2023-06-01 13:55:46 +02:00
/ *
Copyright ( c ) Edgeless Systems GmbH
SPDX - License - Identifier : AGPL - 3.0 - only
* /
2023-08-23 16:39:49 +02:00
/ *
2023-08-31 10:46:50 +02:00
This package provides a CLI to interact with the Attestationconfig API , a sub API of the Resource API .
2023-08-23 16:39:49 +02:00
2023-09-11 10:57:32 +02:00
You can execute an e2e test by running : ` bazel run //internal/api/attestationconfigapi:configapi_e2e_test ` .
2023-09-25 11:53:02 +02:00
The CLI is used in the CI pipeline . Manual actions that change the bucket ' s data shouldn ' t be necessary .
The reporter CLI caches the observed version values in a dedicated caching directory and derives the latest API version from it .
Any version update is then pushed to the API .
2023-08-23 16:39:49 +02:00
* /
2023-08-10 09:45:46 +02:00
package main
2023-06-01 13:55:46 +02:00
import (
"os"
2023-08-23 16:39:49 +02:00
"github.com/edgelesssys/constellation/v2/internal/constants"
2023-06-01 13:55:46 +02:00
"github.com/spf13/cobra"
)
const (
2023-06-02 12:10:22 +02:00
awsRegion = "eu-central-1"
awsBucket = "cdn-constellation-backend"
2023-08-23 16:39:49 +02:00
distributionID = constants . CDNDefaultDistributionID
2023-06-02 12:10:22 +02:00
envCosignPwd = "COSIGN_PASSWORD"
envCosignPrivateKey = "COSIGN_PRIVATE_KEY"
2023-09-25 11:53:02 +02:00
// versionWindowSize defines the number of versions to be considered for the latest version. Each week 5 versions are uploaded for each node of the verify cluster.
versionWindowSize = 15
2023-06-01 13:55:46 +02:00
)
var (
// Cosign credentials.
2023-06-02 12:10:22 +02:00
cosignPwd string
privateKey string
2023-06-01 13:55:46 +02:00
)
2023-08-10 09:45:46 +02:00
func main ( ) {
if err := newRootCmd ( ) . Execute ( ) ; err != nil {
os . Exit ( 1 )
}
os . Exit ( 0 )
2023-06-01 13:55:46 +02:00
}
// newRootCmd creates the root command.
func newRootCmd ( ) * cobra . Command {
2023-11-14 13:24:25 +01:00
rootCmd := & cobra . Command {
Short : "CLI to interact with the attestationconfig API" ,
Long : "CLI to interact with the attestationconfig API. Allows uploading new TCB versions, deleting specific versions and deleting all versions. Uploaded objects are signed with cosign." ,
}
2023-11-09 09:59:19 +01:00
rootCmd . PersistentFlags ( ) . StringP ( "region" , "r" , awsRegion , "region of the targeted bucket." )
rootCmd . PersistentFlags ( ) . StringP ( "bucket" , "b" , awsBucket , "bucket targeted by all operations." )
rootCmd . PersistentFlags ( ) . Bool ( "testing" , false , "upload to S3 test bucket." )
rootCmd . AddCommand ( newUploadCmd ( ) )
rootCmd . AddCommand ( newDeleteCmd ( ) )
return rootCmd
}
2023-10-17 17:36:50 +02:00
type apiConfig struct {
url string
distribution string
cosignPublicKey string
2023-08-09 18:58:46 +02:00
}
2023-10-17 17:36:50 +02:00
func getAPIEnvironment ( testing bool ) apiConfig {
if testing {
return apiConfig { url : "https://d33dzgxuwsgbpw.cloudfront.net" , distribution : "ETZGUP1CWRC2P" , cosignPublicKey : constants . CosignPublicKeyDev }
2023-06-09 12:48:12 +02:00
}
2023-10-17 17:36:50 +02:00
return apiConfig { url : constants . CDNRepositoryURL , distribution : constants . CDNDefaultDistributionID , cosignPublicKey : constants . CosignPublicKeyReleases }
2023-06-09 12:48:12 +02:00
}