Update FCP version

The "dest" field was removed from the access policy proto and explain_fcp_attestation_record and test needed to be updated accordingly. Change-Id: I37288beaa646e3562a73365daeda45707cf79af2
google-parfait · Aug 30, 2024 · 416c910 · 416c910
1 parent 8dce505
commit 416c910
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 14 deletions.
diff --git a/WORKSPACE b/WORKSPACE
@@ -122,9 +122,9 @@ http_archive(
         "//third_party/federated_compute:libcppbor.patch",
         "//third_party/federated_compute:visibility.patch",
     ],
-    sha256 = "245fbd236182da7baadc05025e412afb8e482c96ab10a1c5c39b5287d309f741",
-    strip_prefix = "federated-compute-987d5d57c1b581d8a474baa6c70852ddfdae67fe",
-    url = "https://github.com/google/federated-compute/archive/987d5d57c1b581d8a474baa6c70852ddfdae67fe.tar.gz",
+    sha256 = "1a5e61e54b384e404ad64034636b1a411c969bc725d85d0f567d452353c7d18c",
+    strip_prefix = "federated-compute-6ff27b581f3ddada0f3dff9732fb7aa43b2da827",
+    url = "https://github.com/google/federated-compute/archive/6ff27b581f3ddada0f3dff9732fb7aa43b2da827.tar.gz",
 )
 
 http_archive(

diff --git a/tools/explain_fcp_attestation_record/src/lib.rs b/tools/explain_fcp_attestation_record/src/lib.rs
@@ -144,11 +144,6 @@ fn explain_data_access_policy(
         writeln!(buf)?;
         writeln!(buf, ">>>>> Transform #{i} <<<<<",)?;
         writeln!(buf, "Source blob ID: {}", transform.src)?;
-        writeln!(
-            buf,
-            "Destination blob ID: {}",
-            transform.dest.map_or("N/A (terminal transform)".to_string(), |id| id.to_string()),
-        )?;
         writeln!(buf)?;
         explain_transform_access_budgets(buf, transform, i, &policy.shared_access_budgets)?;
         writeln!(buf)?;

diff --git a/...cord/tests/snapshots/snapshot_tests__explain_record_with_nonempty_data_access_policy.snap b/...cord/tests/snapshots/snapshot_tests__explain_record_with_nonempty_data_access_policy.snap
@@ -84,7 +84,6 @@ The data access policy allows 3 data transformations and defines 2 shared access
 
 >>>>> Transform #0 <<<<<
 Source blob ID: 0
-Destination blob ID: 1
 
 Access budgets: the transform's access to its source blob is gated by *all* of the following access rules:
 - limited access budget (at most 2 times): the transform may only access its source blob this many times.
@@ -142,7 +141,6 @@ Note: we don't print sigstore.dev links for the binary digests in this list of r
 
 >>>>> Transform #1 <<<<<
 Source blob ID: 0
-Destination blob ID: N/A (terminal transform)
 
 Access budgets: the transform's access to its source blob is gated by *all* of the following access rules:
 - limited shared access budget #1 (at most 2 times): this and other transforms sharing this same budget may only access their source blobs this many times combined.
@@ -199,7 +197,6 @@ Note: we don't print sigstore.dev links for the binary digests in this list of r
 
 >>>>> Transform #2 <<<<<
 Source blob ID: 1
-Destination blob ID: N/A (terminal transform)
 
 Access budgets: the transform's access to its source blob is gated by *all* of the following access rules:
 - limited shared access budget #0 (at most 5 times): this and other transforms sharing this same budget may only access their source blobs this many times combined.

diff --git a/tools/explain_fcp_attestation_record/tests/testdata/mod.rs b/tools/explain_fcp_attestation_record/tests/testdata/mod.rs
@@ -72,7 +72,6 @@ pub fn record_with_nonempty_access_policy() -> AttestationVerificationRecord {
         // This is a transform that processes the initial input data and produces some output data
         // that can only be processed by transform #3.
         src: 0,
-        dest: Some(1),
         application: Some(ApplicationMatcher {
             tag: Some("app2".to_string()),
             reference_values: Some(create_skip_all_amd_sev_reference_values()),
@@ -98,7 +97,6 @@ pub fn record_with_nonempty_access_policy() -> AttestationVerificationRecord {
     data_access_policy.transforms.push(Transform {
         // This is a 'terminal' transform that processes the initial input data.
         src: 0,
-        dest: None,
         application: Some(ApplicationMatcher {
             tag: Some("app2".to_string()),
             reference_values: Some(create_skip_all_amd_sev_reference_values()),
@@ -123,7 +121,6 @@ pub fn record_with_nonempty_access_policy() -> AttestationVerificationRecord {
     data_access_policy.transforms.push(Transform {
         // This is a 'terminal' transform which uses the output for the first transform.
         src: 1,
-        dest: None,
         application: Some(ApplicationMatcher {
             tag: Some("app3".to_string()),
             // For this last transform we purposely don't specify any reference values nor config