Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-01-27 07:47:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

configapi: rename files

Browse Source 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2023-08-10 09:46:34 +02:00
parent 5bfaae2304
commit 2fb829294b
3 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hack/configapi/BUILD.bazel
View File

@ -5,7 +5,7 @@ go_library(
name = "configapi_lib", name = "configapi_lib",
srcs = [ srcs = [
"delete.go", "delete.go",
"root.go", "main.go",
], ],
importpath = "github.com/edgelesssys/constellation/v2/hack/configapi", importpath = "github.com/edgelesssys/constellation/v2/hack/configapi",
visibility = ["//visibility:private"], visibility = ["//visibility:private"],
@ -28,7 +28,7 @@ go_test(
name = "configapi_test", name = "configapi_test",
srcs = [ srcs = [
"delete_test.go", "delete_test.go",
"root_test.go", "main_test.go",
], ],
embed = [":configapi_lib"], embed = [":configapi_lib"],
deps = [ deps = [

23
hack/configapi/root.go → hack/configapi/main.go
View File

@ -78,6 +78,7 @@ func runCmd(cmd *cobra.Command, _ []string) error {
Bucket: awsBucket, Bucket: awsBucket,
Region: awsRegion, Region: awsRegion,
} }
log.Infof("Reading MAA claims from file: %s", maaFilePath)
maaClaimsBytes, err := os.ReadFile(maaFilePath) maaClaimsBytes, err := os.ReadFile(maaFilePath)
if err != nil { if err != nil {
return fmt.Errorf("reading MAA claims file: %w", err) return fmt.Errorf("reading MAA claims file: %w", err)
@ -87,6 +88,7 @@ func runCmd(cmd *cobra.Command, _ []string) error {
return fmt.Errorf("unmarshalling MAA claims file: %w", err) return fmt.Errorf("unmarshalling MAA claims file: %w", err)
} }
inputVersion := maaTCB.ToAzureSEVSNPVersion() inputVersion := maaTCB.ToAzureSEVSNPVersion()
log.Infof("Input version: %+v", inputVersion)
dateStr, err := cmd.Flags().GetString("upload-date") dateStr, err := cmd.Flags().GetString("upload-date")
if err != nil { if err != nil {
@ -100,20 +102,21 @@ func runCmd(cmd *cobra.Command, _ []string) error {
} }
} }
latestAPIVersion, err := attestationconfigapi.NewFetcher().FetchAzureSEVSNPVersionLatest(ctx, uploadDate) latestAPIVersionAPI, err := attestationconfigapi.NewFetcher().FetchAzureSEVSNPVersionLatest(ctx, uploadDate)
if err != nil { if err != nil {
return fmt.Errorf("fetching latest version: %w", err) return fmt.Errorf("fetching latest version: %w", err)
} }
latestAPIVersion := latestAPIVersionAPI.AzureSEVSNPVersion
isNewer, err := isInputNewerThanLatestAPI(inputVersion, latestAPIVersion.AzureSEVSNPVersion) isNewer, err := isInputNewerThanLatestAPI(inputVersion, latestAPIVersion)
if err != nil { if err != nil {
return fmt.Errorf("comparing versions: %w", err) return fmt.Errorf("comparing versions: %w", err)
} }
if !isNewer { if !isNewer {
fmt.Printf("Input version: %+v is not newer than latest API version: %+v\n", inputVersion, latestAPIVersion) log.Infof("Input version: %+v is not newer than latest API version: %+v", inputVersion, latestAPIVersion)
return nil return nil
} }
fmt.Printf("Input version: %+v is newer than latest API version: %+v\n", inputVersion, latestAPIVersion) log.Infof("Input version: %+v is newer than latest API version: %+v", inputVersion, latestAPIVersion)
client, stop, err := attestationconfigapi.NewClient(ctx, cfg, []byte(cosignPwd), []byte(privateKey), false, log) client, stop, err := attestationconfigapi.NewClient(ctx, cfg, []byte(cosignPwd), []byte(privateKey), false, log)
defer func() { defer func() {
@ -135,18 +138,20 @@ func runCmd(cmd *cobra.Command, _ []string) error {
// maaTokenTCBClaims describes the TCB information in a MAA token. // maaTokenTCBClaims describes the TCB information in a MAA token.
type maaTokenTCBClaims struct { type maaTokenTCBClaims struct {
IsolationTEE struct {
TEESvn uint8 `json:"x-ms-sevsnpvm-tee-svn"` TEESvn uint8 `json:"x-ms-sevsnpvm-tee-svn"`
SNPFwSvn uint8 `json:"x-ms-sevsnpvm-snpfw-svn"` SNPFwSvn uint8 `json:"x-ms-sevsnpvm-snpfw-svn"`
MicrocodeSvn uint8 `json:"x-ms-sevsnpvm-microcode-svn"` MicrocodeSvn uint8 `json:"x-ms-sevsnpvm-microcode-svn"`
BootloaderSvn uint8 `json:"x-ms-sevsnpvm-bootloader-svn"` BootloaderSvn uint8 `json:"x-ms-sevsnpvm-bootloader-svn"`
} `json:"x-ms-isolation-tee"`
} }
func (c maaTokenTCBClaims) ToAzureSEVSNPVersion() attestationconfigapi.AzureSEVSNPVersion { func (c maaTokenTCBClaims) ToAzureSEVSNPVersion() attestationconfigapi.AzureSEVSNPVersion {
return attestationconfigapi.AzureSEVSNPVersion{ return attestationconfigapi.AzureSEVSNPVersion{
TEE: c.TEESvn, TEE: c.IsolationTEE.TEESvn,
SNP: c.SNPFwSvn, SNP: c.IsolationTEE.SNPFwSvn,
Microcode: c.MicrocodeSvn, Microcode: c.IsolationTEE.MicrocodeSvn,
Bootloader: c.BootloaderSvn, Bootloader: c.IsolationTEE.BootloaderSvn,
} }
} }
@ -155,7 +160,6 @@ func isInputNewerThanLatestAPI(input, latest attestationconfigapi.AzureSEVSNPVer
if input == latest { if input == latest {
return false, nil return false, nil
} }
if input.TEE < latest.TEE { if input.TEE < latest.TEE {
return false, fmt.Errorf("input TEE version: %d is older than latest API version: %d", input.TEE, latest.TEE) return false, fmt.Errorf("input TEE version: %d is older than latest API version: %d", input.TEE, latest.TEE)
} }
@ -168,7 +172,6 @@ func isInputNewerThanLatestAPI(input, latest attestationconfigapi.AzureSEVSNPVer
if input.Bootloader < latest.Bootloader { if input.Bootloader < latest.Bootloader {
return false, fmt.Errorf("input Bootloader version: %d is older than latest API version: %d", input.Bootloader, latest.Bootloader) return false, fmt.Errorf("input Bootloader version: %d is older than latest API version: %d", input.Bootloader, latest.Bootloader)
} }
return true, nil return true, nil
} }

0
hack/configapi/root_test.go → hack/configapi/main_test.go
View File