feat: add dependency-triples support to comid create#53
Conversation
|
Hi @rsampaio, thanks again for your contribution to Veraison. I assume you are waiting for the related PR in veraison/corim to merge before updating the dependency here. Correct? |
|
That is correct @thomas-fossati, this PR directly depends on the changes in veraison/corim that you reviewed as well! |
Bump veraison/corim to v1.1.3-0.20260326144920-25855f5e7afe which introduces the DomainDependencyTriple type from draft-9 of the CoRIM specification. Add a JSON template and test coverage for the new triple type, covering both a valid round-trip and rejection of empty trustees Signed-off-by: Rodrigo Sampaio Vaz <rvaz@nvidia.com>
rsampaio
force-pushed
the
feature/add-dependency-triples
branch
from
e4138df to
303bda4
Compare
|
@thomas-fossati I bumped the corim depedency and this should be ready for review, I also squashed the commits as requested for the previous PR |
thomas-fossati
left a comment
thomas-fossati
left a comment
There was a problem hiding this comment.
LGTM, thanks!
(One thought I had looking at this PR is that perhaps Valid should verify that the domain dependency triples, when viewed collectively as a dependency graph, do not form loops.)
This is a requirement in §5.1.11.2: "Trust dependency graphs are acyclic, meaning a domain-id MUST NOT appear in the trustees list or within a trustee's subtree." |
Good point I will open a new PR to corim to address that! |
|
Since both PRs to corim got merged do you think we can get this one in as well @thomas-fossati ? |
This one clearly slipped through the net 🤦 |
2 participants
Add a JSON template and test coverage for CoMID dependency-triples as defined in draft-9 of the CoRIM specification. Each triple associates a domain identifier with one or more trustee environments.
Includes a round-trip test that encodes a template to CBOR and decodes it back to verify the DomainDependencies field, and a negative test confirming that empty trustees are rejected.
Note: this PR depends on the veraison/corim changes that introduce the DomainDependencies triple type. The go.mod require line should be bumped to the published version of those changes before merging.