[AZ-182][AZ-184][AZ-187] Batch 1

Made-with: Cursor
2026-04-22 06:46:32 +00:00 · 2026-04-15 07:23:47 +03:00
parent 765d3d32c1
commit d244799f02
22 changed files with 1622 additions and 16 deletions
@@ -1,4 +1,14 @@
+x-tpm-device-mounts-for-jetson:
+  devices:
+    - /dev/tpm0
+    - /dev/tpmrm0
+
 services:
+  swtpm:
+    image: danieltrick/swtpm-docker:latest
+    networks:
+      - e2e-net
+
  mock-api:
    build: ./mocks/mock_api
    ports:
@@ -27,14 +37,20 @@ services:
    ports:
      - "8080:8080"
    depends_on:
-      - mock-api
-      - mock-cdn
+      swtpm:
+        condition: service_started
+      mock-api:
+        condition: service_started
+      mock-cdn:
+        condition: service_started
    environment:
      RESOURCE_API_URL: http://mock-api:9090
      IMAGES_PATH: /tmp/test.enc
      API_VERSION: test
+      TSS2_FAPICONF: /etc/tpm2-tss/fapi-config-azaion-swtpm.json
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
+      - ./fapi-config.swtpm.json:/etc/tpm2-tss/fapi-config-azaion-swtpm.json:ro
    networks:
      - e2e-net

@@ -0,0 +1,12 @@
+{
+  "profile_name": "P_ECCP256SHA256",
+  "profile_dir": "/etc/tpm2-tss/fapi-profiles/",
+  "user_dir": "/tmp/tpm2-tss/user/keystore",
+  "system_dir": "/tmp/tpm2-tss/system/keystore",
+  "tcti": "swtpm:host=swtpm,port=2321",
+  "ek_cert_less": "yes",
+  "system_pcrs": [],
+  "log_dir": "/tmp/tpm2-tss/eventlog",
+  "firmware_log_file": "/dev/null",
+  "ima_log_file": "/dev/null"
+}
@@ -35,6 +35,12 @@ class LoginBody(BaseModel):
    password: str


+class GetUpdateBody(BaseModel):
+    dev_stage: str = ""
+    architecture: str = ""
+    current_versions: dict[str, str] = {}
+
+
 def _calc_hash(key: str) -> str:
    h = hashlib.sha384(key.encode("utf-8")).digest()
    return base64.b64encode(h).decode("utf-8")
@@ -117,3 +123,19 @@ def binary_split_key_fragment():
 async def resources_check(request: Request):
    await request.body()
    return Response(status_code=200)
+
+
+@app.post("/get-update")
+def get_update(body: GetUpdateBody):
+    ann = body.current_versions.get("annotations", "")
+    if not ann or ann < "2026-04-13":
+        return [
+            {
+                "resourceName": "annotations",
+                "version": "2026-04-13",
+                "cdnUrl": f"{CDN_HOST}/fleet/annotations",
+                "sha256": "a" * 64,
+                "encryptionKey": "mock-fleet-encryption-key",
+            }
+        ]
+    return []