-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cloud-config: add support for CDH config
fixes #1720 This change will add a write_files entry to the cloud-config file that is produced by CAA. aa-kbc-params are converted into a config file with kbc name and kbc url. process-user-data has been made more flexible to also support this entry. guest-components in versions.yaml has been updated to a new revision that requires a cdh config file. the kata-agent service unit has been extended to have the env CDH_CONFIG_FILE=/run/confidential-containers/cdh.toml set, which is the path that we add as a cloud-config directive. Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
- Loading branch information
Showing
8 changed files
with
223 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package cdh | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
|
||
"github.com/pelletier/go-toml/v2" | ||
) | ||
|
||
const ( | ||
ConfigFilePath = "/run/confidential-containers/cdh.toml" | ||
Socket = "unix:///run/confidential-containers/cdh.sock" | ||
) | ||
|
||
type Credential struct{} | ||
|
||
type Config struct { | ||
Socket string `toml:"socket"` | ||
KBC KBCConfig `toml:"kbc"` | ||
Credentials []Credential `toml:"credentials"` | ||
} | ||
|
||
type KBCConfig struct { | ||
Name string `toml:"name"` | ||
URL string `toml:"url"` | ||
} | ||
|
||
func parseAAKBCParams(aaKBCParams string) (*Config, error) { | ||
parts := strings.SplitN(aaKBCParams, "::", 2) | ||
if len(parts) != 2 { | ||
return nil, fmt.Errorf("Invalid aa-kbs-params input: %s", aaKBCParams) | ||
} | ||
name, url := parts[0], parts[1] | ||
kbcConfig := KBCConfig{name, url} | ||
return &Config{Socket, kbcConfig, []Credential{}}, nil | ||
} | ||
|
||
func CreateConfigFile(aaKBCParams string) (string, error) { | ||
config, err := parseAAKBCParams(aaKBCParams) | ||
if err != nil { | ||
return "", err | ||
} | ||
bytes, err := toml.Marshal(config) | ||
if err != nil { | ||
return "", err | ||
} | ||
return string(bytes), nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package cdh | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/pelletier/go-toml/v2" | ||
) | ||
|
||
func TestCDHConfigFileFromAAKBCParams(t *testing.T) { | ||
refdoc := ` | ||
socket = "%s" | ||
credentials = [] | ||
[kbc] | ||
name = "cc_kbc" | ||
url = "http://1.2.3.4:8080" | ||
` | ||
refdoc = fmt.Sprintf(refdoc, Socket) | ||
var refcfg Config | ||
err := toml.Unmarshal([]byte(refdoc), &refcfg) | ||
if err != nil { | ||
panic(err) | ||
} | ||
|
||
config, err := parseAAKBCParams("cc_kbc::http://1.2.3.4:8080") | ||
if err != nil { | ||
t.Error(err) | ||
} | ||
|
||
if config.KBC.Name != refcfg.KBC.Name { | ||
t.Errorf("Expected %s, got %s", refcfg.KBC.Name, config.KBC.Name) | ||
} | ||
if config.KBC.URL != refcfg.KBC.URL { | ||
t.Errorf("Expected %s, got %s", refcfg.KBC.URL, config.KBC.URL) | ||
} | ||
if config.Socket != refcfg.Socket { | ||
t.Errorf("Expected %s, got %s", refcfg.Socket, config.Socket) | ||
} | ||
if len(config.Credentials) != 0 { | ||
t.Errorf("Expected empty credentials array") | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.