Add Azure support to DataPlane Libraries #11
Conversation
Co-authored-by: Dominic Ayre <[email protected]> Co-authored-by: Joe Powell <[email protected]> Co-authored-by: Kapil Vaswani <[email protected]> Co-authored-by: Ken Gordon <[email protected]> Co-authored-by: Mahati Chamarthy <[email protected]> Co-authored-by: Ronny Bjones <[email protected]> ---- New feature: Add Azure support This pull request introduces support for Azure KMS and attestation services. - `azure_kms_client_provider_utils.cc`: Added utility functions for key management, including key generation, wrapping, unwrapping, and PEM conversion. - `azure_kms_client_provider.cc`: Implemented the Azure KMS client provider with methods for decryption and session token handling. - `fake_report.cc`: Added a fake attestation report for testing purposes.
|
@chatterjee-priyanka the original PR for adding data-plane support for Azure (PR: #1) has been active for ~11mo+ with no comments, feedback, or other action. It's our understanding that regardless of KMS implementation the underlying core attestation for the host OS in the cloud environment and communication (CPIO) aspects shared in the dataplane code which B&A and KV services leverage would largely be required to deploy container images in Azure. This PR updates the original PR with the latest code from our Azure R&D and security teams to ensure meaningful attestation and reports when operating on Azure Confidential Compute instances. While we understand some aspects might need to slightly adjust depending on a KMS deployment the bulk of this code would still be useful and helps integrate core Azure primitives/concepts from the teams directly familiar with them and their security concerns. This will also unblock integrations in the B&A/KV services to allow building and sustainable development with Azure in mind similar to GCP and AWS. Can you please help review/merge this code or provide meaningful feedback as to the challenges or limitations regarding supporting Azure in the dataplane library given a fully functional/complete implementation. We are happy to iterate quickly and address code review feedback to help land this. |
Co-authored-by: Dominic Ayre [email protected]
Co-authored-by: Joe Powell [email protected]
Co-authored-by: Kapil Vaswani [email protected]
Co-authored-by: Ken Gordon [email protected]
Co-authored-by: Mahati Chamarthy [email protected]
Co-authored-by: Ronny Bjones [email protected]
This is an updated version of #1 with a complete/functioning Azure data plane support to enable B&A, KV, or KMS service usage/hosting in the Azure Cloud.
New feature: Add Azure support
This pull request introduces support for Azure KMS and attestation services.
azure_kms_client_provider_utils.cc: Added utility functions for key management, including key generation, wrapping, unwrapping, and PEM conversion.azure_kms_client_provider.cc: Implemented the Azure KMS client provider with methods for decryption and session token handling.fake_report.cc: Added a fake attestation report for testing purposes.