From 87275727b9c7a53fd4fb14296e7cfc42f92b92fb Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Fri, 14 Jul 2023 18:48:22 +0000 Subject: [PATCH] Export token filepath --- launcher/container_runner.go | 11 ++++++----- launcher/container_runner_test.go | 10 +++++----- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/launcher/container_runner.go b/launcher/container_runner.go index 6252ff325..62e652d3b 100644 --- a/launcher/container_runner.go +++ b/launcher/container_runner.go @@ -50,9 +50,10 @@ type ContainerRunner struct { const ( // hostTokenPath defined the directory in the host that will store attestation tokens hostTokenPath = "/tmp/container_launcher/" - // containerTokenMountPath defined the directory in the container stores attestation tokens - containerTokenMountPath = "/run/container_launcher/" - attestationVerifierTokenFile = "attestation_verifier_claims_token" + // ContainerTokenMountPath defined the directory in the container stores attestation tokens + ContainerTokenMountPath = "/run/container_launcher/" + // AttestationVerifierTokenFile defines the name of the file the attestation token is stored in. + AttestationVerifierTokenFile = "attestation_verifier_claims_token" tokenFileTmp = ".token.tmp" ) @@ -268,7 +269,7 @@ func formatEnvVars(envVars []spec.EnvVar) ([]string, error) { // appendTokenMounts appends the default mount specs for the OIDC token func appendTokenMounts(mounts []specs.Mount) []specs.Mount { m := specs.Mount{} - m.Destination = containerTokenMountPath + m.Destination = ContainerTokenMountPath m.Type = "bind" m.Source = hostTokenPath m.Options = []string{"rbind", "ro"} @@ -365,7 +366,7 @@ func (r *ContainerRunner) refreshToken(ctx context.Context) (time.Duration, erro } // Rename the temp file to the token file (to avoid race conditions). - if err = os.Rename(tmpTokenPath, path.Join(hostTokenPath, attestationVerifierTokenFile)); err != nil { + if err = os.Rename(tmpTokenPath, path.Join(hostTokenPath, AttestationVerifierTokenFile)); err != nil { return 0, fmt.Errorf("failed to rename the token file: %v", err) } diff --git a/launcher/container_runner_test.go b/launcher/container_runner_test.go index 3257b549c..76b1aed1c 100644 --- a/launcher/container_runner_test.go +++ b/launcher/container_runner_test.go @@ -117,7 +117,7 @@ func TestRefreshToken(t *testing.T) { t.Fatalf("refreshToken returned with error: %v", err) } - filepath := path.Join(hostTokenPath, attestationVerifierTokenFile) + filepath := path.Join(hostTokenPath, AttestationVerifierTokenFile) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) @@ -194,7 +194,7 @@ func TestFetchAndWriteTokenSucceeds(t *testing.T) { t.Fatalf("fetchAndWriteToken failed: %v", err) } - filepath := path.Join(hostTokenPath, attestationVerifierTokenFile) + filepath := path.Join(hostTokenPath, AttestationVerifierTokenFile) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) @@ -228,7 +228,7 @@ func TestTokenIsNotChangedIfRefreshFails(t *testing.T) { t.Fatalf("fetchAndWriteToken failed: %v", err) } - filepath := path.Join(hostTokenPath, attestationVerifierTokenFile) + filepath := path.Join(hostTokenPath, AttestationVerifierTokenFile) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) @@ -306,7 +306,7 @@ func testRetryPolicyWithNTries(t *testing.T, numTries int, expectRefresh bool) { if err := runner.fetchAndWriteTokenWithRetry(ctx, testRetryPolicyThreeTimes()); err != nil { t.Fatalf("fetchAndWriteTokenWithRetry failed: %v", err) } - filepath := path.Join(hostTokenPath, attestationVerifierTokenFile) + filepath := path.Join(hostTokenPath, AttestationVerifierTokenFile) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("failed to read from %s: %v", filepath, err) @@ -360,7 +360,7 @@ func TestFetchAndWriteTokenWithTokenRefresh(t *testing.T) { t.Fatalf("fetchAndWriteToken failed: %v", err) } - filepath := path.Join(hostTokenPath, attestationVerifierTokenFile) + filepath := path.Join(hostTokenPath, AttestationVerifierTokenFile) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err)