[TSP] Updates to Attestation TSP (Azure#38148)

kashifkhan · web-flow · commit c5601446fc65 · 2025-10-15T08:55:53.000-07:00
* fix client name and point the right name

* base64 url handling
diff --git a/specification/attestation/data-plane/Attestation/client.tsp b/specification/attestation/data-plane/Attestation/client.tsp
@@ -4,7 +4,7 @@ import "@azure-tools/typespec-client-generator-core";
 using Azure.ClientGenerator.Core;
 using AttestationService;
 
-@@clientName(AttestationService, "Attestation");
+@@clientName(AttestationService, "AttestationClient");
 
 @@clientName(AttestationResult.`x-ms-sgx-svn`, "svn");
 @@clientName(AttestationResult.svn, "deprecatedSvn");
diff --git a/specification/attestation/data-plane/Attestation/models.tsp b/specification/attestation/data-plane/Attestation/models.tsp
@@ -197,6 +197,7 @@ model AttestOpenEnclaveRequest {
   /**
    * OpenEnclave report from the enclave to be attested
    */
+  @encode(BytesKnownEncoding.base64url)
   report?: bytes;
 
   /**
@@ -237,6 +238,7 @@ model RuntimeData {
    * quote, the SHA256 hash of the RuntimeData must match the quote's "report data"
    * attribute.
    */
+  @encode(BytesKnownEncoding.base64url)
   data?: bytes;
 
   /**
@@ -260,6 +262,7 @@ model InitTimeData {
    * attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match
    * the quote's "host data" attribute.
    */
+  @encode(BytesKnownEncoding.base64url)
   data?: bytes;
 
   /**
@@ -286,6 +289,7 @@ model AttestSgxEnclaveRequest {
   /**
    * Quote of the enclave to be attested
    */
+  @encode(BytesKnownEncoding.base64url)
   quote?: bytes;
 
   /**
@@ -343,6 +347,7 @@ model TpmAttestationRequest {
   /**
    * Protocol data containing artifacts for attestation.
    */
+  @encode(BytesKnownEncoding.base64url)
   data?: bytes;
 }
 
@@ -353,6 +358,7 @@ model TpmAttestationResponse {
   /**
    * Protocol data containing attestation service response.
    */
+  @encode(BytesKnownEncoding.base64url)
   data?: bytes;
 }
 
@@ -397,6 +403,7 @@ model AttestTdxVmRequest {
   /**
    * Quote of the TDX virtual machine to be attested
    */
+  @encode(BytesKnownEncoding.base64url)
   quote?: bytes;
 
   /**
@@ -677,7 +684,7 @@ model PolicyCertificatesModificationResult {
   /**
    * The result of the operation
    */
-  @encodedName("application/json", "x-ms-certificate-result")
+  @encodedName("application/json", "x-ms-policycertificates-result")
   certificateResolution?: CertificateModification;
 }
 
@@ -689,6 +696,7 @@ model StoredAttestationPolicy {
    * Policy text to set as a sequence of UTF-8 encoded octets.
    */
   @encodedName("application/json", "AttestationPolicy")
+  @encode(BytesKnownEncoding.base64url)
   attestationPolicy?: bytes;
 }
 
@@ -706,6 +714,7 @@ model PolicyResult {
    * The SHA256 hash of the policy object modified
    */
   @encodedName("application/json", "x-ms-policy-token-hash")
+  @encode(BytesKnownEncoding.base64url)
   policyTokenHash?: bytes;
 
   /**
@@ -806,6 +815,7 @@ model AttestationResult {
    * The SHA256 hash of the BASE64URL encoded policy text used for attestation
    */
   @encodedName("application/json", "x-ms-policy-hash")
+  @encode(BytesKnownEncoding.base64url)
   policyHash?: bytes;
 
   /**
@@ -842,6 +852,7 @@ model AttestationResult {
    * A copy of the RuntimeData specified as an input to the attest call.
    */
   @encodedName("application/json", "x-ms-sgx-ehd")
+  @encode(BytesKnownEncoding.base64url)
   enclaveHeldData?: bytes;
 
   /**
@@ -872,12 +883,14 @@ model AttestationResult {
    * DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.
    */
   @encodedName("application/json", "aas-ehd")
+  @encode(BytesKnownEncoding.base64url)
   deprecatedEnclaveHeldData?: bytes;
 
   /**
    * DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.
    */
   @encodedName("application/json", "maa-ehd")
+  @encode(BytesKnownEncoding.base64url)
   deprecatedEnclaveHeldData2?: bytes;
 
   /**
diff --git a/specification/attestation/data-plane/Attestation/stable/2025-06-01/attestation.json b/specification/attestation/data-plane/Attestation/stable/2025-06-01/attestation.json
@@ -932,7 +932,7 @@
       "properties": {
         "report": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "OpenEnclave report from the enclave to be attested"
         },
         "runtimeData": {
@@ -985,7 +985,7 @@
       "properties": {
         "quote": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "Quote of the enclave to be attested"
         },
         "runtimeData": {
@@ -1012,7 +1012,7 @@
       "properties": {
         "quote": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "Quote of the TDX virtual machine to be attested"
         },
         "runtimeData": {
@@ -1129,7 +1129,7 @@
         },
         "x-ms-policy-hash": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "The SHA256 hash of the BASE64URL encoded policy text used for attestation",
           "x-ms-client-name": "policyHash"
         },
@@ -1161,7 +1161,7 @@
         },
         "x-ms-sgx-ehd": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "A copy of the RuntimeData specified as an input to the attest call.",
           "x-ms-client-name": "enclaveHeldData"
         },
@@ -1193,13 +1193,13 @@
         },
         "aas-ehd": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.",
           "x-ms-client-name": "deprecatedEnclaveHeldData"
         },
         "maa-ehd": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.",
           "x-ms-client-name": "deprecatedEnclaveHeldData2"
         },
@@ -1433,7 +1433,7 @@
       "properties": {
         "data": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "Initialization time data are passed into the Trusted Execution Environment\n(TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the\nInitTimeData must match the lower 32 bytes of the quote's \"config id\"\nattribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match\nthe quote's \"host data\" attribute."
         },
         "dataType": {
@@ -1589,7 +1589,7 @@
           "description": "Hex encoded SHA1 Hash of the binary representation certificate which was added\nor removed",
           "x-ms-client-name": "certificateThumbprint"
         },
-        "x-ms-certificate-result": {
+        "x-ms-policycertificates-result": {
           "$ref": "#/definitions/CertificateModification",
           "description": "The result of the operation",
           "x-ms-client-name": "certificateResolution"
@@ -1675,7 +1675,7 @@
         },
         "x-ms-policy-token-hash": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "The SHA256 hash of the policy object modified",
           "x-ms-client-name": "policyTokenHash"
         },
@@ -1711,7 +1711,7 @@
       "properties": {
         "data": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "Runtime data are generated by the Trusted Execution Environment (TEE). For an\nSGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must\nmatch the lower 32 bytes of the quote's \"report data\" attribute. For a SEV-SNP\nquote, the SHA256 hash of the RuntimeData must match the quote's \"report data\"\nattribute."
         },
         "dataType": {
@@ -1760,7 +1760,7 @@
       "properties": {
         "AttestationPolicy": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "Policy text to set as a sequence of UTF-8 encoded octets.",
           "x-ms-client-name": "attestationPolicy"
         }
@@ -1817,7 +1817,7 @@
       "properties": {
         "data": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "Protocol data containing artifacts for attestation."
         }
       }
@@ -1828,7 +1828,7 @@
       "properties": {
         "data": {
           "type": "string",
-          "format": "byte",
+          "format": "base64url",
           "description": "Protocol data containing attestation service response."
         }
       }
