Enable workflows to request a TEE#22220
Open
nolag wants to merge 23 commits into
Open
Conversation
nolag
force-pushed
the
rtinianov_teeRuntime
branch
from
cee8c0b to
53e611e
Compare
Contributor
CORA - Pending Reviewers
Legend: ✅ Approved | ❌ Changes Requested | 💬 Commented | 🚫 Dismissed | ⏳ Pending | ❓ Unknown For more details, see the full review summary. |
Contributor
|
I see you updated files related to
|
Contributor
|
✅ No conflicts with other open PRs targeting |
…e factory
createModule built a RequirementSelectingModule that wraps a local WASM
module and a ConfidentialModule, so triggers carrying a TEE requirement
in their subscription route to the confidential-workflows capability
(which executes WASM inside the enclave) while other triggers continue
to run locally. The routing infrastructure was correct but unused:
engineFactoryFn never called createModule, so the V2 engine received
a bare local WASM module and every trigger ran locally.
For a confidential workflow whose handler is declared as
cre.HandlerInTee(..., cre.AnyTee{}), the cron fires, the engine calls
localWASM.Execute(triggerRequest), the WASM calls runtime.GetSecret,
which routes to the workflow-node SecretsFetcher and queries vault
capability config on the remote capabilities DON. That config's
DefaultConfig is nil for remote capabilities, so unmarshalConfig
errors with "cannot unwrap nil values.Map" and every execution fails:
the test waits 5 minutes for a successful trigger that never comes.
Inline the createModule wrap into engineFactoryFn's V2 branch and
delete the orphan function. Thread binaryURL through engineFactoryFn
so ConfidentialModule can hand it to the capability.
…t the wiring fix Test_workflowRegisteredHandler_confidentialRouting was designed to catch the missing wire-up of the RequirementSelectingModule. It didn't, because the captureTrigger stub had shouldRun=true, so its assertion inside RegisterTrigger always passed even when the engine routed the trigger to the local trigger capability (which is the bug path the test should reject). Flip the flag to false so the assertion fails when the routing falls back to the local registry. With the wiring in place the trigger flows through the confidential cap mock (which sets trigger.ran via its Execute), so RegisterTrigger on the captureTrigger is never invoked and the shouldRun assertion does not run. Without the wiring the engine registers the trigger directly with the captureTrigger, the assertion fires, and the test fails.
nolag
force-pushed
the
rtinianov_teeRuntime
branch
from
f192c64 to
bc2001d
Compare
product-security-plaid-production
Bot
requested review from
ChrisAmora,
MStreet3,
george-dorin and
vyzaldysanchez
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Requires
Supports