Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KBS: return more context about RCAR/Attestation error #600

Merged
merged 1 commit into from
Nov 26, 2024

Conversation

Xynnn007
Copy link
Member

cc @mythi

@mythi
Copy link
Contributor

mythi commented Nov 26, 2024

I'm not sure if this is going to help. With the following:

diff --git a/attestation-agent/kbs_protocol/src/client/mod.rs b/attestation-agent/kbs_protocol/src/client/mod.rs
index 5febb69..fdb7f23 100644
--- a/attestation-agent/kbs_protocol/src/client/mod.rs
+++ b/attestation-agent/kbs_protocol/src/client/mod.rs
@@ -48,7 +48,7 @@ pub struct KbsClient<T> {
     pub(crate) token: Option<Token>,
 }
 
-pub const KBS_PROTOCOL_VERSION: &str = "0.1.1";
+pub const KBS_PROTOCOL_VERSION: &str = "0.2.0";
 
 pub const KBS_GET_RESOURCE_MAX_ATTEMPT: u64 = 3;
 
diff --git a/attestation-agent/kbs_protocol/src/client/rcar_client.rs b/attestation-agent/kbs_protocol/src/client/rcar_client.rs
index fc160af..1a4a5e7 100644
--- a/attestation-agent/kbs_protocol/src/client/rcar_client.rs
+++ b/attestation-agent/kbs_protocol/src/client/rcar_client.rs
@@ -447,6 +447,7 @@ mod test {
             Err(e) => {
                 // Skip the test if the kbs server returned ProtocolVersion error. Any other
                 // error is treated as a failure.
+                println!("{:#?}", e);
                 assert!(e
                     .to_string()
                     .contains("KBS Client Protocol Version Mismatch"));

I get:

RcarHandshake(
    "KBS request unauthorized, ErrorInformation: ErrorInformation { error_type: \"https://github.com/confidential-containers/kbs/errors/AttestationError\", detail: \"Attestation error\" }",
)

Before this commit, if the rcar auth fails, the client would only get
error information "Attestation error". This commit expose more error
information to the client side. A typical error would say
"Attestation error: RCAR handshake Auth failed: KBS Client Protocol
Version Mismatch: ..."

This would do much help to debugging and error locating.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
@Xynnn007 Xynnn007 changed the title KBS: add more context for Protocol Version Mismatch KBS: return more context about RCAR/Attestation error Nov 26, 2024
@Xynnn007
Copy link
Member Author

Updated. Now the client side would see

RcarHandshake(
    "KBS request unauthorized, ErrorInformation: ErrorInformation { error_type: \"https://github.com/confidential-containers/kbs/errors/AttestationError\", detail: \"Attestation error: RCAR handshake Auth failed: KBS Client Protocol Version Mismatch: expect =0.1.1 while the request is 0.2.0\" }",
)

Copy link
Contributor

@mythi mythi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Xynnn007 Xynnn007 merged commit cfbf15a into confidential-containers:main Nov 26, 2024
19 checks passed
@Xynnn007 Xynnn007 deleted the kbs-version branch November 26, 2024 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants