Pull request to generate patch for Edge repo B&A 3.11

.bazelrc

@@ -151,8 +151,12 @@ build:instance_gcp --//:instance=gcp
 
 build:instance_aws --//:instance=aws
 
+build:instance_azure --//:instance=azure
+
 build:platform_aws --//:platform=aws
 
+build:platform_azure --//:platform=azure
+
 build:platform_gcp --//:platform=gcp
 
 build:local_aws --config=instance_local
@@ -168,6 +172,13 @@ build:gcp_gcp --config=platform_gcp
 build:aws_aws --config=instance_aws
 build:aws_aws --config=platform_aws
 
+
+build:local_azure --config=instance_local
+build:local_azure --config=platform_azure
+
+build:azure_azure --config=instance_azure
+build:azure_azure --config=platform_azure
+
 build:non_prod --//:build_flavor=non_prod
 build:prod --//:build_flavor=prod
 

.pre-commit-config.yaml

@@ -14,13 +14,15 @@
 
 # See https://pre-commit.com for more information
 # See https://pre-commit.com/hooks.html for more hooks
+# Azure support hack: added 'testing/functionaltest-system/.*'
 exclude: (?x)^(
   bazel-(bin|out|testlogs|workspace)/.*|
   .bazel_output/.*|
   builders/.*|
   (third_party|src)/.*\.patch|
   version.txt|
-  docs/cpio/protobuf/.*\.md
+  docs/cpio/protobuf/.*\.md|
+  testing/functionaltest-system/.*
   )$
 
 fail_fast: true

BUILD.bazel

@@ -1,4 +1,5 @@
 # Copyright 2023 Google LLC
+# Copyright (C) Microsoft Corporation. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -29,6 +30,7 @@ string_flag(
     build_setting_default = "aws",
     values = [
         "aws",
+        "azure",
         "gcp",
         "local",
     ],
@@ -43,6 +45,14 @@ config_setting(
     visibility = ["//visibility:public"],
 )
 
+config_setting(
+    name = "azure_platform",
+    flag_values = {
+        ":platform": "azure",
+    },
+    visibility = ["//visibility:public"],
+)
+
 config_setting(
     name = "gcp_platform",
     flag_values = {
@@ -64,6 +74,7 @@ string_flag(
     build_setting_default = "aws",
     values = [
         "aws",
+        "azure",
         "gcp",
         "local",
     ],
@@ -78,6 +89,14 @@ config_setting(
     visibility = ["//visibility:public"],
 )
 
+config_setting(
+    name = "azure_instance",
+    flag_values = {
+        ":instance": "azure",
+    },
+    visibility = ["//visibility:public"],
+)
+
 config_setting(
     name = "gcp_instance",
     flag_values = {

builders/images/build-debian/Dockerfile

@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-ARG BASE_IMAGE=ubuntu:20.04
+ARG DOCKER_REGISTRY
+ARG BASE_IMAGE=${DOCKER_REGISTRY}ubuntu:20.04
 
 # ignore this hadolint error as BASE_IMAGE contains an image tag
 # hadolint ignore=DL3006
@@ -24,7 +25,7 @@ ADD https://apt.llvm.org/llvm.sh /build/llvm.sh
 COPY compile_libprofiler /scripts/
 RUN /scripts/compile_libprofiler
 
-FROM docker/buildx-bin:v0.10 AS buildx-bin
+FROM ${DOCKER_REGISTRY}docker/buildx-bin:v0.10 AS buildx-bin
 
 # ignore this hadolint error as BASE_IMAGE contains an image tag
 # hadolint ignore=DL3006

builders/images/presubmit/Dockerfile

@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM ubuntu:24.04
+ARG DOCKER_REGISTRY
+FROM ${DOCKER_REGISTRY}ubuntu:24.04
 
 COPY install_apps install_go.sh install_golang_apps .bazelversion .pre-commit-config.yaml /scripts/
 COPY gitconfig /etc

builders/tools/get-architecture

@@ -27,5 +27,5 @@ function _cleanup() {
 if [[ -n ${BUILD_ARCH} ]]; then
   printf "%s\n" "${BUILD_ARCH}"
 else
-  docker run --rm --entrypoint=/usr/bin/dpkg ubuntu:20.04 --print-architecture
+  docker run --rm --entrypoint=/usr/bin/dpkg ${DOCKER_REGISTRY}ubuntu:20.04 --print-architecture
 fi

builders/tools/get-builder-image-tagged

@@ -93,10 +93,16 @@ readonly IMAGES_DIR="${BUILDERS_DIR}"/images
 declare -i SHA_ONLY=0
 declare -i BUILD_IMAGE_IF_NEEDED=1
 declare -i VERBOSE=0
-declare -r -a DOCKER_BUILD_ARGS=(
+declare -a DOCKER_BUILD_ARGS=(
   --progress plain
 )
 
+if [ -n "$DOCKER_REGISTRY" ]; then
+  DOCKER_BUILD_ARGS+=(
+    --build-arg DOCKER_REGISTRY=$DOCKER_REGISTRY
+  )
+fi
+
 # shellcheck disable=SC1090
 source "${TOOLS_DIR}"/builder.sh
 WORKSPACE_MOUNT="$(builder::get_docker_workspace_mount)"
@@ -153,7 +159,7 @@ fi
 function generate_image() {
   {
     cat <<Dockerfile
-FROM alpine:3.16
+FROM ${DOCKER_REGISTRY}alpine:3.16
 RUN apk --no-cache add tar~=1.34
 Dockerfile
   } | docker buildx build "${DOCKER_BUILD_ARGS[@]}" --no-cache --output=type=docker --tag "${TAR_IMAGE}" - &>"${BUILD_OUTPUT}"

builders/tools/pre-commit

@@ -130,7 +130,7 @@ if [[ $# -gt 0 ]]; then
       shift
       __init
       # shellcheck disable=SC2086
-      "${TOOLS_DIR}"/cbuild "${CBUILD_COMMON_ARGS[@]}" --env "${SKIP_ENV}" --cmd "${PRECOMMIT} ${PRECOMMIT_CMD} --config ./.pre-commit-config.yaml $*"
+      "${TOOLS_DIR}"/cbuild "${CBUILD_COMMON_ARGS[@]}" --env "${SKIP_ENV}" --env "DOCKER_REGISTRY=$DOCKER_REGISTRY" --env "DOCKER_USER=$DOCKER_USER" --env "DOCKER_PASSWORD=$DOCKER_PASSWORD" --cmd "${PRECOMMIT} ${PRECOMMIT_CMD} --config ./.pre-commit-config.yaml $*"
       ;;
 
     hook-impl)
@@ -143,6 +143,9 @@ if [[ $# -gt 0 ]]; then
         --volume "${WORKSPACE}":/src/workspace \
         -v /var/run/docker.sock:/var/run/docker.sock \
         --env="${SKIP_ENV}" \
+        --env "DOCKER_REGISTRY=$DOCKER_REGISTRY" \
+        --env "DOCKER_USER=$DOCKER_USER" \
+        --env "DOCKER_PASSWORD=$DOCKER_PASSWORD" \
         --workdir /src/workspace \
         "${IMAGE_TAGGED}" \
         "${PRECOMMIT_CMD}" --config ./.pre-commit-config.yaml "$@"
@@ -153,12 +156,12 @@ if [[ $# -gt 0 ]]; then
       CLEANUP=1
       for HOOK in "$@"; do
         # shellcheck disable=SC2086
-        "${TOOLS_DIR}"/cbuild "${CBUILD_COMMON_ARGS[@]}" --env "${SKIP_ENV}" --cmd "${PRECOMMIT} run --config ./.pre-commit-config.yaml --all-files ${HOOK}"
+        "${TOOLS_DIR}"/cbuild "${CBUILD_COMMON_ARGS[@]}" --env "${SKIP_ENV}" --env "DOCKER_REGISTRY=$DOCKER_REGISTRY" --env "DOCKER_USER=$DOCKER_USER" --env "DOCKER_PASSWORD=$DOCKER_PASSWORD" --cmd "${PRECOMMIT} run --config ./.pre-commit-config.yaml --all-files ${HOOK}"
       done
   esac
 else
   __init
   CLEANUP=1
   # shellcheck disable=SC2086
-  "${TOOLS_DIR}"/cbuild "${CBUILD_COMMON_ARGS[@]}" --env "${SKIP_ENV}" --cmd "${PRECOMMIT} run --config ./.pre-commit-config.yaml --all-files"
+  "${TOOLS_DIR}"/cbuild "${CBUILD_COMMON_ARGS[@]}" --env "${SKIP_ENV}" --env "DOCKER_REGISTRY=$DOCKER_REGISTRY" --env "DOCKER_USER=$DOCKER_USER" --env "DOCKER_PASSWORD=$DOCKER_PASSWORD" --cmd "${PRECOMMIT} run --config ./.pre-commit-config.yaml --all-files"
 fi

builders/tools/terraform

@@ -16,6 +16,9 @@
 # environment variables (all optional):
 #   TERRAFORM_VERSION            specify the terraform version to use
 #   WORKSPACE                    repo root directory, must be an absolute path
+#   DOCKER_REGISTRY              docker registry for terraform image
+#   DOCKER_USER                  docker user for DOCKER_REGISTRY
+#   DOCKER_PASSWORD              docker password for DOCKER_REGISTRY
 #
 # AWS-related environment variables exported into the terraform container:
 # For more info on supported env vars, see:
@@ -60,7 +63,11 @@ if [[ -t 0 ]] && [[ -t 1 ]]; then
   )
 fi
 
-readonly IMAGE_TAGGED=hashicorp/terraform:"${TERRAFORM_VERSION}"
+if [[ -n "$DOCKER_PASSWORD" ]]; then
+  docker login $DOCKER_REGISTRY -u ${DOCKER_USER} -p ${DOCKER_PASSWORD}
+fi
+
+readonly IMAGE_TAGGED=${DOCKER_REGISTRY}hashicorp/terraform:"${TERRAFORM_VERSION}"
 REL_PWD="$(realpath --relative-to="${WORKSPACE}" "$(pwd)")"
 readonly REL_PWD
 WORKSPACE_MOUNT="$(builder::get_docker_workspace_mount)"
@@ -82,5 +89,4 @@ DOCKER_RUN_ARGS+=(
 # shellcheck disable=SC2068
 docker run \
   "${DOCKER_RUN_ARGS[@]}" \
-  "${IMAGE_TAGGED}" \
-  "$@"
+  ${IMAGE_TAGGED} "$@"

src/BUILD.bazel

@@ -20,6 +20,7 @@ package_group(
     name = "scp_internal_pkg",
     packages = [
         "//src/aws/...",
+        "//src/azure/...",
         "//src/core/...",
         "//src/cpio/...",
         "//src/public/...",

src/azure/BUILD.bazel

@@ -0,0 +1,20 @@
+# Portions Copyright (c) Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+package(default_visibility = ["//visibility:public"])
+
+alias(
+    name = "attestation",
+    actual = "//src/azure/attestation:src",
+)

src/azure/attestation/BUILD.bazel

@@ -0,0 +1,30 @@
+# Portions Copyright (c) Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+package(default_visibility = ["//visibility:public"])
+
+alias(
+    name = "src",
+    actual = "//src/azure/attestation/src:attestation",
+)
+
+alias(
+    name = "utils",
+    actual = "//src/azure/attestation/src/utils:attestation_utils",
+)
+
+alias(
+    name = "print_report",
+    actual = "//src/azure/attestation/src:print_report",
+)

src/azure/attestation/src/BUILD.bazel

@@ -0,0 +1,51 @@
+# Portions Copyright (c) Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load("@rules_cc//cc:defs.bzl", "cc_binary", "cc_library")
+
+package(default_visibility = ["//visibility:public"])
+
+cc_library(
+    name = "attestation",
+    srcs = [
+        "endorsed_tcb.cc",
+        "endorsements.cc",
+        "evidence.cc",
+        "fake_report.cc",
+        "report.cc",
+        "snp.cc",
+        "uvm_endorsements.cc",
+    ],
+    hdrs = [
+        "attestation.h",
+        "sev.h",
+        "sev_guest.h",
+    ],
+    deps = [
+        "//src/azure/attestation:utils",
+        "//src/core/utils:core_utils",
+        "@com_github_google_glog//:glog",
+        "@com_google_absl//absl/log:check",
+        "@com_google_absl//absl/strings",
+        "@nlohmann_json//:lib",
+    ],
+)
+
+cc_binary(
+    name = "print_report",
+    srcs = ["print_report.cc"],
+    deps = [
+        "attestation",
+    ],
+)