Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-12-21 02:35:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

Add compare command

Browse source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2024-07-09 11:00:26 +02:00
parent a6b0885f18
commit 1cf267155e
No known key found for this signature in database
GPG key ID: 7DD3015F3DDE4B9C
2 changed files with 114 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

40
internal/api/attestationconfigapi/cli/client/reporter.go
View file

@ -31,6 +31,25 @@ func reportVersionDir(attestation variant.Variant) string {
return path.Join(attestationconfigapi.AttestationURLPath, attestation.String(), cachedVersionsSubDir) return path.Join(attestationconfigapi.AttestationURLPath, attestation.String(), cachedVersionsSubDir)
} }
// IsInputNewerThanOtherVersion compares the input version with the other version and returns true if the input version is newer.
// This function panics if the input versions are not TDX or SEV-SNP versions.
func IsInputNewerThanOtherVersion(variant variant.Variant, inputVersion, otherVersion any) bool {
var result bool
actionForVariant(variant,
func() {
input := inputVersion.(attestationconfigapi.TDXVersion)
other := otherVersion.(attestationconfigapi.TDXVersion)
result = isInputNewerThanOtherTDXVersion(input, other)
},
func() {
input := inputVersion.(attestationconfigapi.SEVSNPVersion)
other := otherVersion.(attestationconfigapi.SEVSNPVersion)
result = isInputNewerThanOtherSEVSNPVersion(input, other)
},
)
return result
}
// UploadLatestVersion saves the given version to the cache, determines the smallest // UploadLatestVersion saves the given version to the cache, determines the smallest
// TCB version in the cache among the last cacheWindowSize versions and updates // TCB version in the cache among the last cacheWindowSize versions and updates
// the latest version in the API if there is an update. // the latest version in the API if there is an update.
@ -90,7 +109,7 @@ func (c Client) UploadLatestVersion(
} }
c.log.Info(fmt.Sprintf("Found minimal version: %+v with date: %s", minVersion, minDate)) c.log.Info(fmt.Sprintf("Found minimal version: %+v with date: %s", minVersion, minDate))
if !isInputNewerThanOtherVersion(attestationVariant, minVersion, latestVersionInAPI) { if !IsInputNewerThanOtherVersion(attestationVariant, minVersion, latestVersionInAPI) {
c.log.Info(fmt.Sprintf("Input version: %+v is not newer than latest API version: %+v. Skipping list update", minVersion, latestVersionInAPI)) c.log.Info(fmt.Sprintf("Input version: %+v is not newer than latest API version: %+v. Skipping list update", minVersion, latestVersionInAPI))
return ErrNoNewerVersion return ErrNoNewerVersion
} }
@ -200,7 +219,7 @@ func findMinimalVersion[T attestationconfigapi.TDXVersion | attestationconfigapi
// If the current minimal version has newer versions than the one we just fetched, // If the current minimal version has newer versions than the one we just fetched,
// update the minimal version to the older version. // update the minimal version to the older version.
if isInputNewerThanOtherVersion(variant, *minimalVersion, obj.getVersion()) { if IsInputNewerThanOtherVersion(variant, *minimalVersion, obj.getVersion()) {
v := obj.getVersion().(T) v := obj.getVersion().(T)
minimalVersion = &v minimalVersion = &v
minimalDate = date minimalDate = date
@ -210,23 +229,6 @@ func findMinimalVersion[T attestationconfigapi.TDXVersion | attestationconfigapi
return *minimalVersion, minimalDate, nil return *minimalVersion, minimalDate, nil
} }
func isInputNewerThanOtherVersion(variant variant.Variant, inputVersion, otherVersion any) bool {
var result bool
actionForVariant(variant,
func() {
input := inputVersion.(attestationconfigapi.TDXVersion)
other := otherVersion.(attestationconfigapi.TDXVersion)
result = isInputNewerThanOtherTDXVersion(input, other)
},
func() {
input := inputVersion.(attestationconfigapi.SEVSNPVersion)
other := otherVersion.(attestationconfigapi.SEVSNPVersion)
result = isInputNewerThanOtherSEVSNPVersion(input, other)
},
)
return result
}
type apiVersionObject struct { type apiVersionObject struct {
version string `json:"-"` version string `json:"-"`
variant variant.Variant `json:"-"` variant variant.Variant `json:"-"`

93
internal/api/attestationconfigapi/cli/compare.go Normal file
View file

@ -0,0 +1,93 @@
package main
import (
"fmt"
"slices"
"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi/cli/client"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/verify"
"github.com/google/go-tdx-guest/proto/tdx"
"github.com/spf13/afero"
"github.com/spf13/cobra"
)
func newCompareCmd() *cobra.Command {
cmd := &cobra.Command{
Use: "compare {aws-sev-snp|azure-sev-snp|azure-tdx|gcp-sev-snp} [FILE] [FILE] ...",
Short: "Compare two or more attestation reports and return the lowest version",
Long: "Compare two or more attestation reports and return the lowest version.",
Example: "cli compare azure-sev-snp report1.json report2.json",
Args: cobra.MatchAll(cobra.MinimumNArgs(3), isAttestationVariant(0)),
RunE: runCompare,
}
return cmd
}
func runCompare(cmd *cobra.Command, args []string) error {
variant, err := variant.FromString(args[0])
if err != nil {
return fmt.Errorf("parsing variant: %w", err)
}
return compare(cmd, variant, args[1:], file.NewHandler(afero.NewOsFs()))
}
func compare(cmd *cobra.Command, attestationVariant variant.Variant, files []string, fs file.Handler) (retErr error) {
if !slices.Contains([]variant.Variant{variant.AWSSEVSNP{}, variant.AzureSEVSNP{}, variant.GCPSEVSNP{}, variant.AzureTDX{}}, attestationVariant) {
return fmt.Errorf("variant %s not supported", attestationVariant)
}
lowestVersion, err := compareVersions(attestationVariant, files, fs)
if err != nil {
return fmt.Errorf("comparing versions: %w", err)
}
cmd.Println(lowestVersion)
return nil
}
func compareVersions(attestationVariant variant.Variant, files []string, fs file.Handler) (string, error) {
readReport := readSNPReport
if attestationVariant.Equal(variant.AzureTDX{}) {
readReport = readTDXReport
}
lowestVersion := files[0]
lowestReport, err := readReport(files[0], fs)
if err != nil {
return "", fmt.Errorf("reading tdx report: %w", err)
}
for _, file := range files[1:] {
report, err := readReport(file, fs)
if err != nil {
return "", fmt.Errorf("reading tdx report: %w", err)
}
if client.IsInputNewerThanOtherVersion(attestationVariant, lowestReport, report) {
lowestVersion = file
lowestReport = report
}
}
return lowestVersion, nil
}
func readSNPReport(file string, fs file.Handler) (any, error) {
var report verify.Report
if err := fs.ReadJSON(file, &report); err != nil {
return nil, fmt.Errorf("reading snp report: %w", err)
}
return convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB), nil
}
func readTDXReport(file string, fs file.Handler) (any, error) {
var report *tdx.QuoteV4
if err := fs.ReadJSON(file, &report); err != nil {
return nil, fmt.Errorf("reading tdx report: %w", err)
}
return convertQuoteToTDXVersion(report), nil
}