ultravioletrs · dborovcanin · Oct 14, 2024 · Oct 3, 2024 · Oct 9, 2024 · Oct 9, 2024
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -34,14 +34,28 @@ jobs:
         run: |
           mkdir coverage
 
-      - name: Run tests
-        run: go test -v --race -covermode=atomic -coverprofile coverage/cover.out ./...
+      - name: Run Agent tests
+        run: go test -v --race -covermode=atomic -coverprofile coverage/agent.out ./agent/...
+
+      - name: Run cli tests
+        run: go test -v --race -covermode=atomic -coverprofile coverage/cli.out ./cli/...
+
+      - name: Run cmd tests
+        run: go test -v --race -covermode=atomic -coverprofile coverage/cmd.out ./cmd/...
+
+      - name: Run internal tests
+        run: go test -v --race -covermode=atomic -coverprofile coverage/internal.out ./internal/...
+
+      - name: Run pkg tests
+        run: go test -v --race -covermode=atomic -coverprofile coverage/pkg.out ./pkg/...
+
+      - name: Run manager tests
+        run: sudo go test -v --race -covermode=atomic -coverprofile coverage/manager.out ./manager/...
 
       - name: Upload results to Codecov
         uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-          directory: ./coverage/
-          name: codecov-umbrella
+          files: ./coverage/*.out
+          codecov_yml_path: codecov.yml
           verbose: true
-
diff --git a/agent/computations.go b/agent/computations.go
@@ -13,14 +13,14 @@ import (
 var _ fmt.Stringer = (*Datasets)(nil)
 
 type AgentConfig struct {
-	LogLevel     string `json:"log_level"`
-	Host         string `json:"host"`
-	Port         string `json:"port"`
-	CertFile     string `json:"cert_file"`
-	KeyFile      string `json:"server_key"`
-	ServerCAFile string `json:"server_ca_file"`
-	ClientCAFile string `json:"client_ca_file"`
-	AttestedTls  bool   `json:"attested_tls"`
+	LogLevel     string `json:"log_level,omitempty"`
+	Host         string `json:"host,omitempty"`
+	Port         string `json:"port,omitempty"`
+	CertFile     string `json:"cert_file,omitempty"`
+	KeyFile      string `json:"server_key,omitempty"`
+	ServerCAFile string `json:"server_ca_file,omitempty"`
+	ClientCAFile string `json:"client_ca_file,omitempty"`
+	AttestedTls  bool   `json:"attested_tls,omitempty"`
 }
 
 type Computation struct {

diff --git a/agent/statemachine/mocks/state.go b/agent/statemachine/mocks/state.go
diff --git a/cmd/agent/main.go b/cmd/agent/main.go
@@ -3,17 +3,20 @@
 package main
 
 import (
+	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
 	"log/slog"
+	"os"
 	"time"
 
 	mglog "github.com/absmach/magistrala/logger"
 	"github.com/absmach/magistrala/pkg/prometheus"
 	"github.com/cenkalti/backoff/v4"
+	"github.com/google/go-sev-guest/abi"
 	"github.com/google/go-sev-guest/client"
 	"github.com/mdlayher/vsock"
 	"github.com/ultravioletrs/cocos/agent"
@@ -28,6 +31,7 @@
 	ackvsock "github.com/ultravioletrs/cocos/internal/vsock"
 	"github.com/ultravioletrs/cocos/manager"
 	"github.com/ultravioletrs/cocos/manager/qemu"
+	"golang.org/x/crypto/sha3"
 	"golang.org/x/sync/errgroup"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/reflection"
@@ -84,6 +88,14 @@
 		return
 	}
 
+	if err := verifyManifest(cfg, qp); err != nil {
+		logger.Error(err.Error())
+		exitCode = 1
+		return
+	}
+
+	setDefaultValues(&cfg)
+
 	svc := newService(ctx, logger, eventSvc, cfg, qp)
 
 	grpcServerConfig := server.Config{
@@ -179,13 +191,21 @@
 	if err := json.Unmarshal(buffer, &ac); err != nil {
 		return agent.Computation{}, err
 	}
-	if ac.AgentConfig.LogLevel == "" {
-		ac.AgentConfig.LogLevel = "info"
+	return ac, nil
+}
+
+func setDefaultValues(cfg *agent.Computation) {
+	if cfg.AgentConfig.LogLevel == "" {
+		cfg.AgentConfig.LogLevel = "info"
 	}
-	if ac.AgentConfig.Port == "" {
-		ac.AgentConfig.Port = defSvcGRPCPort
+	if cfg.AgentConfig.Port == "" {
+		cfg.AgentConfig.Port = defSvcGRPCPort
 	}
-	return ac, nil
+}
+
+func isTEE() bool {
+	_, err := os.Stat("/dev/sev-guest")
+	return !os.IsNotExist(err)
 }
 
 func dialVsock() (*vsock.Conn, error) {
@@ -207,3 +227,35 @@
 
 	return conn, nil
 }
+
+func verifyManifest(cfg agent.Computation, qp client.QuoteProvider) error {
+	if !isTEE() {
+		return nil
+	}
+
+	ar, err := qp.GetRawQuote(sha3.Sum512([]byte(cfg.ID)))
+	if err != nil {
+		return err
+	}
+
+	arProto, err := abi.ReportCertsToProto(ar[:abi.ReportSize])
+	if err != nil {
+		return err
+	}
+
+	cfgBytes, err := json.Marshal(cfg)
+	if err != nil {
+		return err
+	}
+
+	mcHash := sha3.Sum256(cfgBytes)
+
+	if arProto.Report.HostData == nil {
+		return fmt.Errorf("manifest verification failed: HostData is nil")
+	}
+	if !bytes.Equal(arProto.Report.HostData, mcHash[:]) {
+		return fmt.Errorf("manifest verification failed")
+	}
+
+	return nil
+}
diff --git a/cmd/agent/main_test.go b/cmd/agent/main_test.go
@@ -0,0 +1,94 @@
+// Copyright (c) Ultraviolet
+// SPDX-License-Identifier: Apache-2.0
+package main
+
+import (
+	"context"
+	"log/slog"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"github.com/ultravioletrs/cocos/agent"
+	"github.com/ultravioletrs/cocos/agent/events/mocks"
+	qpmocks "github.com/ultravioletrs/cocos/agent/quoteprovider/mocks"
+)
+
+func TestSetDefaultValues(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    agent.Computation
+		expected agent.Computation
+	}{
+		{
+			name: "Empty config",
+			input: agent.Computation{
+				AgentConfig: agent.AgentConfig{},
+			},
+			expected: agent.Computation{
+				AgentConfig: agent.AgentConfig{
+					LogLevel: "info",
+					Port:     "7002",
+				},
+			},
+		},
+		{
+			name: "Partial config",
+			input: agent.Computation{
+				AgentConfig: agent.AgentConfig{
+					LogLevel: "debug",
+				},
+			},
+			expected: agent.Computation{
+				AgentConfig: agent.AgentConfig{
+					LogLevel: "debug",
+					Port:     "7002",
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			setDefaultValues(&tt.input)
+			assert.Equal(t, tt.expected, tt.input)
+		})
+	}
+}
+
+func TestNewService(t *testing.T) {
+	ctx := context.Background()
+	logger := slog.New(slog.NewTextHandler(os.Stdout, nil))
+	eventSvc := new(mocks.Service)
+	eventSvc.On("SendEvent", mock.Anything, mock.Anything, mock.Anything).Return(nil)
+	cmp := agent.Computation{
+		ID: "test-computation",
+		AgentConfig: agent.AgentConfig{
+			LogLevel: "info",
+			Port:     "7002",
+		},
+	}
+	qp := new(qpmocks.QuoteProvider)
+
+	svc := newService(ctx, logger, eventSvc, cmp, qp)
+
+	assert.NotNil(t, svc)
+}
+
+func TestVerifyManifest(t *testing.T) {
+	cfg := agent.Computation{
+		ID: "test-computation",
+		AgentConfig: agent.AgentConfig{
+			LogLevel: "info",
+			Port:     "7002",
+		},
+	}
+
+	mockQP := new(qpmocks.QuoteProvider)
+	mockQP.On("GetRawQuote", mock.Anything).Return([]byte{}, nil)
+
+	err := verifyManifest(cfg, mockQP)
+
+	assert.NoError(t, err)
+}
diff --git a/codecov.yml b/codecov.yml
@@ -0,0 +1,6 @@
+# Copyright (c) Ultraviolet
+# SPDX-License-Identifier: Apache-2.0
+
+coverage:
+  ignore:
+    - "test/*"
diff --git a/go.mod b/go.mod
@@ -6,7 +6,6 @@ require (
 	github.com/absmach/magistrala v0.14.1-0.20240709113739-04c359462746
 	github.com/caarlos0/env/v11 v11.2.2
 	github.com/cenkalti/backoff/v4 v4.3.0
-	github.com/digitalocean/go-libvirt v0.0.0-20240709142323-d8406205c752
 	github.com/fatih/color v1.17.0
 	github.com/go-kit/kit v0.13.0
 	github.com/gofrs/uuid v4.4.0+incompatible

diff --git a/go.sum b/go.sum
@@ -19,8 +19,6 @@ github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/digitalocean/go-libvirt v0.0.0-20240709142323-d8406205c752 h1:NI7XEcHzWVvBfVjSVK6Qk4wmrUfoyQxCNpBjrHelZFk=
-github.com/digitalocean/go-libvirt v0.0.0-20240709142323-d8406205c752/go.mod h1:/Ok8PA2qi/ve0Py38+oL+VxoYmlowigYRyLEODRYdgc=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI=

diff --git a/manager/api/grpc/client.go b/manager/api/grpc/client.go
@@ -80,7 +80,7 @@
 	case *pkgmanager.ServerStreamMessage_StopComputation:
 		go client.handleStopComputation(ctx, mes)
 	case *pkgmanager.ServerStreamMessage_BackendInfoReq:
-		go client.handleBackendInfoReq(mes)
+		go client.handleBackendInfoReq(ctx, mes)
 	default:
 		return errors.New("unknown message type")
 	}
@@ -133,8 +133,8 @@
 	client.sendMessage(&pkgmanager.ClientStreamMessage{Message: msg})
 }
 
-func (client ManagerClient) handleBackendInfoReq(mes *pkgmanager.ServerStreamMessage_BackendInfoReq) {
-	res, err := client.svc.FetchBackendInfo()
+func (client ManagerClient) handleBackendInfoReq(ctx context.Context, mes *pkgmanager.ServerStreamMessage_BackendInfoReq) {
+	res, err := client.svc.FetchBackendInfo(ctx, mes.BackendInfoReq.Id)
 	if err != nil {
 		client.logger.Warn(err.Error())
 		return