Add Azure integration test backend

Makefile

@@ -30,6 +30,7 @@ ATTESTATION_KEY_REGISTER_IMAGE=$(REGISTRY)/attestation-key-register:$(TAG)
 TRUSTEE_IMAGE ?= quay.io/trusted-execution-clusters/key-broker-service:20260106
 # tagged as 2026-01-20-attestation
 APPROVED_IMAGE ?= quay.io/trusted-execution-clusters/fedora-coreos@sha256:79a0657399e6c67c7c95b8a09193d18e5675b5aa3cfb4d75ea5c8d4d53b2af74
+TEST_IMAGE ?= quay.io/trusted-execution-clusters/fedora-coreos-kubevirt:2026-14-01
 
 BUILD_TYPE ?= release
 IMAGE_BUILD_OPTION ?=
@@ -48,26 +49,26 @@ attestation-key-register: crds-rs
 	cargo build -p attestation-key-register
 
 CRD_YAML_PATH = config/crd
+CRD_WORK_PATH = config/crd/tmp
 RBAC_YAML_PATH = config/rbac
 API_PATH = api/v1alpha1
 generate: $(CONTROLLER_GEN)
-	$(CONTROLLER_GEN) rbac:roleName=trusted-cluster-operator-role crd webhook paths="./..." \
-		output:crd:artifacts:config=$(CRD_YAML_PATH) \
-		output:rbac:artifacts:config=$(RBAC_YAML_PATH)
+	$(call controller-gen,./...,*)
+	$(call controller-gen,github.com/openshift/api/route/v1,*)
+	$(call controller-gen,github.com/openshift/api/config/v1,*_ingresses.yaml)
 
 RS_LIB_PATH = lib/src
 CRD_RS_PATH = $(RS_LIB_PATH)/kopium
 $(CRD_RS_PATH):
 	mkdir $(CRD_RS_PATH)
 
-YAML_PREFIX = trusted-execution-clusters.io_
-$(CRD_RS_PATH)/%.rs: $(CRD_YAML_PATH)/$(YAML_PREFIX)%.yaml $(KOPIUM) $(CRD_RS_PATH)
+$(CRD_RS_PATH)/%.rs: $(CRD_YAML_PATH)/*_%.yaml $(KOPIUM) $(CRD_RS_PATH)
 	$(KOPIUM) -f $< > $@
 	rustfmt $@
 
-crds-rs: generate
+crds-rs: generate $(KOPIUM) $(CRD_RS_PATH)
 	$(MAKE) $(shell find $(CRD_YAML_PATH) -type f \
-		| sed -E 's|$(CRD_YAML_PATH)/$(YAML_PREFIX)(.*)\.yaml|$(CRD_RS_PATH)/\1.rs|')
+		| sed -E 's|$(CRD_YAML_PATH)/.*_(.*)\.yaml|$(CRD_RS_PATH)/\1.rs|')
 
 trusted-cluster-gen: api/trusted-cluster-gen.go
 	go build -o $@ $<
@@ -192,8 +193,10 @@ test-release: crds-rs
 	cargo test --workspace --bins --release
 
 integration-tests: generate trusted-cluster-gen crds-rs
-	RUST_LOG=info cargo test --test trusted_execution_cluster --test attestation \
-		--features virtualization -- --no-capture  --test-threads=$(INTEGRATION_TEST_THREADS)
+	RUST_LOG=info REGISTRY=$(REGISTRY) TAG=$(TAG) \
+		TRUSTEE_IMAGE=$(TRUSTEE_IMAGE) APPROVED_IMAGE=$(APPROVED_IMAGE) TEST_IMAGE=$(TEST_IMAGE) \
+		cargo test --test trusted_execution_cluster --test attestation \
+		--features virtualization -- --nocapture --test-threads=$(INTEGRATION_TEST_THREADS)
 
 $(LOCALBIN):
 	mkdir -p $(LOCALBIN)
@@ -225,3 +228,12 @@ define cargo-install-tool
 	mv "$$(dirname $(1))/$(2)" $(1) ;\
 }
 endef
+
+define controller-gen
+mkdir -p $(CRD_WORK_PATH)
+$(CONTROLLER_GEN) rbac:roleName=trusted-cluster-operator-role crd webhook paths=$(1) \
+	output:crd:artifacts:config=$(CRD_WORK_PATH) \
+	output:rbac:artifacts:config=$(RBAC_YAML_PATH)
+mv $(CRD_WORK_PATH)/$(2) $(CRD_YAML_PATH)/
+rm -rf $(CRD_WORK_PATH)
+endef

attestation-key-register/src/main.rs

@@ -10,10 +10,12 @@ use log::{error, info};
 use serde::{Deserialize, Serialize};
 use std::convert::Infallible;
 use std::net::SocketAddr;
-use trusted_cluster_operator_lib::{AttestationKey, AttestationKeySpec};
 use uuid::Uuid;
 use warp::{http::StatusCode, reply, Filter};
 
+use trusted_cluster_operator_lib::endpoints::ATTESTATION_KEY_REGISTER_RESOURCE;
+use trusted_cluster_operator_lib::{AttestationKey, AttestationKeySpec};
+
 #[derive(Parser)]
 #[command(name = "attestation-key-register")]
 #[command(about = "HTTP server that accepts attestation key registrations")]
@@ -138,7 +140,7 @@ async fn main() -> anyhow::Result<()> {
         .context("Failed to create Kubernetes client")?;
 
     let register = warp::put()
-        .and(warp::path("register-ak"))
+        .and(warp::path(ATTESTATION_KEY_REGISTER_RESOURCE))
         .and(warp::body::json())
         .and(with_client(client))
         .and(warp::addr::remote())

go.mod

@@ -16,10 +16,12 @@ require (
 require (
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
+	github.com/openshift/api v0.0.0-20260128000234-c16ec2bcf089 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	golang.org/x/net v0.48.0 // indirect

go.sum

@@ -10,13 +10,17 @@ github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
 github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -31,6 +35,8 @@ github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns
 github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
 github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A=
 github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k=
+github.com/openshift/api v0.0.0-20260128000234-c16ec2bcf089 h1:qcKLN7H1dh2wt59Knpc1J5XzCCStSeaaFyEHHilFypg=
+github.com/openshift/api v0.0.0-20260128000234-c16ec2bcf089/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
@@ -43,22 +49,49 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
 go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
 golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
 golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
 golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
 golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
 golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

lib/src/endpoints.rs

@@ -0,0 +1,16 @@
+// SPDX-FileCopyrightText: Jakob Naucke <jnaucke@redhat.com>
+//
+// SPDX-License-Identifier: MIT
+
+pub const TRUSTEE_SERVICE: &str = "kbs-service";
+pub const TRUSTEE_DEPLOYMENT: &str = "trustee-deployment";
+pub const TRUSTEE_PORT: i32 = 8080;
+pub const REGISTER_SERVER_SERVICE: &str = "register-server";
+pub const REGISTER_SERVER_DEPLOYMENT: &str = "register-server";
+pub const REGISTER_SERVER_PORT: i32 = 8000;
+pub const ATTESTATION_KEY_REGISTER_SERVICE: &str = "attestation-key-register";
+pub const ATTESTATION_KEY_REGISTER_DEPLOYMENT: &str = "attestation-key-register";
+pub const ATTESTATION_KEY_REGISTER_PORT: i32 = 8001;
+
+pub const REGISTER_SERVER_RESOURCE: &str = "ignition-clevis-pin-trustee";
+pub const ATTESTATION_KEY_REGISTER_RESOURCE: &str = "register-ak";

lib/src/kopium.rs

@@ -4,5 +4,7 @@
 
 pub mod approvedimages;
 pub mod attestationkeys;
+pub mod ingresses;
 pub mod machines;
+pub mod routes;
 pub mod trustedexecutionclusters;

lib/src/lib.rs

@@ -3,14 +3,17 @@
 // SPDX-License-Identifier: MIT
 
 pub mod conditions;
+pub mod endpoints;
 pub mod reference_values;
 
 mod kopium;
 #[allow(clippy::all)]
 mod vendor_kopium;
 pub use kopium::approvedimages::*;
 pub use kopium::attestationkeys::*;
+pub use kopium::ingresses as openshift_ingresses;
 pub use kopium::machines::*;
+pub use kopium::routes;
 pub use kopium::trustedexecutionclusters::*;
 pub use vendor_kopium::virtualmachineinstances;
 pub use vendor_kopium::virtualmachines;

operator/src/attestation_key_register.rs

@@ -26,10 +26,10 @@ use kube::{
 use log::info;
 use serde_json::json;
 use std::{collections::BTreeMap, sync::Arc};
-use trusted_cluster_operator_lib::{
-    AttestationKey, AttestationKeyStatus, Machine, conditions::ATTESTATION_KEY_MACHINE_APPROVE,
-    update_status,
-};
+
+use trusted_cluster_operator_lib::conditions::ATTESTATION_KEY_MACHINE_APPROVE;
+use trusted_cluster_operator_lib::endpoints::*;
+use trusted_cluster_operator_lib::{AttestationKey, AttestationKeyStatus, Machine, update_status};
 
 use crate::conditions::attestation_key_approved_condition;
 use crate::trustee;
@@ -44,13 +44,12 @@ pub async fn create_attestation_key_register_deployment(
     owner_reference: OwnerReference,
     image: &str,
 ) -> Result<()> {
-    let name = "attestation-key-register";
     let app_label = "attestation-key-register";
     let labels = BTreeMap::from([("app".to_string(), app_label.to_string())]);
 
     let deployment = Deployment {
         metadata: ObjectMeta {
-            name: Some(name.to_string()),
+            name: Some(ATTESTATION_KEY_REGISTER_DEPLOYMENT.to_string()),
             owner_references: Some(vec![owner_reference]),
             ..Default::default()
         },
@@ -68,15 +67,15 @@ pub async fn create_attestation_key_register_deployment(
                 spec: Some(PodSpec {
                     service_account_name: Some("trusted-cluster-operator".to_string()),
                     containers: vec![Container {
-                        name: name.to_string(),
+                        name: ATTESTATION_KEY_REGISTER_DEPLOYMENT.to_string(),
                         image: Some(image.to_string()),
                         ports: Some(vec![ContainerPort {
-                            container_port: INTERNAL_ATTESTATION_KEY_REGISTER_PORT,
+                            container_port: ATTESTATION_KEY_REGISTER_PORT,
                             ..Default::default()
                         }]),
                         args: Some(vec![
                             "--port".to_string(),
-                            INTERNAL_ATTESTATION_KEY_REGISTER_PORT.to_string(),
+                            ATTESTATION_KEY_REGISTER_PORT.to_string(),
                         ]),
                         ..Default::default()
                     }],
@@ -98,13 +97,12 @@ pub async fn create_attestation_key_register_service(
     owner_reference: OwnerReference,
     attestation_key_register_port: Option<i32>,
 ) -> Result<()> {
-    let name = "attestation-key-register";
     let app_label = "attestation-key-register";
     let labels = BTreeMap::from([("app".to_string(), app_label.to_string())]);
 
     let service = Service {
         metadata: ObjectMeta {
-            name: Some(name.to_string()),
+            name: Some(ATTESTATION_KEY_REGISTER_SERVICE.to_string()),
             labels: Some(labels.clone()),
             owner_references: Some(vec![owner_reference]),
             ..Default::default()

operator/src/register_server.rs

@@ -28,9 +28,8 @@ use std::{collections::BTreeMap, sync::Arc};
 
 use crate::trustee;
 use operator::*;
-use trusted_cluster_operator_lib::Machine;
+use trusted_cluster_operator_lib::{Machine, endpoints::*};
 
-const INTERNAL_REGISTER_SERVER_PORT: i32 = 8000;
 /// Finalizer name to discard decryption keys when a machine is deleted
 const MACHINE_FINALIZER: &str = "finalizer.machine.trusted-execution-clusters.io";
 
@@ -39,13 +38,12 @@ pub async fn create_register_server_deployment(
     owner_reference: OwnerReference,
     image: &str,
 ) -> Result<()> {
-    let name = "register-server";
     let app_label = "register-server";
     let labels = BTreeMap::from([("app".to_string(), app_label.to_string())]);
 
     let deployment = Deployment {
         metadata: ObjectMeta {
-            name: Some(name.to_string()),
+            name: Some(REGISTER_SERVER_DEPLOYMENT.to_string()),
             owner_references: Some(vec![owner_reference]),
             ..Default::default()
         },
@@ -63,16 +61,13 @@ pub async fn create_register_server_deployment(
                 spec: Some(PodSpec {
                     service_account_name: Some("trusted-cluster-operator".to_string()),
                     containers: vec![Container {
-                        name: name.to_string(),
+                        name: REGISTER_SERVER_DEPLOYMENT.to_string(),
                         image: Some(image.to_string()),
                         ports: Some(vec![ContainerPort {
-                            container_port: INTERNAL_REGISTER_SERVER_PORT,
+                            container_port: REGISTER_SERVER_PORT,
                             ..Default::default()
                         }]),
-                        args: Some(vec![
-                            "--port".to_string(),
-                            INTERNAL_REGISTER_SERVER_PORT.to_string(),
-                        ]),
+                        args: Some(vec!["--port".to_string(), REGISTER_SERVER_PORT.to_string()]),
                         ..Default::default()
                     }],
                     ..Default::default()
@@ -93,13 +88,12 @@ pub async fn create_register_server_service(
     owner_reference: OwnerReference,
     register_server_port: Option<i32>,
 ) -> Result<()> {
-    let name = "register-server";
     let app_label = "register-server";
     let labels = BTreeMap::from([("app".to_string(), app_label.to_string())]);
 
     let service = Service {
         metadata: ObjectMeta {
-            name: Some(name.to_string()),
+            name: Some(REGISTER_SERVER_SERVICE.to_string()),
             labels: Some(labels.clone()),
             owner_references: Some(vec![owner_reference]),
             ..Default::default()
@@ -108,8 +102,8 @@ pub async fn create_register_server_service(
             selector: Some(labels),
             ports: Some(vec![ServicePort {
                 name: Some("http".to_string()),
-                port: register_server_port.unwrap_or(INTERNAL_REGISTER_SERVER_PORT),
-                target_port: Some(IntOrString::Int(INTERNAL_REGISTER_SERVER_PORT)),
+                port: register_server_port.unwrap_or(REGISTER_SERVER_PORT),
+                target_port: Some(IntOrString::Int(REGISTER_SERVER_PORT)),
                 protocol: Some("TCP".to_string()),
                 ..Default::default()
             }]),

operator/src/tpm.rego

@@ -12,8 +12,8 @@ executables := 3 if {
 }
 # Azure SNP vTPM validation
 executables := 3 if {
-  lower(input.azsnpvtpm.tpm.pcr04) in query_reference_value("tpm_pcr4")
-  lower(input.azsnpvtpm.tpm.pcr14) in query_reference_value("tpm_pcr14")
+  input["az-snp-vtpm"].tpm.pcr04 in query_reference_value("tpm_pcr4")
+  input["az-snp-vtpm"].tpm.pcr14 in query_reference_value("tpm_pcr14")
 }
 
 default configuration := 0