Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create Azure.Security.Attestation Track 2 Preview SDK #17159

Merged
merged 32 commits into from
Dec 7, 2020
Merged
Show file tree
Hide file tree
Changes from 30 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
a297bbe
Created Initialcut at GA API version
LarryOsterman Oct 30, 2020
5e309d3
Checkpoint
LarryOsterman Nov 12, 2020
40f8a15
Merge branch 'master' into LarryO-CreateGAApiSDK
LarryOsterman Nov 12, 2020
46ede4a
Merge branch 'master' into LarryO-CreateGAApiSDK
LarryOsterman Nov 13, 2020
d01965d
Checkpoint
LarryOsterman Nov 17, 2020
7d68154
Merge branch 'master' into LarryO-CreateGAApiSDK
LarryOsterman Nov 17, 2020
e6c362c
Implemented most of the core attestation service APIs.
LarryOsterman Nov 20, 2020
103d031
Implemented V1 of all of MAA API Surface
LarryOsterman Nov 21, 2020
8cdeabb
Converted TPM request and response to ReadOnlyMemory
LarryOsterman Nov 21, 2020
6dc842e
Another round of API review feedback
LarryOsterman Nov 21, 2020
591b885
Updated readme.md and changelog.md a small bit; corrected a couple of…
LarryOsterman Nov 23, 2020
1e9fc12
Merge branch 'master' into LarryO-CreateGAApiSDK
LarryOsterman Nov 23, 2020
0018812
Somehow nunit got added to the test dependencies; removed it
LarryOsterman Nov 23, 2020
241a49a
Added snippets to readme.md
LarryOsterman Nov 23, 2020
da45504
Fixed typo in tests.yml; Fleshed out readme.md a bit
LarryOsterman Nov 23, 2020
353f397
Use ClientSecretCredentials not DefaultProviderCredentials for tests
LarryOsterman Nov 24, 2020
71e7b08
Two test classes were still flagged as being live
LarryOsterman Nov 24, 2020
2e907e9
Ran Export-API.ps1
LarryOsterman Nov 24, 2020
afb6da7
Updated root cl for autorest
LarryOsterman Nov 24, 2020
de19866
Updated session records
LarryOsterman Nov 24, 2020
d9fb625
Added new SDK to ci.yml
LarryOsterman Nov 24, 2020
3ba2832
Fixed several static analysis errors
LarryOsterman Nov 24, 2020
fb09063
Use TestEnvironment.Credential for credentials
LarryOsterman Nov 24, 2020
f186dc4
Try a different way of generating the key
LarryOsterman Nov 24, 2020
5c40fd6
Updated session records
LarryOsterman Nov 24, 2020
9e045ba
Updated session records with policy document that does not contain CR…
LarryOsterman Nov 24, 2020
3698386
Merge branch 'master' into LarryO-CreateGAApiSDK
LarryOsterman Nov 24, 2020
a177580
Pull request feedback changes
LarryOsterman Dec 3, 2020
175650c
Updated changelog
LarryOsterman Dec 3, 2020
f068ac7
More Pull Request feedback
LarryOsterman Dec 3, 2020
b31c325
Added assert that the number of signing certificates is at least 1
LarryOsterman Dec 3, 2020
a57eef4
Use Argument.AssertNotNullOrEmpty instead of Argument.IsInRange for a…
LarryOsterman Dec 3, 2020
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29709.97
MinimumVisualStudioVersion = 10.0.40219.1
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Azure.Security.Attestation", "src\Azure.Security.Attestation.csproj", "{E33D09D9-D809-472C-82E6-6A26BDB86FC2}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Azure.Security.Attestation.Tests", "tests\Azure.Security.Attestation.Tests.csproj", "{4F476D56-DDE7-43D3-8CB4-BA1E77F5A300}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Azure.Core.TestFramework", "..\..\core\Azure.Core.TestFramework\src\Azure.Core.TestFramework.csproj", "{8052009B-2126-44A3-88CD-4F3B17894C64}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{E33D09D9-D809-472C-82E6-6A26BDB86FC2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{E33D09D9-D809-472C-82E6-6A26BDB86FC2}.Debug|Any CPU.Build.0 = Debug|Any CPU
{E33D09D9-D809-472C-82E6-6A26BDB86FC2}.Release|Any CPU.ActiveCfg = Release|Any CPU
{E33D09D9-D809-472C-82E6-6A26BDB86FC2}.Release|Any CPU.Build.0 = Release|Any CPU
{4F476D56-DDE7-43D3-8CB4-BA1E77F5A300}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{4F476D56-DDE7-43D3-8CB4-BA1E77F5A300}.Debug|Any CPU.Build.0 = Debug|Any CPU
{4F476D56-DDE7-43D3-8CB4-BA1E77F5A300}.Release|Any CPU.ActiveCfg = Release|Any CPU
{4F476D56-DDE7-43D3-8CB4-BA1E77F5A300}.Release|Any CPU.Build.0 = Release|Any CPU
{8052009B-2126-44A3-88CD-4F3B17894C64}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8052009B-2126-44A3-88CD-4F3B17894C64}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8052009B-2126-44A3-88CD-4F3B17894C64}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8052009B-2126-44A3-88CD-4F3B17894C64}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {A97F4B90-2591-4689-B1F8-5F21FE6D6CAE}
EndGlobalSection
EndGlobal
4 changes: 4 additions & 0 deletions sdk/attestation/Azure.Security.Attestation/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Release History
## 1.0.0-alpha.1 (2020-12-08)
Created.

Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--
Add any shared properties you want for the projects under this package directory that need to be set before the auto imported Directory.Build.props
-->
<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory).., Directory.Build.props))\Directory.Build.props" />
</Project>
127 changes: 127 additions & 0 deletions sdk/attestation/Azure.Security.Attestation/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
# README.md template

Use the guidelines in each section of this template to ensure consistency and readability of your README. The README resides in your package's GitHub repository at the root of its directory within the repo. It's also used as the package distribution page (NuGet, PyPi, npm, etc.) and as a Quickstart on docs.microsoft.com. See [Azure.Template/README.md](https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/template/Azure.Template/README.md) for an example following this template.

**Title**: The H1 of your README should be in the format: `# [Product Name] client library for [Language]`

* All headings, including the H1, should use **sentence-style capitalization**. Refer to the [Microsoft Style Guide][style-guide-msft] and [Microsoft Cloud Style Guide][style-guide-cloud] for more information.
* Example: `# Azure Batch client library for Python`

# Azure Attestation client library for .NET

**Introduction**: The introduction appears directly under the title (H1) of your README.

* **DO NOT** use an "Introduction" or "Overview" heading (H2) for this section.
* First sentence: **Describe the service** briefly. You can usually use the first line of the service's docs landing page for this (Example: [Cosmos DB docs landing page](https://docs.microsoft.com/azure/cosmos-db/)).
* Next, add a **bulleted list** of the **most common tasks** supported by the package or library, prefaced with "Use the client library for [Product Name] to:". Then, provide code snippets for these tasks in the [Examples](#examples) section later in the document. Keep the task list short but include those tasks most developers need to perform with your package.
* Include this single line of links targeting your product's content at the bottom of the introduction, making any adjustments as necessary (for example, NuGet instead of PyPi):

[Source code](https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/batch/azure-batch) | [Package (PyPi)](https://pypi.org/project/azure-batch/) | [API reference documentation](https://docs.microsoft.com/python/api/overview/azure/batch?view=azure-python) | [Product documentation](https://docs.microsoft.com/azure/batch/)

> TIP: Your README should be as **brief** as possible but **no more brief** than necessary to get a developer new to Azure, the service, or the package up and running quickly. Keep it brief, but include everything a developer needs to make their first API call successfully.

## Getting started

This section should include everything a developer needs to do to install and create their first client connection *very quickly*.

### Install the package

First, provide instruction for obtaining and installing the package or library. This section might include only a single line of code, like `pip install package-name`, but should enable a developer to successfully install the package from NuGet, pip, npm, Maven, or even cloning a GitHub repository.

### Prerequisites

Include a section after the install command that details any requirements that must be satisfied before a developer can [authenticate](#authenticate-the-client) and test all of the snippets in the [Examples](#examples) section. For example, for Cosmos DB:

> You must have an [Azure subscription](https://azure.microsoft.com/free/), [Cosmos DB account](https://docs.microsoft.com/azure/cosmos-db/account-overview) (SQL API), and [Python 3.6+](https://www.python.org/downloads/) to use this package.

### Authenticate the client

If your library requires authentication for use, such as for Azure services, include instructions and example code needed for initializing and authenticating.

For example, include details on obtaining an account key and endpoint URI, setting environment variables for each, and initializing the client object.

## Key concepts
### Isolated Mode and AAD Mode.
Each Microsoft Azure Attestation service instance operates in either "AAD" mode or "Isolated" mode. When an MAA instance is operating in AAD mode, it means that the customer which created the attestation instance allows Azure Active Directory and Azure Role Based Access control policies to verify access to the attestation instance.
### *AttestationType*
The Microsoft Azure Attestation service supports attesting different types of evidence depending on the environment.
Currently, MAA supports the following Trusted Execution environments:
* OpenEnclave - An Intel(tm) Processor running code in an SGX Enclave where the attestation evidence was collected using the OpenEnclave `oe_get_report` or `oe_get_evidence` API.
* SgxEnclave - An Intel(tm) Processor running code in an SGX Enclave where the attestation evidence was collected using the Intel SGX SDK.
* Tpm - A Virtualization Based Security environment where the Trusted Platform Module of the processor is used to provide the attestation evidence.

### Attestation Policy
Each Attestation Type has an associated attestation policy which can be used to perform

The *Key concepts* section should describe the functionality of the main classes. Point out the most important and useful classes in the package (with links to their reference pages) and explain how those classes work together. Feel free to use bulleted lists, tables, code blocks, or even diagrams for clarity.

## Examples

Include code snippets and short descriptions for each task you listed in the [Introduction](#introduction) (the bulleted list). Briefly explain each operation, but include enough clarity to explain complex or otherwise tricky operations.

If possible, use the same example snippets that your in-code documentation uses. For example, use the snippets in your `examples.py` that Sphinx ingests via its [literalinclude](https://www.sphinx-doc.org/en/1.5/markup/code.html?highlight=code%20examples#includes) directive. The `examples.py` file containing the snippets should reside alongside your package's code, and should be tested in an automated fashion.

Each example in the *Examples* section starts with an H3 that describes the example. At the top of this section, just under the *Examples* H2, add a bulleted list linking to each example H3. Each example should deep-link to the types and/or members used in the example.

* [Create the thing](#create-the-thing)
* [Get the thing](#get-the-thing)
* [List the things](#list-the-things)

### Create the thing

Use the `create_thing` method to create a Thing reference; this method does not make a network call. To persist the Thing in the service, call `Thing.save`.

```Python
thing = client.create_thing(id, name)
thing.save()
```

### Get an attestation policy for a specified attestation type.

The `GetPolicy` method retrieves an attestation policy from the service. The `attestationType` parameter is the type of attestation to retrieve.
```C# Snippet:GetPolicy
var client = new AttestationAdministrationClient(new Uri(endpoint), new DefaultAzureCredential());
var attestClient = new AttestationClient(new Uri(endpoint), new DefaultAzureCredential(),
new AttestationClientOptions(validationCallback: (attestationToken, signer) => true));
var policyResult = await client.GetPolicyAsync(AttestationType.SgxEnclave);
var result = policyResult.Value.AttestationPolicy;
```

### Set an attestation policy for a specified attestation type.
```C# Snippet:SetPolicy
string attestationPolicy = "version=1.0; authorizationrules{=> allow();}; issuancerules{};";

var policyTokenSigner = TestEnvironment.PolicyCertificate0;

AttestationToken policySetToken = new SecuredAttestationToken(
new StoredAttestationPolicy { AttestationPolicy = Base64Url.EncodeString(attestationPolicy), },
policyTokenSigner);

var setResult = client.SetPolicy(AttestationType.SgxEnclave, policySetToken);
```Python
things = client.list_things()
```

## Troubleshooting

Describe common errors and exceptions, how to "unpack" them if necessary, and include guidance for graceful handling and recovery.

Provide information to help developers avoid throttling or other service-enforced errors they might encounter. For example, provide guidance and examples for using retry or connection policies in the API.

If the package or a related package supports it, include tips for logging or enabling instrumentation to help them debug their code.

## Next steps

* Provide a link to additional code examples, ideally to those sitting alongside the README in the package's `/samples` directory.
* If appropriate, point users to other packages that might be useful.
* If you think there's a good chance that developers might stumble across your package in error (because they're searching for specific functionality and mistakenly think the package provides that functionality), point them to the packages they might be looking for.

## Contributing

This is a template, but your SDK readme should include details on how to contribute code to the repo/package.

<!-- LINKS -->
[style-guide-msft]: https://docs.microsoft.com/style-guide/capitalization
[style-guide-cloud]: https://aka.ms/azsdk/cloud-style-guide

![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-net%2Fsdk%2Ftemplate%2FAzure.Template%2FREADME.png)
Loading