From c2c8324c68d99bca25d09f6b41d0fdde0cf2a4d9 Mon Sep 17 00:00:00 2001
From: Ganeshkumar Ashokavardhanan
 <35557827+ganeshkumarashok@users.noreply.github.com>
Date: Tue, 12 Mar 2024 16:05:20 -0700
Subject: [PATCH 1/4] fix: update mirror proxy version to 0.2.8 for lower
 streaming logs and other fixes (#4156)

---
 vhdbuilder/packer/install-dependencies.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vhdbuilder/packer/install-dependencies.sh b/vhdbuilder/packer/install-dependencies.sh
index 30b47649d8f..c7bf46e265f 100644
--- a/vhdbuilder/packer/install-dependencies.sh
+++ b/vhdbuilder/packer/install-dependencies.sh
@@ -176,7 +176,7 @@ installAndConfigureArtifactStreaming() {
   # arguments: package name, package extension
   PACKAGE_NAME=$1
   PACKAGE_EXTENSION=$2
-  MIRROR_PROXY_VERSION='0.2.7'
+  MIRROR_PROXY_VERSION='0.2.8'
   MIRROR_DOWNLOAD_PATH="./$1.$2"
   MIRROR_PROXY_URL="https://acrstreamingpackage.blob.core.windows.net/bin/${MIRROR_PROXY_VERSION}/${PACKAGE_NAME}.${PACKAGE_EXTENSION}"
   retrycmd_curl_file 10 5 60 $MIRROR_DOWNLOAD_PATH $MIRROR_PROXY_URL || exit ${ERR_ARTIFACT_STREAMING_DOWNLOAD}

From 4cfc581567696ed975e28978452bec8084654961 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miko=C5=82aj=20Uma=C5=84ski?= <mik.umanski@gmail.com>
Date: Tue, 12 Mar 2024 16:06:58 -0700
Subject: [PATCH 2/4] chore: add another team member to the code owners (#4157)

Co-authored-by: Mikolaj Umanski <mumanski@microsoft.com>
---
 CODEOWNERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CODEOWNERS b/CODEOWNERS
index 89c4827389d..5a5b0722e0e 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1 +1 @@
-* @juan-lee @cameronmeissner @UtheMan @ganeshkumarashok @anujmaheshwari1 @AlisonB319 @Devinwong @lilypan26 @ShiqianTao @AbelHu @junjiezhang1997
+* @juan-lee @cameronmeissner @UtheMan @ganeshkumarashok @anujmaheshwari1 @AlisonB319 @Devinwong @lilypan26 @ShiqianTao @AbelHu @junjiezhang1997 @jason1028kr

From 51a2a4db296935c996acae5d05f7f9ffa5aa3fa7 Mon Sep 17 00:00:00 2001
From: lilypan26 <lilylpan0426@gmail.com>
Date: Tue, 12 Mar 2024 17:24:02 -0700
Subject: [PATCH 3/4] chore: update tls bootstrap config in self-contained
 contract (#4150)

Co-authored-by: Lily Pan <lilypan@microsoft.com>
---
 pkg/proto/nbcontract/v1/apiserverconfig.pb.go |   2 +-
 pkg/proto/nbcontract/v1/config.pb.go          |   2 +-
 .../nbcontract/v1/containerdconfig.pb.go      |   2 +-
 .../nbcontract/v1/customcatrustconfig.pb.go   |   2 +-
 .../nbcontract/v1/customcloudconfig.pb.go     |   2 +-
 .../nbcontract/v1/customlinuxosconfig.pb.go   |   2 +-
 .../v1/customsearchdomainconfig.pb.go         |   2 +-
 pkg/proto/nbcontract/v1/featurestate.pb.go    |   2 +-
 pkg/proto/nbcontract/v1/gpuconfig.pb.go       |   2 +-
 pkg/proto/nbcontract/v1/httpproxyconfig.pb.go |   2 +-
 pkg/proto/nbcontract/v1/identityconfig.pb.go  |   2 +-
 .../nbcontract/v1/kubebinaryconfig.pb.go      |   2 +-
 pkg/proto/nbcontract/v1/kubeletconfig.pb.go   |   2 +-
 .../nbcontract/v1/loadbalancerconfig.pb.go    |   2 +-
 pkg/proto/nbcontract/v1/networkconfig.pb.go   |   2 +-
 pkg/proto/nbcontract/v1/nodepoolprofile.pb.go |   2 +-
 pkg/proto/nbcontract/v1/runcconfig.pb.go      |   2 +-
 pkg/proto/nbcontract/v1/teleportconfig.pb.go  |   2 +-
 .../v1/tlsbootstrappingconfig.pb.go           | 107 ++++++++----------
 .../v1/tlsbootstrappingconfig.proto           |  11 +-
 20 files changed, 67 insertions(+), 87 deletions(-)

diff --git a/pkg/proto/nbcontract/v1/apiserverconfig.pb.go b/pkg/proto/nbcontract/v1/apiserverconfig.pb.go
index 19f69837ef0..1da9af58788 100644
--- a/pkg/proto/nbcontract/v1/apiserverconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/apiserverconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/apiserverconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/config.pb.go b/pkg/proto/nbcontract/v1/config.pb.go
index 65363e02995..2ae26098fe4 100644
--- a/pkg/proto/nbcontract/v1/config.pb.go
+++ b/pkg/proto/nbcontract/v1/config.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/config.proto
 
diff --git a/pkg/proto/nbcontract/v1/containerdconfig.pb.go b/pkg/proto/nbcontract/v1/containerdconfig.pb.go
index 760c64be57d..4f3c564ee05 100644
--- a/pkg/proto/nbcontract/v1/containerdconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/containerdconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/containerdconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/customcatrustconfig.pb.go b/pkg/proto/nbcontract/v1/customcatrustconfig.pb.go
index 8096a84970a..9611be84b29 100644
--- a/pkg/proto/nbcontract/v1/customcatrustconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/customcatrustconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/customcatrustconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/customcloudconfig.pb.go b/pkg/proto/nbcontract/v1/customcloudconfig.pb.go
index 006ac9d9318..29099b5aea8 100644
--- a/pkg/proto/nbcontract/v1/customcloudconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/customcloudconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/customcloudconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/customlinuxosconfig.pb.go b/pkg/proto/nbcontract/v1/customlinuxosconfig.pb.go
index 6c7eba56976..c64ca7790c9 100644
--- a/pkg/proto/nbcontract/v1/customlinuxosconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/customlinuxosconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/customlinuxosconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/customsearchdomainconfig.pb.go b/pkg/proto/nbcontract/v1/customsearchdomainconfig.pb.go
index c867f17d9f7..814661feaad 100644
--- a/pkg/proto/nbcontract/v1/customsearchdomainconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/customsearchdomainconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/customsearchdomainconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/featurestate.pb.go b/pkg/proto/nbcontract/v1/featurestate.pb.go
index b74f1d872a8..87df1cd5cf2 100644
--- a/pkg/proto/nbcontract/v1/featurestate.pb.go
+++ b/pkg/proto/nbcontract/v1/featurestate.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/featurestate.proto
 
diff --git a/pkg/proto/nbcontract/v1/gpuconfig.pb.go b/pkg/proto/nbcontract/v1/gpuconfig.pb.go
index 1f1a1b50f6b..bdc1f243865 100644
--- a/pkg/proto/nbcontract/v1/gpuconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/gpuconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/gpuconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/httpproxyconfig.pb.go b/pkg/proto/nbcontract/v1/httpproxyconfig.pb.go
index ce1bbe33d2c..f6b82ca363b 100644
--- a/pkg/proto/nbcontract/v1/httpproxyconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/httpproxyconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/httpproxyconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/identityconfig.pb.go b/pkg/proto/nbcontract/v1/identityconfig.pb.go
index 71db5c00da3..a84911f93f8 100644
--- a/pkg/proto/nbcontract/v1/identityconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/identityconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/identityconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/kubebinaryconfig.pb.go b/pkg/proto/nbcontract/v1/kubebinaryconfig.pb.go
index b4a071d390e..53165650489 100644
--- a/pkg/proto/nbcontract/v1/kubebinaryconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/kubebinaryconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/kubebinaryconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/kubeletconfig.pb.go b/pkg/proto/nbcontract/v1/kubeletconfig.pb.go
index da6a16716b6..0d29e5af5f4 100644
--- a/pkg/proto/nbcontract/v1/kubeletconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/kubeletconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/kubeletconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/loadbalancerconfig.pb.go b/pkg/proto/nbcontract/v1/loadbalancerconfig.pb.go
index 4c6d74b77d0..64344d42a9a 100644
--- a/pkg/proto/nbcontract/v1/loadbalancerconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/loadbalancerconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/loadbalancerconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/networkconfig.pb.go b/pkg/proto/nbcontract/v1/networkconfig.pb.go
index 4b2f742204d..702e600e9f8 100644
--- a/pkg/proto/nbcontract/v1/networkconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/networkconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/networkconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/nodepoolprofile.pb.go b/pkg/proto/nbcontract/v1/nodepoolprofile.pb.go
index 6ace4b03f3c..4995f4e1c6b 100644
--- a/pkg/proto/nbcontract/v1/nodepoolprofile.pb.go
+++ b/pkg/proto/nbcontract/v1/nodepoolprofile.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/nodepoolprofile.proto
 
diff --git a/pkg/proto/nbcontract/v1/runcconfig.pb.go b/pkg/proto/nbcontract/v1/runcconfig.pb.go
index 3ab90464f80..aa3631768bf 100644
--- a/pkg/proto/nbcontract/v1/runcconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/runcconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/runcconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/teleportconfig.pb.go b/pkg/proto/nbcontract/v1/teleportconfig.pb.go
index 37dd2d4c92b..960fcc2f0ec 100644
--- a/pkg/proto/nbcontract/v1/teleportconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/teleportconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/teleportconfig.proto
 
diff --git a/pkg/proto/nbcontract/v1/tlsbootstrappingconfig.pb.go b/pkg/proto/nbcontract/v1/tlsbootstrappingconfig.pb.go
index a365868d405..d7833890fa5 100644
--- a/pkg/proto/nbcontract/v1/tlsbootstrappingconfig.pb.go
+++ b/pkg/proto/nbcontract/v1/tlsbootstrappingconfig.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.32.0
+// 	protoc-gen-go v1.33.0
 // 	protoc        (unknown)
 // source: pkg/proto/nbcontract/v1/tlsbootstrappingconfig.proto
 
@@ -25,12 +25,9 @@ type TLSBootstrappingConfig struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// discuss whether this should be featureState or bool
-	// understand how defaulting works for enum, because we want default to be false
-	TlsBootstrappingStatus                 FeatureState `protobuf:"varint,1,opt,name=tls_bootstrapping_status,json=tlsBootstrappingStatus,proto3,enum=nbcontract.v1.FeatureState" json:"tls_bootstrapping_status,omitempty"` // need to review the relationship between tls_bootstrapping_status and secure_tls_bootstrapping_status. For example, if they are multually exclusive, then we should use oneof
-	SecureTlsBootstrappingStatus           FeatureState `protobuf:"varint,2,opt,name=secure_tls_bootstrapping_status,json=secureTlsBootstrappingStatus,proto3,enum=nbcontract.v1.FeatureState" json:"secure_tls_bootstrapping_status,omitempty"`
-	TlsBootstrapToken                      string       `protobuf:"bytes,3,opt,name=tls_bootstrap_token,json=tlsBootstrapToken,proto3" json:"tls_bootstrap_token,omitempty"`                                                                      // Only required until Secure TLS bootstrapping in place. Would use kubelet identity after that.
-	CustomSecureTlsBootstrapAppserverAppid string       `protobuf:"bytes,4,opt,name=custom_secure_tls_bootstrap_appserver_appid,json=customSecureTlsBootstrapAppserverAppid,proto3" json:"custom_secure_tls_bootstrap_appserver_appid,omitempty"` // will follow up with the feature owner to see if this should be optional
+	EnableSecureTlsBootstrapping           *bool  `protobuf:"varint,1,opt,name=enable_secure_tls_bootstrapping,json=enableSecureTlsBootstrapping,proto3,oneof" json:"enable_secure_tls_bootstrapping,omitempty"`
+	TlsBootstrapToken                      string `protobuf:"bytes,2,opt,name=tls_bootstrap_token,json=tlsBootstrapToken,proto3" json:"tls_bootstrap_token,omitempty"`                                                                      // Only required until Secure TLS bootstrapping in place. Would use kubelet identity after that.
+	CustomSecureTlsBootstrapAppserverAppid string `protobuf:"bytes,3,opt,name=custom_secure_tls_bootstrap_appserver_appid,json=customSecureTlsBootstrapAppserverAppid,proto3" json:"custom_secure_tls_bootstrap_appserver_appid,omitempty"` // Only used when secure TLS bootstrapping is enabled
 }
 
 func (x *TLSBootstrappingConfig) Reset() {
@@ -65,18 +62,11 @@ func (*TLSBootstrappingConfig) Descriptor() ([]byte, []int) {
 	return file_pkg_proto_nbcontract_v1_tlsbootstrappingconfig_proto_rawDescGZIP(), []int{0}
 }
 
-func (x *TLSBootstrappingConfig) GetTlsBootstrappingStatus() FeatureState {
-	if x != nil {
-		return x.TlsBootstrappingStatus
-	}
-	return FeatureState_FEATURE_STATE_UNSPECIFIED
-}
-
-func (x *TLSBootstrappingConfig) GetSecureTlsBootstrappingStatus() FeatureState {
-	if x != nil {
-		return x.SecureTlsBootstrappingStatus
+func (x *TLSBootstrappingConfig) GetEnableSecureTlsBootstrapping() bool {
+	if x != nil && x.EnableSecureTlsBootstrapping != nil {
+		return *x.EnableSecureTlsBootstrapping
 	}
-	return FeatureState_FEATURE_STATE_UNSPECIFIED
+	return false
 }
 
 func (x *TLSBootstrappingConfig) GetTlsBootstrapToken() string {
@@ -103,42 +93,37 @@ var file_pkg_proto_nbcontract_v1_tlsbootstrappingconfig_proto_rawDesc = []byte{
 	0x63, 0x74, 0x2e, 0x76, 0x31, 0x1a, 0x2a, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
 	0x2f, 0x6e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2f, 0x76, 0x31, 0x2f, 0x66,
 	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x22, 0xe0, 0x02, 0x0a, 0x16, 0x54, 0x4c, 0x53, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72,
-	0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x55, 0x0a, 0x18,
-	0x74, 0x6c, 0x73, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e,
-	0x67, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b,
-	0x2e, 0x6e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x46,
-	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x16, 0x74, 0x6c, 0x73,
-	0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x12, 0x62, 0x0a, 0x1f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x6c,
-	0x73, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x5f,
-	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b, 0x2e, 0x6e,
-	0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x65, 0x61,
-	0x74, 0x75, 0x72, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x1c, 0x73, 0x65, 0x63, 0x75, 0x72,
-	0x65, 0x54, 0x6c, 0x73, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e,
-	0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x6c, 0x73, 0x5f, 0x62,
-	0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x74, 0x6c, 0x73, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72,
-	0x61, 0x70, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x5b, 0x0a, 0x2b, 0x63, 0x75, 0x73, 0x74, 0x6f,
-	0x6d, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x62, 0x6f, 0x6f,
-	0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x5f, 0x61, 0x70, 0x70, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x5f, 0x61, 0x70, 0x70, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x26, 0x63, 0x75,
-	0x73, 0x74, 0x6f, 0x6d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x54, 0x6c, 0x73, 0x42, 0x6f, 0x6f,
-	0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x41, 0x70, 0x70, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x41,
-	0x70, 0x70, 0x69, 0x64, 0x42, 0xc7, 0x01, 0x0a, 0x11, 0x63, 0x6f, 0x6d, 0x2e, 0x6e, 0x62, 0x63,
-	0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2e, 0x76, 0x31, 0x42, 0x1b, 0x54, 0x6c, 0x73, 0x62,
-	0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x40, 0x67, 0x69, 0x74, 0x68, 0x75,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x7a, 0x75, 0x72, 0x65, 0x2f, 0x41, 0x67, 0x65, 0x6e,
-	0x74, 0x42, 0x61, 0x6b, 0x65, 0x72, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x2f, 0x6e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2f, 0x76, 0x31, 0x3b, 0x6e,
-	0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x4e, 0x58,
-	0x58, 0xaa, 0x02, 0x0d, 0x4e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2e, 0x56,
-	0x31, 0xca, 0x02, 0x0d, 0x4e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x5c, 0x56,
-	0x31, 0xe2, 0x02, 0x19, 0x4e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x5c, 0x56,
-	0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0e,
-	0x4e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6f, 0x22, 0x95, 0x02, 0x0a, 0x16, 0x54, 0x4c, 0x53, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72,
+	0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4a, 0x0a, 0x1f,
+	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x6c,
+	0x73, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x1c, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x53,
+	0x65, 0x63, 0x75, 0x72, 0x65, 0x54, 0x6c, 0x73, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61,
+	0x70, 0x70, 0x69, 0x6e, 0x67, 0x88, 0x01, 0x01, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x6c, 0x73, 0x5f,
+	0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x74, 0x6c, 0x73, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74,
+	0x72, 0x61, 0x70, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x5b, 0x0a, 0x2b, 0x63, 0x75, 0x73, 0x74,
+	0x6f, 0x6d, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x62, 0x6f,
+	0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x5f, 0x61, 0x70, 0x70, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x5f, 0x61, 0x70, 0x70, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x26, 0x63,
+	0x75, 0x73, 0x74, 0x6f, 0x6d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x54, 0x6c, 0x73, 0x42, 0x6f,
+	0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x41, 0x70, 0x70, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x41, 0x70, 0x70, 0x69, 0x64, 0x42, 0x22, 0x0a, 0x20, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65,
+	0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x62, 0x6f, 0x6f, 0x74,
+	0x73, 0x74, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x42, 0xc7, 0x01, 0x0a, 0x11, 0x63, 0x6f,
+	0x6d, 0x2e, 0x6e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2e, 0x76, 0x31, 0x42,
+	0x1b, 0x54, 0x6c, 0x73, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e,
+	0x67, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x40,
+	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x7a, 0x75, 0x72, 0x65,
+	0x2f, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x6b, 0x65, 0x72, 0x2f, 0x70, 0x6b, 0x67, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x6e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74,
+	0x2f, 0x76, 0x31, 0x3b, 0x6e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x76, 0x31,
+	0xa2, 0x02, 0x03, 0x4e, 0x58, 0x58, 0xaa, 0x02, 0x0d, 0x4e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72,
+	0x61, 0x63, 0x74, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x0d, 0x4e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72,
+	0x61, 0x63, 0x74, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x19, 0x4e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72,
+	0x61, 0x63, 0x74, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0xea, 0x02, 0x0e, 0x4e, 0x62, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x3a,
+	0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -156,16 +141,13 @@ func file_pkg_proto_nbcontract_v1_tlsbootstrappingconfig_proto_rawDescGZIP() []b
 var file_pkg_proto_nbcontract_v1_tlsbootstrappingconfig_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
 var file_pkg_proto_nbcontract_v1_tlsbootstrappingconfig_proto_goTypes = []interface{}{
 	(*TLSBootstrappingConfig)(nil), // 0: nbcontract.v1.TLSBootstrappingConfig
-	(FeatureState)(0),              // 1: nbcontract.v1.FeatureState
 }
 var file_pkg_proto_nbcontract_v1_tlsbootstrappingconfig_proto_depIdxs = []int32{
-	1, // 0: nbcontract.v1.TLSBootstrappingConfig.tls_bootstrapping_status:type_name -> nbcontract.v1.FeatureState
-	1, // 1: nbcontract.v1.TLSBootstrappingConfig.secure_tls_bootstrapping_status:type_name -> nbcontract.v1.FeatureState
-	2, // [2:2] is the sub-list for method output_type
-	2, // [2:2] is the sub-list for method input_type
-	2, // [2:2] is the sub-list for extension type_name
-	2, // [2:2] is the sub-list for extension extendee
-	0, // [0:2] is the sub-list for field type_name
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
 }
 
 func init() { file_pkg_proto_nbcontract_v1_tlsbootstrappingconfig_proto_init() }
@@ -188,6 +170,7 @@ func file_pkg_proto_nbcontract_v1_tlsbootstrappingconfig_proto_init() {
 			}
 		}
 	}
+	file_pkg_proto_nbcontract_v1_tlsbootstrappingconfig_proto_msgTypes[0].OneofWrappers = []interface{}{}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/pkg/proto/nbcontract/v1/tlsbootstrappingconfig.proto b/pkg/proto/nbcontract/v1/tlsbootstrappingconfig.proto
index efc1b395021..38e1510c98e 100644
--- a/pkg/proto/nbcontract/v1/tlsbootstrappingconfig.proto
+++ b/pkg/proto/nbcontract/v1/tlsbootstrappingconfig.proto
@@ -1,12 +1,9 @@
 syntax = "proto3";
 package nbcontract.v1;
 import "pkg/proto/nbcontract/v1/featurestate.proto";
-
+ 
 message TLSBootstrappingConfig {
-    // discuss whether this should be featureState or bool
-    // understand how defaulting works for enum, because we want default to be false
-    FeatureState tls_bootstrapping_status = 1; // need to review the relationship between tls_bootstrapping_status and secure_tls_bootstrapping_status. For example, if they are multually exclusive, then we should use oneof
-    FeatureState secure_tls_bootstrapping_status = 2;
-    string tls_bootstrap_token = 3; // Only required until Secure TLS bootstrapping in place. Would use kubelet identity after that.
-    string custom_secure_tls_bootstrap_appserver_appid = 4; // will follow up with the feature owner to see if this should be optional
+    optional bool enable_secure_tls_bootstrapping = 1;
+    string tls_bootstrap_token = 2; // Only required until Secure TLS bootstrapping in place. Would use kubelet identity after that.
+    string custom_secure_tls_bootstrap_appserver_appid = 3; // Only used when secure TLS bootstrapping is enabled
   }
\ No newline at end of file

From 3ba7413e45df389145561bf911c27964428d86da Mon Sep 17 00:00:00 2001
From: Jason Jung <jason1028kr@gmail.com>
Date: Tue, 12 Mar 2024 19:17:25 -0700
Subject: [PATCH 4/4] feat: Enable Artifact Streaming on Mariner+Fips env
 (#4114)

Co-authored-by: jasonjung <jasonjung@microsoft.com>
---
 vhdbuilder/packer/install-dependencies.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vhdbuilder/packer/install-dependencies.sh b/vhdbuilder/packer/install-dependencies.sh
index c7bf46e265f..392119d1222 100644
--- a/vhdbuilder/packer/install-dependencies.sh
+++ b/vhdbuilder/packer/install-dependencies.sh
@@ -193,7 +193,7 @@ if [ $OS == $UBUNTU_OS_NAME ] && [ $(isARM64)  != 1 ] && [ $UBUNTU_MAJOR_VERSION
   installAndConfigureArtifactStreaming acr-mirror-${UBUNTU_RELEASE//.} deb
 fi
 
-if [ $OS == $MARINER_OS_NAME ]  && [ $OS_VERSION == "2.0" ] && [ $(isARM64)  != 1 ] && [[ ${ENABLE_FIPS,,} != "true" ]]; then
+if [ $OS == $MARINER_OS_NAME ]  && [ $OS_VERSION == "2.0" ] && [ $(isARM64)  != 1 ]; then
   installAndConfigureArtifactStreaming acr-mirror-mariner rpm
 fi