Fix: Solved more PR comments.

src/aleph/vm/orchestrator/resources.py

@@ -132,10 +132,7 @@ async def about_certificates(request: web.Request):
 
     sev_client: SevClient = request.app["sev_client"]
 
-    if not sev_client.certificates_archive.is_file():
-        await sev_client.export_certificates()
-
-    return web.FileResponse(sev_client.certificates_archive)
+    return web.FileResponse(await sev_client.get_certificates())
 
 
 class Allocation(BaseModel):

src/aleph/vm/sevclient.py

@@ -11,12 +11,13 @@ def __init__(self, sev_dir: Path):
         self.certificates_archive = self.certificates_dir / "certs_export.cert"
 
     async def sevctl_cmd(self, *args) -> bytes:
-        result = await run_in_subprocess(
+        return await run_in_subprocess(
             ["sevctl", *args],
             check=True,
         )
 
-        return result
+    async def get_certificates(self) -> Path:
+        if not self.certificates_archive.is_file():
+            _ = await self.sevctl_cmd("export", str(self.certificates_archive))
 
-    async def export_certificates(self):
-        _ = await self.sevctl_cmd("export", str(self.certificates_archive))
+        return self.certificates_archive

tests/supervisor/test_views.py

@@ -1,3 +1,4 @@
+import tempfile
 from pathlib import Path
 from unittest import mock
 from unittest.mock import call
@@ -147,7 +148,6 @@ async def test_about_certificates(aiohttp_client):
 
     settings.ENABLE_QEMU_SUPPORT = True
     settings.ENABLE_CONFIDENTIAL_COMPUTING = True
-    settings.CONFIDENTIAL_DIRECTORY = Path().resolve()
     settings.setup()
 
     with mock.patch(
@@ -158,18 +158,16 @@ async def test_about_certificates(aiohttp_client):
             "aleph.vm.sevclient.run_in_subprocess",
             return_value=True,
         ) as export_mock:
-            app = setup_webapp()
-            sev_client = SevClient(settings.CONFIDENTIAL_DIRECTORY)
-            app["sev_client"] = sev_client
-            # Create mock file to return it
-            Path(sev_client.certificates_archive).touch(exist_ok=True)
-
-            client = await aiohttp_client(app)
-            response: web.Response = await client.get("/about/certificates")
-            assert response.status == 200
-            is_file_mock.assert_has_calls([call(), call()])
-            certificates_expected_dir = sev_client.certificates_archive
-            export_mock.assert_called_once_with(["sevctl", "export", str(certificates_expected_dir)], check=True)
-
-            # Remove file mock
-            Path(sev_client.certificates_archive).unlink()
+            with tempfile.TemporaryDirectory() as tmp_dir:
+                app = setup_webapp()
+                sev_client = SevClient(Path(tmp_dir))
+                app["sev_client"] = sev_client
+                # Create mock file to return it
+                Path(sev_client.certificates_archive).touch(exist_ok=True)
+
+                client = await aiohttp_client(app)
+                response: web.Response = await client.get("/about/certificates")
+                assert response.status == 200
+                is_file_mock.assert_has_calls([call(), call()])
+                certificates_expected_dir = sev_client.certificates_archive
+                export_mock.assert_called_once_with(["sevctl", "export", str(certificates_expected_dir)], check=True)