test-registry.intel.com/test -g 0.5 +$ sudo ./deploy-cima.sh -r test-registry.intel.com/test -g 0.5 -# Delete existing CCNP and Deploy CCNP with user specified remote registry and image tag -$ sudo ./deploy-ccnp.sh -r -g -d +# Delete existing CIMA and Deploy CIMA with user specified remote registry and image tag +$ sudo ./deploy-cima.sh -r -g -d ``` -After it's successful, you should see DaemonSet in namespace `ccnp`. +After it's successful, you should see DaemonSet in namespace `cima`. ``` -$ sudo kubectl get ds -n ccnp +$ sudo kubectl get ds -n cima NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE -ccnp-server 1 1 1 1 1 intel.feature.node.kubernetes.io/tdx-guest=enabled 24h -$ sudo kubectl get pods -n ccnp +cima-server 1 1 1 1 1 intel.feature.node.kubernetes.io/tdx-guest=enabled 24h +$ sudo kubectl get pods -n cima NAME READY STATUS RESTARTS AGE -ccnp-webhook-74f88647bd-d4hmk 1/1 Running 0 91m -ccnp-server-h7t46 1/1 Running 0 90m +cima-webhook-74f88647bd-d4hmk 1/1 Running 0 91m +cima-server-h7t46 1/1 Running 0 90m ``` -## CCNP Usage Example -The script [deploy-ccnp-example.sh](../kubernetes/script/deploy-ccnp-example.sh) will deploy an example pod with CCNP SDK installed. -The script [exec-ccnp-example.sh](../kubernetes/script/exec-ccnp-example.sh) will use CCNP SDK to collect event log, measurement and perform verification in the example pod. +## CIMA Usage Example +The script [deploy-cima-example.sh](../kubernetes/script/deploy-cima-example.sh) will deploy an example pod with CIMA SDK installed. +The script [exec-cima-example.sh](../kubernetes/script/exec-cima-example.sh) will use CIMA SDK to collect event log, measurement and perform verification in the example pod. - Deploy example pod ``` $ cd script -# Deploy CCNP example pod -$ sudo ./deploy-ccnp-example.sh -r -g +# Deploy CIMA example pod +$ sudo ./deploy-cima-example.sh -r -g ``` -- Get Pod measurement, event logs, CC report and verify event logs using CCNP SDK. +- Get Pod measurement, event logs, CC report and verify event logs using CIMA SDK. ``` # Get measurement -$ sudo ./exec-ccnp-example.sh -m +$ sudo ./exec-cima-example.sh -m # Get event logs -$ sudo ./exec-ccnp-example.sh -e +$ sudo ./exec-cima-example.sh -e # Get CC report -$ sudo ./exec-ccnp-example.sh -r +$ sudo ./exec-cima-example.sh -r # Verify event logs with measurements -$ sudo ./exec-ccnp-example.sh -v +$ sudo ./exec-cima-example.sh -v ``` The example output of verification can be found at [sample-output-for-container-measurement.txt](../../docs/sample-output-for-container-measurement.txt) and diff --git a/deployment/kubernetes/charts/ccnp-server/Chart.yaml b/deployment/kubernetes/charts/cima-server/Chart.yaml similarity index 93% rename from deployment/kubernetes/charts/ccnp-server/Chart.yaml rename to deployment/kubernetes/charts/cima-server/Chart.yaml index 7fc1bc1..e5397a2 100644 --- a/deployment/kubernetes/charts/ccnp-server/Chart.yaml +++ b/deployment/kubernetes/charts/cima-server/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: ccnp-server -description: A Helm chart for CCNP server deployment in Kubernetes +name: cima-server +description: A Helm chart for CIMA server deployment in Kubernetes # A chart can be either an 'application' or a 'library' chart. # diff --git a/deployment/kubernetes/charts/ccnp-server/templates/NOTES.txt b/deployment/kubernetes/charts/cima-server/templates/NOTES.txt similarity index 86% rename from deployment/kubernetes/charts/ccnp-server/templates/NOTES.txt rename to deployment/kubernetes/charts/cima-server/templates/NOTES.txt index d124bd9..f8c11b3 100644 --- a/deployment/kubernetes/charts/ccnp-server/templates/NOTES.txt +++ b/deployment/kubernetes/charts/cima-server/templates/NOTES.txt @@ -1,16 +1,16 @@ {{- if .Values.service.enable }} 1. Get the application URL by running these commands: {{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ccnp-server.fullname" . }}) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cima-server.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ccnp-server.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ccnp-server.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "cima-server.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "cima-server.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ccnp-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cima-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT diff --git a/deployment/kubernetes/charts/ccnp-server/templates/_helpers.tpl b/deployment/kubernetes/charts/cima-server/templates/_helpers.tpl similarity index 75% rename from deployment/kubernetes/charts/ccnp-server/templates/_helpers.tpl rename to deployment/kubernetes/charts/cima-server/templates/_helpers.tpl index eafc4df..662eb28 100644 --- a/deployment/kubernetes/charts/ccnp-server/templates/_helpers.tpl +++ b/deployment/kubernetes/charts/cima-server/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "ccnp-server.name" -}} +{{- define "cima-server.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "ccnp-server.fullname" -}} +{{- define "cima-server.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "ccnp-server.chart" -}} +{{- define "cima-server.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "ccnp-server.labels" -}} -helm.sh/chart: {{ include "ccnp-server.chart" . }} -{{ include "ccnp-server.selectorLabels" . }} +{{- define "cima-server.labels" -}} +helm.sh/chart: {{ include "cima-server.chart" . }} +{{ include "cima-server.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "ccnp-server.selectorLabels" -}} -app.kubernetes.io/name: {{ include "ccnp-server.name" . }} +{{- define "cima-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cima-server.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "ccnp-server.serviceAccountName" -}} +{{- define "cima-server.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "ccnp-server.fullname" .) .Values.serviceAccount.name }} +{{- default (include "cima-server.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/deployment/kubernetes/charts/ccnp-server/templates/daemonset.yaml b/deployment/kubernetes/charts/cima-server/templates/daemonset.yaml similarity index 79% rename from deployment/kubernetes/charts/ccnp-server/templates/daemonset.yaml rename to deployment/kubernetes/charts/cima-server/templates/daemonset.yaml index a57f4e8..c6b0624 100644 --- a/deployment/kubernetes/charts/ccnp-server/templates/daemonset.yaml +++ b/deployment/kubernetes/charts/cima-server/templates/daemonset.yaml @@ -1,14 +1,14 @@ apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ include "ccnp-server.fullname" . }} + name: {{ include "cima-server.fullname" . }} namespace: {{ .Values.namespace }} labels: - {{- include "ccnp-server.labels" . | nindent 4 }} + {{- include "cima-server.labels" . | nindent 4 }} spec: selector: matchLabels: - {{- include "ccnp-server.selectorLabels" . | nindent 6 }} + {{- include "cima-server.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} @@ -16,9 +16,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "ccnp-server.selectorLabels" . | nindent 8 }} + {{- include "cima-server.selectorLabels" . | nindent 8 }} spec: - serviceAccountName: {{ include "ccnp-server.serviceAccountName" . }} + serviceAccountName: {{ include "cima-server.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/deployment/kubernetes/charts/ccnp-server/templates/namespace.yaml b/deployment/kubernetes/charts/cima-server/templates/namespace.yaml similarity index 100% rename from deployment/kubernetes/charts/ccnp-server/templates/namespace.yaml rename to deployment/kubernetes/charts/cima-server/templates/namespace.yaml diff --git a/deployment/kubernetes/charts/ccnp-server/templates/serviceaccount.yaml b/deployment/kubernetes/charts/cima-server/templates/serviceaccount.yaml similarity index 69% rename from deployment/kubernetes/charts/ccnp-server/templates/serviceaccount.yaml rename to deployment/kubernetes/charts/cima-server/templates/serviceaccount.yaml index c3b4501..e150c0b 100644 --- a/deployment/kubernetes/charts/ccnp-server/templates/serviceaccount.yaml +++ b/deployment/kubernetes/charts/cima-server/templates/serviceaccount.yaml @@ -3,9 +3,9 @@ apiVersion: v1 kind: ServiceAccount metadata: namespace: {{ .Values.namespace }} - name: {{ include "ccnp-server.serviceAccountName" . }} + name: {{ include "cima-server.serviceAccountName" . }} labels: - {{- include "ccnp-server.labels" . | nindent 4 }} + {{- include "cima-server.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/deployment/kubernetes/charts/ccnp-server/values.yaml b/deployment/kubernetes/charts/cima-server/values.yaml similarity index 94% rename from deployment/kubernetes/charts/ccnp-server/values.yaml rename to deployment/kubernetes/charts/cima-server/values.yaml index 9499cca..c569d71 100644 --- a/deployment/kubernetes/charts/ccnp-server/values.yaml +++ b/deployment/kubernetes/charts/cima-server/values.yaml @@ -1,16 +1,16 @@ -# Default values for CCNP server. +# Default values for CIMA server. # This is a YAML-formatted file. # Declare variables to be passed into your templates. image: - repository: docker.io/library/ccnp-server + repository: docker.io/library/cima-server pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "0.1" nameOverride: "" fullnameOverride: "" -namespace: ccnp +namespace: cima namespaceCreate: false serviceAccount: diff --git a/deployment/kubernetes/manifests/ccnp-example-deployment.yaml b/deployment/kubernetes/manifests/cima-example-deployment.yaml similarity index 64% rename from deployment/kubernetes/manifests/ccnp-example-deployment.yaml rename to deployment/kubernetes/manifests/cima-example-deployment.yaml index 81bbdd9..1064c94 100644 --- a/deployment/kubernetes/manifests/ccnp-example-deployment.yaml +++ b/deployment/kubernetes/manifests/cima-example-deployment.yaml @@ -1,22 +1,22 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: ccnp-example - namespace: ccnp + name: cima-example + namespace: cima spec: selector: matchLabels: - app: ccnp-example + app: cima-example template: metadata: labels: - app: ccnp-example + app: cima-example annotations: - "ccnp.cc-api/require": "true" + "cima.cc-api/require": "true" spec: containers: - - name: ccnp-example - image: "docker.io/library/ccnp-example:latest" + - name: cima-example + image: "docker.io/library/cima-example:latest" imagePullPolicy: Always resources: limits: diff --git a/deployment/kubernetes/manifests/ccnp-perf-deployment.yaml b/deployment/kubernetes/manifests/cima-perf-deployment.yaml similarity index 65% rename from deployment/kubernetes/manifests/ccnp-perf-deployment.yaml rename to deployment/kubernetes/manifests/cima-perf-deployment.yaml index 2f9c305..fc824ea 100644 --- a/deployment/kubernetes/manifests/ccnp-perf-deployment.yaml +++ b/deployment/kubernetes/manifests/cima-perf-deployment.yaml @@ -1,22 +1,22 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: ccnp-perf - namespace: ccnp + name: cima-perf + namespace: cima spec: selector: matchLabels: - app: ccnp-perf + app: cima-perf template: metadata: labels: - app: ccnp-perf + app: cima-perf annotations: - "ccnp.cc-api/require": "true" + "cima.cc-api/require": "true" spec: containers: - - name: ccnp-perf - image: "docker.io/library/ccnp-perf:latest" + - name: cima-perf + image: "docker.io/library/cima-perf:latest" imagePullPolicy: IfNotPresent resources: limits: diff --git a/deployment/kubernetes/manifests/ccnp-server-deployment.yaml b/deployment/kubernetes/manifests/cima-server-deployment.yaml similarity index 83% rename from deployment/kubernetes/manifests/ccnp-server-deployment.yaml rename to deployment/kubernetes/manifests/cima-server-deployment.yaml index a4c7a36..cfd4eb0 100644 --- a/deployment/kubernetes/manifests/ccnp-server-deployment.yaml +++ b/deployment/kubernetes/manifests/cima-server-deployment.yaml @@ -2,20 +2,20 @@ apiVersion: apps/v1 kind: DaemonSet metadata: - name: ccnp-server - namespace: ccnp + name: cima-server + namespace: cima labels: - app: ccnp-server + app: cima-server spec: selector: matchLabels: - app: ccnp-server + app: cima-server template: metadata: labels: - app: ccnp-server + app: cima-server annotations: - "ccnp.cc-api/require": "true" + "cima.cc-api/require": "true" spec: tolerations: - key: node-role.kubernetes.io/control-plane @@ -25,11 +25,11 @@ spec: operator: Exists effect: NoSchedule containers: - - name: ccnp-server - image: docker.io/library/ccnp-server:latest + - name: cima-server + image: docker.io/library/cima-server:latest env: - name: TSM_REPORT - value: /run/ccnp/tsm/ + value: /run/cima/tsm/ imagePullPolicy: IfNotPresent resources: limits: @@ -47,7 +47,7 @@ spec: - name: vsock-port mountPath: /etc/tdx-attest.conf - name: tsm-report - mountPath: /run/ccnp/tsm/ + mountPath: /run/cima/tsm/ volumes: - name: proc hostPath: @@ -71,7 +71,7 @@ spec: type: File - name: tsm-report hostPath: - path: /sys/kernel/config/tsm/report/ccnp/ + path: /sys/kernel/config/tsm/report/cima/ type: Directory nodeSelector: "feature.node.kubernetes.io/cpu-security.tdx.protected": "true" diff --git a/deployment/kubernetes/manifests/ccnp-webhook-deployment.yaml b/deployment/kubernetes/manifests/cima-webhook-deployment.yaml similarity index 78% rename from deployment/kubernetes/manifests/ccnp-webhook-deployment.yaml rename to deployment/kubernetes/manifests/cima-webhook-deployment.yaml index 5d24db1..3880fc0 100644 --- a/deployment/kubernetes/manifests/ccnp-webhook-deployment.yaml +++ b/deployment/kubernetes/manifests/cima-webhook-deployment.yaml @@ -4,7 +4,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: selfsigned - namespace: ccnp + namespace: cima spec: selfSigned: {} @@ -13,12 +13,12 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: ccnp-webhook - namespace: ccnp + name: cima-webhook + namespace: cima spec: - secretName: ccnp-webhook-tls + secretName: cima-webhook-tls dnsNames: - - ccnp-webhook.ccnp.svc + - cima-webhook.cima.svc issuerRef: name: selfsigned @@ -27,21 +27,21 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: ccnp-webhook - namespace: ccnp + name: cima-webhook + namespace: cima spec: selector: matchLabels: - app: ccnp-webhook + app: cima-webhook replicas: 1 template: metadata: labels: - app: ccnp-webhook + app: cima-webhook spec: containers: - - name: ccnp-webhook - image: docker.io/library/ccnp-webhook:latest + - name: cima-webhook + image: docker.io/library/cima-webhook:latest imagePullPolicy: IfNotPresent resources: limits: @@ -68,7 +68,7 @@ spec: volumes: - name: tls secret: - secretName: ccnp-webhook-tls + secretName: cima-webhook-tls # the pod only gets created if the secret exists # so it waits until the cert-manager is done optional: false @@ -78,8 +78,8 @@ spec: apiVersion: v1 kind: Service metadata: - name: ccnp-webhook - namespace: ccnp + name: cima-webhook + namespace: cima spec: ports: - name: https @@ -88,25 +88,25 @@ spec: selector: # IMPORTANT: # this has to match the selector in our Deployment later - app: ccnp-webhook + app: cima-webhook --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - name: ccnp-webhook - namespace: ccnp + name: cima-webhook + namespace: cima annotations: - cert-manager.io/inject-ca-from: ccnp/ccnp-webhook + cert-manager.io/inject-ca-from: cima/cima-webhook webhooks: - admissionReviewVersions: - v1 clientConfig: service: # has to match the service we created - namespace: ccnp - name: ccnp-webhook + namespace: cima + name: cima-webhook port: 9443 path: "/mutate" failurePolicy: Fail diff --git a/deployment/kubernetes/manifests/namespace.yaml b/deployment/kubernetes/manifests/namespace.yaml index f29a57a..d0fe803 100644 --- a/deployment/kubernetes/manifests/namespace.yaml +++ b/deployment/kubernetes/manifests/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: ccnp + name: cima diff --git a/deployment/kubernetes/script/deploy-ccnp-example.sh b/deployment/kubernetes/script/deploy-cima-example.sh similarity index 69% rename from deployment/kubernetes/script/deploy-ccnp-example.sh rename to deployment/kubernetes/script/deploy-cima-example.sh index 61a4a6c..66123f5 100755 --- a/deployment/kubernetes/script/deploy-ccnp-example.sh +++ b/deployment/kubernetes/script/deploy-cima-example.sh @@ -1,12 +1,12 @@ #!/bin/bash -# Script to deploy CCNP example pod +# Script to deploy CIMA example pod set -e DEFAULT_DOCKER_REPO=docker.io/library DEFAULT_TAG=latest WORK_DIR=$(cd "$(dirname "$0")" || exit; pwd) -TEMP_MANIFEST_FILE=/tmp/ccnp-example-deployment.yaml +TEMP_MANIFEST_FILE=/tmp/cima-example-deployment.yaml DELETE_DEPLOYMENT=false @@ -23,10 +23,10 @@ while getopts ":r:g:i:dmervh" option; do esac done -echo "Deploy CCNP example for container measurement in Kubernetes" +echo "Deploy CIMA example for container measurement in Kubernetes" pushd "${WORK_DIR}/../../.." || exit # replace registry and image tag according to user input -cp deployment/kubernetes/manifests/ccnp-example-deployment.yaml $TEMP_MANIFEST_FILE +cp deployment/kubernetes/manifests/cima-example-deployment.yaml $TEMP_MANIFEST_FILE if [[ -n "$registry" ]]; then sed -i "s#${DEFAULT_DOCKER_REPO}#${registry}#g" $TEMP_MANIFEST_FILE fi @@ -35,18 +35,18 @@ if [[ -n "$tag" ]];then fi # Delete old pod if it exists -OLD_POD_NAME=$(kubectl get po -n ccnp | grep ccnp-example | grep Running | awk '{ print $1 }') +OLD_POD_NAME=$(kubectl get po -n cima | grep cima-example | grep Running | awk '{ print $1 }') if [[ $DELETE_DEPLOYMENT == true ]] && [[ -n "$OLD_POD_NAME" ]]; then - echo "==> Cleaning up ccnp-example deployment" - kubectl delete deployment ccnp-example -n ccnp + echo "==> Cleaning up cima-example deployment" + kubectl delete deployment cima-example -n cima fi -echo "==> Creating ccnp-example deployment" +echo "==> Creating cima-example deployment" kubectl apply -f $TEMP_MANIFEST_FILE for i in {1..10} do - POD_NAME=$(kubectl get po -n ccnp | grep ccnp-example | grep Running | awk '{ print $1 }') + POD_NAME=$(kubectl get po -n cima | grep cima-example | grep Running | awk '{ print $1 }') if [[ -z "$POD_NAME" ]] then sleep 3 @@ -57,9 +57,9 @@ do done if [[ -z "$POD_NAME" ]]; then - echo "No ccnp-example pod with status running! Please check your deployment." + echo "No cima-example pod with status running! Please check your deployment." exit 1 fi -echo "CCNP example pod $POD_NAME is Running." +echo "CIMA example pod $POD_NAME is Running." popd || exit diff --git a/deployment/kubernetes/script/deploy-ccnp.sh b/deployment/kubernetes/script/deploy-cima.sh similarity index 75% rename from deployment/kubernetes/script/deploy-ccnp.sh rename to deployment/kubernetes/script/deploy-cima.sh index 7cc8055..2885bb6 100755 --- a/deployment/kubernetes/script/deploy-ccnp.sh +++ b/deployment/kubernetes/script/deploy-cima.sh @@ -15,7 +15,7 @@ function usage { usage: $(basename "$0") [OPTION]... -r the prefix string for registry -g container image tag - -d Delete existing CCNP and install new CCNP + -d Delete existing CIMA and install new CIMA EOM exit 1 } @@ -52,14 +52,14 @@ function check_env { fi } -function delete_ccnp { +function delete_cima { pushd "${WORK_DIR}/../../.." || exit - echo "-----------Delete ccnp webhook and server..." - kubectl delete -f deployment/kubernetes/manifests/ccnp-webhook-deployment.yaml - kubectl delete -f deployment/kubernetes/manifests/ccnp-server-deployment.yaml + echo "-----------Delete cima webhook and server..." + kubectl delete -f deployment/kubernetes/manifests/cima-webhook-deployment.yaml + kubectl delete -f deployment/kubernetes/manifests/cima-server-deployment.yaml - echo "-----------Delete ccnp namespace..." + echo "-----------Delete cima namespace..." kubectl delete -f deployment/kubernetes/manifests/namespace.yaml echo "-----------Delete NFD, cert-manager..." @@ -69,7 +69,7 @@ function delete_ccnp { popd || exit } -function deploy_ccnp { +function deploy_cima { pushd "${WORK_DIR}/../../.." || exit # Generate temporary yaml files for deployment @@ -85,7 +85,7 @@ function deploy_ccnp { sed -i "s#latest#${tag}#g" temp_manifests/*.yaml fi - # Deploy CCNP Dependencies + # Deploy CIMA Dependencies helm repo add nfd $NFD_URL helm repo update helm install $NFD_NAME nfd/node-feature-discovery --namespace $NFD_NS --create-namespace @@ -107,26 +107,26 @@ function deploy_ccnp { done rm cmctl - # Deploy CCNP webhook - echo "-----------Deploy ccnp namespace..." + # Deploy CIMA webhook + echo "-----------Deploy cima namespace..." kubectl create -f temp_manifests/namespace.yaml - kubectl create -f temp_manifests/ccnp-webhook-deployment.yaml + kubectl create -f temp_manifests/cima-webhook-deployment.yaml - # Deploy CCNP services - echo "-----------Deploy ccnp server..." - kubectl create -f temp_manifests/ccnp-server-deployment.yaml + # Deploy CIMA services + echo "-----------Deploy cima server..." + kubectl create -f temp_manifests/cima-server-deployment.yaml rm -rf temp_manifests popd || exit } -function check_ccnp_deployment { - # Check CCNP server pod - echo "-----------Checking ccnp server pod..." +function check_cima_deployment { + # Check CIMA server pod + echo "-----------Checking cima server pod..." for i in {1..10} do - CCNP_SERVER_POD=$(kubectl get po -n ccnp | grep ccnp-server | grep Running | awk '{ print $1 }') - if [[ -z "$CCNP_SERVER_POD" ]] + CIMA_SERVER_POD=$(kubectl get po -n cima | grep cima-server | grep Running | awk '{ print $1 }') + if [[ -z "$CIMA_SERVER_POD" ]] then sleep 3 echo "Retrying $i time ..." @@ -135,11 +135,11 @@ function check_ccnp_deployment { fi done - if [ -z "$CCNP_SERVER_POD" ]; then - echo "Error: CCNP server pod is not Running." + if [ -z "$CIMA_SERVER_POD" ]; then + echo "Error: CIMA server pod is not Running." exit 1 fi - echo "CCNP server pod $CCNP_SERVER_POD is Running." + echo "CIMA server pod $CIMA_SERVER_POD is Running." } check_env @@ -154,8 +154,8 @@ echo "-------------------------" echo "" if [[ $delete_force == true ]]; then - delete_ccnp + delete_cima fi -deploy_ccnp -check_ccnp_deployment +deploy_cima +check_cima_deployment diff --git a/deployment/kubernetes/script/exec-ccnp-example.sh b/deployment/kubernetes/script/exec-cima-example.sh similarity index 70% rename from deployment/kubernetes/script/exec-ccnp-example.sh rename to deployment/kubernetes/script/exec-cima-example.sh index 410bfa3..35beeca 100755 --- a/deployment/kubernetes/script/exec-ccnp-example.sh +++ b/deployment/kubernetes/script/exec-cima-example.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Script to execute CCNP example pod +# Script to execute CIMA example pod set -e @@ -24,29 +24,29 @@ while getopts ":mervh" option; do echo "Exeute the script to get measurement, event log and CC report" -POD_NAME=$(kubectl get po -n ccnp | grep -i ccnp-example | grep Running | awk '{ print $1 }') +POD_NAME=$(kubectl get po -n cima | grep -i cima-example | grep Running | awk '{ print $1 }') if [[ -z "$POD_NAME" ]]; then - echo "No ccnp-example pod with status running! Please check your deployment." + echo "No cima-example pod with status running! Please check your deployment." exit 1 fi if [ $MEASUREMENT == true ]; then echo "==> Get Measurements" - kubectl exec -it "$POD_NAME" -n ccnp -- python3 py_sdk_example.py -m + kubectl exec -it "$POD_NAME" -n cima -- python3 py_sdk_example.py -m fi if [ $EVENTLOG == true ]; then echo "==> Get Event logs" - kubectl exec -it "$POD_NAME" -n ccnp -- python3 py_sdk_example.py -e + kubectl exec -it "$POD_NAME" -n cima -- python3 py_sdk_example.py -e fi if [ $CC_REPORT == true ]; then echo "==> Get CC_REPORT" - kubectl exec -it "$POD_NAME" -n ccnp -- python3 py_sdk_example.py -r + kubectl exec -it "$POD_NAME" -n cima -- python3 py_sdk_example.py -r fi if [ $VERIFY == true ]; then echo "==> Verify event logs" - kubectl exec -it "$POD_NAME" -n ccnp -- python3 py_sdk_example.py -v + kubectl exec -it "$POD_NAME" -n cima -- python3 py_sdk_example.py -v fi diff --git a/deployment/kubernetes/script/image-manager.sh b/deployment/kubernetes/script/image-manager.sh index 02aafc4..391b728 100755 --- a/deployment/kubernetes/script/image-manager.sh +++ b/deployment/kubernetes/script/image-manager.sh @@ -75,8 +75,8 @@ while getopts ":a:r:c:g:hf" option; do function build_a_image { local img_container=$1 - if [[ ! $img_container =~ "ccnp" ]];then - img_name="ccnp-${img_container}" + if [[ ! $img_container =~ "cima" ]];then + img_name="cima-${img_container}" else img_name=$img_container fi @@ -127,8 +127,8 @@ function build_images { function publish_a_image { local img_container=$1 - if [[ ! $img_container =~ "ccnp" ]];then - img_name="ccnp-${img_container}" + if [[ ! $img_container =~ "cima" ]];then + img_name="cima-${img_container}" else img_name=$img_container fi diff --git a/deployment/kubernetes/script/prerequisite.sh b/deployment/kubernetes/script/prerequisite.sh index b24dc4e..b397f5d 100755 --- a/deployment/kubernetes/script/prerequisite.sh +++ b/deployment/kubernetes/script/prerequisite.sh @@ -1,19 +1,19 @@ #!/bin/bash -# This script implements the prerequisites for deploying CCNP, including installing docker, helm, python3-pip, -# and setting the access permissions of the TD device node and the ccnp working directory on the TD node. +# This script implements the prerequisites for deploying CIMA, including installing docker, helm, python3-pip, +# and setting the access permissions of the TD device node and the cima working directory on the TD node. set -e INSTALL_DOCKER=true INSTALL_HELM=true INSTALL_PIP=true -CCNP_UDEV=true -CCNP_UDS=true +CIMA_UDEV=true +CIMA_UDS=true UDEV_FILE=/etc/udev/rules.d TDX_RULES_FILE=${UDEV_FILE}/90-tdx.rules -CCNP_CONF=/usr/lib/tmpfiles.d/ccnp.conf +CIMA_CONF=/usr/lib/tmpfiles.d/cima.conf function check_env { if command -v docker &> /dev/null; then @@ -32,13 +32,13 @@ function check_env { fi if [ -e "$TDX_RULES_FILE" ]; then - CCNP_UDEV=flase - echo "Skip: CCNP udev rules has been set." + CIMA_UDEV=flase + echo "Skip: CIMA udev rules has been set." fi - if [ -e "$CCNP_CONF" ]; then - CCNP_UDS=flase - echo "Skip: CCNP uds dir has been prepared." + if [ -e "$CIMA_CONF" ]; then + CIMA_UDS=flase + echo "Skip: CIMA uds dir has been prepared." fi } @@ -83,7 +83,7 @@ function install_pip { apt install -y python3-pip } -function ccnp_udev_rules { +function cima_udev_rules { mkdir -p ${UDEV_FILE} touch ${TDX_RULES_FILE} @@ -103,9 +103,9 @@ function ccnp_udev_rules { udevadm trigger } -function ccnp_uds_dir { - touch ${CCNP_CONF} - echo "D /run/ccnp/uds 0757 - - -">${CCNP_CONF} +function cima_uds_dir { + touch ${CIMA_CONF} + echo "D /run/cima/uds 0757 - - -">${CIMA_CONF} # make the directory setup effective systemd-tmpfiles --create @@ -130,14 +130,14 @@ function install_prereqs { install_pip fi - if [[ "$CCNP_UDEV" = true ]]; then - echo "-----------Setup udev rules for CCNP device plugin..." - ccnp_udev_rules + if [[ "$CIMA_UDEV" = true ]]; then + echo "-----------Setup udev rules for CIMA device plugin..." + cima_udev_rules fi - if [[ "$CCNP_UDS" = true ]]; then - echo "-----------Prepare the shared Unix Domain Socket directory for CCNP..." - ccnp_uds_dir + if [[ "$CIMA_UDS" = true ]]; then + echo "-----------Prepare the shared Unix Domain Socket directory for CIMA..." + cima_uds_dir fi } diff --git a/docs/ccnp-architecture-high-level.png b/docs/cima-architecture-high-level.png similarity index 100% rename from docs/ccnp-architecture-high-level.png rename to docs/cima-architecture-high-level.png diff --git a/docs/ccnp-deployment-docker.png b/docs/cima-deployment-docker.png similarity index 100% rename from docs/ccnp-deployment-docker.png rename to docs/cima-deployment-docker.png diff --git a/docs/ccnp-deployment-k8s.png b/docs/cima-deployment-k8s.png similarity index 100% rename from docs/ccnp-deployment-k8s.png rename to docs/cima-deployment-k8s.png diff --git a/docs/ccnp-landing-confidential-cluster.png b/docs/cima-landing-confidential-cluster.png similarity index 100% rename from docs/ccnp-landing-confidential-cluster.png rename to docs/cima-landing-confidential-cluster.png diff --git a/docs/ccnp_arch.png b/docs/cima_arch.png similarity index 100% rename from docs/ccnp_arch.png rename to docs/cima_arch.png diff --git a/docs/container-measurement-design.md b/docs/container-measurement-design.md index e156fa3..29dda4c 100644 --- a/docs/container-measurement-design.md +++ b/docs/container-measurement-design.md @@ -70,7 +70,7 @@ From these typical usages, it is evident that for container measurement after bo * etcd/kube-apiserver * kube-controller-manager/kube-scheduler * kubeproxy/... - * measurement daemonset(CCNP) + * measurement daemonset(CIMA) * Versions/Configurations/Parameters/Status ## Container Measurement Architecture diff --git a/sdk/golang/README.md b/sdk/golang/README.md index 9a928ee..83bd597 100644 --- a/sdk/golang/README.md +++ b/sdk/golang/README.md @@ -1,6 +1,6 @@ -# Confidential Cloud-Native Primitives SDK for Golang +# Container Integrity Measurement Agent SDK for Golang -The Confidential Cloud-Native Primitives (CCNP) project is the solution targeted on simplifying the use of Trusted Execution Environment (TEE) in cloud-native environment. Currently, there are 2 parts included in CCNP, the services and the SDK. +The Container Integrity Measurement Agent (CIMA) project is the solution targeted on simplifying the use of Trusted Execution Environment (TEE) in cloud-native environment. Currently, there are 2 parts included in CIMA, the services and the SDK. - Service is designed to hide the complexity of different TEE platforms and provides common interfaces and scalability for cloud-native environment. - SDK is to simplify the use of the service interface for development, it covers communication to the service and parses the results from the services. @@ -9,10 +9,10 @@ The service supports attestation, measurement fetching and event log collecting Attestation is a common process within TEE platform and TPM to verify if the software binaries were properly instantiated on a trusted platform. Third parties can leverage the attestation process to identify the trustworthiness of the platform (by checking the measurements or event logs) as well as the software running on it, in order to decide whether they shall put their confidential information/workload onto the platform. -CCNP, as the overall framework for attestation, measurement and event log fetching, provides user with both customer-facing SDK and overall framework. By leveraging this SDK, user can easily retrieve different kinds of measurements or evidence such as event logs. Working along with different verification services (such as Amber) and configurable policies, user can validate the trustworthiness of the platform and make further decision. +CIMA, as the overall framework for attestation, measurement and event log fetching, provides user with both customer-facing SDK and overall framework. By leveraging this SDK, user can easily retrieve different kinds of measurements or evidence such as event logs. Working along with different verification services (such as Amber) and configurable policies, user can validate the trustworthiness of the platform and make further decision. [Source code][source_code] -| [Package (Go package)][ccnp_golang] +| [Package (Go package)][cima_golang] | [API reference documentation][api_doc] ## Getting started @@ -21,10 +21,10 @@ CCNP, as the overall framework for attestation, measurement and event log fetchi In order to work properly, user need to have the backend services ready on the TEE or TPM enabled platform first. Please refer to each deployment guide reside in the [service](../../service/) folder to install the backend services. ### Install the package -User can install the CCNP client library for Golang: +User can install the CIMA client library for Golang: ``` -go get github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp +go get github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima ``` ## Key concepts and usage @@ -54,11 +54,11 @@ import ( "os" "github.com/cc-api/cc-trusted-api/common/golang/cctrusted_base" - "github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp" + "github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima" ) func testGetCCReport() { - sdk := ccnp.SDK{} + sdk := cima.SDK{} num := uint64(rand.Int63n(math.MaxInt64)) b := make([]byte, 8) @@ -97,11 +97,11 @@ import( "fmt" "github.com/cc-api/cc-trusted-api/common/golang/cctrusted_base" - "github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp" + "github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima" ) func testGetCCMeasurement() { - sdk := ccnp.SDK{} + sdk := cima.SDK{} // set the imr index to 0 imr_index := 0 @@ -136,11 +136,11 @@ import( "fmt" "github.com/cc-api/cc-trusted-api/common/golang/cctrusted_base" - "github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp" + "github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima" ) func testGetCCEventLog() { - sdk := ccnp.SDK{} + sdk := cima.SDK{} /* Another example to set start to 0 and count to 10 for event log retrieval @@ -169,11 +169,11 @@ import( "fmt" "github.com/cc-api/cc-trusted-api/common/golang/cctrusted_base" - "github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp" + "github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima" ) func testReplayCCEventLog() { - sdk := ccnp.SDK{} + sdk := cima.SDK{} eventLogs, err := sdk.GetCCEventLog() if err != nil { @@ -197,10 +197,10 @@ TBA. ## Troubleshooting -Troubleshooting information for the CCNP SDK can be found here. +Troubleshooting information for the CIMA SDK can be found here. ## Next steps -For more information about the Confidential Cloud-Native Primitives, please see our documentation page. +For more information about the Container Integrity Measurement Agent, please see our documentation page. ## Contributing This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit the Contributor License Agreement site. @@ -213,6 +213,6 @@ See [CONTRIBUTING.md](../../CONTRIBUTING.md) for details on building, testing, a If you encounter any bugs or have suggestions, please file an issue in the Issues section of the project. -[source_code]: https://github.com/cc-api/confidential-cloud-native-primitives/tree/main/sdk/golang -[ccnp_golang]: https://pkg.go.dev/github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp +[source_code]: https://github.com/cc-api/container-integrity-measurement-agent/tree/main/sdk/golang +[cima_golang]: https://pkg.go.dev/github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima [api_doc]: https://github.com/cc-api/cc-trusted-api?tab=readme-ov-file#3-apis diff --git a/sdk/golang/ccnp/go.mod b/sdk/golang/ccnp/go.mod deleted file mode 100644 index 516bd3e..0000000 --- a/sdk/golang/ccnp/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp - -go 1.20 diff --git a/sdk/golang/ccnp/client.go b/sdk/golang/cima/client.go similarity index 94% rename from sdk/golang/ccnp/client.go rename to sdk/golang/cima/client.go index d6091fa..13c2315 100644 --- a/sdk/golang/ccnp/client.go +++ b/sdk/golang/cima/client.go @@ -3,7 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -package ccnp +package cima import ( "bufio" @@ -14,26 +14,26 @@ import ( "time" "github.com/cc-api/cc-trusted-api/common/golang/cctrusted_base" - pb "github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp/proto" + pb "github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima/proto" "google.golang.org/grpc" ) const ( - UDS_PATH = "unix:/run/ccnp/uds/ccnp-server.sock" + UDS_PATH = "unix:/run/cima/uds/cima-server.sock" ) type Client struct { - client pb.CcnpClient + client pb.CimaClient } func NewClient() (Client, error) { conn, err := grpc.Dial(UDS_PATH, grpc.WithInsecure()) if err != nil { - log.Fatalf("[GetCCReportFromServer] can not connect to CCNP server UDS at %v with error: %v", UDS_PATH, err) + log.Fatalf("[GetCCReportFromServer] can not connect to CIMA server UDS at %v with error: %v", UDS_PATH, err) return Client{}, err } - client := pb.NewCcnpClient(conn) + client := pb.NewCimaClient(conn) return Client{client: client}, nil } diff --git a/sdk/golang/cima/go.mod b/sdk/golang/cima/go.mod new file mode 100644 index 0000000..c508bed --- /dev/null +++ b/sdk/golang/cima/go.mod @@ -0,0 +1,3 @@ +module github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima + +go 1.20 diff --git a/sdk/golang/ccnp/proto/ccnp-server.pb.go b/sdk/golang/cima/proto/cima-server.pb.go similarity index 85% rename from sdk/golang/ccnp/proto/ccnp-server.pb.go rename to sdk/golang/cima/proto/cima-server.pb.go index 7333ee2..b5b5192 100644 --- a/sdk/golang/ccnp/proto/ccnp-server.pb.go +++ b/sdk/golang/cima/proto/cima-server.pb.go @@ -2,9 +2,9 @@ // versions: // protoc-gen-go v1.32.0 // protoc v4.25.3 -// source: proto/ccnp-server.proto +// source: proto/cima-server.proto -package ccnp +package cima import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" @@ -56,11 +56,11 @@ func (x HealthCheckResponse_ServingStatus) String() string { } func (HealthCheckResponse_ServingStatus) Descriptor() protoreflect.EnumDescriptor { - return file_proto_ccnp_server_proto_enumTypes[0].Descriptor() + return file_proto_cima_server_proto_enumTypes[0].Descriptor() } func (HealthCheckResponse_ServingStatus) Type() protoreflect.EnumType { - return &file_proto_ccnp_server_proto_enumTypes[0] + return &file_proto_cima_server_proto_enumTypes[0] } func (x HealthCheckResponse_ServingStatus) Number() protoreflect.EnumNumber { @@ -69,7 +69,7 @@ func (x HealthCheckResponse_ServingStatus) Number() protoreflect.EnumNumber { // Deprecated: Use HealthCheckResponse_ServingStatus.Descriptor instead. func (HealthCheckResponse_ServingStatus) EnumDescriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{1, 0} + return file_proto_cima_server_proto_rawDescGZIP(), []int{1, 0} } type HealthCheckRequest struct { @@ -83,7 +83,7 @@ type HealthCheckRequest struct { func (x *HealthCheckRequest) Reset() { *x = HealthCheckRequest{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[0] + mi := &file_proto_cima_server_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -96,7 +96,7 @@ func (x *HealthCheckRequest) String() string { func (*HealthCheckRequest) ProtoMessage() {} func (x *HealthCheckRequest) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[0] + mi := &file_proto_cima_server_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -109,7 +109,7 @@ func (x *HealthCheckRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use HealthCheckRequest.ProtoReflect.Descriptor instead. func (*HealthCheckRequest) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{0} + return file_proto_cima_server_proto_rawDescGZIP(), []int{0} } func (x *HealthCheckRequest) GetService() string { @@ -124,13 +124,13 @@ type HealthCheckResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Status HealthCheckResponse_ServingStatus `protobuf:"varint,1,opt,name=status,proto3,enum=ccnp_server_pb.HealthCheckResponse_ServingStatus" json:"status,omitempty"` + Status HealthCheckResponse_ServingStatus `protobuf:"varint,1,opt,name=status,proto3,enum=cima_server_pb.HealthCheckResponse_ServingStatus" json:"status,omitempty"` } func (x *HealthCheckResponse) Reset() { *x = HealthCheckResponse{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[1] + mi := &file_proto_cima_server_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -143,7 +143,7 @@ func (x *HealthCheckResponse) String() string { func (*HealthCheckResponse) ProtoMessage() {} func (x *HealthCheckResponse) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[1] + mi := &file_proto_cima_server_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -156,7 +156,7 @@ func (x *HealthCheckResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use HealthCheckResponse.ProtoReflect.Descriptor instead. func (*HealthCheckResponse) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{1} + return file_proto_cima_server_proto_rawDescGZIP(), []int{1} } func (x *HealthCheckResponse) GetStatus() HealthCheckResponse_ServingStatus { @@ -175,7 +175,7 @@ type GetDefaultAlgorithmRequest struct { func (x *GetDefaultAlgorithmRequest) Reset() { *x = GetDefaultAlgorithmRequest{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[2] + mi := &file_proto_cima_server_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -188,7 +188,7 @@ func (x *GetDefaultAlgorithmRequest) String() string { func (*GetDefaultAlgorithmRequest) ProtoMessage() {} func (x *GetDefaultAlgorithmRequest) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[2] + mi := &file_proto_cima_server_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -201,7 +201,7 @@ func (x *GetDefaultAlgorithmRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetDefaultAlgorithmRequest.ProtoReflect.Descriptor instead. func (*GetDefaultAlgorithmRequest) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{2} + return file_proto_cima_server_proto_rawDescGZIP(), []int{2} } type GetDefaultAlgorithmResponse struct { @@ -215,7 +215,7 @@ type GetDefaultAlgorithmResponse struct { func (x *GetDefaultAlgorithmResponse) Reset() { *x = GetDefaultAlgorithmResponse{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[3] + mi := &file_proto_cima_server_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -228,7 +228,7 @@ func (x *GetDefaultAlgorithmResponse) String() string { func (*GetDefaultAlgorithmResponse) ProtoMessage() {} func (x *GetDefaultAlgorithmResponse) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[3] + mi := &file_proto_cima_server_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -241,7 +241,7 @@ func (x *GetDefaultAlgorithmResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetDefaultAlgorithmResponse.ProtoReflect.Descriptor instead. func (*GetDefaultAlgorithmResponse) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{3} + return file_proto_cima_server_proto_rawDescGZIP(), []int{3} } func (x *GetDefaultAlgorithmResponse) GetAlgoId() uint32 { @@ -260,7 +260,7 @@ type GetMeasurementCountRequest struct { func (x *GetMeasurementCountRequest) Reset() { *x = GetMeasurementCountRequest{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[4] + mi := &file_proto_cima_server_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -273,7 +273,7 @@ func (x *GetMeasurementCountRequest) String() string { func (*GetMeasurementCountRequest) ProtoMessage() {} func (x *GetMeasurementCountRequest) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[4] + mi := &file_proto_cima_server_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -286,7 +286,7 @@ func (x *GetMeasurementCountRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetMeasurementCountRequest.ProtoReflect.Descriptor instead. func (*GetMeasurementCountRequest) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{4} + return file_proto_cima_server_proto_rawDescGZIP(), []int{4} } type GetMeasurementCountResponse struct { @@ -300,7 +300,7 @@ type GetMeasurementCountResponse struct { func (x *GetMeasurementCountResponse) Reset() { *x = GetMeasurementCountResponse{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[5] + mi := &file_proto_cima_server_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -313,7 +313,7 @@ func (x *GetMeasurementCountResponse) String() string { func (*GetMeasurementCountResponse) ProtoMessage() {} func (x *GetMeasurementCountResponse) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[5] + mi := &file_proto_cima_server_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -326,7 +326,7 @@ func (x *GetMeasurementCountResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetMeasurementCountResponse.ProtoReflect.Descriptor instead. func (*GetMeasurementCountResponse) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{5} + return file_proto_cima_server_proto_rawDescGZIP(), []int{5} } func (x *GetMeasurementCountResponse) GetCount() uint32 { @@ -349,7 +349,7 @@ type GetCcReportRequest struct { func (x *GetCcReportRequest) Reset() { *x = GetCcReportRequest{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[6] + mi := &file_proto_cima_server_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -362,7 +362,7 @@ func (x *GetCcReportRequest) String() string { func (*GetCcReportRequest) ProtoMessage() {} func (x *GetCcReportRequest) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[6] + mi := &file_proto_cima_server_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -375,7 +375,7 @@ func (x *GetCcReportRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetCcReportRequest.ProtoReflect.Descriptor instead. func (*GetCcReportRequest) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{6} + return file_proto_cima_server_proto_rawDescGZIP(), []int{6} } func (x *GetCcReportRequest) GetContainerId() string { @@ -411,7 +411,7 @@ type GetCcReportResponse struct { func (x *GetCcReportResponse) Reset() { *x = GetCcReportResponse{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[7] + mi := &file_proto_cima_server_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -424,7 +424,7 @@ func (x *GetCcReportResponse) String() string { func (*GetCcReportResponse) ProtoMessage() {} func (x *GetCcReportResponse) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[7] + mi := &file_proto_cima_server_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -437,7 +437,7 @@ func (x *GetCcReportResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetCcReportResponse.ProtoReflect.Descriptor instead. func (*GetCcReportResponse) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{7} + return file_proto_cima_server_proto_rawDescGZIP(), []int{7} } func (x *GetCcReportResponse) GetCcType() int32 { @@ -467,7 +467,7 @@ type GetCcMeasurementRequest struct { func (x *GetCcMeasurementRequest) Reset() { *x = GetCcMeasurementRequest{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[8] + mi := &file_proto_cima_server_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -480,7 +480,7 @@ func (x *GetCcMeasurementRequest) String() string { func (*GetCcMeasurementRequest) ProtoMessage() {} func (x *GetCcMeasurementRequest) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[8] + mi := &file_proto_cima_server_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -493,7 +493,7 @@ func (x *GetCcMeasurementRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetCcMeasurementRequest.ProtoReflect.Descriptor instead. func (*GetCcMeasurementRequest) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{8} + return file_proto_cima_server_proto_rawDescGZIP(), []int{8} } func (x *GetCcMeasurementRequest) GetContainerId() string { @@ -528,7 +528,7 @@ type GetCcMeasurementResponse struct { func (x *GetCcMeasurementResponse) Reset() { *x = GetCcMeasurementResponse{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[9] + mi := &file_proto_cima_server_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -541,7 +541,7 @@ func (x *GetCcMeasurementResponse) String() string { func (*GetCcMeasurementResponse) ProtoMessage() {} func (x *GetCcMeasurementResponse) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[9] + mi := &file_proto_cima_server_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -554,7 +554,7 @@ func (x *GetCcMeasurementResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetCcMeasurementResponse.ProtoReflect.Descriptor instead. func (*GetCcMeasurementResponse) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{9} + return file_proto_cima_server_proto_rawDescGZIP(), []int{9} } func (x *GetCcMeasurementResponse) GetMeasurement() *TcgDigest { @@ -577,7 +577,7 @@ type GetCcEventlogRequest struct { func (x *GetCcEventlogRequest) Reset() { *x = GetCcEventlogRequest{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[10] + mi := &file_proto_cima_server_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -590,7 +590,7 @@ func (x *GetCcEventlogRequest) String() string { func (*GetCcEventlogRequest) ProtoMessage() {} func (x *GetCcEventlogRequest) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[10] + mi := &file_proto_cima_server_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -603,7 +603,7 @@ func (x *GetCcEventlogRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetCcEventlogRequest.ProtoReflect.Descriptor instead. func (*GetCcEventlogRequest) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{10} + return file_proto_cima_server_proto_rawDescGZIP(), []int{10} } func (x *GetCcEventlogRequest) GetContainerId() string { @@ -639,7 +639,7 @@ type TcgDigest struct { func (x *TcgDigest) Reset() { *x = TcgDigest{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[11] + mi := &file_proto_cima_server_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -652,7 +652,7 @@ func (x *TcgDigest) String() string { func (*TcgDigest) ProtoMessage() {} func (x *TcgDigest) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[11] + mi := &file_proto_cima_server_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -665,7 +665,7 @@ func (x *TcgDigest) ProtoReflect() protoreflect.Message { // Deprecated: Use TcgDigest.ProtoReflect.Descriptor instead. func (*TcgDigest) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{11} + return file_proto_cima_server_proto_rawDescGZIP(), []int{11} } func (x *TcgDigest) GetAlgoId() uint32 { @@ -699,7 +699,7 @@ type TcgEventlog struct { func (x *TcgEventlog) Reset() { *x = TcgEventlog{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[12] + mi := &file_proto_cima_server_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -712,7 +712,7 @@ func (x *TcgEventlog) String() string { func (*TcgEventlog) ProtoMessage() {} func (x *TcgEventlog) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[12] + mi := &file_proto_cima_server_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -725,7 +725,7 @@ func (x *TcgEventlog) ProtoReflect() protoreflect.Message { // Deprecated: Use TcgEventlog.ProtoReflect.Descriptor instead. func (*TcgEventlog) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{12} + return file_proto_cima_server_proto_rawDescGZIP(), []int{12} } func (x *TcgEventlog) GetRecNum() uint32 { @@ -788,7 +788,7 @@ type GetCcEventlogResponse struct { func (x *GetCcEventlogResponse) Reset() { *x = GetCcEventlogResponse{} if protoimpl.UnsafeEnabled { - mi := &file_proto_ccnp_server_proto_msgTypes[13] + mi := &file_proto_cima_server_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -801,7 +801,7 @@ func (x *GetCcEventlogResponse) String() string { func (*GetCcEventlogResponse) ProtoMessage() {} func (x *GetCcEventlogResponse) ProtoReflect() protoreflect.Message { - mi := &file_proto_ccnp_server_proto_msgTypes[13] + mi := &file_proto_cima_server_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -814,7 +814,7 @@ func (x *GetCcEventlogResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetCcEventlogResponse.ProtoReflect.Descriptor instead. func (*GetCcEventlogResponse) Descriptor() ([]byte, []int) { - return file_proto_ccnp_server_proto_rawDescGZIP(), []int{13} + return file_proto_cima_server_proto_rawDescGZIP(), []int{13} } func (x *GetCcEventlogResponse) GetEventLogs() []*TcgEventlog { @@ -824,9 +824,9 @@ func (x *GetCcEventlogResponse) GetEventLogs() []*TcgEventlog { return nil } -var File_proto_ccnp_server_proto protoreflect.FileDescriptor +var File_proto_cima_server_proto protoreflect.FileDescriptor -var file_proto_ccnp_server_proto_rawDesc = []byte{ +var file_proto_cima_server_proto_rawDesc = []byte{ 0x0a, 0x17, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x63, 0x6e, 0x70, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x63, 0x63, 0x6e, 0x70, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x62, 0x22, 0x2e, 0x0a, 0x12, 0x48, 0x65, 0x61, @@ -962,53 +962,53 @@ var file_proto_ccnp_server_proto_rawDesc = []byte{ } var ( - file_proto_ccnp_server_proto_rawDescOnce sync.Once - file_proto_ccnp_server_proto_rawDescData = file_proto_ccnp_server_proto_rawDesc + file_proto_cima_server_proto_rawDescOnce sync.Once + file_proto_cima_server_proto_rawDescData = file_proto_cima_server_proto_rawDesc ) -func file_proto_ccnp_server_proto_rawDescGZIP() []byte { - file_proto_ccnp_server_proto_rawDescOnce.Do(func() { - file_proto_ccnp_server_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_ccnp_server_proto_rawDescData) +func file_proto_cima_server_proto_rawDescGZIP() []byte { + file_proto_cima_server_proto_rawDescOnce.Do(func() { + file_proto_cima_server_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_cima_server_proto_rawDescData) }) - return file_proto_ccnp_server_proto_rawDescData -} - -var file_proto_ccnp_server_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_proto_ccnp_server_proto_msgTypes = make([]protoimpl.MessageInfo, 15) -var file_proto_ccnp_server_proto_goTypes = []interface{}{ - (HealthCheckResponse_ServingStatus)(0), // 0: ccnp_server_pb.HealthCheckResponse.ServingStatus - (*HealthCheckRequest)(nil), // 1: ccnp_server_pb.HealthCheckRequest - (*HealthCheckResponse)(nil), // 2: ccnp_server_pb.HealthCheckResponse - (*GetDefaultAlgorithmRequest)(nil), // 3: ccnp_server_pb.GetDefaultAlgorithmRequest - (*GetDefaultAlgorithmResponse)(nil), // 4: ccnp_server_pb.GetDefaultAlgorithmResponse - (*GetMeasurementCountRequest)(nil), // 5: ccnp_server_pb.GetMeasurementCountRequest - (*GetMeasurementCountResponse)(nil), // 6: ccnp_server_pb.GetMeasurementCountResponse - (*GetCcReportRequest)(nil), // 7: ccnp_server_pb.GetCcReportRequest - (*GetCcReportResponse)(nil), // 8: ccnp_server_pb.GetCcReportResponse - (*GetCcMeasurementRequest)(nil), // 9: ccnp_server_pb.GetCcMeasurementRequest - (*GetCcMeasurementResponse)(nil), // 10: ccnp_server_pb.GetCcMeasurementResponse - (*GetCcEventlogRequest)(nil), // 11: ccnp_server_pb.GetCcEventlogRequest - (*TcgDigest)(nil), // 12: ccnp_server_pb.TcgDigest - (*TcgEventlog)(nil), // 13: ccnp_server_pb.TcgEventlog - (*GetCcEventlogResponse)(nil), // 14: ccnp_server_pb.GetCcEventlogResponse - nil, // 15: ccnp_server_pb.TcgEventlog.ExtraInfoEntry -} -var file_proto_ccnp_server_proto_depIdxs = []int32{ - 0, // 0: ccnp_server_pb.HealthCheckResponse.status:type_name -> ccnp_server_pb.HealthCheckResponse.ServingStatus - 12, // 1: ccnp_server_pb.GetCcMeasurementResponse.measurement:type_name -> ccnp_server_pb.TcgDigest - 12, // 2: ccnp_server_pb.TcgEventlog.digests:type_name -> ccnp_server_pb.TcgDigest - 15, // 3: ccnp_server_pb.TcgEventlog.extra_info:type_name -> ccnp_server_pb.TcgEventlog.ExtraInfoEntry - 13, // 4: ccnp_server_pb.GetCcEventlogResponse.event_logs:type_name -> ccnp_server_pb.TcgEventlog - 3, // 5: ccnp_server_pb.ccnp.GetDefaultAlgorithm:input_type -> ccnp_server_pb.GetDefaultAlgorithmRequest - 5, // 6: ccnp_server_pb.ccnp.GetMeasurementCount:input_type -> ccnp_server_pb.GetMeasurementCountRequest - 7, // 7: ccnp_server_pb.ccnp.GetCcReport:input_type -> ccnp_server_pb.GetCcReportRequest - 9, // 8: ccnp_server_pb.ccnp.GetCcMeasurement:input_type -> ccnp_server_pb.GetCcMeasurementRequest - 11, // 9: ccnp_server_pb.ccnp.GetCcEventlog:input_type -> ccnp_server_pb.GetCcEventlogRequest - 4, // 10: ccnp_server_pb.ccnp.GetDefaultAlgorithm:output_type -> ccnp_server_pb.GetDefaultAlgorithmResponse - 6, // 11: ccnp_server_pb.ccnp.GetMeasurementCount:output_type -> ccnp_server_pb.GetMeasurementCountResponse - 8, // 12: ccnp_server_pb.ccnp.GetCcReport:output_type -> ccnp_server_pb.GetCcReportResponse - 10, // 13: ccnp_server_pb.ccnp.GetCcMeasurement:output_type -> ccnp_server_pb.GetCcMeasurementResponse - 14, // 14: ccnp_server_pb.ccnp.GetCcEventlog:output_type -> ccnp_server_pb.GetCcEventlogResponse + return file_proto_cima_server_proto_rawDescData +} + +var file_proto_cima_server_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_proto_cima_server_proto_msgTypes = make([]protoimpl.MessageInfo, 15) +var file_proto_cima_server_proto_goTypes = []interface{}{ + (HealthCheckResponse_ServingStatus)(0), // 0: cima_server_pb.HealthCheckResponse.ServingStatus + (*HealthCheckRequest)(nil), // 1: cima_server_pb.HealthCheckRequest + (*HealthCheckResponse)(nil), // 2: cima_server_pb.HealthCheckResponse + (*GetDefaultAlgorithmRequest)(nil), // 3: cima_server_pb.GetDefaultAlgorithmRequest + (*GetDefaultAlgorithmResponse)(nil), // 4: cima_server_pb.GetDefaultAlgorithmResponse + (*GetMeasurementCountRequest)(nil), // 5: cima_server_pb.GetMeasurementCountRequest + (*GetMeasurementCountResponse)(nil), // 6: cima_server_pb.GetMeasurementCountResponse + (*GetCcReportRequest)(nil), // 7: cima_server_pb.GetCcReportRequest + (*GetCcReportResponse)(nil), // 8: cima_server_pb.GetCcReportResponse + (*GetCcMeasurementRequest)(nil), // 9: cima_server_pb.GetCcMeasurementRequest + (*GetCcMeasurementResponse)(nil), // 10: cima_server_pb.GetCcMeasurementResponse + (*GetCcEventlogRequest)(nil), // 11: cima_server_pb.GetCcEventlogRequest + (*TcgDigest)(nil), // 12: cima_server_pb.TcgDigest + (*TcgEventlog)(nil), // 13: cima_server_pb.TcgEventlog + (*GetCcEventlogResponse)(nil), // 14: cima_server_pb.GetCcEventlogResponse + nil, // 15: cima_server_pb.TcgEventlog.ExtraInfoEntry +} +var file_proto_cima_server_proto_depIdxs = []int32{ + 0, // 0: cima_server_pb.HealthCheckResponse.status:type_name -> cima_server_pb.HealthCheckResponse.ServingStatus + 12, // 1: cima_server_pb.GetCcMeasurementResponse.measurement:type_name -> cima_server_pb.TcgDigest + 12, // 2: cima_server_pb.TcgEventlog.digests:type_name -> cima_server_pb.TcgDigest + 15, // 3: cima_server_pb.TcgEventlog.extra_info:type_name -> cima_server_pb.TcgEventlog.ExtraInfoEntry + 13, // 4: cima_server_pb.GetCcEventlogResponse.event_logs:type_name -> cima_server_pb.TcgEventlog + 3, // 5: cima_server_pb.cima.GetDefaultAlgorithm:input_type -> cima_server_pb.GetDefaultAlgorithmRequest + 5, // 6: cima_server_pb.cima.GetMeasurementCount:input_type -> cima_server_pb.GetMeasurementCountRequest + 7, // 7: cima_server_pb.cima.GetCcReport:input_type -> cima_server_pb.GetCcReportRequest + 9, // 8: cima_server_pb.cima.GetCcMeasurement:input_type -> cima_server_pb.GetCcMeasurementRequest + 11, // 9: cima_server_pb.cima.GetCcEventlog:input_type -> cima_server_pb.GetCcEventlogRequest + 4, // 10: cima_server_pb.cima.GetDefaultAlgorithm:output_type -> cima_server_pb.GetDefaultAlgorithmResponse + 6, // 11: cima_server_pb.cima.GetMeasurementCount:output_type -> cima_server_pb.GetMeasurementCountResponse + 8, // 12: cima_server_pb.cima.GetCcReport:output_type -> cima_server_pb.GetCcReportResponse + 10, // 13: cima_server_pb.cima.GetCcMeasurement:output_type -> cima_server_pb.GetCcMeasurementResponse + 14, // 14: cima_server_pb.cima.GetCcEventlog:output_type -> cima_server_pb.GetCcEventlogResponse 10, // [10:15] is the sub-list for method output_type 5, // [5:10] is the sub-list for method input_type 5, // [5:5] is the sub-list for extension type_name @@ -1016,13 +1016,13 @@ var file_proto_ccnp_server_proto_depIdxs = []int32{ 0, // [0:5] is the sub-list for field type_name } -func init() { file_proto_ccnp_server_proto_init() } -func file_proto_ccnp_server_proto_init() { - if File_proto_ccnp_server_proto != nil { +func init() { file_proto_cima_server_proto_init() } +func file_proto_cima_server_proto_init() { + if File_proto_cima_server_proto != nil { return } if !protoimpl.UnsafeEnabled { - file_proto_ccnp_server_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*HealthCheckRequest); i { case 0: return &v.state @@ -1034,7 +1034,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*HealthCheckResponse); i { case 0: return &v.state @@ -1046,7 +1046,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetDefaultAlgorithmRequest); i { case 0: return &v.state @@ -1058,7 +1058,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetDefaultAlgorithmResponse); i { case 0: return &v.state @@ -1070,7 +1070,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetMeasurementCountRequest); i { case 0: return &v.state @@ -1082,7 +1082,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetMeasurementCountResponse); i { case 0: return &v.state @@ -1094,7 +1094,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetCcReportRequest); i { case 0: return &v.state @@ -1106,7 +1106,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetCcReportResponse); i { case 0: return &v.state @@ -1118,7 +1118,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetCcMeasurementRequest); i { case 0: return &v.state @@ -1130,7 +1130,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetCcMeasurementResponse); i { case 0: return &v.state @@ -1142,7 +1142,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetCcEventlogRequest); i { case 0: return &v.state @@ -1154,7 +1154,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*TcgDigest); i { case 0: return &v.state @@ -1166,7 +1166,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*TcgEventlog); i { case 0: return &v.state @@ -1178,7 +1178,7 @@ func file_proto_ccnp_server_proto_init() { return nil } } - file_proto_ccnp_server_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + file_proto_cima_server_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetCcEventlogResponse); i { case 0: return &v.state @@ -1191,25 +1191,25 @@ func file_proto_ccnp_server_proto_init() { } } } - file_proto_ccnp_server_proto_msgTypes[6].OneofWrappers = []interface{}{} - file_proto_ccnp_server_proto_msgTypes[10].OneofWrappers = []interface{}{} + file_proto_cima_server_proto_msgTypes[6].OneofWrappers = []interface{}{} + file_proto_cima_server_proto_msgTypes[10].OneofWrappers = []interface{}{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_proto_ccnp_server_proto_rawDesc, + RawDescriptor: file_proto_cima_server_proto_rawDesc, NumEnums: 1, NumMessages: 15, NumExtensions: 0, NumServices: 1, }, - GoTypes: file_proto_ccnp_server_proto_goTypes, - DependencyIndexes: file_proto_ccnp_server_proto_depIdxs, - EnumInfos: file_proto_ccnp_server_proto_enumTypes, - MessageInfos: file_proto_ccnp_server_proto_msgTypes, + GoTypes: file_proto_cima_server_proto_goTypes, + DependencyIndexes: file_proto_cima_server_proto_depIdxs, + EnumInfos: file_proto_cima_server_proto_enumTypes, + MessageInfos: file_proto_cima_server_proto_msgTypes, }.Build() - File_proto_ccnp_server_proto = out.File - file_proto_ccnp_server_proto_rawDesc = nil - file_proto_ccnp_server_proto_goTypes = nil - file_proto_ccnp_server_proto_depIdxs = nil + File_proto_cima_server_proto = out.File + file_proto_cima_server_proto_rawDesc = nil + file_proto_cima_server_proto_goTypes = nil + file_proto_cima_server_proto_depIdxs = nil } diff --git a/sdk/golang/ccnp/proto/ccnp-server.proto b/sdk/golang/cima/proto/cima-server.proto similarity index 97% rename from sdk/golang/ccnp/proto/ccnp-server.proto rename to sdk/golang/cima/proto/cima-server.proto index 9cb8a5d..d3eb55d 100644 --- a/sdk/golang/ccnp/proto/ccnp-server.proto +++ b/sdk/golang/cima/proto/cima-server.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package ccnp_server_pb; +package cima_server_pb; message HealthCheckRequest { string service = 1; @@ -16,7 +16,7 @@ message HealthCheckResponse { ServingStatus status = 1; } -service ccnp { +service cima { rpc GetDefaultAlgorithm(GetDefaultAlgorithmRequest) returns (GetDefaultAlgorithmResponse); rpc GetMeasurementCount(GetMeasurementCountRequest) returns (GetMeasurementCountResponse); rpc GetCcReport (GetCcReportRequest) returns (GetCcReportResponse); diff --git a/sdk/golang/ccnp/proto/ccnp-server_grpc.pb.go b/sdk/golang/cima/proto/cima-server_grpc.pb.go similarity index 64% rename from sdk/golang/ccnp/proto/ccnp-server_grpc.pb.go rename to sdk/golang/cima/proto/cima-server_grpc.pb.go index 8ed546a..a15bf90 100644 --- a/sdk/golang/ccnp/proto/ccnp-server_grpc.pb.go +++ b/sdk/golang/cima/proto/cima-server_grpc.pb.go @@ -2,9 +2,9 @@ // versions: // - protoc-gen-go-grpc v1.3.0 // - protoc v4.25.3 -// source: proto/ccnp-server.proto +// source: proto/cima-server.proto -package ccnp +package cima import ( context "context" @@ -19,17 +19,17 @@ import ( const _ = grpc.SupportPackageIsVersion7 const ( - Ccnp_GetDefaultAlgorithm_FullMethodName = "/ccnp_server_pb.ccnp/GetDefaultAlgorithm" - Ccnp_GetMeasurementCount_FullMethodName = "/ccnp_server_pb.ccnp/GetMeasurementCount" - Ccnp_GetCcReport_FullMethodName = "/ccnp_server_pb.ccnp/GetCcReport" - Ccnp_GetCcMeasurement_FullMethodName = "/ccnp_server_pb.ccnp/GetCcMeasurement" - Ccnp_GetCcEventlog_FullMethodName = "/ccnp_server_pb.ccnp/GetCcEventlog" + Cima_GetDefaultAlgorithm_FullMethodName = "/cima_server_pb.cima/GetDefaultAlgorithm" + Cima_GetMeasurementCount_FullMethodName = "/cima_server_pb.cima/GetMeasurementCount" + Cima_GetCcReport_FullMethodName = "/cima_server_pb.cima/GetCcReport" + Cima_GetCcMeasurement_FullMethodName = "/cima_server_pb.cima/GetCcMeasurement" + Cima_GetCcEventlog_FullMethodName = "/cima_server_pb.cima/GetCcEventlog" ) -// CcnpClient is the client API for Ccnp service. +// CimaClient is the client API for Cima service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type CcnpClient interface { +type CimaClient interface { GetDefaultAlgorithm(ctx context.Context, in *GetDefaultAlgorithmRequest, opts ...grpc.CallOption) (*GetDefaultAlgorithmResponse, error) GetMeasurementCount(ctx context.Context, in *GetMeasurementCountRequest, opts ...grpc.CallOption) (*GetMeasurementCountResponse, error) GetCcReport(ctx context.Context, in *GetCcReportRequest, opts ...grpc.CallOption) (*GetCcReportResponse, error) @@ -37,221 +37,221 @@ type CcnpClient interface { GetCcEventlog(ctx context.Context, in *GetCcEventlogRequest, opts ...grpc.CallOption) (*GetCcEventlogResponse, error) } -type ccnpClient struct { +type cimaClient struct { cc grpc.ClientConnInterface } -func NewCcnpClient(cc grpc.ClientConnInterface) CcnpClient { - return &ccnpClient{cc} +func NewCimaClient(cc grpc.ClientConnInterface) CimaClient { + return &cimaClient{cc} } -func (c *ccnpClient) GetDefaultAlgorithm(ctx context.Context, in *GetDefaultAlgorithmRequest, opts ...grpc.CallOption) (*GetDefaultAlgorithmResponse, error) { +func (c *cimaClient) GetDefaultAlgorithm(ctx context.Context, in *GetDefaultAlgorithmRequest, opts ...grpc.CallOption) (*GetDefaultAlgorithmResponse, error) { out := new(GetDefaultAlgorithmResponse) - err := c.cc.Invoke(ctx, Ccnp_GetDefaultAlgorithm_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, Cima_GetDefaultAlgorithm_FullMethodName, in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *ccnpClient) GetMeasurementCount(ctx context.Context, in *GetMeasurementCountRequest, opts ...grpc.CallOption) (*GetMeasurementCountResponse, error) { +func (c *cimaClient) GetMeasurementCount(ctx context.Context, in *GetMeasurementCountRequest, opts ...grpc.CallOption) (*GetMeasurementCountResponse, error) { out := new(GetMeasurementCountResponse) - err := c.cc.Invoke(ctx, Ccnp_GetMeasurementCount_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, Cima_GetMeasurementCount_FullMethodName, in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *ccnpClient) GetCcReport(ctx context.Context, in *GetCcReportRequest, opts ...grpc.CallOption) (*GetCcReportResponse, error) { +func (c *cimaClient) GetCcReport(ctx context.Context, in *GetCcReportRequest, opts ...grpc.CallOption) (*GetCcReportResponse, error) { out := new(GetCcReportResponse) - err := c.cc.Invoke(ctx, Ccnp_GetCcReport_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, Cima_GetCcReport_FullMethodName, in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *ccnpClient) GetCcMeasurement(ctx context.Context, in *GetCcMeasurementRequest, opts ...grpc.CallOption) (*GetCcMeasurementResponse, error) { +func (c *cimaClient) GetCcMeasurement(ctx context.Context, in *GetCcMeasurementRequest, opts ...grpc.CallOption) (*GetCcMeasurementResponse, error) { out := new(GetCcMeasurementResponse) - err := c.cc.Invoke(ctx, Ccnp_GetCcMeasurement_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, Cima_GetCcMeasurement_FullMethodName, in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *ccnpClient) GetCcEventlog(ctx context.Context, in *GetCcEventlogRequest, opts ...grpc.CallOption) (*GetCcEventlogResponse, error) { +func (c *cimaClient) GetCcEventlog(ctx context.Context, in *GetCcEventlogRequest, opts ...grpc.CallOption) (*GetCcEventlogResponse, error) { out := new(GetCcEventlogResponse) - err := c.cc.Invoke(ctx, Ccnp_GetCcEventlog_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, Cima_GetCcEventlog_FullMethodName, in, out, opts...) if err != nil { return nil, err } return out, nil } -// CcnpServer is the server API for Ccnp service. -// All implementations must embed UnimplementedCcnpServer +// CimaServer is the server API for Cima service. +// All implementations must embed UnimplementedCimaServer // for forward compatibility -type CcnpServer interface { +type CimaServer interface { GetDefaultAlgorithm(context.Context, *GetDefaultAlgorithmRequest) (*GetDefaultAlgorithmResponse, error) GetMeasurementCount(context.Context, *GetMeasurementCountRequest) (*GetMeasurementCountResponse, error) GetCcReport(context.Context, *GetCcReportRequest) (*GetCcReportResponse, error) GetCcMeasurement(context.Context, *GetCcMeasurementRequest) (*GetCcMeasurementResponse, error) GetCcEventlog(context.Context, *GetCcEventlogRequest) (*GetCcEventlogResponse, error) - mustEmbedUnimplementedCcnpServer() + mustEmbedUnimplementedCimaServer() } -// UnimplementedCcnpServer must be embedded to have forward compatible implementations. -type UnimplementedCcnpServer struct { +// UnimplementedCimaServer must be embedded to have forward compatible implementations. +type UnimplementedCimaServer struct { } -func (UnimplementedCcnpServer) GetDefaultAlgorithm(context.Context, *GetDefaultAlgorithmRequest) (*GetDefaultAlgorithmResponse, error) { +func (UnimplementedCimaServer) GetDefaultAlgorithm(context.Context, *GetDefaultAlgorithmRequest) (*GetDefaultAlgorithmResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetDefaultAlgorithm not implemented") } -func (UnimplementedCcnpServer) GetMeasurementCount(context.Context, *GetMeasurementCountRequest) (*GetMeasurementCountResponse, error) { +func (UnimplementedCimaServer) GetMeasurementCount(context.Context, *GetMeasurementCountRequest) (*GetMeasurementCountResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetMeasurementCount not implemented") } -func (UnimplementedCcnpServer) GetCcReport(context.Context, *GetCcReportRequest) (*GetCcReportResponse, error) { +func (UnimplementedCimaServer) GetCcReport(context.Context, *GetCcReportRequest) (*GetCcReportResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetCcReport not implemented") } -func (UnimplementedCcnpServer) GetCcMeasurement(context.Context, *GetCcMeasurementRequest) (*GetCcMeasurementResponse, error) { +func (UnimplementedCimaServer) GetCcMeasurement(context.Context, *GetCcMeasurementRequest) (*GetCcMeasurementResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetCcMeasurement not implemented") } -func (UnimplementedCcnpServer) GetCcEventlog(context.Context, *GetCcEventlogRequest) (*GetCcEventlogResponse, error) { +func (UnimplementedCimaServer) GetCcEventlog(context.Context, *GetCcEventlogRequest) (*GetCcEventlogResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetCcEventlog not implemented") } -func (UnimplementedCcnpServer) mustEmbedUnimplementedCcnpServer() {} +func (UnimplementedCimaServer) mustEmbedUnimplementedCimaServer() {} -// UnsafeCcnpServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to CcnpServer will +// UnsafeCimaServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to CimaServer will // result in compilation errors. -type UnsafeCcnpServer interface { - mustEmbedUnimplementedCcnpServer() +type UnsafeCimaServer interface { + mustEmbedUnimplementedCimaServer() } -func RegisterCcnpServer(s grpc.ServiceRegistrar, srv CcnpServer) { - s.RegisterService(&Ccnp_ServiceDesc, srv) +func RegisterCimaServer(s grpc.ServiceRegistrar, srv CimaServer) { + s.RegisterService(&Cima_ServiceDesc, srv) } -func _Ccnp_GetDefaultAlgorithm_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _Cima_GetDefaultAlgorithm_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(GetDefaultAlgorithmRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(CcnpServer).GetDefaultAlgorithm(ctx, in) + return srv.(CimaServer).GetDefaultAlgorithm(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: Ccnp_GetDefaultAlgorithm_FullMethodName, + FullMethod: Cima_GetDefaultAlgorithm_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CcnpServer).GetDefaultAlgorithm(ctx, req.(*GetDefaultAlgorithmRequest)) + return srv.(CimaServer).GetDefaultAlgorithm(ctx, req.(*GetDefaultAlgorithmRequest)) } return interceptor(ctx, in, info, handler) } -func _Ccnp_GetMeasurementCount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _Cima_GetMeasurementCount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(GetMeasurementCountRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(CcnpServer).GetMeasurementCount(ctx, in) + return srv.(CimaServer).GetMeasurementCount(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: Ccnp_GetMeasurementCount_FullMethodName, + FullMethod: Cima_GetMeasurementCount_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CcnpServer).GetMeasurementCount(ctx, req.(*GetMeasurementCountRequest)) + return srv.(CimaServer).GetMeasurementCount(ctx, req.(*GetMeasurementCountRequest)) } return interceptor(ctx, in, info, handler) } -func _Ccnp_GetCcReport_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _Cima_GetCcReport_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(GetCcReportRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(CcnpServer).GetCcReport(ctx, in) + return srv.(CimaServer).GetCcReport(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: Ccnp_GetCcReport_FullMethodName, + FullMethod: Cima_GetCcReport_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CcnpServer).GetCcReport(ctx, req.(*GetCcReportRequest)) + return srv.(CimaServer).GetCcReport(ctx, req.(*GetCcReportRequest)) } return interceptor(ctx, in, info, handler) } -func _Ccnp_GetCcMeasurement_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _Cima_GetCcMeasurement_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(GetCcMeasurementRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(CcnpServer).GetCcMeasurement(ctx, in) + return srv.(CimaServer).GetCcMeasurement(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: Ccnp_GetCcMeasurement_FullMethodName, + FullMethod: Cima_GetCcMeasurement_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CcnpServer).GetCcMeasurement(ctx, req.(*GetCcMeasurementRequest)) + return srv.(CimaServer).GetCcMeasurement(ctx, req.(*GetCcMeasurementRequest)) } return interceptor(ctx, in, info, handler) } -func _Ccnp_GetCcEventlog_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _Cima_GetCcEventlog_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(GetCcEventlogRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(CcnpServer).GetCcEventlog(ctx, in) + return srv.(CimaServer).GetCcEventlog(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: Ccnp_GetCcEventlog_FullMethodName, + FullMethod: Cima_GetCcEventlog_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CcnpServer).GetCcEventlog(ctx, req.(*GetCcEventlogRequest)) + return srv.(CimaServer).GetCcEventlog(ctx, req.(*GetCcEventlogRequest)) } return interceptor(ctx, in, info, handler) } -// Ccnp_ServiceDesc is the grpc.ServiceDesc for Ccnp service. +// Cima_ServiceDesc is the grpc.ServiceDesc for Cima service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) -var Ccnp_ServiceDesc = grpc.ServiceDesc{ - ServiceName: "ccnp_server_pb.ccnp", - HandlerType: (*CcnpServer)(nil), +var Cima_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "cima_server_pb.cima", + HandlerType: (*CimaServer)(nil), Methods: []grpc.MethodDesc{ { MethodName: "GetDefaultAlgorithm", - Handler: _Ccnp_GetDefaultAlgorithm_Handler, + Handler: _Cima_GetDefaultAlgorithm_Handler, }, { MethodName: "GetMeasurementCount", - Handler: _Ccnp_GetMeasurementCount_Handler, + Handler: _Cima_GetMeasurementCount_Handler, }, { MethodName: "GetCcReport", - Handler: _Ccnp_GetCcReport_Handler, + Handler: _Cima_GetCcReport_Handler, }, { MethodName: "GetCcMeasurement", - Handler: _Ccnp_GetCcMeasurement_Handler, + Handler: _Cima_GetCcMeasurement_Handler, }, { MethodName: "GetCcEventlog", - Handler: _Ccnp_GetCcEventlog_Handler, + Handler: _Cima_GetCcEventlog_Handler, }, }, Streams: []grpc.StreamDesc{}, - Metadata: "proto/ccnp-server.proto", + Metadata: "proto/cima-server.proto", } diff --git a/sdk/golang/ccnp/sdk.go b/sdk/golang/cima/sdk.go similarity index 99% rename from sdk/golang/ccnp/sdk.go rename to sdk/golang/cima/sdk.go index 37bc407..5d2ae07 100644 --- a/sdk/golang/ccnp/sdk.go +++ b/sdk/golang/cima/sdk.go @@ -3,7 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -package ccnp +package cima import ( "errors" diff --git a/sdk/golang/example/go-sdk-example.go b/sdk/golang/example/go-sdk-example.go index a80d1d3..92acf88 100644 --- a/sdk/golang/example/go-sdk-example.go +++ b/sdk/golang/example/go-sdk-example.go @@ -9,11 +9,11 @@ import ( "os" "github.com/cc-api/cc-trusted-api/common/golang/cctrusted_base" - "github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp" + "github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima" ) // func to test GetCCReport() -func testGetCCReport(sdk ccnp.SDK, logger *log.Logger) { +func testGetCCReport(sdk cima.SDK, logger *log.Logger) { logger.Println("Call [GetCCReport] to fetch attestation report...") num := uint64(rand.Int63n(math.MaxInt64)) @@ -35,7 +35,7 @@ func testGetCCReport(sdk ccnp.SDK, logger *log.Logger) { } // func to test GetCCMeasurement() -func testGetCCMeasurement(sdk ccnp.SDK, logger *log.Logger) { +func testGetCCMeasurement(sdk cima.SDK, logger *log.Logger) { logger.Println("Call [GetCCMeasurement] to fetch measurement for specific IMR[0]...") imr_index := 0 @@ -55,7 +55,7 @@ func testGetCCMeasurement(sdk ccnp.SDK, logger *log.Logger) { } // func to test GetCCEventLog() -func testGetCCEventLog(sdk ccnp.SDK, logger *log.Logger) { +func testGetCCEventLog(sdk cima.SDK, logger *log.Logger) { logger.Println("Call [GetCCEventLog] to fetch cc event logs...") /* Another example to set start to 0 and count to 10 for event log retrieval @@ -79,7 +79,7 @@ func testGetCCEventLog(sdk ccnp.SDK, logger *log.Logger) { func main() { logger := log.Default() - sdk := ccnp.SDK{} + sdk := cima.SDK{} logger.Println("Call [GetDefaultAlgorithm] to fetch default algorithm...") defaultAlg, err := sdk.GetDefaultAlgorithm() diff --git a/sdk/golang/example/go.mod b/sdk/golang/example/go.mod index 00c9941..aeff8e3 100644 --- a/sdk/golang/example/go.mod +++ b/sdk/golang/example/go.mod @@ -4,7 +4,7 @@ go 1.22.1 require ( github.com/cc-api/cc-trusted-api/common/golang/cctrusted_base v0.0.0-20240401053915-fe5bfeadd509 - github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp v0.0.0-20240401063131-998a393b583a + github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima v0.0.0-20240401063131-998a393b583a ) require ( diff --git a/sdk/golang/example/go.sum b/sdk/golang/example/go.sum index a86fc50..a80b7bb 100644 --- a/sdk/golang/example/go.sum +++ b/sdk/golang/example/go.sum @@ -1,7 +1,7 @@ github.com/cc-api/cc-trusted-api/common/golang/cctrusted_base v0.0.0-20240401053915-fe5bfeadd509 h1:Odnr+9Sponu6x5rANn7kAvdF288lcOa/0QQzlhKkfKQ= github.com/cc-api/cc-trusted-api/common/golang/cctrusted_base v0.0.0-20240401053915-fe5bfeadd509/go.mod h1:0rggJ3Z7AxSCbOfi2PBO98sAftWWsI39V7v/aG9xPmQ= -github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp v0.0.0-20240401063131-998a393b583a h1:1Z+zoOsY6ma58Vn9RgNidXP/tENPIz9LCM//3Hv19Io= -github.com/cc-api/confidential-cloud-native-primitives/sdk/golang/ccnp v0.0.0-20240401063131-998a393b583a/go.mod h1:PtDzCV0SF6ZI4ofmi07gsjFL6kPpxxZMkt+Uab6kqBM= +github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima v0.0.0-20240401063131-998a393b583a h1:1Z+zoOsY6ma58Vn9RgNidXP/tENPIz9LCM//3Hv19Io= +github.com/cc-api/container-integrity-measurement-agent/sdk/golang/cima v0.0.0-20240401063131-998a393b583a/go.mod h1:PtDzCV0SF6ZI4ofmi07gsjFL6kPpxxZMkt+Uab6kqBM= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= diff --git a/sdk/python3/README.md b/sdk/python3/README.md index a96feb6..8d1b813 100644 --- a/sdk/python3/README.md +++ b/sdk/python3/README.md @@ -1,6 +1,6 @@ -# Confidential Cloud-Native Primitives SDK for Python +# Container Integrity Measurement Agent SDK for Python -The Confidential Cloud-Native Primitives (CCNP) project is the solution targeted on simplifying the use of Trusted Execution Environment (TEE) in cloud-native environment. Currently, there are 2 parts included in CCNP, the services and the SDK. +The Container Integrity Measurement Agent (CIMA) project is the solution targeted on simplifying the use of Trusted Execution Environment (TEE) in cloud-native environment. Currently, there are 2 parts included in CIMA, the services and the SDK. - Service is designed to hide the complexity of different TEE platforms and provides common interfaces and scalability for cloud-native environment. - SDK is to simplify the use of the service interface for development, it covers communication to the service and parses the results from the services. @@ -9,10 +9,10 @@ The service supports attestation, measurement fetching and event log collecting Attestation is a common process within TEE platform and TPM to verify if the software binaries were properly instantiated on a trusted platform. Third parties can leverage the attestation process to identify the trustworthiness of the platform (by checking the measurements or event logs) as well as the software running on it, in order to decide whether they shall put their confidential information/workload onto the platform. -CCNP, as the overall framework for attestation, measurement and event log fetching, provides user with both customer-facing SDK and overall framework. By leveraging this SDK, user can easily retrieve different kinds of measurements or evidence such as event logs. Working along with different verification services (such as Amber) and configurable policies, user can validate the trustworthiness of the platform and make further decision. +CIMA, as the overall framework for attestation, measurement and event log fetching, provides user with both customer-facing SDK and overall framework. By leveraging this SDK, user can easily retrieve different kinds of measurements or evidence such as event logs. Working along with different verification services (such as Amber) and configurable policies, user can validate the trustworthiness of the platform and make further decision. [Source code][source_code] -| [Package (PyPI)][ccnp_pypi] +| [Package (PyPI)][cima_pypi] | [API reference documentation][api_doc] ## Getting started @@ -21,10 +21,10 @@ CCNP, as the overall framework for attestation, measurement and event log fetchi In order to work properly, user need to have the backend services ready on the TEE or TPM enabled platform first. Please refer to each deployment guide reside in the [service](../../service/) folder to install the backend services. ### Install the package -User can install the CCNP client library for Python with PyPI: +User can install the CIMA client library for Python with PyPI: ``` -pip install ccnp +pip install cima ``` To install from source code, user can use the following command: @@ -51,9 +51,9 @@ Here are the example usages of the SDK: * Fetch report without any inputs ```python -from ccnp import CcnpSdk +from cima import CimaSdk -CcnpSdk.inst().get_cc_report().dump() +CimaSdk.inst().get_cc_report().dump() ``` @@ -61,10 +61,10 @@ CcnpSdk.inst().get_cc_report().dump() ```python import base64 import secrets -from ccnp import CcnpSdk +from cima import CimaSdk nonce = base64.b64encode(secrets.token_urlsafe().encode()) -CcnpSdk.inst().get_cc_report(nonce=nonce).dump() +CimaSdk.inst().get_cc_report(nonce=nonce).dump() ``` @@ -72,11 +72,11 @@ CcnpSdk.inst().get_cc_report(nonce=nonce).dump() ```python import base64 import secrets -from ccnp import CcnpSdk +from cima import CimaSdk nonce = base64.b64encode(secrets.token_urlsafe().encode()) user_data = base64.b64encode(b'This data should be measured.') -CcnpSdk.inst().get_cc_report(nonce=nonce, data=user_data).dump() +CimaSdk.inst().get_cc_report(nonce=nonce, data=user_data).dump() ``` @@ -92,10 +92,10 @@ Here are the example usages for measurement SDK: * Fetch TEE measurement base on platform ```python -from ccnp import CcnpSdk +from cima import CimaSdk for i in [0, 1, 3]: - m = CcnpSdk.inst().get_cc_measurement([i, 12]) + m = CimaSdk.inst().get_cc_measurement([i, 12]) print("IMR index: %d, hash: %s"%(i, m.hash.hex())) ``` @@ -111,9 +111,9 @@ Here are the example usages of the SDK: * Fetch event log of platform and check the information inside ```python -from ccnp import CcnpSdk +from cima import CimaSdk -evt = CcnpSdk.inst().get_cc_eventlog() +evt = CimaSdk.inst().get_cc_eventlog() for e in evt: e.dump() @@ -121,13 +121,13 @@ for e in evt: * Replay the event logs ```python -from ccnp import CcnpSdk +from cima import CimaSdk -evt = CcnpSdk.inst().get_cc_eventlog() -replay = CcnpSdk.inst().replay_cc_eventlog(evt) +evt = CimaSdk.inst().get_cc_eventlog() +replay = CimaSdk.inst().replay_cc_eventlog(evt) for r in replay: print("Replay IMR[%d]: %s"%(r, replay[r][12].hex())) - m = CcnpSdk.inst().get_cc_measurement([r, 12]) + m = CimaSdk.inst().get_cc_measurement([r, 12]) print("Read IMR[%d]: %s"%(r, m.hash.hex())) if m.hash != replay[r][12]: print("Replay IMR value does not match real IMR.") @@ -141,10 +141,10 @@ TBA. ## Troubleshooting -Troubleshooting information for the CCNP SDK can be found here. +Troubleshooting information for the CIMA SDK can be found here. ## Next steps -For more information about the Confidential Cloud-Native Primitives, please see our documentation page. +For more information about the Container Integrity Measurement Agent, please see our documentation page. ## Contributing This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit the Contributor License Agreement site. @@ -157,6 +157,6 @@ See [CONTRIBUTING.md](../../CONTRIBUTING.md) for details on building, testing, a If you encounter any bugs or have suggestions, please file an issue in the Issues section of the project. -[source_code]: https://github.com/cc-api/confidential-cloud-native-primitives/tree/main/sdk/python3 -[ccnp_pypi]: https://pypi.org/project/ccnp/ +[source_code]: https://github.com/cc-api/container-integrity-measurement-agent/tree/main/sdk/python3 +[cima_pypi]: https://pypi.org/project/cima/ [api_doc]: https://github.com/cc-api/cc-trusted-api?tab=readme-ov-file#3-apis diff --git a/sdk/python3/ccnp/__init__.py b/sdk/python3/ccnp/__init__.py deleted file mode 100644 index 37db19a..0000000 --- a/sdk/python3/ccnp/__init__.py +++ /dev/null @@ -1,5 +0,0 @@ -"""CCNP framework to enable TEE related operations in cloud native environments""" - -__version__ = "0.4.0" - -from .sdk import CcnpSdk diff --git a/sdk/python3/cima/__init__.py b/sdk/python3/cima/__init__.py new file mode 100644 index 0000000..c0be0bd --- /dev/null +++ b/sdk/python3/cima/__init__.py @@ -0,0 +1,5 @@ +"""CIMA framework to enable TEE related operations in cloud native environments""" + +__version__ = "0.4.0" + +from .sdk import CimaSdk diff --git a/sdk/python3/ccnp/ccnp_server_pb2.py b/sdk/python3/cima/cima_server_pb2.py similarity index 79% rename from sdk/python3/ccnp/ccnp_server_pb2.py rename to sdk/python3/cima/cima_server_pb2.py index 77c8fd9..59c6241 100644 --- a/sdk/python3/ccnp/ccnp_server_pb2.py +++ b/sdk/python3/cima/cima_server_pb2.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! -# source: ccnp/ccnp-server.proto +# source: cima/cima-server.proto """Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import descriptor_pool as _descriptor_pool @@ -13,11 +13,11 @@ -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x16\x63\x63np/ccnp-server.proto\x12\x0e\x63\x63np_server_pb\"%\n\x12HealthCheckRequest\x12\x0f\n\x07service\x18\x01 \x01(\t\"\xa9\x01\n\x13HealthCheckResponse\x12\x41\n\x06status\x18\x01 \x01(\x0e\x32\x31.ccnp_server_pb.HealthCheckResponse.ServingStatus\"O\n\rServingStatus\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x0b\n\x07SERVING\x10\x01\x12\x0f\n\x0bNOT_SERVING\x10\x02\x12\x13\n\x0fSERVICE_UNKNOWN\x10\x03\"\x1c\n\x1aGetDefaultAlgorithmRequest\".\n\x1bGetDefaultAlgorithmResponse\x12\x0f\n\x07\x61lgo_id\x18\x01 \x01(\r\"\x1c\n\x1aGetMeasurementCountRequest\",\n\x1bGetMeasurementCountResponse\x12\r\n\x05\x63ount\x18\x01 \x01(\r\"n\n\x12GetCcReportRequest\x12\x14\n\x0c\x63ontainer_id\x18\x01 \x01(\t\x12\x16\n\tuser_data\x18\x02 \x01(\tH\x00\x88\x01\x01\x12\x12\n\x05nonce\x18\x03 \x01(\tH\x01\x88\x01\x01\x42\x0c\n\n_user_dataB\x08\n\x06_nonce\"9\n\x13GetCcReportResponse\x12\x0f\n\x07\x63\x63_type\x18\x01 \x01(\x05\x12\x11\n\tcc_report\x18\x02 \x01(\x0c\"O\n\x17GetCcMeasurementRequest\x12\x14\n\x0c\x63ontainer_id\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12\x0f\n\x07\x61lgo_id\x18\x03 \x01(\r\"J\n\x18GetCcMeasurementResponse\x12.\n\x0bmeasurement\x18\x01 \x01(\x0b\x32\x19.ccnp_server_pb.TcgDigest\"h\n\x14GetCcEventlogRequest\x12\x14\n\x0c\x63ontainer_id\x18\x01 \x01(\t\x12\x12\n\x05start\x18\x02 \x01(\rH\x00\x88\x01\x01\x12\x12\n\x05\x63ount\x18\x03 \x01(\rH\x01\x88\x01\x01\x42\x08\n\x06_startB\x08\n\x06_count\"*\n\tTcgDigest\x12\x0f\n\x07\x61lgo_id\x18\x01 \x01(\r\x12\x0c\n\x04hash\x18\x02 \x01(\x0c\"\x86\x02\n\x0bTcgEventlog\x12\x0f\n\x07rec_num\x18\x01 \x01(\r\x12\x11\n\timr_index\x18\x02 \x01(\r\x12\x12\n\nevent_type\x18\x03 \x01(\r\x12*\n\x07\x64igests\x18\x04 \x03(\x0b\x32\x19.ccnp_server_pb.TcgDigest\x12\x12\n\nevent_size\x18\x05 \x01(\r\x12\r\n\x05\x65vent\x18\x06 \x01(\x0c\x12>\n\nextra_info\x18\x07 \x03(\x0b\x32*.ccnp_server_pb.TcgEventlog.ExtraInfoEntry\x1a\x30\n\x0e\x45xtraInfoEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"H\n\x15GetCcEventlogResponse\x12/\n\nevent_logs\x18\x01 \x03(\x0b\x32\x1b.ccnp_server_pb.TcgEventlog2\x87\x04\n\x04\x63\x63np\x12n\n\x13GetDefaultAlgorithm\x12*.ccnp_server_pb.GetDefaultAlgorithmRequest\x1a+.ccnp_server_pb.GetDefaultAlgorithmResponse\x12n\n\x13GetMeasurementCount\x12*.ccnp_server_pb.GetMeasurementCountRequest\x1a+.ccnp_server_pb.GetMeasurementCountResponse\x12V\n\x0bGetCcReport\x12\".ccnp_server_pb.GetCcReportRequest\x1a#.ccnp_server_pb.GetCcReportResponse\x12g\n\x10GetCcMeasurement\x12\'.ccnp_server_pb.GetCcMeasurementRequest\x1a(.ccnp_server_pb.GetCcMeasurementResponse\"\x00\x12^\n\rGetCcEventlog\x12$.ccnp_server_pb.GetCcEventlogRequest\x1a%.ccnp_server_pb.GetCcEventlogResponse\"\x00\x62\x06proto3') +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x16\x63\x63np/cima-server.proto\x12\x0e\x63\x63np_server_pb\"%\n\x12HealthCheckRequest\x12\x0f\n\x07service\x18\x01 \x01(\t\"\xa9\x01\n\x13HealthCheckResponse\x12\x41\n\x06status\x18\x01 \x01(\x0e\x32\x31.cima_server_pb.HealthCheckResponse.ServingStatus\"O\n\rServingStatus\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x0b\n\x07SERVING\x10\x01\x12\x0f\n\x0bNOT_SERVING\x10\x02\x12\x13\n\x0fSERVICE_UNKNOWN\x10\x03\"\x1c\n\x1aGetDefaultAlgorithmRequest\".\n\x1bGetDefaultAlgorithmResponse\x12\x0f\n\x07\x61lgo_id\x18\x01 \x01(\r\"\x1c\n\x1aGetMeasurementCountRequest\",\n\x1bGetMeasurementCountResponse\x12\r\n\x05\x63ount\x18\x01 \x01(\r\"n\n\x12GetCcReportRequest\x12\x14\n\x0c\x63ontainer_id\x18\x01 \x01(\t\x12\x16\n\tuser_data\x18\x02 \x01(\tH\x00\x88\x01\x01\x12\x12\n\x05nonce\x18\x03 \x01(\tH\x01\x88\x01\x01\x42\x0c\n\n_user_dataB\x08\n\x06_nonce\"9\n\x13GetCcReportResponse\x12\x0f\n\x07\x63\x63_type\x18\x01 \x01(\x05\x12\x11\n\tcc_report\x18\x02 \x01(\x0c\"O\n\x17GetCcMeasurementRequest\x12\x14\n\x0c\x63ontainer_id\x18\x01 \x01(\t\x12\r\n\x05index\x18\x02 \x01(\r\x12\x0f\n\x07\x61lgo_id\x18\x03 \x01(\r\"J\n\x18GetCcMeasurementResponse\x12.\n\x0bmeasurement\x18\x01 \x01(\x0b\x32\x19.cima_server_pb.TcgDigest\"h\n\x14GetCcEventlogRequest\x12\x14\n\x0c\x63ontainer_id\x18\x01 \x01(\t\x12\x12\n\x05start\x18\x02 \x01(\rH\x00\x88\x01\x01\x12\x12\n\x05\x63ount\x18\x03 \x01(\rH\x01\x88\x01\x01\x42\x08\n\x06_startB\x08\n\x06_count\"*\n\tTcgDigest\x12\x0f\n\x07\x61lgo_id\x18\x01 \x01(\r\x12\x0c\n\x04hash\x18\x02 \x01(\x0c\"\x86\x02\n\x0bTcgEventlog\x12\x0f\n\x07rec_num\x18\x01 \x01(\r\x12\x11\n\timr_index\x18\x02 \x01(\r\x12\x12\n\nevent_type\x18\x03 \x01(\r\x12*\n\x07\x64igests\x18\x04 \x03(\x0b\x32\x19.cima_server_pb.TcgDigest\x12\x12\n\nevent_size\x18\x05 \x01(\r\x12\r\n\x05\x65vent\x18\x06 \x01(\x0c\x12>\n\nextra_info\x18\x07 \x03(\x0b\x32*.cima_server_pb.TcgEventlog.ExtraInfoEntry\x1a\x30\n\x0e\x45xtraInfoEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"H\n\x15GetCcEventlogResponse\x12/\n\nevent_logs\x18\x01 \x03(\x0b\x32\x1b.cima_server_pb.TcgEventlog2\x87\x04\n\x04\x63\x63np\x12n\n\x13GetDefaultAlgorithm\x12*.cima_server_pb.GetDefaultAlgorithmRequest\x1a+.cima_server_pb.GetDefaultAlgorithmResponse\x12n\n\x13GetMeasurementCount\x12*.cima_server_pb.GetMeasurementCountRequest\x1a+.cima_server_pb.GetMeasurementCountResponse\x12V\n\x0bGetCcReport\x12\".cima_server_pb.GetCcReportRequest\x1a#.cima_server_pb.GetCcReportResponse\x12g\n\x10GetCcMeasurement\x12\'.cima_server_pb.GetCcMeasurementRequest\x1a(.cima_server_pb.GetCcMeasurementResponse\"\x00\x12^\n\rGetCcEventlog\x12$.cima_server_pb.GetCcEventlogRequest\x1a%.cima_server_pb.GetCcEventlogResponse\"\x00\x62\x06proto3') _globals = globals() _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) -_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'ccnp.ccnp_server_pb2', _globals) +_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'cima.cima_server_pb2', _globals) if _descriptor._USE_C_DESCRIPTORS == False: DESCRIPTOR._options = None @@ -55,6 +55,6 @@ _globals['_TCGEVENTLOG_EXTRAINFOENTRY']._serialized_end=1148 _globals['_GETCCEVENTLOGRESPONSE']._serialized_start=1150 _globals['_GETCCEVENTLOGRESPONSE']._serialized_end=1222 - _globals['_CCNP']._serialized_start=1225 - _globals['_CCNP']._serialized_end=1744 + _globals['_CIMA']._serialized_start=1225 + _globals['_CIMA']._serialized_end=1744 # @@protoc_insertion_point(module_scope) diff --git a/sdk/python3/ccnp/ccnp_server_pb2.pyi b/sdk/python3/cima/cima_server_pb2.pyi similarity index 100% rename from sdk/python3/ccnp/ccnp_server_pb2.pyi rename to sdk/python3/cima/cima_server_pb2.pyi diff --git a/sdk/python3/ccnp/ccnp_server_pb2_grpc.py b/sdk/python3/cima/cima_server_pb2_grpc.py similarity index 71% rename from sdk/python3/ccnp/ccnp_server_pb2_grpc.py rename to sdk/python3/cima/cima_server_pb2_grpc.py index 86b18ae..9744f50 100644 --- a/sdk/python3/ccnp/ccnp_server_pb2_grpc.py +++ b/sdk/python3/cima/cima_server_pb2_grpc.py @@ -2,10 +2,10 @@ """Client and server classes corresponding to protobuf-defined services.""" import grpc -from ccnp import ccnp_server_pb2 as ccnp_dot_ccnp__server__pb2 +from cima import cima_server_pb2 as cima_dot_cima__server__pb2 -class ccnpStub(object): +class cimaStub(object): """Missing associated documentation comment in .proto file.""" def __init__(self, channel): @@ -15,33 +15,33 @@ def __init__(self, channel): channel: A grpc.Channel. """ self.GetDefaultAlgorithm = channel.unary_unary( - '/ccnp_server_pb.ccnp/GetDefaultAlgorithm', - request_serializer=ccnp_dot_ccnp__server__pb2.GetDefaultAlgorithmRequest.SerializeToString, - response_deserializer=ccnp_dot_ccnp__server__pb2.GetDefaultAlgorithmResponse.FromString, + '/cima_server_pb.cima/GetDefaultAlgorithm', + request_serializer=cima_dot_cima__server__pb2.GetDefaultAlgorithmRequest.SerializeToString, + response_deserializer=cima_dot_cima__server__pb2.GetDefaultAlgorithmResponse.FromString, ) self.GetMeasurementCount = channel.unary_unary( - '/ccnp_server_pb.ccnp/GetMeasurementCount', - request_serializer=ccnp_dot_ccnp__server__pb2.GetMeasurementCountRequest.SerializeToString, - response_deserializer=ccnp_dot_ccnp__server__pb2.GetMeasurementCountResponse.FromString, + '/cima_server_pb.cima/GetMeasurementCount', + request_serializer=cima_dot_cima__server__pb2.GetMeasurementCountRequest.SerializeToString, + response_deserializer=cima_dot_cima__server__pb2.GetMeasurementCountResponse.FromString, ) self.GetCcReport = channel.unary_unary( - '/ccnp_server_pb.ccnp/GetCcReport', - request_serializer=ccnp_dot_ccnp__server__pb2.GetCcReportRequest.SerializeToString, - response_deserializer=ccnp_dot_ccnp__server__pb2.GetCcReportResponse.FromString, + '/cima_server_pb.cima/GetCcReport', + request_serializer=cima_dot_cima__server__pb2.GetCcReportRequest.SerializeToString, + response_deserializer=cima_dot_cima__server__pb2.GetCcReportResponse.FromString, ) self.GetCcMeasurement = channel.unary_unary( - '/ccnp_server_pb.ccnp/GetCcMeasurement', - request_serializer=ccnp_dot_ccnp__server__pb2.GetCcMeasurementRequest.SerializeToString, - response_deserializer=ccnp_dot_ccnp__server__pb2.GetCcMeasurementResponse.FromString, + '/cima_server_pb.cima/GetCcMeasurement', + request_serializer=cima_dot_cima__server__pb2.GetCcMeasurementRequest.SerializeToString, + response_deserializer=cima_dot_cima__server__pb2.GetCcMeasurementResponse.FromString, ) self.GetCcEventlog = channel.unary_unary( - '/ccnp_server_pb.ccnp/GetCcEventlog', - request_serializer=ccnp_dot_ccnp__server__pb2.GetCcEventlogRequest.SerializeToString, - response_deserializer=ccnp_dot_ccnp__server__pb2.GetCcEventlogResponse.FromString, + '/cima_server_pb.cima/GetCcEventlog', + request_serializer=cima_dot_cima__server__pb2.GetCcEventlogRequest.SerializeToString, + response_deserializer=cima_dot_cima__server__pb2.GetCcEventlogResponse.FromString, ) -class ccnpServicer(object): +class cimaServicer(object): """Missing associated documentation comment in .proto file.""" def GetDefaultAlgorithm(self, request, context): @@ -75,41 +75,41 @@ def GetCcEventlog(self, request, context): raise NotImplementedError('Method not implemented!') -def add_ccnpServicer_to_server(servicer, server): +def add_cimaServicer_to_server(servicer, server): rpc_method_handlers = { 'GetDefaultAlgorithm': grpc.unary_unary_rpc_method_handler( servicer.GetDefaultAlgorithm, - request_deserializer=ccnp_dot_ccnp__server__pb2.GetDefaultAlgorithmRequest.FromString, - response_serializer=ccnp_dot_ccnp__server__pb2.GetDefaultAlgorithmResponse.SerializeToString, + request_deserializer=cima_dot_cima__server__pb2.GetDefaultAlgorithmRequest.FromString, + response_serializer=cima_dot_cima__server__pb2.GetDefaultAlgorithmResponse.SerializeToString, ), 'GetMeasurementCount': grpc.unary_unary_rpc_method_handler( servicer.GetMeasurementCount, - request_deserializer=ccnp_dot_ccnp__server__pb2.GetMeasurementCountRequest.FromString, - response_serializer=ccnp_dot_ccnp__server__pb2.GetMeasurementCountResponse.SerializeToString, + request_deserializer=cima_dot_cima__server__pb2.GetMeasurementCountRequest.FromString, + response_serializer=cima_dot_cima__server__pb2.GetMeasurementCountResponse.SerializeToString, ), 'GetCcReport': grpc.unary_unary_rpc_method_handler( servicer.GetCcReport, - request_deserializer=ccnp_dot_ccnp__server__pb2.GetCcReportRequest.FromString, - response_serializer=ccnp_dot_ccnp__server__pb2.GetCcReportResponse.SerializeToString, + request_deserializer=cima_dot_cima__server__pb2.GetCcReportRequest.FromString, + response_serializer=cima_dot_cima__server__pb2.GetCcReportResponse.SerializeToString, ), 'GetCcMeasurement': grpc.unary_unary_rpc_method_handler( servicer.GetCcMeasurement, - request_deserializer=ccnp_dot_ccnp__server__pb2.GetCcMeasurementRequest.FromString, - response_serializer=ccnp_dot_ccnp__server__pb2.GetCcMeasurementResponse.SerializeToString, + request_deserializer=cima_dot_cima__server__pb2.GetCcMeasurementRequest.FromString, + response_serializer=cima_dot_cima__server__pb2.GetCcMeasurementResponse.SerializeToString, ), 'GetCcEventlog': grpc.unary_unary_rpc_method_handler( servicer.GetCcEventlog, - request_deserializer=ccnp_dot_ccnp__server__pb2.GetCcEventlogRequest.FromString, - response_serializer=ccnp_dot_ccnp__server__pb2.GetCcEventlogResponse.SerializeToString, + request_deserializer=cima_dot_cima__server__pb2.GetCcEventlogRequest.FromString, + response_serializer=cima_dot_cima__server__pb2.GetCcEventlogResponse.SerializeToString, ), } generic_handler = grpc.method_handlers_generic_handler( - 'ccnp_server_pb.ccnp', rpc_method_handlers) + 'cima_server_pb.cima', rpc_method_handlers) server.add_generic_rpc_handlers((generic_handler,)) # This class is part of an EXPERIMENTAL API. -class ccnp(object): +class cima(object): """Missing associated documentation comment in .proto file.""" @staticmethod @@ -123,9 +123,9 @@ def GetDefaultAlgorithm(request, wait_for_ready=None, timeout=None, metadata=None): - return grpc.experimental.unary_unary(request, target, '/ccnp_server_pb.ccnp/GetDefaultAlgorithm', - ccnp_dot_ccnp__server__pb2.GetDefaultAlgorithmRequest.SerializeToString, - ccnp_dot_ccnp__server__pb2.GetDefaultAlgorithmResponse.FromString, + return grpc.experimental.unary_unary(request, target, '/cima_server_pb.cima/GetDefaultAlgorithm', + cima_dot_cima__server__pb2.GetDefaultAlgorithmRequest.SerializeToString, + cima_dot_cima__server__pb2.GetDefaultAlgorithmResponse.FromString, options, channel_credentials, insecure, call_credentials, compression, wait_for_ready, timeout, metadata) @@ -140,9 +140,9 @@ def GetMeasurementCount(request, wait_for_ready=None, timeout=None, metadata=None): - return grpc.experimental.unary_unary(request, target, '/ccnp_server_pb.ccnp/GetMeasurementCount', - ccnp_dot_ccnp__server__pb2.GetMeasurementCountRequest.SerializeToString, - ccnp_dot_ccnp__server__pb2.GetMeasurementCountResponse.FromString, + return grpc.experimental.unary_unary(request, target, '/cima_server_pb.cima/GetMeasurementCount', + cima_dot_cima__server__pb2.GetMeasurementCountRequest.SerializeToString, + cima_dot_cima__server__pb2.GetMeasurementCountResponse.FromString, options, channel_credentials, insecure, call_credentials, compression, wait_for_ready, timeout, metadata) @@ -157,9 +157,9 @@ def GetCcReport(request, wait_for_ready=None, timeout=None, metadata=None): - return grpc.experimental.unary_unary(request, target, '/ccnp_server_pb.ccnp/GetCcReport', - ccnp_dot_ccnp__server__pb2.GetCcReportRequest.SerializeToString, - ccnp_dot_ccnp__server__pb2.GetCcReportResponse.FromString, + return grpc.experimental.unary_unary(request, target, '/cima_server_pb.cima/GetCcReport', + cima_dot_cima__server__pb2.GetCcReportRequest.SerializeToString, + cima_dot_cima__server__pb2.GetCcReportResponse.FromString, options, channel_credentials, insecure, call_credentials, compression, wait_for_ready, timeout, metadata) @@ -174,9 +174,9 @@ def GetCcMeasurement(request, wait_for_ready=None, timeout=None, metadata=None): - return grpc.experimental.unary_unary(request, target, '/ccnp_server_pb.ccnp/GetCcMeasurement', - ccnp_dot_ccnp__server__pb2.GetCcMeasurementRequest.SerializeToString, - ccnp_dot_ccnp__server__pb2.GetCcMeasurementResponse.FromString, + return grpc.experimental.unary_unary(request, target, '/cima_server_pb.cima/GetCcMeasurement', + cima_dot_cima__server__pb2.GetCcMeasurementRequest.SerializeToString, + cima_dot_cima__server__pb2.GetCcMeasurementResponse.FromString, options, channel_credentials, insecure, call_credentials, compression, wait_for_ready, timeout, metadata) @@ -191,8 +191,8 @@ def GetCcEventlog(request, wait_for_ready=None, timeout=None, metadata=None): - return grpc.experimental.unary_unary(request, target, '/ccnp_server_pb.ccnp/GetCcEventlog', - ccnp_dot_ccnp__server__pb2.GetCcEventlogRequest.SerializeToString, - ccnp_dot_ccnp__server__pb2.GetCcEventlogResponse.FromString, + return grpc.experimental.unary_unary(request, target, '/cima_server_pb.cima/GetCcEventlog', + cima_dot_cima__server__pb2.GetCcEventlogRequest.SerializeToString, + cima_dot_cima__server__pb2.GetCcEventlogResponse.FromString, options, channel_credentials, insecure, call_credentials, compression, wait_for_ready, timeout, metadata) diff --git a/sdk/python3/ccnp/sdk.py b/sdk/python3/cima/sdk.py similarity index 88% rename from sdk/python3/ccnp/sdk.py rename to sdk/python3/cima/sdk.py index 0bfdcc8..d56f5df 100644 --- a/sdk/python3/ccnp/sdk.py +++ b/sdk/python3/cima/sdk.py @@ -2,7 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 """ -This package provides the definitions and helper class for CCNP SDK. +This package provides the definitions and helper class for CIMA SDK. """ import logging @@ -18,24 +18,24 @@ from cctrusted_base.tcg import TcgPcClientImrEvent from cctrusted_base.tdx.quote import TdxQuote # pylint: disable=E1101 -from ccnp import ccnp_server_pb2 -from ccnp import ccnp_server_pb2_grpc +from cima import cima_server_pb2 +from cima import cima_server_pb2_grpc LOG = logging.getLogger(__name__) # Default gRPC timeout TIMEOUT = 60 -class CcnpSdk(CCTrustedApi): - """CCNP SDK class +class CimaSdk(CCTrustedApi): + """CIMA SDK class - This class is a client to connect to CCNP Server and do gRPC call getting the + This class is a client to connect to CIMA Server and do gRPC call getting the server. Attributes: _server (str): The gRPC server to connect. _channel (Channel): The gRPC channel, thread-safe. - _stub (ccnpStub): The get CCNP stub for gRPC. + _stub (cimaStub): The get CIMA stub for gRPC. """ _inst = None @@ -46,14 +46,14 @@ def inst(cls): cls._inst = cls() return cls._inst - def __init__(self, server: str="unix:/run/ccnp/uds/ccnp-server.sock"): + def __init__(self, server: str="unix:/run/cima/uds/cima-server.sock"): """Initialize a gRPC client object This constructor initializes gRPC client object with Unix Domain Socket (UDS) path. And prepare default atrributes. Args: - server (str): gRPC server UDS path, default is /run/ccnp/uds/ccnp-server.sock + server (str): gRPC server UDS path, default is /run/cima/uds/cima-server.sock Raises: ValueError: If server UDS path is not valid. @@ -63,14 +63,14 @@ def __init__(self, server: str="unix:/run/ccnp/uds/ccnp-server.sock"): self._server = server if not os.path.exists(self._server.replace('unix:', '')): - raise RuntimeError("CCNP server does not start.") + raise RuntimeError("CIMA server does not start.") self._channel = grpc.insecure_channel(self._server, options=[('grpc.default_authority', 'localhost')]) try: grpc.channel_ready_future(self._channel).result(timeout=TIMEOUT) except grpc.FutureTimeoutError as err: - raise ConnectionRefusedError('Connection to CCNP server failed') from err - self._stub = ccnp_server_pb2_grpc.ccnpStub(self._channel) + raise ConnectionRefusedError('Connection to CIMA server failed') from err + self._stub = cima_server_pb2_grpc.cimaStub(self._channel) def _get_container_id(self) -> Optional[str]: mountinfo = "/proc/self/mountinfo" @@ -104,7 +104,7 @@ def get_default_algorithms(self) -> TcgAlgorithmRegistry: Returns: The default algorithms. """ - req = ccnp_server_pb2.GetDefaultAlgorithmRequest() + req = cima_server_pb2.GetDefaultAlgorithmRequest() resp = self._stub.GetDefaultAlgorithm(req) return TcgAlgorithmRegistry(resp.algo_id) @@ -123,7 +123,7 @@ def get_measurement_count(self) -> int: Returns: The count of measurement registers """ - req = ccnp_server_pb2.GetMeasurementCountRequest() + req = cima_server_pb2.GetMeasurementCountRequest() resp = self._stub.GetMeasurementCount(req) return resp.count @@ -146,13 +146,13 @@ def get_cc_measurement(self, imr_select:[int, int]) -> TcgDigest: LOG.error("Cannot get the container ID, please check the runing environment.") return None - req = ccnp_server_pb2.GetCcMeasurementRequest( + req = cima_server_pb2.GetCcMeasurementRequest( container_id=container_id, index=imr_select[0], algo_id=imr_select[1] ) resp = self._stub.GetCcMeasurement(req) if resp is None or resp.measurement is None: - LOG.error("CCNP service response is not correct.") + LOG.error("CIMA service response is not correct.") return None return TcgDigest(resp.measurement.algo_id, resp.measurement.hash) @@ -184,13 +184,13 @@ def get_cc_report( LOG.error("Cannot get the container ID, please check the runing environment.") return None - req = ccnp_server_pb2.GetCcReportRequest( + req = cima_server_pb2.GetCcReportRequest( container_id=container_id, nonce=nonce, user_data=data ) resp = self._stub.GetCcReport(req) if resp is None or resp.cc_type is None or resp.cc_report is None: - LOG.error("CCNP service response is not correct.") + LOG.error("CIMA service response is not correct.") return None if resp.cc_type == CCTrustedApi.TYPE_CC_TDX: @@ -219,13 +219,13 @@ def get_cc_eventlog(self, start:int = None, count:int = None) -> list: LOG.error("Cannot get the container ID, please check the runing environment.") return None - req = ccnp_server_pb2.GetCcEventlogRequest( + req = cima_server_pb2.GetCcEventlogRequest( container_id=container_id, start=start, count=count ) resp = self._stub.GetCcEventlog(req) if resp is None or resp.event_logs is None: - LOG.error("CCNP service response is not correct.") + LOG.error("CIMA service response is not correct.") return None event_logs = [] diff --git a/sdk/python3/example/py_sdk_example.py b/sdk/python3/example/py_sdk_example.py index 617fc1d..f9085a3 100644 --- a/sdk/python3/example/py_sdk_example.py +++ b/sdk/python3/example/py_sdk_example.py @@ -1,11 +1,11 @@ """ -CCNP SDK Example +CIMA SDK Example """ import logging import argparse -from ccnp import CcnpSdk +from cima import CimaSdk LOG = logging.getLogger(__name__) @@ -18,7 +18,7 @@ ) if __name__ == "__main__": - parser = argparse.ArgumentParser(description="The utility to show how to use CCNP SDK") + parser = argparse.ArgumentParser(description="The utility to show how to use CIMA SDK") parser.add_argument('-r', action='store_true', help='get cc report', dest='report') parser.add_argument('-e', action='store_true', help='get cc eventlog', dest='eventlog') parser.add_argument('-m', action='store_true', help='get cc measurement', dest='measurement') @@ -26,21 +26,21 @@ args = parser.parse_args() if args.report: - CcnpSdk.inst().get_cc_report().dump() + CimaSdk.inst().get_cc_report().dump() elif args.eventlog: - evt = CcnpSdk.inst().get_cc_eventlog() + evt = CimaSdk.inst().get_cc_eventlog() for e in evt: e.dump() elif args.measurement: for i in [0, 1, 3]: - m = CcnpSdk.inst().get_cc_measurement([i, 12]) + m = CimaSdk.inst().get_cc_measurement([i, 12]) LOG.info("IMR index: %d, hash: %s", i, m.hash.hex()) elif args.verify: - evt = CcnpSdk.inst().get_cc_eventlog() - replay = CcnpSdk.inst().replay_cc_eventlog(evt) + evt = CimaSdk.inst().get_cc_eventlog() + replay = CimaSdk.inst().replay_cc_eventlog(evt) for r in replay: LOG.info("Replay IMR[%d]: %s", r, replay[r][12].hex()) - m = CcnpSdk.inst().get_cc_measurement([r, 12]) + m = CimaSdk.inst().get_cc_measurement([r, 12]) LOG.info("Read IMR[%d]: %s", r, m.hash.hex()) if m.hash != replay[r][12]: LOG.error("Replay IMR value does not match real IMR.") diff --git a/sdk/python3/pyproject.toml b/sdk/python3/pyproject.toml index 29846ad..9264c01 100644 --- a/sdk/python3/pyproject.toml +++ b/sdk/python3/pyproject.toml @@ -1,5 +1,5 @@ [project] -name = "ccnp" +name = "cima" version = "0.4.0" authors = [ { name="Lu, Ken", email="ken.lu@intel.com" }, @@ -22,8 +22,8 @@ dependencies = [ ] [project.urls] -"Homepage" = "https://github.com/cc-api/confidential-cloud-native-primitives" -"Bug Tracker" = "https://github.com/cc-api/confidential-cloud-native-primitives/issues" +"Homepage" = "https://github.com/cc-api/container-integrity-measurement-agent" +"Bug Tracker" = "https://github.com/cc-api/container-integrity-measurement-agent/issues" [build-system] requires = ["setuptools", "wheel"] diff --git a/sdk/python3/setup.cfg b/sdk/python3/setup.cfg index e08234f..4872b76 100644 --- a/sdk/python3/setup.cfg +++ b/sdk/python3/setup.cfg @@ -1,9 +1,9 @@ [metadata] -name = ccnp +name = cima version = 0.4.0 description = SDKs to enable confidential computing in cloud native environments long_description = file: README.md -url = https://github.com/cc-api/confidential-cloud-native-primitives +url = https://github.com/cc-api/container-integrity-measurement-agent classifiers = Programming Language :: Python :: 3 Operating System :: OS Independent diff --git a/sdk/python3/tests/conftest.py b/sdk/python3/tests/conftest.py index 6194194..7b999b6 100644 --- a/sdk/python3/tests/conftest.py +++ b/sdk/python3/tests/conftest.py @@ -1,5 +1,5 @@ """ - Dummy conftest.py for ccnp. + Dummy conftest.py for cima. If you don't know what this is for, just leave it empty. Read more about conftest.py under: diff --git a/sdk/python3/tests/test_eventlog.py b/sdk/python3/tests/test_eventlog.py index 45226a5..9ade2d0 100644 --- a/sdk/python3/tests/test_eventlog.py +++ b/sdk/python3/tests/test_eventlog.py @@ -10,7 +10,7 @@ import pytest import grpc -from ccnp.eventlog.eventlog_sdk import ( +from cima.eventlog.eventlog_sdk import ( EventlogType, EventlogUtility, ) diff --git a/sdk/python3/tests/test_measurement.py b/sdk/python3/tests/test_measurement.py index 602e3f0..23bbe02 100644 --- a/sdk/python3/tests/test_measurement.py +++ b/sdk/python3/tests/test_measurement.py @@ -9,7 +9,7 @@ import logging import pytest -from ccnp.measurement.measurement_sdk import ( +from cima.measurement.measurement_sdk import ( MeasurementType, MeasurementUtility, ) diff --git a/sdk/rust/README.MD b/sdk/rust/README.MD index da05d1b..34f1e1f 100644 --- a/sdk/rust/README.MD +++ b/sdk/rust/README.MD @@ -1,6 +1,6 @@ -# Confidential Cloud-Native Primitives SDK for Rust +# Container Integrity Measurement Agent SDK for Rust -The Confidential Cloud-Native Primitives (CCNP) project is the solution targeted on simplifying the use of Trusted Execution Environment (TEE) in cloud-native environment. Currently, there are 2 parts included in CCNP, the services and the SDK. +The Container Integrity Measurement Agent (CIMA) project is the solution targeted on simplifying the use of Trusted Execution Environment (TEE) in cloud-native environment. Currently, there are 2 parts included in CIMA, the services and the SDK. - Service is designed to hide the complexity of different TEE platforms and provides common interfaces and scalability for cloud-native environment. - SDK is to simplify the use of the service interface for development, it covers communication to the service and parses the results from the services. @@ -9,7 +9,7 @@ The service supports attestation, measurement fetching and event log collecting Attestation is a common process within TEE platform and TPM to verify if the software binaries were properly instantiated on a trusted platform. Third parties can leverage the attestation process to identify the trustworthiness of the platform (by checking the measurements or event logs) as well as the software running on it, in order to decide whether they shall put their confidential information/workload onto the platform. -CCNP, as the overall framework for attestation, measurement and event log fetching, provides user with both customer-facing SDK and overall framework. By leveraging this SDK, user can easily retrieve different kinds of measurements or evidence such as event logs. Working along with different verification services (such as Amber) and configurable policies, user can validate the trustworthiness of the platform and make further decision. +CIMA, as the overall framework for attestation, measurement and event log fetching, provides user with both customer-facing SDK and overall framework. By leveraging this SDK, user can easily retrieve different kinds of measurements or evidence such as event logs. Working along with different verification services (such as Amber) and configurable policies, user can validate the trustworthiness of the platform and make further decision. [Source code][source_code] | [API reference documentation][api_doc] @@ -20,10 +20,10 @@ CCNP, as the overall framework for attestation, measurement and event log fetchi In order to work properly, user need to have the backend services ready on the TEE or TPM enabled platform first. Please refer to each deployment guide reside in the [service](../../service/) folder to install the backend services. ### Use the package -User can include CCNP client library for Rust in the `Cargo.toml` of their rust project: +User can include CIMA client library for Rust in the `Cargo.toml` of their rust project: ``` -ccnp = { git="https://github.com/cc-api/confidential-cloud-native-primitives"} +cima = { git="https://github.com/cc-api/container-integrity-measurement-agent"} ``` ## Key concepts and usage @@ -48,7 +48,7 @@ use cctrusted_base::api::*; use cctrusted_base::api_data::*; use cctrusted_base::cc_type::TeeType; use cctrusted_base::tdx::quote::TdxQuote; -use ccnp::sdk::API; +use cima::sdk::API; use log::*; use rand::Rng; @@ -148,7 +148,7 @@ Here are the example usages for measurement SDK: use cctrusted_base::api::*; use cctrusted_base::api_data::*; use cctrusted_base::tcg::TcgAlgorithmRegistry; -use ccnp::sdk::API; +use cima::sdk::API; use log::*; fn get_cc_measurement() { @@ -212,7 +212,7 @@ Here are the example usages of the SDK: ```rust use cctrusted_base::api::*; use cctrusted_base::api_data::*; -use ccnp::sdk::API; +use cima::sdk::API; use log::*; fn get_cc_eventlog() { @@ -267,10 +267,10 @@ TBA. ## Troubleshooting -Troubleshooting information for the CCNP SDK can be found here. +Troubleshooting information for the CIMA SDK can be found here. ## Next steps -For more information about the Confidential Cloud-Native Primitives, please see our documentation page. +For more information about the Container Integrity Measurement Agent, please see our documentation page. ## Contributing This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit the Contributor License Agreement site. @@ -283,5 +283,5 @@ See [CONTRIBUTING.md](../../CONTRIBUTING.md) for details on building, testing, a If you encounter any bugs or have suggestions, please file an issue in the Issues section of the project. -[source_code]: https://github.com/cc-api/confidential-cloud-native-primitives/tree/main/sdk/rust +[source_code]: https://github.com/cc-api/container-integrity-measurement-agent/tree/main/sdk/rust [api_doc]: https://github.com/cc-api/cc-trusted-api?tab=readme-ov-file#3-apis diff --git a/sdk/rust/ccnp/Cargo.toml b/sdk/rust/cima/Cargo.toml similarity index 88% rename from sdk/rust/ccnp/Cargo.toml rename to sdk/rust/cima/Cargo.toml index 55b9145..e3f9a14 100644 --- a/sdk/rust/ccnp/Cargo.toml +++ b/sdk/rust/cima/Cargo.toml @@ -1,14 +1,14 @@ [package] -name = "ccnp" +name = "cima" version = "0.1.0" edition = "2021" authors = ["Chen Hairong "] repository = "https://github.com/cc-api/cc-trusted-api" -description = "CC Trusted API CCNP SDK" +description = "CC Trusted API CIMA SDK" license = "Apache-2.0" [lib] -name = "ccnp" +name = "cima" path = "src/lib.rs" [dependencies] diff --git a/sdk/rust/ccnp/build.rs b/sdk/rust/cima/build.rs similarity index 59% rename from sdk/rust/ccnp/build.rs rename to sdk/rust/cima/build.rs index edd009c..b9f9005 100644 --- a/sdk/rust/ccnp/build.rs +++ b/sdk/rust/cima/build.rs @@ -2,15 +2,15 @@ use std::env; use std::path::PathBuf; fn main() -> Result<(), Box> { - tonic_build::compile_protos("proto/ccnp-server.proto")?; + tonic_build::compile_protos("proto/cima-server.proto")?; let original_out_dir = PathBuf::from(env::var("OUT_DIR")?); let out_dir = "./src"; tonic_build::configure() .out_dir(out_dir) - .file_descriptor_set_path(original_out_dir.join("ccnp_server_descriptor.bin")) - .compile(&["proto/ccnp-server.proto"], &["proto"])?; + .file_descriptor_set_path(original_out_dir.join("cima_server_descriptor.bin")) + .compile(&["proto/cima-server.proto"], &["proto"])?; Ok(()) } diff --git a/sdk/rust/ccnp/deny.toml b/sdk/rust/cima/deny.toml similarity index 100% rename from sdk/rust/ccnp/deny.toml rename to sdk/rust/cima/deny.toml diff --git a/sdk/rust/ccnp/proto/ccnp-server.proto b/sdk/rust/cima/proto/cima-server.proto similarity index 100% rename from sdk/rust/ccnp/proto/ccnp-server.proto rename to sdk/rust/cima/proto/cima-server.proto diff --git a/sdk/rust/ccnp/src/ccnp_server_pb.rs b/sdk/rust/cima/src/cima_server_pb.rs similarity index 92% rename from sdk/rust/ccnp/src/ccnp_server_pb.rs rename to sdk/rust/cima/src/cima_server_pb.rs index d87a0f5..5197c5a 100644 --- a/sdk/rust/ccnp/src/ccnp_server_pb.rs +++ b/sdk/rust/cima/src/cima_server_pb.rs @@ -154,15 +154,15 @@ pub struct GetCcEventlogResponse { pub event_logs: ::prost::alloc::vec::Vec, } /// Generated client implementations. -pub mod ccnp_client { +pub mod cima_client { #![allow(unused_variables, dead_code, missing_docs, clippy::let_unit_value)] use tonic::codegen::*; use tonic::codegen::http::Uri; #[derive(Debug, Clone)] - pub struct CcnpClient { + pub struct CimaClient { inner: tonic::client::Grpc, } - impl CcnpClient { + impl CimaClient { /// Attempt to create a new client by connecting to a given endpoint. pub async fn connect(dst: D) -> Result where @@ -173,7 +173,7 @@ pub mod ccnp_client { Ok(Self::new(conn)) } } - impl CcnpClient + impl CimaClient where T: tonic::client::GrpcService, T::Error: Into, @@ -191,7 +191,7 @@ pub mod ccnp_client { pub fn with_interceptor( inner: T, interceptor: F, - ) -> CcnpClient> + ) -> CimaClient> where F: tonic::service::Interceptor, T::ResponseBody: Default, @@ -205,7 +205,7 @@ pub mod ccnp_client { http::Request, >>::Error: Into + Send + Sync, { - CcnpClient::new(InterceptedService::new(inner, interceptor)) + CimaClient::new(InterceptedService::new(inner, interceptor)) } /// Compress requests with the given encoding. /// @@ -256,11 +256,11 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetDefaultAlgorithm", + "/cima_server_pb.cima/GetDefaultAlgorithm", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetDefaultAlgorithm")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetDefaultAlgorithm")); self.inner.unary(req, path, codec).await } pub async fn get_measurement_count( @@ -281,11 +281,11 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetMeasurementCount", + "/cima_server_pb.cima/GetMeasurementCount", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetMeasurementCount")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetMeasurementCount")); self.inner.unary(req, path, codec).await } pub async fn get_cc_report( @@ -306,11 +306,11 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetCcReport", + "/cima_server_pb.cima/GetCcReport", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetCcReport")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetCcReport")); self.inner.unary(req, path, codec).await } pub async fn get_cc_measurement( @@ -331,11 +331,11 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetCcMeasurement", + "/cima_server_pb.cima/GetCcMeasurement", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetCcMeasurement")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetCcMeasurement")); self.inner.unary(req, path, codec).await } pub async fn get_cc_eventlog( @@ -356,22 +356,22 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetCcEventlog", + "/cima_server_pb.cima/GetCcEventlog", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetCcEventlog")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetCcEventlog")); self.inner.unary(req, path, codec).await } } } /// Generated server implementations. -pub mod ccnp_server { +pub mod cima_server { #![allow(unused_variables, dead_code, missing_docs, clippy::let_unit_value)] use tonic::codegen::*; - /// Generated trait containing gRPC methods that should be implemented for use with CcnpServer. + /// Generated trait containing gRPC methods that should be implemented for use with CimaServer. #[async_trait] - pub trait Ccnp: Send + Sync + 'static { + pub trait Cima: Send + Sync + 'static { async fn get_default_algorithm( &self, request: tonic::Request, @@ -409,7 +409,7 @@ pub mod ccnp_server { >; } #[derive(Debug)] - pub struct CcnpServer { + pub struct CimaServer { inner: _Inner, accept_compression_encodings: EnabledCompressionEncodings, send_compression_encodings: EnabledCompressionEncodings, @@ -417,7 +417,7 @@ pub mod ccnp_server { max_encoding_message_size: Option, } struct _Inner(Arc); - impl CcnpServer { + impl CimaServer { pub fn new(inner: T) -> Self { Self::from_arc(Arc::new(inner)) } @@ -469,9 +469,9 @@ pub mod ccnp_server { self } } - impl tonic::codegen::Service> for CcnpServer + impl tonic::codegen::Service> for CimaServer where - T: Ccnp, + T: Cima, B: Body + Send + 'static, B::Error: Into + Send + 'static, { @@ -487,11 +487,11 @@ pub mod ccnp_server { fn call(&mut self, req: http::Request) -> Self::Future { let inner = self.inner.clone(); match req.uri().path() { - "/ccnp_server_pb.ccnp/GetDefaultAlgorithm" => { + "/cima_server_pb.cima/GetDefaultAlgorithm" => { #[allow(non_camel_case_types)] - struct GetDefaultAlgorithmSvc(pub Arc); + struct GetDefaultAlgorithmSvc(pub Arc); impl< - T: Ccnp, + T: Cima, > tonic::server::UnaryService for GetDefaultAlgorithmSvc { type Response = super::GetDefaultAlgorithmResponse; @@ -505,7 +505,7 @@ pub mod ccnp_server { ) -> Self::Future { let inner = Arc::clone(&self.0); let fut = async move { - ::get_default_algorithm(&inner, request).await + ::get_default_algorithm(&inner, request).await }; Box::pin(fut) } @@ -533,11 +533,11 @@ pub mod ccnp_server { }; Box::pin(fut) } - "/ccnp_server_pb.ccnp/GetMeasurementCount" => { + "/cima_server_pb.cima/GetMeasurementCount" => { #[allow(non_camel_case_types)] - struct GetMeasurementCountSvc(pub Arc); + struct GetMeasurementCountSvc(pub Arc); impl< - T: Ccnp, + T: Cima, > tonic::server::UnaryService for GetMeasurementCountSvc { type Response = super::GetMeasurementCountResponse; @@ -551,7 +551,7 @@ pub mod ccnp_server { ) -> Self::Future { let inner = Arc::clone(&self.0); let fut = async move { - ::get_measurement_count(&inner, request).await + ::get_measurement_count(&inner, request).await }; Box::pin(fut) } @@ -579,10 +579,10 @@ pub mod ccnp_server { }; Box::pin(fut) } - "/ccnp_server_pb.ccnp/GetCcReport" => { + "/cima_server_pb.cima/GetCcReport" => { #[allow(non_camel_case_types)] - struct GetCcReportSvc(pub Arc); - impl tonic::server::UnaryService + struct GetCcReportSvc(pub Arc); + impl tonic::server::UnaryService for GetCcReportSvc { type Response = super::GetCcReportResponse; type Future = BoxFuture< @@ -595,7 +595,7 @@ pub mod ccnp_server { ) -> Self::Future { let inner = Arc::clone(&self.0); let fut = async move { - ::get_cc_report(&inner, request).await + ::get_cc_report(&inner, request).await }; Box::pin(fut) } @@ -623,11 +623,11 @@ pub mod ccnp_server { }; Box::pin(fut) } - "/ccnp_server_pb.ccnp/GetCcMeasurement" => { + "/cima_server_pb.cima/GetCcMeasurement" => { #[allow(non_camel_case_types)] - struct GetCcMeasurementSvc(pub Arc); + struct GetCcMeasurementSvc(pub Arc); impl< - T: Ccnp, + T: Cima, > tonic::server::UnaryService for GetCcMeasurementSvc { type Response = super::GetCcMeasurementResponse; @@ -641,7 +641,7 @@ pub mod ccnp_server { ) -> Self::Future { let inner = Arc::clone(&self.0); let fut = async move { - ::get_cc_measurement(&inner, request).await + ::get_cc_measurement(&inner, request).await }; Box::pin(fut) } @@ -669,11 +669,11 @@ pub mod ccnp_server { }; Box::pin(fut) } - "/ccnp_server_pb.ccnp/GetCcEventlog" => { + "/cima_server_pb.cima/GetCcEventlog" => { #[allow(non_camel_case_types)] - struct GetCcEventlogSvc(pub Arc); + struct GetCcEventlogSvc(pub Arc); impl< - T: Ccnp, + T: Cima, > tonic::server::UnaryService for GetCcEventlogSvc { type Response = super::GetCcEventlogResponse; @@ -687,7 +687,7 @@ pub mod ccnp_server { ) -> Self::Future { let inner = Arc::clone(&self.0); let fut = async move { - ::get_cc_eventlog(&inner, request).await + ::get_cc_eventlog(&inner, request).await }; Box::pin(fut) } @@ -730,7 +730,7 @@ pub mod ccnp_server { } } } - impl Clone for CcnpServer { + impl Clone for CimaServer { fn clone(&self) -> Self { let inner = self.inner.clone(); Self { @@ -742,7 +742,7 @@ pub mod ccnp_server { } } } - impl Clone for _Inner { + impl Clone for _Inner { fn clone(&self) -> Self { Self(Arc::clone(&self.0)) } @@ -752,7 +752,7 @@ pub mod ccnp_server { write!(f, "{:?}", self.0) } } - impl tonic::server::NamedService for CcnpServer { - const NAME: &'static str = "ccnp_server_pb.ccnp"; + impl tonic::server::NamedService for CimaServer { + const NAME: &'static str = "cima_server_pb.cima"; } } diff --git a/sdk/rust/ccnp/src/client.rs b/sdk/rust/cima/src/client.rs similarity index 90% rename from sdk/rust/ccnp/src/client.rs rename to sdk/rust/cima/src/client.rs index 649e079..9c3cfea 100644 --- a/sdk/rust/ccnp/src/client.rs +++ b/sdk/rust/cima/src/client.rs @@ -1,5 +1,5 @@ -use crate::client::ccnp_server_pb::{ - ccnp_client::CcnpClient, GetCcEventlogRequest, GetCcEventlogResponse, GetCcMeasurementRequest, +use crate::client::cima_server_pb::{ + cima_client::CimaClient, GetCcEventlogRequest, GetCcEventlogResponse, GetCcMeasurementRequest, GetCcMeasurementResponse, GetCcReportRequest, GetCcReportResponse, GetDefaultAlgorithmRequest, GetDefaultAlgorithmResponse, GetMeasurementCountRequest, GetMeasurementCountResponse, }; @@ -26,22 +26,22 @@ lazy_static! { }; } -pub mod ccnp_server_pb { - tonic::include_proto!("ccnp_server_pb"); +pub mod cima_server_pb { + tonic::include_proto!("cima_server_pb"); } -pub struct CcnpServiceClient { - pub ccnp_uds_path: String, +pub struct CimaServiceClient { + pub cima_uds_path: String, } -impl CcnpServiceClient { +impl CimaServiceClient { async fn get_cc_report_from_server_async( &mut self, nonce: Option, data: Option, _extra_args: ExtraArgs, ) -> Result { - let uds_path = self.ccnp_uds_path.parse::().unwrap(); + let uds_path = self.cima_uds_path.parse::().unwrap(); let channel = Endpoint::try_from("http://[::]:0") .unwrap() .connect_with_connector(service_fn(move |_: Uri| { @@ -66,9 +66,9 @@ impl CcnpServiceClient { user_data: data, }); - let mut ccnp_client = CcnpClient::new(channel).max_decoding_message_size(usize::MAX); + let mut cima_client = CimaClient::new(channel).max_decoding_message_size(usize::MAX); - let response = ccnp_client + let response = cima_client .get_cc_report(request) .await .unwrap() @@ -103,7 +103,7 @@ impl CcnpServiceClient { index: u8, algo_id: u16, ) -> Result { - let uds_path = self.ccnp_uds_path.parse::().unwrap(); + let uds_path = self.cima_uds_path.parse::().unwrap(); let channel = Endpoint::try_from("http://[::]:0") .unwrap() .connect_with_connector(service_fn(move |_: Uri| { @@ -128,9 +128,9 @@ impl CcnpServiceClient { algo_id: algo_id.into(), }); - let mut ccnp_client = CcnpClient::new(channel).max_decoding_message_size(usize::MAX); + let mut cima_client = CimaClient::new(channel).max_decoding_message_size(usize::MAX); - let response = ccnp_client + let response = cima_client .get_cc_measurement(request) .await .unwrap() @@ -157,7 +157,7 @@ impl CcnpServiceClient { start: Option, count: Option, ) -> Result { - let uds_path = self.ccnp_uds_path.parse::().unwrap(); + let uds_path = self.cima_uds_path.parse::().unwrap(); let channel = Endpoint::try_from("http://[::]:0") .unwrap() .connect_with_connector(service_fn(move |_: Uri| { @@ -182,9 +182,9 @@ impl CcnpServiceClient { count, }); - let mut ccnp_client = CcnpClient::new(channel).max_decoding_message_size(usize::MAX); + let mut cima_client = CimaClient::new(channel).max_decoding_message_size(usize::MAX); - let response = ccnp_client + let response = cima_client .get_cc_eventlog(request) .await .unwrap() @@ -209,7 +209,7 @@ impl CcnpServiceClient { async fn get_cc_measurement_count_from_server_async( &mut self, ) -> Result { - let uds_path = self.ccnp_uds_path.parse::().unwrap(); + let uds_path = self.cima_uds_path.parse::().unwrap(); let channel = Endpoint::try_from("http://[::]:0") .unwrap() .connect_with_connector(service_fn(move |_: Uri| { @@ -220,9 +220,9 @@ impl CcnpServiceClient { let request = Request::new(GetMeasurementCountRequest {}); - let mut ccnp_client = CcnpClient::new(channel); + let mut cima_client = CimaClient::new(channel); - let response = ccnp_client + let response = cima_client .get_measurement_count(request) .await .unwrap() @@ -245,7 +245,7 @@ impl CcnpServiceClient { async fn get_cc_default_algorithm_from_server_async( &mut self, ) -> Result { - let uds_path = self.ccnp_uds_path.parse::().unwrap(); + let uds_path = self.cima_uds_path.parse::().unwrap(); let channel = Endpoint::try_from("http://[::]:0") .unwrap() .connect_with_connector(service_fn(move |_: Uri| { @@ -256,9 +256,9 @@ impl CcnpServiceClient { let request = Request::new(GetDefaultAlgorithmRequest {}); - let mut ccnp_client = CcnpClient::new(channel); + let mut cima_client = CimaClient::new(channel); - let response = ccnp_client + let response = cima_client .get_default_algorithm(request) .await .unwrap() diff --git a/sdk/rust/ccnp/src/lib.rs b/sdk/rust/cima/src/lib.rs similarity index 100% rename from sdk/rust/ccnp/src/lib.rs rename to sdk/rust/cima/src/lib.rs diff --git a/sdk/rust/ccnp/src/sdk.rs b/sdk/rust/cima/src/sdk.rs similarity index 79% rename from sdk/rust/ccnp/src/sdk.rs rename to sdk/rust/cima/src/sdk.rs index 51626d6..f43e521 100644 --- a/sdk/rust/ccnp/src/sdk.rs +++ b/sdk/rust/cima/src/sdk.rs @@ -1,4 +1,4 @@ -use crate::client::CcnpServiceClient; +use crate::client::CimaServiceClient; use anyhow::*; use cctrusted_base::api::CCTrustedApi; use cctrusted_base::api_data::{Algorithm, CcReport, ExtraArgs}; @@ -6,22 +6,22 @@ use cctrusted_base::binary_blob::dump_data; use cctrusted_base::tcg::*; use core::result::Result::Ok; -const UDS_PATH: &str = "/run/ccnp/uds/ccnp-server.sock"; +const UDS_PATH: &str = "/run/cima/uds/cima-server.sock"; pub struct API {} impl CCTrustedApi for API { - // CCTrustedApi trait function: get cc report from CCNP server + // CCTrustedApi trait function: get cc report from CIMA server fn get_cc_report( nonce: Option, data: Option, extra_args: ExtraArgs, ) -> Result { - let mut ccnp_service_client = CcnpServiceClient { - ccnp_uds_path: UDS_PATH.to_string(), + let mut cima_service_client = CimaServiceClient { + cima_uds_path: UDS_PATH.to_string(), }; - let response = match ccnp_service_client.get_cc_report_from_server(nonce, data, extra_args) + let response = match cima_service_client.get_cc_report_from_server(nonce, data, extra_args) { Ok(r) => r, Err(e) => { @@ -31,7 +31,7 @@ impl CCTrustedApi for API { Ok(CcReport { cc_report: response.cc_report, - cc_type: ccnp_service_client.get_tee_type_by_value(&response.cc_type), + cc_type: cima_service_client.get_tee_type_by_value(&response.cc_type), ..Default::default() }) } @@ -43,11 +43,11 @@ impl CCTrustedApi for API { // CCTrustedApi trait function: get max number of IMRs fn get_measurement_count() -> Result { - let mut ccnp_service_client = CcnpServiceClient { - ccnp_uds_path: UDS_PATH.to_string(), + let mut cima_service_client = CimaServiceClient { + cima_uds_path: UDS_PATH.to_string(), }; - let response = match ccnp_service_client.get_cc_measurement_count_from_server() { + let response = match cima_service_client.get_cc_measurement_count_from_server() { Ok(r) => r, Err(e) => { return Err(anyhow!( @@ -62,11 +62,11 @@ impl CCTrustedApi for API { // CCTrustedApi trait function: get measurements fn get_cc_measurement(index: u8, algo_id: u16) -> Result { - let mut ccnp_service_client = CcnpServiceClient { - ccnp_uds_path: UDS_PATH.to_string(), + let mut cima_service_client = CimaServiceClient { + cima_uds_path: UDS_PATH.to_string(), }; - let response = match ccnp_service_client.get_cc_measurement_from_server(index, algo_id) { + let response = match cima_service_client.get_cc_measurement_from_server(index, algo_id) { Ok(r) => r, Err(e) => { return Err(anyhow!( @@ -92,11 +92,11 @@ impl CCTrustedApi for API { start: Option, count: Option, ) -> Result, anyhow::Error> { - let mut ccnp_service_client = CcnpServiceClient { - ccnp_uds_path: UDS_PATH.to_string(), + let mut cima_service_client = CimaServiceClient { + cima_uds_path: UDS_PATH.to_string(), }; - let response = match ccnp_service_client.get_cc_eventlog_from_server(start, count) { + let response = match cima_service_client.get_cc_eventlog_from_server(start, count) { Ok(r) => r, Err(e) => { return Err(anyhow!("[get_cc_eventlog] err get cc eventlog: {:?}", e)); @@ -137,11 +137,11 @@ impl CCTrustedApi for API { // CCTrustedApi trait function: get default algorithm fn get_default_algorithm() -> Result { - let mut ccnp_service_client = CcnpServiceClient { - ccnp_uds_path: UDS_PATH.to_string(), + let mut cima_service_client = CimaServiceClient { + cima_uds_path: UDS_PATH.to_string(), }; - let response = match ccnp_service_client.get_cc_default_algorithm_from_server() { + let response = match cima_service_client.get_cc_default_algorithm_from_server() { Ok(r) => r, Err(e) => { return Err(anyhow!( diff --git a/sdk/rust/example/Cargo.toml b/sdk/rust/example/Cargo.toml index 4a75e6d..fd0a3e6 100644 --- a/sdk/rust/example/Cargo.toml +++ b/sdk/rust/example/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "cctrusted-ccnp-sample" +name = "cctrusted-cima-sample" version = "0.1.0" edition = "2021" license = "Apache-2.0" @@ -9,7 +9,7 @@ name = "rust-sdk-example" path = "src/rust-sdk-example.rs" [dependencies] -ccnp = { path = "../ccnp" } +cima = { path = "../cima" } cctrusted_base = { git="https://github.com/cc-api/cc-trusted-api" } anyhow = "1.0" log = "0.4.20" diff --git a/sdk/rust/example/src/rust-sdk-example.rs b/sdk/rust/example/src/rust-sdk-example.rs index bd645b7..681efd8 100644 --- a/sdk/rust/example/src/rust-sdk-example.rs +++ b/sdk/rust/example/src/rust-sdk-example.rs @@ -4,7 +4,7 @@ use cctrusted_base::cc_type::TeeType; use cctrusted_base::tcg::EventLogEntry; use cctrusted_base::tcg::TcgAlgorithmRegistry; use cctrusted_base::tdx::quote::TdxQuote; -use ccnp::sdk::API; +use cima::sdk::API; use log::*; use rand::Rng; diff --git a/service/ccnp-webhook/README.md b/service/ccnp-webhook/README.md deleted file mode 100644 index 2485622..0000000 --- a/service/ccnp-webhook/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# ccnp-webhook -A mutating admission webhook to add CCNP server socket to the pod who use CCNP SDK diff --git a/service/ccnp-server/Cargo.toml b/service/cima-server/Cargo.toml similarity index 95% rename from service/ccnp-server/Cargo.toml rename to service/cima-server/Cargo.toml index 75c8bff..7e72642 100644 --- a/service/ccnp-server/Cargo.toml +++ b/service/cima-server/Cargo.toml @@ -1,11 +1,11 @@ [package] -name = "ccnp_server" +name = "cima_server" version = "0.4.0" edition = "2021" license = "Apache-2.0" [[bin]] # Bin to run the quote server -name = "ccnp_server" +name = "cima_server" path = "src/main.rs" [dependencies] diff --git a/service/ccnp-server/Makefile b/service/cima-server/Makefile similarity index 96% rename from service/ccnp-server/Makefile rename to service/cima-server/Makefile index 0c4112e..ffec9d8 100644 --- a/service/ccnp-server/Makefile +++ b/service/cima-server/Makefile @@ -10,7 +10,7 @@ DESTDIR ?= $(PREFIX)/bin DEBUG ?= TARGET_DIR := target -BIN_NAME := ccnp_server +BIN_NAME := cima_server CARGO := cargo diff --git a/service/ccnp-server/README.md b/service/cima-server/README.md similarity index 72% rename from service/ccnp-server/README.md rename to service/cima-server/README.md index 206c57f..71e6ab3 100644 --- a/service/ccnp-server/README.md +++ b/service/cima-server/README.md @@ -1,4 +1,4 @@ -# CCNP Service +# CIMA Service This service will provide CC event log/CC measurement/CC report by [CC Trusted API](https://github.com/cc-api/cc-trusted-api) for remote attestation service to verify the integrity and confidentiality of the trusted computing environment and required software environment. @@ -7,11 +7,11 @@ This service will provide CC event log/CC measurement/CC report by [CC Trusted A Run the command: ``` -sudo ./ccnp_server -[2024-02-22T07:18:29Z INFO ccnp_server] [ccnp-server]: set sock file permissions: /run/ccnp/uds/ccnp-server.sock -[2024-02-22T07:18:29Z INFO ccnp_server] [ccnp-server]: staring the service... -[2024-02-22T07:18:29Z INFO ccnp_server::agent] The system has been measured as the policy defined. -[2024-02-22T07:19:03Z INFO ccnp_server::agent] Loaded ... event logs. +sudo ./cima_server +[2024-02-22T07:18:29Z INFO cima_server] [cima-server]: set sock file permissions: /run/cima/uds/cima-server.sock +[2024-02-22T07:18:29Z INFO cima_server] [cima-server]: staring the service... +[2024-02-22T07:18:29Z INFO cima_server::agent] The system has been measured as the policy defined. +[2024-02-22T07:19:03Z INFO cima_server::agent] Loaded ... event logs. ``` ## Query Information @@ -21,7 +21,7 @@ sudo ./ccnp_server Run the command: ``` -grpcurl -authority "dummy" -plaintext -d '{ "container_id": "29134314a2...", "user_data": "MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4", "nonce":"IXUKoBO1UM3c1wopN4sY" }' -unix /run/ccnp/uds/ccnp-server.sock ccnp_server_pb.ccnp.GetCcReport +grpcurl -authority "dummy" -plaintext -d '{ "container_id": "29134314a2...", "user_data": "MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4", "nonce":"IXUKoBO1UM3c1wopN4sY" }' -unix /run/cima/uds/cima-server.sock cima_server_pb.cima.GetCcReport ``` The output looks like this: @@ -38,7 +38,7 @@ The output looks like this: Run the command: ``` -grpcurl -authority "dummy" -plaintext -d '{ "container_id": "29134314a2...", "index": 0, "algo_id": 12}' -unix /run/ccnp/uds/ccnp-server.sock ccnp_server_pb.ccnp.GetCcMeasurement +grpcurl -authority "dummy" -plaintext -d '{ "container_id": "29134314a2...", "index": 0, "algo_id": 12}' -unix /run/cima/uds/cima-server.sock cima_server_pb.cima.GetCcMeasurement ``` The output looks like: @@ -57,7 +57,7 @@ The output looks like: Run the command: ``` -grpcurl -authority "dummy" -plaintext -d '{"container_id": "29134314a2...", "start": 0, "count": 3}' -unix /run/ccnp/uds/ccnp-server.sock ccnp_server_pb.ccnp.GetCcEventlog +grpcurl -authority "dummy" -plaintext -d '{"container_id": "29134314a2...", "start": 0, "count": 3}' -unix /run/cima/uds/cima-server.sock cima_server_pb.cima.GetCcEventlog ``` The output looks like: diff --git a/service/ccnp-server/build.rs b/service/cima-server/build.rs similarity index 67% rename from service/ccnp-server/build.rs rename to service/cima-server/build.rs index 5fdf926..32c06e2 100644 --- a/service/ccnp-server/build.rs +++ b/service/cima-server/build.rs @@ -7,15 +7,15 @@ use std::env; use std::path::PathBuf; fn main() -> Result<(), Box> { - tonic_build::compile_protos("proto/ccnp-server.proto")?; + tonic_build::compile_protos("proto/cima-server.proto")?; let original_out_dir = PathBuf::from(env::var("OUT_DIR")?); let out_dir = "./src"; tonic_build::configure() .out_dir(out_dir) - .file_descriptor_set_path(original_out_dir.join("ccnp_server_descriptor.bin")) - .compile(&["proto/ccnp-server.proto"], &["proto"])?; + .file_descriptor_set_path(original_out_dir.join("cima_server_descriptor.bin")) + .compile(&["proto/cima-server.proto"], &["proto"])?; Ok(()) } diff --git a/service/ccnp-server/configs/policy.yaml b/service/cima-server/configs/policy.yaml similarity index 100% rename from service/ccnp-server/configs/policy.yaml rename to service/cima-server/configs/policy.yaml diff --git a/service/ccnp-server/deny.toml b/service/cima-server/deny.toml similarity index 100% rename from service/ccnp-server/deny.toml rename to service/cima-server/deny.toml diff --git a/service/ccnp-server/proto/ccnp-server.proto b/service/cima-server/proto/cima-server.proto similarity index 97% rename from service/ccnp-server/proto/ccnp-server.proto rename to service/cima-server/proto/cima-server.proto index aa6fba6..a2b92e8 100644 --- a/service/ccnp-server/proto/ccnp-server.proto +++ b/service/cima-server/proto/cima-server.proto @@ -1,5 +1,5 @@ syntax = "proto3"; -package ccnp_server_pb; +package cima_server_pb; message HealthCheckRequest { string service = 1; @@ -15,7 +15,7 @@ message HealthCheckResponse { ServingStatus status = 1; } -service ccnp { +service cima { rpc GetDefaultAlgorithm(GetDefaultAlgorithmRequest) returns (GetDefaultAlgorithmResponse); rpc GetMeasurementCount(GetMeasurementCountRequest) returns (GetMeasurementCountResponse); rpc GetCcReport (GetCcReportRequest) returns (GetCcReportResponse); diff --git a/service/ccnp-server/src/agent.rs b/service/cima-server/src/agent.rs similarity index 99% rename from service/ccnp-server/src/agent.rs rename to service/cima-server/src/agent.rs index 9bd6f18..db29493 100644 --- a/service/ccnp-server/src/agent.rs +++ b/service/cima-server/src/agent.rs @@ -6,7 +6,7 @@ use std::cmp::Ordering; use std::collections::HashMap; use crate::{ - ccnp_pb::{TcgDigest, TcgEventlog}, + cima_pb::{TcgDigest, TcgEventlog}, container::Container, measurement::Measurement, policy::PolicyConfig, diff --git a/service/ccnp-server/src/ccnp_server_pb.rs b/service/cima-server/src/cima_server_pb.rs similarity index 93% rename from service/ccnp-server/src/ccnp_server_pb.rs rename to service/cima-server/src/cima_server_pb.rs index 4ed1f25..a905b65 100644 --- a/service/ccnp-server/src/ccnp_server_pb.rs +++ b/service/cima-server/src/cima_server_pb.rs @@ -153,15 +153,15 @@ pub struct GetCcEventlogResponse { pub event_logs: ::prost::alloc::vec::Vec, } /// Generated client implementations. -pub mod ccnp_client { +pub mod cima_client { #![allow(unused_variables, dead_code, missing_docs, clippy::let_unit_value)] use tonic::codegen::*; use tonic::codegen::http::Uri; #[derive(Debug, Clone)] - pub struct CcnpClient { + pub struct CimaClient { inner: tonic::client::Grpc, } - impl CcnpClient { + impl CimaClient { /// Attempt to create a new client by connecting to a given endpoint. pub async fn connect(dst: D) -> Result where @@ -172,7 +172,7 @@ pub mod ccnp_client { Ok(Self::new(conn)) } } - impl CcnpClient + impl CimaClient where T: tonic::client::GrpcService, T::Error: Into, @@ -190,7 +190,7 @@ pub mod ccnp_client { pub fn with_interceptor( inner: T, interceptor: F, - ) -> CcnpClient> + ) -> CimaClient> where F: tonic::service::Interceptor, T::ResponseBody: Default, @@ -204,7 +204,7 @@ pub mod ccnp_client { http::Request, >>::Error: Into + Send + Sync, { - CcnpClient::new(InterceptedService::new(inner, interceptor)) + CimaClient::new(InterceptedService::new(inner, interceptor)) } /// Compress requests with the given encoding. /// @@ -255,11 +255,11 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetDefaultAlgorithm", + "/cima_server_pb.cima/GetDefaultAlgorithm", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetDefaultAlgorithm")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetDefaultAlgorithm")); self.inner.unary(req, path, codec).await } pub async fn get_measurement_count( @@ -280,11 +280,11 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetMeasurementCount", + "/cima_server_pb.cima/GetMeasurementCount", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetMeasurementCount")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetMeasurementCount")); self.inner.unary(req, path, codec).await } pub async fn get_cc_report( @@ -305,11 +305,11 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetCcReport", + "/cima_server_pb.cima/GetCcReport", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetCcReport")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetCcReport")); self.inner.unary(req, path, codec).await } pub async fn get_cc_measurement( @@ -330,11 +330,11 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetCcMeasurement", + "/cima_server_pb.cima/GetCcMeasurement", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetCcMeasurement")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetCcMeasurement")); self.inner.unary(req, path, codec).await } pub async fn get_cc_eventlog( @@ -355,22 +355,22 @@ pub mod ccnp_client { })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( - "/ccnp_server_pb.ccnp/GetCcEventlog", + "/cima_server_pb.cima/GetCcEventlog", ); let mut req = request.into_request(); req.extensions_mut() - .insert(GrpcMethod::new("ccnp_server_pb.ccnp", "GetCcEventlog")); + .insert(GrpcMethod::new("cima_server_pb.cima", "GetCcEventlog")); self.inner.unary(req, path, codec).await } } } /// Generated server implementations. -pub mod ccnp_server { +pub mod cima_server { #![allow(unused_variables, dead_code, missing_docs, clippy::let_unit_value)] use tonic::codegen::*; - /// Generated trait containing gRPC methods that should be implemented for use with CcnpServer. + /// Generated trait containing gRPC methods that should be implemented for use with CimaServer. #[async_trait] - pub trait Ccnp: Send + Sync + 'static { + pub trait Cima: Send + Sync + 'static { async fn get_default_algorithm( &self, request: tonic::Request, @@ -408,7 +408,7 @@ pub mod ccnp_server { >; } #[derive(Debug)] - pub struct CcnpServer { + pub struct CimaServer { inner: _Inner, accept_compression_encodings: EnabledCompressionEncodings, send_compression_encodings: EnabledCompressionEncodings, @@ -416,7 +416,7 @@ pub mod ccnp_server { max_encoding_message_size: Option, } struct _Inner(Arc); - impl CcnpServer { + impl CimaServer { pub fn new(inner: T) -> Self { Self::from_arc(Arc::new(inner)) } @@ -468,9 +468,9 @@ pub mod ccnp_server { self } } - impl tonic::codegen::Service> for CcnpServer + impl tonic::codegen::Service> for CimaServer where - T: Ccnp, + T: Cima, B: Body + Send + 'static, B::Error: Into + Send + 'static, { @@ -486,11 +486,11 @@ pub mod ccnp_server { fn call(&mut self, req: http::Request) -> Self::Future { let inner = self.inner.clone(); match req.uri().path() { - "/ccnp_server_pb.ccnp/GetDefaultAlgorithm" => { + "/cima_server_pb.cima/GetDefaultAlgorithm" => { #[allow(non_camel_case_types)] - struct GetDefaultAlgorithmSvc(pub Arc); + struct GetDefaultAlgorithmSvc(pub Arc); impl< - T: Ccnp, + T: Cima, > tonic::server::UnaryService for GetDefaultAlgorithmSvc { type Response = super::GetDefaultAlgorithmResponse; @@ -532,11 +532,11 @@ pub mod ccnp_server { }; Box::pin(fut) } - "/ccnp_server_pb.ccnp/GetMeasurementCount" => { + "/cima_server_pb.cima/GetMeasurementCount" => { #[allow(non_camel_case_types)] - struct GetMeasurementCountSvc(pub Arc); + struct GetMeasurementCountSvc(pub Arc); impl< - T: Ccnp, + T: Cima, > tonic::server::UnaryService for GetMeasurementCountSvc { type Response = super::GetMeasurementCountResponse; @@ -578,10 +578,10 @@ pub mod ccnp_server { }; Box::pin(fut) } - "/ccnp_server_pb.ccnp/GetCcReport" => { + "/cima_server_pb.cima/GetCcReport" => { #[allow(non_camel_case_types)] - struct GetCcReportSvc(pub Arc); - impl tonic::server::UnaryService + struct GetCcReportSvc(pub Arc); + impl tonic::server::UnaryService for GetCcReportSvc { type Response = super::GetCcReportResponse; type Future = BoxFuture< @@ -622,11 +622,11 @@ pub mod ccnp_server { }; Box::pin(fut) } - "/ccnp_server_pb.ccnp/GetCcMeasurement" => { + "/cima_server_pb.cima/GetCcMeasurement" => { #[allow(non_camel_case_types)] - struct GetCcMeasurementSvc(pub Arc); + struct GetCcMeasurementSvc(pub Arc); impl< - T: Ccnp, + T: Cima, > tonic::server::UnaryService for GetCcMeasurementSvc { type Response = super::GetCcMeasurementResponse; @@ -668,11 +668,11 @@ pub mod ccnp_server { }; Box::pin(fut) } - "/ccnp_server_pb.ccnp/GetCcEventlog" => { + "/cima_server_pb.cima/GetCcEventlog" => { #[allow(non_camel_case_types)] - struct GetCcEventlogSvc(pub Arc); + struct GetCcEventlogSvc(pub Arc); impl< - T: Ccnp, + T: Cima, > tonic::server::UnaryService for GetCcEventlogSvc { type Response = super::GetCcEventlogResponse; @@ -729,7 +729,7 @@ pub mod ccnp_server { } } } - impl Clone for CcnpServer { + impl Clone for CimaServer { fn clone(&self) -> Self { let inner = self.inner.clone(); Self { @@ -741,7 +741,7 @@ pub mod ccnp_server { } } } - impl Clone for _Inner { + impl Clone for _Inner { fn clone(&self) -> Self { Self(Arc::clone(&self.0)) } @@ -751,7 +751,7 @@ pub mod ccnp_server { write!(f, "{:?}", self.0) } } - impl tonic::server::NamedService for CcnpServer { - const NAME: &'static str = "ccnp_server_pb.ccnp"; + impl tonic::server::NamedService for CimaServer { + const NAME: &'static str = "cima_server_pb.cima"; } } diff --git a/service/ccnp-server/src/container.rs b/service/cima-server/src/container.rs similarity index 98% rename from service/ccnp-server/src/container.rs rename to service/cima-server/src/container.rs index a88637e..1aef018 100644 --- a/service/ccnp-server/src/container.rs +++ b/service/cima-server/src/container.rs @@ -1,4 +1,4 @@ -use crate::ccnp_pb::{TcgDigest, TcgEventlog}; +use crate::cima_pb::{TcgDigest, TcgEventlog}; use anyhow::{anyhow, Error}; use cctrusted_base::tcg; use openssl::hash::{Hasher, MessageDigest}; diff --git a/service/ccnp-server/src/main.rs b/service/cima-server/src/main.rs similarity index 92% rename from service/ccnp-server/src/main.rs rename to service/cima-server/src/main.rs index 215edfd..8cbca48 100644 --- a/service/ccnp-server/src/main.rs +++ b/service/cima-server/src/main.rs @@ -3,11 +3,11 @@ pub mod container; pub mod measurement; pub mod policy; pub mod service; -pub mod ccnp_pb { - tonic::include_proto!("ccnp_server_pb"); +pub mod cima_pb { + tonic::include_proto!("cima_server_pb"); pub const FILE_DESCRIPTOR_SET: &[u8] = - tonic::include_file_descriptor_set!("ccnp_server_descriptor"); + tonic::include_file_descriptor_set!("cima_server_descriptor"); } use anyhow::Result; @@ -18,7 +18,7 @@ use tokio::net::UnixListener; use tokio_stream::wrappers::UnixListenerStream; use tonic::transport::Server; -use ccnp_pb::{ccnp_server::CcnpServer, FILE_DESCRIPTOR_SET}; +use cima_pb::{cima_server::CimaServer, FILE_DESCRIPTOR_SET}; use policy::PolicyConfig; use service::Service; @@ -26,7 +26,7 @@ use service::Service; struct Cli { /// UDS sock file #[arg(short, long)] - #[clap(default_value = "/run/ccnp/uds/ccnp-server.sock")] + #[clap(default_value = "/run/cima/uds/cima-server.sock")] sock: String, /// Input policy file #[arg(short, long)] @@ -51,37 +51,37 @@ async fn main() -> Result<(), Box> { let _ = std::fs::remove_file(sock.clone()); let uds = match UnixListener::bind(sock.clone()) { Ok(r) => r, - Err(e) => panic!("[ccnp-server]: bind UDS socket error: {:?}", e), + Err(e) => panic!("[cima-server]: bind UDS socket error: {:?}", e), }; let uds_stream = UnixListenerStream::new(uds); - info!("[ccnp-server]: set sock file permissions: {}", sock); + info!("[cima-server]: set sock file permissions: {}", sock); set_sock_perm(&sock.clone())?; let (mut health_reporter, health_service) = tonic_health::server::health_reporter(); - health_reporter.set_serving::>().await; + health_reporter.set_serving::>().await; let reflection_service = tonic_reflection::server::Builder::configure() .register_encoded_file_descriptor_set(FILE_DESCRIPTOR_SET) .build() .unwrap(); - info!("[ccnp-server]: staring the service..."); + info!("[cima-server]: staring the service..."); let service = Service::new(policy); Server::builder() .add_service(reflection_service) .add_service(health_service) - .add_service(CcnpServer::new(service)) + .add_service(CimaServer::new(service)) .serve_with_incoming(uds_stream) .await?; Ok(()) } #[cfg(test)] -mod ccnp_server_test { +mod cima_server_test { use super::*; use crate::agent::IMR; - use ccnp_pb::{ - ccnp_client::CcnpClient, GetCcEventlogRequest, GetCcMeasurementRequest, GetCcReportRequest, + use cima_pb::{ + cima_client::CimaClient, GetCcEventlogRequest, GetCcMeasurementRequest, GetCcReportRequest, }; use cctrusted_base::{cc_type::TeeType, tcg}; use policy::PolicyConfig; @@ -95,14 +95,14 @@ mod ccnp_server_test { use tower::service_fn; async fn creat_server() { - let sock = String::from("/tmp/ccnp-server.sock"); + let sock = String::from("/tmp/cima-server.sock"); let policy_path = String::from("./configs/policy.yaml"); let policy = PolicyConfig::new(policy_path); let _ = std::fs::remove_file(sock.clone()); let uds = match UnixListener::bind(sock.clone()) { Ok(r) => r, - Err(e) => panic!("[ccnp-server]: bind UDS socket error: {:?}", e), + Err(e) => panic!("[cima-server]: bind UDS socket error: {:?}", e), }; let uds_stream = UnixListenerStream::new(uds); @@ -111,24 +111,24 @@ mod ccnp_server_test { let service = Service::new(policy); tokio::spawn(async { Server::builder() - .add_service(CcnpServer::new(service)) + .add_service(CimaServer::new(service)) .serve_with_incoming(uds_stream) .await .unwrap(); }); } - async fn create_client() -> CcnpClient { + async fn create_client() -> CimaClient { let channel = Endpoint::try_from("http://[::]:40081") .unwrap() .connect_with_connector(service_fn(|_: Uri| { - let path = "/tmp/ccnp-server.sock"; + let path = "/tmp/cima-server.sock"; UnixStream::connect(path) })) .await .unwrap(); - let client = CcnpClient::new(channel); + let client = CimaClient::new(channel); return client; } diff --git a/service/ccnp-server/src/measurement.rs b/service/cima-server/src/measurement.rs similarity index 99% rename from service/ccnp-server/src/measurement.rs rename to service/cima-server/src/measurement.rs index fd3b875..e24d091 100644 --- a/service/ccnp-server/src/measurement.rs +++ b/service/cima-server/src/measurement.rs @@ -7,7 +7,7 @@ use std::fs; use crate::{ agent::IMR, - ccnp_pb::{TcgDigest, TcgEventlog}, + cima_pb::{TcgDigest, TcgEventlog}, policy::PolicyConfig, }; diff --git a/service/ccnp-server/src/policy.rs b/service/cima-server/src/policy.rs similarity index 100% rename from service/ccnp-server/src/policy.rs rename to service/cima-server/src/policy.rs diff --git a/service/ccnp-server/src/service.rs b/service/cima-server/src/service.rs similarity index 97% rename from service/ccnp-server/src/service.rs rename to service/cima-server/src/service.rs index bb65c29..8f35894 100644 --- a/service/ccnp-server/src/service.rs +++ b/service/cima-server/src/service.rs @@ -5,8 +5,8 @@ use tonic::{Request, Response, Status}; use crate::{ agent::Agent, - ccnp_pb::{ - ccnp_server::Ccnp, GetCcEventlogRequest, GetCcEventlogResponse, GetCcMeasurementRequest, + cima_pb::{ + cima_server::Cima, GetCcEventlogRequest, GetCcEventlogResponse, GetCcMeasurementRequest, GetCcMeasurementResponse, GetCcReportRequest, GetCcReportResponse, GetDefaultAlgorithmRequest, GetDefaultAlgorithmResponse, GetMeasurementCountRequest, GetMeasurementCountResponse, @@ -30,7 +30,7 @@ impl Service { } #[tonic::async_trait] -impl Ccnp for Service { +impl Cima for Service { async fn get_default_algorithm( &self, _request: Request, diff --git a/service/ccnp-webhook/.gitignore b/service/cima-webhook/.gitignore similarity index 100% rename from service/ccnp-webhook/.gitignore rename to service/cima-webhook/.gitignore diff --git a/service/ccnp-webhook/.golangci.yml b/service/cima-webhook/.golangci.yml similarity index 100% rename from service/ccnp-webhook/.golangci.yml rename to service/cima-webhook/.golangci.yml diff --git a/service/ccnp-webhook/PROJECT b/service/cima-webhook/PROJECT similarity index 71% rename from service/ccnp-webhook/PROJECT rename to service/cima-webhook/PROJECT index 016d8d7..302bfe6 100644 --- a/service/ccnp-webhook/PROJECT +++ b/service/cima-webhook/PROJECT @@ -5,6 +5,6 @@ domain: github.com layout: - go.kubebuilder.io/v4 -projectName: ccnp-webhook -repo: github.com/cc-api/confidential-cloud-native-primitives/service/ccnp-webhook +projectName: cima-webhook +repo: github.com/cc-api/container-integrity-measurement-agent/service/cima-webhook version: "3" diff --git a/service/cima-webhook/README.md b/service/cima-webhook/README.md new file mode 100644 index 0000000..453d476 --- /dev/null +++ b/service/cima-webhook/README.md @@ -0,0 +1,2 @@ +# cima-webhook +A mutating admission webhook to add CIMA server socket to the pod who use CIMA SDK diff --git a/service/ccnp-webhook/go.mod b/service/cima-webhook/go.mod similarity index 97% rename from service/ccnp-webhook/go.mod rename to service/cima-webhook/go.mod index c1082f1..7b50679 100644 --- a/service/ccnp-webhook/go.mod +++ b/service/cima-webhook/go.mod @@ -1,4 +1,4 @@ -module github.com/cc-api/confidential-cloud-native-primitives/service/ccnp-webhook +module github.com/cc-api/container-integrity-measurement-agent/service/cima-webhook go 1.21 diff --git a/service/ccnp-webhook/go.sum b/service/cima-webhook/go.sum similarity index 100% rename from service/ccnp-webhook/go.sum rename to service/cima-webhook/go.sum diff --git a/service/ccnp-webhook/hack/gen-certs.sh b/service/cima-webhook/hack/gen-certs.sh similarity index 100% rename from service/ccnp-webhook/hack/gen-certs.sh rename to service/cima-webhook/hack/gen-certs.sh diff --git a/service/ccnp-webhook/main.go b/service/cima-webhook/main.go similarity index 98% rename from service/ccnp-webhook/main.go rename to service/cima-webhook/main.go index c774f48..79c9512 100644 --- a/service/ccnp-webhook/main.go +++ b/service/cima-webhook/main.go @@ -101,7 +101,7 @@ func main() { CertName: certName, }) - server.Register("/mutate", &webhook.Admission{Handler: &podCcnpWebhook{ + server.Register("/mutate", &webhook.Admission{Handler: &podCimaWebhook{ Client: mgr.GetClient(), decoder: admission.NewDecoder(mgr.GetScheme()), }}) diff --git a/service/ccnp-webhook/pod_webhook.go b/service/cima-webhook/pod_webhook.go similarity index 76% rename from service/ccnp-webhook/pod_webhook.go rename to service/cima-webhook/pod_webhook.go index a09a1f9..d8e460f 100644 --- a/service/ccnp-webhook/pod_webhook.go +++ b/service/cima-webhook/pod_webhook.go @@ -11,20 +11,20 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) -const CcnpAnnotation = "ccnp.cc-api/require" -const CcnpServerSockDir = "/run/ccnp/uds/" +const CimaAnnotation = "cima.cc-api/require" +const CimaServerSockDir = "/run/cima/uds/" -type podCcnpWebhook struct { +type podCimaWebhook struct { Client client.Client decoder *admission.Decoder Annotation bool } -func NewPodCcnpWebhook() *podCcnpWebhook { - return &podCcnpWebhook{} +func NewPodCimaWebhook() *podCimaWebhook { + return &podCimaWebhook{} } -func (a *podCcnpWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { +func (a *podCimaWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { pod := &corev1.Pod{} if err := a.decoder.Decode(req, pod); err != nil { return admission.Errored(http.StatusBadRequest, err) @@ -32,7 +32,7 @@ func (a *podCcnpWebhook) Handle(ctx context.Context, req admission.Request) admi // check for the existence of a pod annotation if enabled if a.Annotation { - value, ok := pod.Annotations[CcnpAnnotation] + value, ok := pod.Annotations[CimaAnnotation] if !ok { return admission.Allowed("Got no pod annotation.") } @@ -48,12 +48,12 @@ func (a *podCcnpWebhook) Handle(ctx context.Context, req admission.Request) admi } pathType := corev1.HostPathDirectory - sockName := "ccnp-server-sock" + sockName := "cima-server-sock" pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{ Name: sockName, VolumeSource: corev1.VolumeSource{ HostPath: &corev1.HostPathVolumeSource{ - Path: CcnpServerSockDir, + Path: CimaServerSockDir, Type: &pathType, }, }, @@ -64,7 +64,7 @@ func (a *podCcnpWebhook) Handle(ctx context.Context, req admission.Request) admi container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ Name: sockName, ReadOnly: false, - MountPath: CcnpServerSockDir, + MountPath: CimaServerSockDir, }) } @@ -76,7 +76,7 @@ func (a *podCcnpWebhook) Handle(ctx context.Context, req admission.Request) admi return admission.PatchResponseFromRaw(req.Object.Raw, marshaledPod) } -func (a *podCcnpWebhook) InjectDecoder(d *admission.Decoder) error { +func (a *podCimaWebhook) InjectDecoder(d *admission.Decoder) error { a.decoder = d return nil } diff --git a/test/ci-test/ci-e2e-test.sh b/test/ci-test/ci-e2e-test.sh index d2de56d..20f4202 100755 --- a/test/ci-test/ci-e2e-test.sh +++ b/test/ci-test/ci-e2e-test.sh @@ -1,15 +1,15 @@ #!/bin/bash -# This is a CI test script. The script will run in ccnp-example pod. +# This is a CI test script. The script will run in cima-example pod. # It will check SDK of python, golang and rust. set -o errexit -PY_WORK_DIR='/run/ccnp/ci-test/py-test' +PY_WORK_DIR='/run/cima/ci-test/py-test' for i in {1..3} do - POD_NAME=$(kubectl get po -n ccnp | grep ccnp-example | grep Running | awk '{ print $1 }') + POD_NAME=$(kubectl get po -n cima | grep cima-example | grep Running | awk '{ print $1 }') if [[ -z "$POD_NAME" ]] then sleep 2 @@ -20,19 +20,19 @@ do done if [ -z "$POD_NAME" ]; then - echo "Error: CCNP example pod is not Running." + echo "Error: CIMA example pod is not Running." exit 1 fi # Run python tests echo "--------> Run python test........." -kubectl exec -it "$POD_NAME" -n ccnp -- pytest -v ${PY_WORK_DIR} +kubectl exec -it "$POD_NAME" -n cima -- pytest -v ${PY_WORK_DIR} # Run go tests echo "--------> Run go test........." -kubectl exec -it "$POD_NAME" -n ccnp -- ./go-sdk-example +kubectl exec -it "$POD_NAME" -n cima -- ./go-sdk-example # Run rust tests echo "--------> Run rust test........." -kubectl exec -it "$POD_NAME" -n ccnp -- ./rust-sdk-example +kubectl exec -it "$POD_NAME" -n cima -- ./rust-sdk-example diff --git a/test/ci-test/py-test/test_ccnp.py b/test/ci-test/py-test/test_cima.py similarity index 73% rename from test/ci-test/py-test/test_ccnp.py rename to test/ci-test/py-test/test_cima.py index 5523e3b..427231d 100644 --- a/test/ci-test/py-test/test_ccnp.py +++ b/test/ci-test/py-test/test_cima.py @@ -1,5 +1,5 @@ """ -CCNP test: +CIMA test: 1. Verify Event logs with RTMR values 2. Verify CC report can be returned successfully 3. Verify IMR[0], IMR[1] and IMR[3] (container event log hash) is not empty @@ -7,7 +7,7 @@ import logging -from ccnp import CcnpSdk +from cima import CimaSdk LOG = logging.getLogger(__name__) @@ -19,19 +19,19 @@ ] ) -class TestCCNP: +class TestCIMA: ''' - Tests for CCNP python SDK + Tests for CIMA python SDK ''' def test_eventlog_verify(self): ''' Replay and verify event logs ''' - evt = CcnpSdk.inst().get_cc_eventlog() - replay = CcnpSdk.inst().replay_cc_eventlog(evt) + evt = CimaSdk.inst().get_cc_eventlog() + replay = CimaSdk.inst().replay_cc_eventlog(evt) for r in replay: LOG.info("Replay IMR[%d]: %s", r, replay[r][12].hex()) - m = CcnpSdk.inst().get_cc_measurement([r, 12]) + m = CimaSdk.inst().get_cc_measurement([r, 12]) LOG.info("Read IMR[%d]: %s", r, m.hash.hex()) assert m.hash == replay[r][12], "Replay IMR value does not match real IMR." @@ -39,12 +39,12 @@ def test_cc_report(self): ''' Test CC report ''' - assert CcnpSdk.inst().get_cc_report().dump() != "" + assert CimaSdk.inst().get_cc_report().dump() != "" def test_container_imr(self): ''' Test container IMR ''' for i in [0, 1, 3]: - m = CcnpSdk.inst().get_cc_measurement([i, 12]) + m = CimaSdk.inst().get_cc_measurement([i, 12]) assert m.hash.hex() != "", "IMR value should not empty." diff --git a/test/perf/README.md b/test/perf/README.md index 84d9a34..5ab4dc9 100644 --- a/test/perf/README.md +++ b/test/perf/README.md @@ -4,99 +4,99 @@ We have these KPIs for performance test. | KPI​ | HIB/LIB​ | Unit​ | Comment​ | | ------------------------------------------- | -------- | ----- | ----------------------------------------------------- | -| CCNP service get measurement throughput​ | HIB​ | ops​ | Service Throughput​ | -| CCNP service get measurement response time​ | LIB​ | ms​ | Service Response time​ | -| CCNP service get eventlog throughput​ | HIB​ | ops​ | Service Throughput​ | -| CCNP service get eventlog response time​ | LIB​ | ms​ | Service Response time​ | -| CCNP service get quote throughput​ | HIB​ | ops​ | Service Throughput​ | -| CCNP service get quote response time​ | LIB​ | ms​ | Service Response time​ | -| CCNP initialization time​ | LIB​ | s​ | CCNP device plugin, DaemonSet and service readiness.​ | +| CIMA service get measurement throughput​ | HIB​ | ops​ | Service Throughput​ | +| CIMA service get measurement response time​ | LIB​ | ms​ | Service Response time​ | +| CIMA service get eventlog throughput​ | HIB​ | ops​ | Service Throughput​ | +| CIMA service get eventlog response time​ | LIB​ | ms​ | Service Response time​ | +| CIMA service get quote throughput​ | HIB​ | ops​ | Service Throughput​ | +| CIMA service get quote response time​ | LIB​ | ms​ | Service Response time​ | +| CIMA initialization time​ | LIB​ | s​ | CIMA device plugin, DaemonSet and service readiness.​ | -*Note: we use the CCNP SDK to access the CCNP service because it's convenient to prepare the request data (e.g. container ID, etc.)​ +*Note: we use the CIMA SDK to access the CIMA service because it's convenient to prepare the request data (e.g. container ID, etc.)​ Below are the steps for you to build and run the performance test. ## Prerequisites -To run the test, you need a K8S cluster with CCNP enabled (CCNP Device Plugin and CCNP Service deployed and ready). +To run the test, you need a K8S cluster with CIMA enabled (CIMA Device Plugin and CIMA Service deployed and ready). ## Build ```bash # Make sure you are on the repo's top dir -cd +cd # Run doker build -docker build --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy --build-arg no_proxy=$no_proxy -t ccnp-perf:latest -f container/ccnp-perf/Dockerfile . +docker build --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy --build-arg no_proxy=$no_proxy -t cima-perf:latest -f container/cima-perf/Dockerfile . # View build result -docker image ls | grep ccnp-perf +docker image ls | grep cima-perf # Save the docker image for later use -docker save ccnp-perf:latest > ccnp-perf_latest.tar +docker save cima-perf:latest > cima-perf_latest.tar ``` ## Deploy ```bash # Load the docker image for K8S using containerd. -# You need to run this on the node where you want to deploy the ccnp-perf test -ctr -n=k8s.io image import ccnp-perf_latest.tar +# You need to run this on the node where you want to deploy the cima-perf test +ctr -n=k8s.io image import cima-perf_latest.tar # Make sure you are on the repo's top dir -cd +cd -# Deploy ccnp-perf test -kubectl apply -f deployment/kubernetes/manifests/ccnp-perf-deployment.yaml +# Deploy cima-perf test +kubectl apply -f deployment/kubernetes/manifests/cima-perf-deployment.yaml ``` ## Test ```bash -# Get the pod name of ccnp-perf -kubectl get pod | grep ccnp-perf +# Get the pod name of cima-perf +kubectl get pod | grep cima-perf # Run all perf test on the specified pod name got from above command -kubectl exec -ti -- python3 -m pytest --log-cli-level=INFO --verbose ccnp_perf.py +kubectl exec -ti -- python3 -m pytest --log-cli-level=INFO --verbose cima_perf.py ``` Sample test output looks like this: ```bash -root@ccnp-perf-0:~/ccnp/confidential-cloud-native-primitives# kubectl exec -ti ccnp-perf-7f8798bf85-8s6zg -- python3 -m pytest --log-cli-level=INFO --verbose - ccnp_perf.py +root@cima-perf-0:~/cima/container-integrity-measurement-agent# kubectl exec -ti cima-perf-7f8798bf85-8s6zg -- python3 -m pytest --log-cli-level=INFO --verbose + cima_perf.py ==================================================================== test session starts ==================================================================== platform linux -- Python 3.12.2, pytest-8.1.1, pluggy-1.4.0 -- /usr/local/bin/python3 cachedir: .pytest_cache -rootdir: /run/ccnp +rootdir: /run/cima collected 7 items -ccnp_perf.py::test_svc_get_cc_measurement_throughput +cima_perf.py::test_svc_get_cc_measurement_throughput ----------------------------------------------------------------------- live log call ----------------------------------------------------------------------- -INFO ccnp_perf:ccnp_perf.py:191 Perf test average throughput is: 70.75 ops (operations per second) +INFO cima_perf:cima_perf.py:191 Perf test average throughput is: 70.75 ops (operations per second) PASSED [ 14%] -ccnp_perf.py::test_svc_get_cc_measurement_response +cima_perf.py::test_svc_get_cc_measurement_response ----------------------------------------------------------------------- live log call ----------------------------------------------------------------------- -INFO ccnp_perf:ccnp_perf.py:213 Perf test average response time is: 25.89662575 ms (milliseconds) +INFO cima_perf:cima_perf.py:213 Perf test average response time is: 25.89662575 ms (milliseconds) PASSED [ 28%] -ccnp_perf.py::test_svc_get_cc_eventlog_throughput +cima_perf.py::test_svc_get_cc_eventlog_throughput ----------------------------------------------------------------------- live log call ----------------------------------------------------------------------- -INFO ccnp_perf:ccnp_perf.py:191 Perf test average throughput is: 57.8 ops (operations per second) +INFO cima_perf:cima_perf.py:191 Perf test average throughput is: 57.8 ops (operations per second) PASSED [ 42%] -ccnp_perf.py::test_svc_get_cc_eventlog_response +cima_perf.py::test_svc_get_cc_eventlog_response ----------------------------------------------------------------------- live log call ----------------------------------------------------------------------- -INFO ccnp_perf:ccnp_perf.py:213 Perf test average response time is: 76.130223 ms (milliseconds) +INFO cima_perf:cima_perf.py:213 Perf test average response time is: 76.130223 ms (milliseconds) PASSED [ 57%] -ccnp_perf.py::test_svc_get_cc_report_throughput +cima_perf.py::test_svc_get_cc_report_throughput ----------------------------------------------------------------------- live log call ----------------------------------------------------------------------- -INFO ccnp_perf:ccnp_perf.py:191 Perf test average throughput is: 54.9 ops (operations per second) +INFO cima_perf:cima_perf.py:191 Perf test average throughput is: 54.9 ops (operations per second) PASSED [ 71%] -ccnp_perf.py::test_svc_get_cc_report_response +cima_perf.py::test_svc_get_cc_report_response ----------------------------------------------------------------------- live log call ----------------------------------------------------------------------- -INFO ccnp_perf:ccnp_perf.py:213 Perf test average response time is: 29.38618825 ms (milliseconds) +INFO cima_perf:cima_perf.py:213 Perf test average response time is: 29.38618825 ms (milliseconds) PASSED [ 85%] -ccnp_perf.py::test_ccnp_init PASSED [100%] +cima_perf.py::test_cima_init PASSED [100%] =============================================================== 7 passed in 66.95s (0:01:06) ================================================================ -root@ccnp-perf-0:~/ccnp/confidential-cloud-native-primitives# +root@cima-perf-0:~/cima/container-integrity-measurement-agent# ``` diff --git a/tools/build/README.md b/tools/build/README.md index d4399f5..7fc9218 100644 --- a/tools/build/README.md +++ b/tools/build/README.md @@ -1,7 +1,7 @@ # Build Tool This tool is used to build or rebuild the packages with some customized patches or configurations. -It also provides some additional patches for CCNP container measurement. +It also provides some additional patches for CIMA container measurement. ## Prerequisite Intel TDX 1.0 technology preview is available, and [this Github repository](https://github.com/canonical/tdx/tree/noble-24.04) @@ -10,7 +10,7 @@ Please follow the instructions to create a guest image and set up the TDX enviro Ubuntu 24.04 is targeted as the default base for this build tool, and the default kernel version is v6.8.0, some additional patches are provided in [kernel/patches](kernel/patches) directory for -CCNP container measurement, here is the information about the patches: +CIMA container measurement, here is the information about the patches: | Patch Number | Comments | | ------------ | -------- | diff --git a/tools/build/build.sh b/tools/build/build.sh index a0db4bf..5242c7a 100755 --- a/tools/build/build.sh +++ b/tools/build/build.sh @@ -2,7 +2,7 @@ set -e -CCNP_VERSION_SUFFIX="+ccnp1" +CIMA_VERSION_SUFFIX="+cima1" BASE_KERNEL_VERSION="6.8.0-31-generic" if [ -n "${TDX_SETUP_INTEL_KERNEL}" ]; then BASE_KERNEL_VERSION="6.8.0-1001-intel" @@ -10,7 +10,7 @@ fi CUR_DIR=$(dirname "$(readlink -f "$0")") KERNEL_DIR=${CUR_DIR}/kernel -TMP_DIR=$(mktemp -d /tmp/ccnp_build.XXXXXX) +TMP_DIR=$(mktemp -d /tmp/cima_build.XXXXXX) OUT_DIR=${CUR_DIR}/output patch_kernel() { @@ -47,12 +47,12 @@ build_ubuntu_kernel() { fi # For generic kernel, the default version in changelog is linux (6.8.0-31.31), - # we want to change to ccnp version linux (6.8.0-31.31+ccnp1) + # we want to change to cima version linux (6.8.0-31.31+cima1) # For intel kernel, the default version in changelog is linux-intel (6.8.0-1001.7) - # we want to change it to linux-intel (6.8.0-1001.7+ccnp1) + # we want to change it to linux-intel (6.8.0-1001.7+cima1) LATEST_VERSION=$(sed -n '1 s/\(linux.*(.*\)) noble.*$/\1/p' ${CHANGELOG}) - CCNP_VERSION="${LATEST_VERSION}${CCNP_VERSION_SUFFIX})" - sed "s/CCNP_VERSION/${CCNP_VERSION}/" \ + CIMA_VERSION="${LATEST_VERSION}${CIMA_VERSION_SUFFIX})" + sed "s/CIMA_VERSION/${CIMA_VERSION}/" \ "${KERNEL_DIR}/ubuntu/changelog" > "${KERNEL_DIR}/ubuntu/changelog.tmp" sed -i "0 r ${KERNEL_DIR}/ubuntu/changelog.tmp" debian/changelog ${CHANGELOG} rm "${KERNEL_DIR}/ubuntu/changelog.tmp" diff --git a/tools/build/kernel/ubuntu/changelog b/tools/build/kernel/ubuntu/changelog index 989382a..ef5051a 100644 --- a/tools/build/kernel/ubuntu/changelog +++ b/tools/build/kernel/ubuntu/changelog @@ -1,6 +1,6 @@ -CCNP_VERSION noble; urgency=medium +CIMA_VERSION noble; urgency=medium - * [CCNP] Add CCNP kernel patches + * [CIMA] Add CIMA kernel patches - IMA: support extending measurements to TDX RTMR - IMA: create new IMA template ima-dep-cgn and ima-cgpath