From f7c3ae5d01d1fd68d57fe479dbfe310d97018d0f Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Mon, 25 Nov 2024 11:26:36 +0000 Subject: [PATCH 1/3] Send the instance ID in the token for Azure When activating an extension, i.e. LTSS in Azure, the header must contain the the instance identifier This Fixes bsc#1233314 --- engines/scc_proxy/lib/scc_proxy/engine.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/engines/scc_proxy/lib/scc_proxy/engine.rb b/engines/scc_proxy/lib/scc_proxy/engine.rb index e684dc910..10eede7bf 100644 --- a/engines/scc_proxy/lib/scc_proxy/engine.rb +++ b/engines/scc_proxy/lib/scc_proxy/engine.rb @@ -68,9 +68,10 @@ def get_instance_id(params) nil, params['instance_data'] ) - instance_id_key = INSTANCE_ID_KEYS[params['hwinfo']['cloud_provider'].downcase.to_sym] - iid = verification_provider.parse_instance_data - iid[instance_id_key] + csp = params['hwinfo']['cloud_provider'].downcase + instance_id_key = INSTANCE_ID_KEYS[csp.to_sym] + instance_data = verification_provider.parse_instance_data + csp.casecmp('microsoft').zero? ? instance_data['attestedData'][instance_id_key] : instance_data[instance_id_key] end def prepare_scc_announce_request(uri_path, auth, params) From ddcb893660e08ae49a81d66edaa55659d18ddfea Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Mon, 25 Nov 2024 16:13:35 +0000 Subject: [PATCH 2/3] Add instance_identifier method In order to keep RMT implementation generic add a CSP specific method in the CSP instance verification class --- .../providers/example.rb | 8 ++++---- .../v3/systems/products_controller_spec.rb | 2 +- engines/scc_proxy/lib/scc_proxy/engine.rb | 20 ++++++------------- 3 files changed, 11 insertions(+), 19 deletions(-) diff --git a/engines/instance_verification/lib/instance_verification/providers/example.rb b/engines/instance_verification/lib/instance_verification/providers/example.rb index b773d7855..780c57884 100644 --- a/engines/instance_verification/lib/instance_verification/providers/example.rb +++ b/engines/instance_verification/lib/instance_verification/providers/example.rb @@ -27,10 +27,6 @@ def validate_instance_data(_instance_data) end def parse_instance_data - if @instance_data.include? '' - return { 'instance_data' => 'parsed_instance_data' } - end - if @instance_data.include?('SUSE') if @instance_data.include?('SAP') return { 'billingProducts' => nil, 'marketplaceProductCodes' => ['6789_SUSE_SAP'] } @@ -49,4 +45,8 @@ def payg_billing_code?(iid, identifier) return true if (identifier.casecmp('sles').zero? && instance_billing_info[:billing_product] == SLES_PRODUCT_IDENTIFIER) return true if (identifier.casecmp('sles_sap').zero? && SLES4SAP_PRODUCT_IDENTIFIER.include?(instance_billing_info[:marketplace_code])) end + + def instance_identifier + 'foo' + end end diff --git a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb index 9ccbcb1c2..40b079e2f 100644 --- a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb +++ b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb @@ -341,7 +341,7 @@ before do allow(InstanceVerification::Providers::Example).to receive(:new) .with(nil, nil, nil, instance_data).and_return(plugin_double) - allow(plugin_double).to receive(:parse_instance_data).and_return({ InstanceId: 'foo' }) + allow(plugin_double).to receive(:instance_identifier).and_return('foo') allow(InstanceVerification).to receive(:update_cache).with('127.0.0.1', system.login, product.id) FactoryBot.create(:subscription, product_classes: product_classes) diff --git a/engines/scc_proxy/lib/scc_proxy/engine.rb b/engines/scc_proxy/lib/scc_proxy/engine.rb index 10eede7bf..5da34dd14 100644 --- a/engines/scc_proxy/lib/scc_proxy/engine.rb +++ b/engines/scc_proxy/lib/scc_proxy/engine.rb @@ -43,7 +43,12 @@ class << self # rubocop:disable ThreadSafety/InstanceVariableInClassMethod def headers(auth, params) @instance_id = if params && params.class != String - get_instance_id(params) + InstanceVerification.provider.new( + nil, + nil, + nil, + params['instance_data'] + ).instance_identifier else # if it is not JSON, it is the system_token already # announce system has metadata @@ -61,19 +66,6 @@ def headers(auth, params) end # rubocop:enable ThreadSafety/InstanceVariableInClassMethod - def get_instance_id(params) - verification_provider = InstanceVerification.provider.new( - nil, - nil, - nil, - params['instance_data'] - ) - csp = params['hwinfo']['cloud_provider'].downcase - instance_id_key = INSTANCE_ID_KEYS[csp.to_sym] - instance_data = verification_provider.parse_instance_data - csp.casecmp('microsoft').zero? ? instance_data['attestedData'][instance_id_key] : instance_data[instance_id_key] - end - def prepare_scc_announce_request(uri_path, auth, params) scc_request = Net::HTTP::Post.new(uri_path, headers(auth, params)) From 40fb93f7803838d08a1b20614c71300d3eb4423b Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Mon, 25 Nov 2024 16:16:18 +0000 Subject: [PATCH 3/3] Remove variable as it will be CSP specific --- engines/scc_proxy/lib/scc_proxy/engine.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/engines/scc_proxy/lib/scc_proxy/engine.rb b/engines/scc_proxy/lib/scc_proxy/engine.rb index 5da34dd14..b6905d4a0 100644 --- a/engines/scc_proxy/lib/scc_proxy/engine.rb +++ b/engines/scc_proxy/lib/scc_proxy/engine.rb @@ -25,12 +25,6 @@ Net::HTTPRetriableError ].freeze -INSTANCE_ID_KEYS = { - amazon: 'instanceId', - google: 'instance_id', - microsoft: 'vmId' -}.freeze - # rubocop:disable Metrics/ModuleLength module SccProxy class << self