-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attestation service in Syft #8659
Merged
Merged
Changes from 24 commits
Commits
Show all changes
30 commits
Select commit
Hold shift + click to select a range
f7b0661
Merge branch 'rasswanth/cc-attestation' into snwagh/attestation-service
snwagh 8807020
Adding attestation service
snwagh 5eecc92
Updating endpoints to also return raw_token if requested
snwagh 4d57fbb
Adding GPU code for token extraction and combining result and token r…
snwagh 798f8a2
Merge branch 'dev' into snwagh/attestation-service
snwagh 0f2d081
Fixed linting errors
snwagh a669719
Merge conflicts resolved
snwagh 1569d59
Adding CPU, GPU raw_token argument to endpoints
snwagh d178db8
Removing notebook for partially completed feature
snwagh 3cc8cf7
Merge branch 'dev' into snwagh/attestation-service
snwagh 2d3094c
Merge branch 'dev' into snwagh/attestation-service
snwagh ea80271
Merge branch 'tauquir/attestation-helmcharts' into snwagh/attestation…
snwagh 507d294
Merge branch 'tauquir/attestation-helmcharts' into snwagh/attestation…
snwagh f08065b
Merge branch 'tauquir/attestation-helmcharts' into snwagh/attestation…
snwagh b9f913e
Merge branch 'tauquir/attestation-helmcharts' into snwagh/attestation…
snwagh a09fd2f
Adding local verification code in case we revisit enclaves
snwagh 20a60d8
Merge branch 'tauquir/attestation-helmcharts' into snwagh/attestation…
snwagh b7c012d
Adding notes for deployment of the attestation pieces
snwagh 3e50111
Merge branch 'snwagh/attestation-service' of github.com:OpenMined/PyS…
snwagh e2080f2
Adding the pending secret item into this PR.
snwagh 1db5bc9
Fixing PR comments
snwagh d0c2cad
Merge branch 'dev' into snwagh/attestation-service
snwagh 4e0c9b4
Merge branch 'dev' into snwagh/attestation-service
snwagh cde3900
Merge branch 'dev' into snwagh/attestation-service
rasswanth-s e062859
Addressing Rasswanth's PR comments
snwagh dabd1ce
Fixed precommit errors
snwagh b82ee87
Merge branch 'dev' into snwagh/attestation-service
snwagh 249e309
added str_to_bool in attestation service
rasswanth-s 8c70884
Merge branch 'dev' into snwagh/attestation-service
rasswanth-s 7c8c19a
Merge branch 'dev' into snwagh/attestation-service
rasswanth-s File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
packages/grid/enclave/attestation/server/attestation_constants.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
NRAS_URL = "https://nras.attestation.nvidia.com/v1/attest/gpu" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rasswanth-s marked this conversation as resolved.
Show resolved
Hide resolved
|
Empty file.
5 changes: 5 additions & 0 deletions
5
packages/syft/src/syft/service/attestation/attestation_constants.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
ATTESTATION_SERVICE_URL = ( | ||
"http://localhost:4455" # Replace with "http://attestation:4455" | ||
) | ||
ATTEST_CPU_ENDPOINT = "/attest/cpu" | ||
ATTEST_GPU_ENDPOINT = "/attest/gpu" |
60 changes: 60 additions & 0 deletions
60
packages/syft/src/syft/service/attestation/attestation_service.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
# stdlib | ||
from collections.abc import Callable | ||
|
||
# third party | ||
import requests | ||
|
||
# relative | ||
from ...serde.serializable import serializable | ||
from ...store.document_store import DocumentStore | ||
from ..context import AuthedServiceContext | ||
from ..response import SyftError | ||
from ..response import SyftSuccess | ||
from ..service import AbstractService | ||
from ..service import service_method | ||
from ..user.user_roles import GUEST_ROLE_LEVEL | ||
from .attestation_constants import ATTESTATION_SERVICE_URL | ||
from .attestation_constants import ATTEST_CPU_ENDPOINT | ||
from .attestation_constants import ATTEST_GPU_ENDPOINT | ||
|
||
|
||
@serializable() | ||
class AttestationService(AbstractService): | ||
"""This service is responsible for getting all sorts of attestations for any client.""" | ||
|
||
def __init__(self, store: DocumentStore) -> None: | ||
self.store = store | ||
|
||
def perform_request( | ||
self, method: Callable, endpoint: str, raw: bool = False | ||
) -> SyftSuccess | SyftError | str: | ||
try: | ||
response = method(f"{ATTESTATION_SERVICE_URL}{endpoint}") | ||
response.raise_for_status() | ||
message = response.json().get("result") | ||
raw_token = response.json().get("token") | ||
return raw_token if raw else SyftSuccess(message=message) | ||
snwagh marked this conversation as resolved.
Show resolved
Hide resolved
|
||
except requests.HTTPError: | ||
return SyftError(message=f"{response.json()['detail']}") | ||
except requests.RequestException as e: | ||
return SyftError(message=f"Failed to perform request. {e}") | ||
|
||
@service_method( | ||
path="attestation.get_cpu_attestation", | ||
name="get_cpu_attestation", | ||
roles=GUEST_ROLE_LEVEL, | ||
) | ||
def get_cpu_attestation( | ||
self, context: AuthedServiceContext, raw_token: bool = False | ||
) -> str | SyftError | SyftSuccess: | ||
return self.perform_request(requests.get, ATTEST_CPU_ENDPOINT, raw_token) | ||
|
||
@service_method( | ||
path="attestation.get_gpu_attestation", | ||
name="get_gpu_attestation", | ||
roles=GUEST_ROLE_LEVEL, | ||
) | ||
def get_gpu_attestation( | ||
self, context: AuthedServiceContext, raw_token: bool = False | ||
) -> str | SyftError | SyftSuccess: | ||
return self.perform_request(requests.get, ATTEST_GPU_ENDPOINT, raw_token) |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leaving a note , for later, we do two calls, to the attestation client library , we could combine them in to a single call in later PR's
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will shelf this as a TODO item, good point though.