kbs_protocol: update kbs config for test_client

Due to the EAR PR, the configuration file format has been changed a little. This patch updates the KBS configuration file to include the latest EAR checking logic. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
confidential-containers · Nov 28, 2024 · 4709f0e · 4709f0e
1 parent ad8fd97
commit 4709f0e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/attestation-agent/kbs_protocol/test/kbs-config.toml b/attestation-agent/kbs_protocol/test/kbs-config.toml
@@ -11,15 +11,14 @@ policy_path = "/opa/confidential-containers/kbs/policy.rego"
 [attestation_service]
 type = "coco_as_builtin"
 work_dir = "/opt/confidential-containers/attestation-service"
-policy_engine = "opa"
-attestation_token_broker = "Simple"
 
-    [attestation_service.attestation_token_config]
-    duration_min = 5
+[attestation_service.attestation_token_config]
+type = "Ear"
+duration_min = 5
 
-    [attestation_service.rvps_config]
-    type = "BuiltIn"
-    store_type = "LocalFs"
+[attestation_service.rvps_config]
+type = "BuiltIn"
+store_type = "LocalFs"
 
 [admin]
 insecure_api = true

diff --git a/attestation-agent/kbs_protocol/test/policy.rego b/attestation-agent/kbs_protocol/test/policy.rego
@@ -3,5 +3,5 @@ package policy
 default allow = false
 
 allow {
-	input["tee"] == "sample"
+	input["submods"]["cpu"]["ear.veraison.annotated-evidence"]["sample"]
 }