Fix/config/measurements in yaml (#135)

Custom type & marshal implementation for measurements to write base64 instead of single bytes
2025-05-02 14:26:23 -04:00 · 2022-05-12 10:15:00 +02:00 · 2022-05-12 10:15:00 +02:00 · 14103e4f89
commit 14103e4f89
parent 19394e5563
4 changed files with 177 additions and 16 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -18,7 +18,7 @@ import (
 var (
 	// gcpPCRs is a map of the expected PCR values for a GCP Constellation node.
 	// TODO: Get a full list once we have stable releases.
-	gcpPCRs = map[uint32][]byte{
+	gcpPCRs = Measurements{
 		0:                              {0x0F, 0x35, 0xC2, 0x14, 0x60, 0x8D, 0x93, 0xC7, 0xA6, 0xE6, 0x8A, 0xE7, 0x35, 0x9B, 0x4A, 0x8B, 0xE5, 0xA0, 0xE9, 0x9E, 0xEA, 0x91, 0x07, 0xEC, 0xE4, 0x27, 0xC4, 0xDE, 0xA4, 0xE4, 0x39, 0xCF},
 		uint32(vtpm.PCRIndexOwnerID):   {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
 		uint32(vtpm.PCRIndexClusterID): {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
@ -26,12 +26,12 @@ var (

 	// azurePCRs is a map of the expected PCR values for an Azure Constellation node.
 	// TODO: Get a full list once we have a working setup with stable releases.
-	azurePCRs = map[uint32][]byte{
+	azurePCRs = Measurements{
 		uint32(vtpm.PCRIndexOwnerID):   {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
 		uint32(vtpm.PCRIndexClusterID): {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
 	}

-	qemuPCRs = map[uint32][]byte{
+	qemuPCRs = Measurements{
 		uint32(vtpm.PCRIndexOwnerID):   {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
 		uint32(vtpm.PCRIndexClusterID): {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
 	}
@ -148,7 +148,7 @@ func Default() *Config {
 						},
 					},
 				},
-				Measurements:         pcrPtr(azurePCRs),
+				Measurements:         &azurePCRs,
 				UserAssignedIdentity: proto.String("/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-dev-identity"),
 			},
 			GCP: &GCPConfig{
@ -196,10 +196,10 @@ func Default() *Config {
 					"roles/storage.admin",
 					"roles/iam.serviceAccountUser",
 				},
-				Measurements: pcrPtr(gcpPCRs),
+				Measurements: &gcpPCRs,
 			},
 			QEMU: &QEMUConfig{
-				PCRs: pcrPtr(qemuPCRs),
+				PCRs: &qemuPCRs,
 			},
 		},
 	}
@ -241,7 +241,7 @@ type AzureConfig struct {
 	Location                  *string                                `yaml:"location,omitempty"`     // TODO: This will be user input
 	Image                     *string                                `yaml:"image,omitempty"`
 	NetworkSecurityGroupInput *azureClient.NetworkSecurityGroupInput `yaml:"networkSecurityGroupInput,omitempty"`
-	Measurements              *map[uint32][]byte                     `yaml:"measurements,omitempty"`
+	Measurements              *Measurements                          `yaml:"measurements,omitempty"`
 	UserAssignedIdentity      *string                                `yaml:"userassignedIdentity,omitempty"`
 }

@ -254,15 +254,11 @@ type GCPConfig struct {
 	FirewallInput       *gcpClient.FirewallInput `yaml:"firewallInput,omitempty"`
 	VPCsInput           *gcpClient.VPCsInput     `yaml:"vpcsInput,omitempty"`
 	ServiceAccountRoles *[]string                `yaml:"serviceAccountRoles,omitempty"`
-	Measurements        *map[uint32][]byte       `yaml:"measurements,omitempty"`
+	Measurements        *Measurements            `yaml:"measurements,omitempty"`
 }

 type QEMUConfig struct {
-	PCRs *map[uint32][]byte `yaml:"pcrs,omitempty"`
-}
-
-func pcrPtr(pcrs map[uint32][]byte) *map[uint32][]byte {
-	return &pcrs
+	PCRs *Measurements `yaml:"pcrs,omitempty"`
 }

 // intPtr returns a pointer to the copied value of in.