NOISSUE - Update cocos to match certs changes

agent/README.md

@@ -6,16 +6,24 @@ Agent service provides a barebones HTTP and gRPC API and Service interface imple
 
 The service is configured using the environment variables from the following table. Note that any unset variables will be replaced with their default values.
 
-| Variable                       | Description                                                                                                   | Default                        |
-| ------------------------------ | ------------------------------------------------------------------------------------------------------------- | ------------------------------ |
-| AGENT_LOG_LEVEL                | Log level for agent service (debug, info, warn, error)                                                        | debug                          |
-| AGENT_CVM_GRPC_HOST            | Agent service gRPC host                                                                                       | ""                             |
-| AGENT_CVM_GRPC_PORT            | Agent service gRPC port                                                                                       | 7001                           |
-| AGENT_CVM_GRPC_SERVER_CERT     | Path to gRPC server certificate in pem format                                                                 | ""                             |
-| AGENT_CVM_GRPC_SERVER_KEY      | Path to gRPC server key in pem format                                                                         | ""                             |
-| AGENT_CVM_GRPC_SERVER_CA_CERTS | Path to gRPC server CA certificate                                                                            | ""                             |
-| AGENT_CVM_GRPC_CLIENT_CA_CERTS | Path to gRPC client CA certificate                                                                            | ""                             |
-| AGENT_CVM_CA_URL               | URL for CA service, if provided it will be used for certificate generation, used only with aTLS at the moment | ""                             |
+| Variable                       | Description                                                                                                   | Default                                         |
+| ------------------------------ | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
+| AGENT_LOG_LEVEL                | Log level for agent service (debug, info, warn, error)                                                        | debug                                           |
+| AGENT_VMPL                     | VMPL (Virtual Machine Privilege Level) for AMD SEV-SNP attestation (0-3)                                      | 2                                               |
+| AGENT_GRPC_HOST                | Agent service gRPC host address                                                                               | 0.0.0.0                                         |
+| AGENT_CVM_GRPC_HOST            | Agent service gRPC host                                                                                       | ""                                              |
+| AGENT_CVM_GRPC_PORT            | Agent service gRPC port                                                                                       | 7001                                            |
+| AGENT_CVM_GRPC_SERVER_CERT     | Path to gRPC server certificate in pem format                                                                 | ""                                              |
+| AGENT_CVM_GRPC_SERVER_KEY      | Path to gRPC server key in pem format                                                                         | ""                                              |
+| AGENT_CVM_GRPC_SERVER_CA_CERTS | Path to gRPC server CA certificate                                                                            | ""                                              |
+| AGENT_CVM_GRPC_CLIENT_CA_CERTS | Path to gRPC client CA certificate                                                                            | ""                                              |
+| AGENT_CVM_CA_URL               | URL for CA service, if provided it will be used for certificate generation, used only with aTLS at the moment | ""                                              |
+| AGENT_CVM_ID                   | Unique identifier for the CVM (Confidential Virtual Machine)                                                  | ""                                              |
+| AGENT_CERTS_TOKEN              | Authentication token for certificate service access                                                           | ""                                              |
+| AGENT_MAA_URL                  | Microsoft Azure Attestation service URL for Azure attestation                                                 | https://sharedeus2.eus2.attest.azure.net        |
+| AGENT_OS_BUILD                 | Operating system build information for attestation                                                            | UVC                                             |
+| AGENT_OS_DISTRO                | Operating system distribution information for attestation                                                     | UVC                                             |
+| AGENT_OS_TYPE                  | Operating system type information for attestation                                                             | UVC                                             |
 
 ## Deployment
 

cmd/agent/main.go

@@ -14,8 +14,8 @@ import (
 	"os"
 	"os/signal"
 	"syscall"
-	"time"
 
+	"github.com/absmach/certs/sdk"
 	mglog "github.com/absmach/supermq/logger"
 	"github.com/absmach/supermq/pkg/prometheus"
 	"github.com/caarlos0/env/v11"
@@ -39,22 +39,22 @@ import (
 
 const (
 	svcName          = "agent"
-	defSvcGRPCPort   = "7002"
-	retryInterval    = 5 * time.Second
 	envPrefixCVMGRPC = "AGENT_CVM_GRPC_"
 	storageDir       = "/var/lib/cocos/agent"
 )
 
 type config struct {
-	LogLevel      string `env:"AGENT_LOG_LEVEL"  envDefault:"debug"`
-	Vmpl          int    `env:"AGENT_VMPL"       envDefault:"2"`
-	AgentGrpcHost string `env:"AGENT_GRPC_HOST"  envDefault:"0.0.0.0"`
-	CAUrl         string `env:"AGENT_CVM_CA_URL" envDefault:""`
-	CVMId         string `env:"AGENT_CVM_ID"     envDefault:""`
-	AgentMaaURL   string `env:"AGENT_MAA_URL"    envDefault:"https://sharedeus2.eus2.attest.azure.net"`
-	AgentOSBuild  string `env:"AGENT_OS_BUILD"   envDefault:"UVC"`
-	AgentOSDistro string `env:"AGENT_OS_DISTRO"  envDefault:"UVC"`
-	AgentOSType   string `env:"AGENT_OS_TYPE"    envDefault:"UVC"`
+	LogLevel      string `env:"AGENT_LOG_LEVEL"   envDefault:"debug"`
+	Vmpl          int    `env:"AGENT_VMPL"        envDefault:"2"`
+	AgentGrpcHost string `env:"AGENT_GRPC_HOST"   envDefault:"0.0.0.0"`
+	CAUrl         string `env:"AGENT_CVM_CA_URL"  envDefault:""`
+	CVMId         string `env:"AGENT_CVM_ID"      envDefault:""`
+	DomainId      string `env:"AGENT_DOMAIN_ID"   envDefault:""`
+	CertsToken    string `env:"AGENT_CERTS_TOKEN" envDefault:""`
+	AgentMaaURL   string `env:"AGENT_MAA_URL"     envDefault:"https://sharedeus2.eus2.attest.azure.net"`
+	AgentOSBuild  string `env:"AGENT_OS_BUILD"    envDefault:"UVC"`
+	AgentOSDistro string `env:"AGENT_OS_DISTRO"   envDefault:"UVC"`
+	AgentOSType   string `env:"AGENT_OS_TYPE"     envDefault:"UVC"`
 }
 
 func main() {
@@ -167,7 +167,13 @@ func main() {
 	var certProvider atls.CertificateProvider
 
 	if ccPlatform != attestation.NoCC {
-		certProvider, err = atls.NewProvider(provider, ccPlatform, cfg.CVMId, cfg.CAUrl)
+		var certsSDK sdk.SDK
+		if cfg.CAUrl != "" {
+			certsSDK = sdk.NewSDK(sdk.Config{
+				HostURL: cfg.CAUrl,
+			})
+		}
+		certProvider, err = atls.NewProvider(provider, ccPlatform, cfg.CertsToken, cfg.CVMId, certsSDK)
 		if err != nil {
 			logger.Error(fmt.Sprintf("failed to create certificate provider: %s", err))
 			exitCode = 1

go.mod

@@ -17,8 +17,8 @@ require (
 	go.opentelemetry.io/otel/trace v1.38.0
 	golang.org/x/crypto v0.41.0
 	golang.org/x/sync v0.16.0
-	google.golang.org/grpc v1.75.0
-	google.golang.org/protobuf v1.36.8
+	google.golang.org/grpc v1.75.1
+	google.golang.org/protobuf v1.36.9
 )
 
 require (
@@ -89,13 +89,12 @@ require (
 	golang.org/x/time v0.12.0 // indirect
 	google.golang.org/api v0.247.0 // indirect
 	google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gotest.tools/v3 v3.5.1 // indirect
 	moul.io/http2curl v1.0.0 // indirect
 )
 
 require (
-	github.com/absmach/certs v0.17.0
+	github.com/absmach/certs v0.17.1-0.20250917112321-8f5858cda80e
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
@@ -134,3 +133,5 @@ require (
 replace github.com/virtee/sev-snp-measure-go => github.com/sammyoina/sev-snp-measure-go v0.0.0-20241202151803-ef189f0ff825
 
 replace github.com/google/go-tpm-tools => github.com/danko-miladinovic/go-tpm-tools v0.0.0-20250228160324-1ebcfd79567c
+
+replace github.com/absmach/certs => github.com/washingtonkk/certs v0.0.0-20250925140628-7d1de8d1b5e4