diff --git a/.golangci.yml b/.golangci.yml index 095812752..6a6b1f5a2 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -27,6 +27,7 @@ linters: - gofumpt - misspell - noctx + - revive - tenv - unconvert - unparam diff --git a/bootstrapper/cmd/bootstrapper/main.go b/bootstrapper/cmd/bootstrapper/main.go index fbcf7c513..cd6837fee 100644 --- a/bootstrapper/cmd/bootstrapper/main.go +++ b/bootstrapper/cmd/bootstrapper/main.go @@ -115,7 +115,7 @@ func main() { log.With(zap.Error(err)).Fatalf("Failed to get selected PCRs") } - if idkeydigest, err := snp.GetIdKeyDigest(vtpm.OpenVTPM); err == nil { + if idkeydigest, err := snp.GetIDKeyDigest(vtpm.OpenVTPM); err == nil { issuer = initserver.NewIssuerWrapper(snp.NewIssuer(), vmtype.AzureCVM, idkeydigest) } else { // assume we are running in a trusted-launch VM diff --git a/bootstrapper/internal/clean/clean.go b/bootstrapper/internal/clean/clean.go index 245947f85..795300ee7 100644 --- a/bootstrapper/internal/clean/clean.go +++ b/bootstrapper/internal/clean/clean.go @@ -10,7 +10,7 @@ import ( "sync" ) -type cleaner struct { +type Cleaner struct { stoppers []stopper stopC chan struct{} startOnce sync.Once @@ -18,8 +18,8 @@ type cleaner struct { } // New creates a new cleaner. -func New(stoppers ...stopper) *cleaner { - res := &cleaner{ +func New(stoppers ...stopper) *Cleaner { + res := &Cleaner{ stoppers: stoppers, stopC: make(chan struct{}, 1), } @@ -28,13 +28,13 @@ func New(stoppers ...stopper) *cleaner { } // With adds a new stopper to the cleaner. -func (c *cleaner) With(stopper stopper) *cleaner { +func (c *Cleaner) With(stopper stopper) *Cleaner { c.stoppers = append(c.stoppers, stopper) return c } // Start blocks until it receives a stop message, stops all services gracefully and returns. -func (c *cleaner) Start() { +func (c *Cleaner) Start() { c.startOnce.Do(func() { defer c.wg.Done() // wait for the stop message @@ -51,7 +51,7 @@ func (c *cleaner) Start() { } // Clean initiates the cleanup but does not wait for it to complete. -func (c *cleaner) Clean() { +func (c *Cleaner) Clean() { // try to enqueue the stop message once // if the channel is full, the message is dropped select { @@ -61,7 +61,7 @@ func (c *cleaner) Clean() { } // Done waits for the cleanup to complete. -func (c *cleaner) Done() { +func (c *Cleaner) Done() { c.wg.Wait() } diff --git a/bootstrapper/internal/initserver/initserver.go b/bootstrapper/internal/initserver/initserver.go index be2e1c8bb..fd30a45e2 100644 --- a/bootstrapper/internal/initserver/initserver.go +++ b/bootstrapper/internal/initserver/initserver.go @@ -130,7 +130,7 @@ func (s *Server) Init(ctx context.Context, req *initproto.InitRequest) (*initpro measurementSalt, req.EnforcedPcrs, req.EnforceIdkeydigest, - s.issuerWrapper.IdKeyDigest(), + s.issuerWrapper.IDKeyDigest(), s.issuerWrapper.VMType() == vmtype.AzureCVM, resources.KMSConfig{ MasterSecret: req.MasterSecret, @@ -199,7 +199,7 @@ func (i *IssuerWrapper) VMType() vmtype.VMType { return i.vmType } -func (i *IssuerWrapper) IdKeyDigest() []byte { +func (i *IssuerWrapper) IDKeyDigest() []byte { return i.idkeydigest } @@ -237,7 +237,7 @@ type ClusterInitializer interface { k8sVersion string, measurementSalt []byte, enforcedPcrs []uint32, - enforceIdKeyDigest bool, + enforceIDKeyDigest bool, idKeyDigest []byte, azureCVM bool, kmsConfig resources.KMSConfig, diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/access_manager.go b/bootstrapper/internal/kubernetes/k8sapi/resources/access_manager.go index c5e5951c8..50f01d7ac 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/access_manager.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/access_manager.go @@ -18,8 +18,8 @@ import ( const accessManagerNamespace = "kube-system" -// accessManagerDeployment holds the configuration for the SSH user creation pods. User/Key definitions are stored in the ConfigMap, and the manager is deployed on each node by the DaemonSet. -type accessManagerDeployment struct { +// AccessManagerDeployment holds the configuration for the SSH user creation pods. User/Key definitions are stored in the ConfigMap, and the manager is deployed on each node by the DaemonSet. +type AccessManagerDeployment struct { ConfigMap k8s.ConfigMap ServiceAccount k8s.ServiceAccount Role rbac.Role @@ -28,8 +28,8 @@ type accessManagerDeployment struct { } // NewAccessManagerDeployment creates a new *accessManagerDeployment which manages the SSH users for the cluster. -func NewAccessManagerDeployment(sshUsers map[string]string) *accessManagerDeployment { - return &accessManagerDeployment{ +func NewAccessManagerDeployment(sshUsers map[string]string) *AccessManagerDeployment { + return &AccessManagerDeployment{ ServiceAccount: k8s.ServiceAccount{ TypeMeta: v1.TypeMeta{ APIVersion: "v1", @@ -198,6 +198,6 @@ func NewAccessManagerDeployment(sshUsers map[string]string) *accessManagerDeploy } // Marshal marshals the access-manager deployment as YAML documents. -func (c *accessManagerDeployment) Marshal() ([]byte, error) { +func (c *AccessManagerDeployment) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(c) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/access_manager_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/access_manager_test.go index 33e53a2c6..9f02d6ab7 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/access_manager_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/access_manager_test.go @@ -28,7 +28,7 @@ func TestAccessManagerMarshalUnmarshal(t *testing.T) { data, err := accessManagerDeplNil.Marshal() require.NoError(err) - var recreated accessManagerDeployment + var recreated AccessManagerDeployment require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated)) assert.Equal(accessManagerDeplNil, &recreated) diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager.go b/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager.go index 6042792b4..cff53c37c 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager.go @@ -16,7 +16,7 @@ import ( meta "k8s.io/apimachinery/pkg/apis/meta/v1" ) -type cloudControllerManagerDeployment struct { +type CloudControllerManagerDeployment struct { ServiceAccount k8s.ServiceAccount ClusterRoleBinding rbac.ClusterRoleBinding DaemonSet apps.DaemonSet @@ -27,7 +27,7 @@ type cloudControllerManagerDeployment struct { // https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager // NewDefaultCloudControllerManagerDeployment creates a new *cloudControllerManagerDeployment, customized for the CSP. -func NewDefaultCloudControllerManagerDeployment(cloudProvider, image, path, podCIDR string, extraArgs []string, extraVolumes []k8s.Volume, extraVolumeMounts []k8s.VolumeMount, env []k8s.EnvVar) *cloudControllerManagerDeployment { +func NewDefaultCloudControllerManagerDeployment(cloudProvider, image, path, podCIDR string, extraArgs []string, extraVolumes []k8s.Volume, extraVolumeMounts []k8s.VolumeMount, env []k8s.EnvVar) *CloudControllerManagerDeployment { command := []string{ path, fmt.Sprintf("--cloud-provider=%s", cloudProvider), @@ -76,7 +76,7 @@ func NewDefaultCloudControllerManagerDeployment(cloudProvider, image, path, podC } volumeMounts = append(volumeMounts, extraVolumeMounts...) - return &cloudControllerManagerDeployment{ + return &CloudControllerManagerDeployment{ ServiceAccount: k8s.ServiceAccount{ TypeMeta: meta.TypeMeta{ APIVersion: "v1", @@ -174,6 +174,6 @@ func NewDefaultCloudControllerManagerDeployment(cloudProvider, image, path, podC } } -func (c *cloudControllerManagerDeployment) Marshal() ([]byte, error) { +func (c *CloudControllerManagerDeployment) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(c) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager_test.go index 0b2f1074b..decab949c 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/cloud_controller_manager_test.go @@ -23,7 +23,7 @@ func TestCloudControllerMarshalUnmarshal(t *testing.T) { data, err := cloudControllerManagerDepl.Marshal() require.NoError(err) - var recreated cloudControllerManagerDeployment + var recreated CloudControllerManagerDeployment require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated)) assert.Equal(cloudControllerManagerDepl, &recreated) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/cloudnodemanager.go b/bootstrapper/internal/kubernetes/k8sapi/resources/cloudnodemanager.go index ff33e0433..3b6749a04 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/cloudnodemanager.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/cloudnodemanager.go @@ -15,7 +15,7 @@ import ( meta "k8s.io/apimachinery/pkg/apis/meta/v1" ) -type cloudNodeManagerDeployment struct { +type CloudNodeManagerDeployment struct { ServiceAccount k8s.ServiceAccount ClusterRole rbac.ClusterRole ClusterRoleBinding rbac.ClusterRoleBinding @@ -23,13 +23,13 @@ type cloudNodeManagerDeployment struct { } // NewDefaultCloudNodeManagerDeployment creates a new *cloudNodeManagerDeployment, customized for the CSP. -func NewDefaultCloudNodeManagerDeployment(image, path string, extraArgs []string) *cloudNodeManagerDeployment { +func NewDefaultCloudNodeManagerDeployment(image, path string, extraArgs []string) *CloudNodeManagerDeployment { command := []string{ path, "--node-name=$(NODE_NAME)", } command = append(command, extraArgs...) - return &cloudNodeManagerDeployment{ + return &CloudNodeManagerDeployment{ ServiceAccount: k8s.ServiceAccount{ TypeMeta: meta.TypeMeta{ APIVersion: "v1", @@ -182,6 +182,6 @@ func NewDefaultCloudNodeManagerDeployment(image, path string, extraArgs []string } // Marshal marshals the cloud-node-manager deployment as YAML documents. -func (c *cloudNodeManagerDeployment) Marshal() ([]byte, error) { +func (c *CloudNodeManagerDeployment) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(c) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/cloudnodemanager_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/cloudnodemanager_test.go index d6d92361d..fefcaeda5 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/cloudnodemanager_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/cloudnodemanager_test.go @@ -22,7 +22,7 @@ func TestCloudNodeManagerMarshalUnmarshal(t *testing.T) { data, err := cloudNodeManagerDepl.Marshal() require.NoError(err) - var recreated cloudNodeManagerDeployment + var recreated CloudNodeManagerDeployment require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated)) assert.Equal(cloudNodeManagerDepl, &recreated) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler.go b/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler.go index 789987f60..2de635923 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler.go @@ -18,7 +18,7 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" ) -type autoscalerDeployment struct { +type AutoscalerDeployment struct { PodDisruptionBudget policy.PodDisruptionBudget ServiceAccount k8s.ServiceAccount ClusterRole rbac.ClusterRole @@ -30,8 +30,8 @@ type autoscalerDeployment struct { } // NewDefaultAutoscalerDeployment creates a new *autoscalerDeployment, customized for the CSP. -func NewDefaultAutoscalerDeployment(extraVolumes []k8s.Volume, extraVolumeMounts []k8s.VolumeMount, env []k8s.EnvVar, k8sVersion versions.ValidK8sVersion) *autoscalerDeployment { - return &autoscalerDeployment{ +func NewDefaultAutoscalerDeployment(extraVolumes []k8s.Volume, extraVolumeMounts []k8s.VolumeMount, env []k8s.EnvVar, k8sVersion versions.ValidK8sVersion) *AutoscalerDeployment { + return &AutoscalerDeployment{ PodDisruptionBudget: policy.PodDisruptionBudget{ TypeMeta: v1.TypeMeta{ APIVersion: "policy/v1", @@ -491,6 +491,6 @@ func NewDefaultAutoscalerDeployment(extraVolumes []k8s.Volume, extraVolumeMounts } } -func (a *autoscalerDeployment) Marshal() ([]byte, error) { +func (a *AutoscalerDeployment) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(a) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler_test.go index 6210d412e..6bf2bef9b 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler_test.go @@ -25,7 +25,7 @@ func TestAutoscalerDeploymentMarshalUnmarshal(t *testing.T) { t.Log(string(data)) - var recreated autoscalerDeployment + var recreated AutoscalerDeployment require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated)) assert.Equal(autoscalerDepl, &recreated) } @@ -41,7 +41,7 @@ func TestAutoscalerDeploymentWithCommandMarshalUnmarshal(t *testing.T) { t.Log(string(data)) - var recreated autoscalerDeployment + var recreated AutoscalerDeployment require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated)) assert.Equal(autoscalerDepl, &recreated) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/gcp_guest_agent.go b/bootstrapper/internal/kubernetes/k8sapi/resources/gcp_guest_agent.go index 2ea168c1c..5dc66a82a 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/gcp_guest_agent.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/gcp_guest_agent.go @@ -14,14 +14,14 @@ import ( meta "k8s.io/apimachinery/pkg/apis/meta/v1" ) -type gcpGuestAgentDaemonset struct { +type GCPGuestAgentDaemonset struct { DaemonSet apps.DaemonSet } // NewGCPGuestAgentDaemonset creates a new GCP Guest Agent Daemonset. // It is used automatically to add loadbalancer IPs to the local routing table of GCP instances. -func NewGCPGuestAgentDaemonset() *gcpGuestAgentDaemonset { - return &gcpGuestAgentDaemonset{ +func NewGCPGuestAgentDaemonset() *GCPGuestAgentDaemonset { + return &GCPGuestAgentDaemonset{ DaemonSet: apps.DaemonSet{ TypeMeta: meta.TypeMeta{ APIVersion: "apps/v1", @@ -178,6 +178,6 @@ func NewGCPGuestAgentDaemonset() *gcpGuestAgentDaemonset { } // Marshal marshals the access-manager deployment as YAML documents. -func (c *gcpGuestAgentDaemonset) Marshal() ([]byte, error) { +func (c *GCPGuestAgentDaemonset) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(c) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice.go b/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice.go index d1bab3c43..350a622ce 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice.go @@ -20,7 +20,7 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" ) -type joinServiceDaemonset struct { +type JoinServiceDaemonset struct { ClusterRole rbac.ClusterRole ClusterRoleBinding rbac.ClusterRoleBinding ConfigMap k8s.ConfigMap @@ -30,17 +30,17 @@ type joinServiceDaemonset struct { } // NewJoinServiceDaemonset returns a daemonset for the join service. -func NewJoinServiceDaemonset(csp, measurementsJSON, enforcedPCRsJSON, initialIdKeyDigest, enforceIdKeyDigest string, measurementSalt []byte) *joinServiceDaemonset { +func NewJoinServiceDaemonset(csp, measurementsJSON, enforcedPCRsJSON, initialIDKeyDigest, enforceIDKeyDigest string, measurementSalt []byte) *JoinServiceDaemonset { joinConfigData := map[string]string{ constants.MeasurementsFilename: measurementsJSON, constants.EnforcedPCRsFilename: enforcedPCRsJSON, } if cloudprovider.FromString(csp) == cloudprovider.Azure { - joinConfigData[constants.EnforceIdKeyDigestFilename] = enforceIdKeyDigest - joinConfigData[constants.IdKeyDigestFilename] = initialIdKeyDigest + joinConfigData[constants.EnforceIDKeyDigestFilename] = enforceIDKeyDigest + joinConfigData[constants.IDKeyDigestFilename] = initialIDKeyDigest } - return &joinServiceDaemonset{ + return &JoinServiceDaemonset{ ClusterRole: rbac.ClusterRole{ TypeMeta: meta.TypeMeta{ APIVersion: "rbac.authorization.k8s.io/v1", @@ -272,6 +272,6 @@ func NewJoinServiceDaemonset(csp, measurementsJSON, enforcedPCRsJSON, initialIdK } // Marshal the daemonset using the Kubernetes resource marshaller. -func (a *joinServiceDaemonset) Marshal() ([]byte, error) { +func (a *JoinServiceDaemonset) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(a) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice_test.go index d0be2c163..ec9b0acf5 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/joinservice_test.go @@ -19,7 +19,7 @@ func TestNewJoinServiceDaemonset(t *testing.T) { deploymentYAML, err := deployment.Marshal() require.NoError(t, err) - var recreated joinServiceDaemonset + var recreated JoinServiceDaemonset require.NoError(t, kubernetes.UnmarshalK8SResources(deploymentYAML, &recreated)) assert.Equal(t, deployment, &recreated) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/kms.go b/bootstrapper/internal/kubernetes/k8sapi/resources/kms.go index d60f30ce6..0a339b997 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/kms.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/kms.go @@ -21,7 +21,7 @@ import ( const kmsNamespace = "kube-system" -type kmsDeployment struct { +type KMSDeployment struct { ServiceAccount k8s.ServiceAccount Service k8s.Service ClusterRole rbac.ClusterRole @@ -41,8 +41,8 @@ type KMSConfig struct { } // NewKMSDeployment creates a new *kmsDeployment to use as the key management system inside Constellation. -func NewKMSDeployment(csp string, config KMSConfig) *kmsDeployment { - return &kmsDeployment{ +func NewKMSDeployment(csp string, config KMSConfig) *KMSDeployment { + return &KMSDeployment{ ServiceAccount: k8s.ServiceAccount{ TypeMeta: meta.TypeMeta{ APIVersion: "v1", @@ -254,6 +254,6 @@ func NewKMSDeployment(csp string, config KMSConfig) *kmsDeployment { } } -func (c *kmsDeployment) Marshal() ([]byte, error) { +func (c *KMSDeployment) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(c) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/kms_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/kms_test.go index 9e300ad37..afe493274 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/kms_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/kms_test.go @@ -22,7 +22,7 @@ func TestKMSMarshalUnmarshal(t *testing.T) { data, err := kmsDepl.Marshal() require.NoError(err) - var recreated kmsDeployment + var recreated KMSDeployment require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated)) assert.Equal(kmsDepl, &recreated) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity.go b/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity.go index 1e1d8a0eb..e43b42889 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity.go @@ -28,22 +28,22 @@ const ( KonnectivityKeyFilename = "/etc/kubernetes/konnectivity.key" ) -type konnectivityAgents struct { +type KonnectivityAgents struct { DaemonSet appsv1.DaemonSet ClusterRoleBinding rbacv1.ClusterRoleBinding ServiceAccount corev1.ServiceAccount } -type konnectivityServerStaticPod struct { +type KonnectivityServerStaticPod struct { StaticPod corev1.Pod } -type egressSelectorConfiguration struct { +type EgressSelectorConfiguration struct { EgressSelectorConfiguration apiserver.EgressSelectorConfiguration } -func NewKonnectivityAgents(konnectivityServerAddress string) *konnectivityAgents { - return &konnectivityAgents{ +func NewKonnectivityAgents(konnectivityServerAddress string) *KonnectivityAgents { + return &KonnectivityAgents{ DaemonSet: appsv1.DaemonSet{ TypeMeta: metav1.TypeMeta{ APIVersion: "apps/v1", @@ -213,9 +213,9 @@ func NewKonnectivityAgents(konnectivityServerAddress string) *konnectivityAgents } } -func NewKonnectivityServerStaticPod() *konnectivityServerStaticPod { +func NewKonnectivityServerStaticPod() *KonnectivityServerStaticPod { udsHostPathType := corev1.HostPathDirectoryOrCreate - return &konnectivityServerStaticPod{ + return &KonnectivityServerStaticPod{ StaticPod: corev1.Pod{ TypeMeta: metav1.TypeMeta{ APIVersion: "v1", @@ -333,8 +333,8 @@ func NewKonnectivityServerStaticPod() *konnectivityServerStaticPod { } } -func NewEgressSelectorConfiguration() *egressSelectorConfiguration { - return &egressSelectorConfiguration{ +func NewEgressSelectorConfiguration() *EgressSelectorConfiguration { + return &EgressSelectorConfiguration{ EgressSelectorConfiguration: apiserver.EgressSelectorConfiguration{ TypeMeta: metav1.TypeMeta{ APIVersion: "apiserver.k8s.io/v1beta1", @@ -357,15 +357,15 @@ func NewEgressSelectorConfiguration() *egressSelectorConfiguration { } } -func (v *konnectivityAgents) Marshal() ([]byte, error) { +func (v *KonnectivityAgents) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(v) } -func (v *konnectivityServerStaticPod) Marshal() ([]byte, error) { +func (v *KonnectivityServerStaticPod) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(v) } -func (v *egressSelectorConfiguration) Marshal() ([]byte, error) { +func (v *EgressSelectorConfiguration) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(v) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity_test.go index 5f90c3b90..c46ef7be0 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity_test.go @@ -22,7 +22,7 @@ func TestKonnectivityMarshalUnmarshal(t *testing.T) { data, err := kmsDepl.Marshal() require.NoError(err) - var recreated konnectivityAgents + var recreated KonnectivityAgents require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated)) assert.Equal(kmsDepl, &recreated) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator.go b/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator.go index 5a2625f64..3a9f68265 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator.go @@ -21,7 +21,7 @@ const ( nodeMaintenanceOperatorCatalogNamespace = "olm" ) -type nodeMaintenanceOperatorDeployment struct { +type NodeMaintenanceOperatorDeployment struct { CatalogSource operatorsv1alpha1.CatalogSource OperatorGroup operatorsv1.OperatorGroup Subscription operatorsv1alpha1.Subscription @@ -29,8 +29,8 @@ type nodeMaintenanceOperatorDeployment struct { // NewNodeMaintenanceOperatorDeployment creates a new node maintenance operator (NMO) deployment. // See https://github.com/medik8s/node-maintenance-operator for more information. -func NewNodeMaintenanceOperatorDeployment() *nodeMaintenanceOperatorDeployment { - return &nodeMaintenanceOperatorDeployment{ +func NewNodeMaintenanceOperatorDeployment() *NodeMaintenanceOperatorDeployment { + return &NodeMaintenanceOperatorDeployment{ CatalogSource: operatorsv1alpha1.CatalogSource{ TypeMeta: metav1.TypeMeta{APIVersion: "operators.coreos.com/v1alpha1", Kind: "CatalogSource"}, ObjectMeta: metav1.ObjectMeta{ @@ -80,6 +80,6 @@ func NewNodeMaintenanceOperatorDeployment() *nodeMaintenanceOperatorDeployment { } } -func (c *nodeMaintenanceOperatorDeployment) Marshal() ([]byte, error) { +func (c *NodeMaintenanceOperatorDeployment) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(c) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator_test.go index 827b636fc..be43476e6 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator_test.go @@ -22,7 +22,7 @@ func TestNodeMaintenanceOperatorMarshalUnmarshal(t *testing.T) { data, err := nmoDepl.Marshal() require.NoError(err) - var recreated nodeMaintenanceOperatorDeployment + var recreated NodeMaintenanceOperatorDeployment require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated)) assert.Equal(nmoDepl, &recreated) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator.go b/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator.go index 5dfe90e01..ed41fc32a 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator.go @@ -7,7 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-only package resources import ( - _ "embed" "time" "github.com/edgelesssys/constellation/v2/internal/kubernetes" @@ -31,7 +30,7 @@ var NodeOperatorCRDNames = []string{ "scalinggroups.update.edgeless.systems", } -type nodeOperatorDeployment struct { +type NodeOperatorDeployment struct { CatalogSource operatorsv1alpha1.CatalogSource OperatorGroup operatorsv1.OperatorGroup Subscription operatorsv1alpha1.Subscription @@ -39,8 +38,8 @@ type nodeOperatorDeployment struct { // NewNodeOperatorDeployment creates a new constellation node operator deployment. // See /operators/constellation-node-operator for more information. -func NewNodeOperatorDeployment(cloudProvider string, uid string) *nodeOperatorDeployment { - return &nodeOperatorDeployment{ +func NewNodeOperatorDeployment(cloudProvider string, uid string) *NodeOperatorDeployment { + return &NodeOperatorDeployment{ CatalogSource: operatorsv1alpha1.CatalogSource{ TypeMeta: metav1.TypeMeta{APIVersion: "operators.coreos.com/v1alpha1", Kind: "CatalogSource"}, ObjectMeta: metav1.ObjectMeta{ @@ -94,6 +93,6 @@ func NewNodeOperatorDeployment(cloudProvider string, uid string) *nodeOperatorDe } } -func (c *nodeOperatorDeployment) Marshal() ([]byte, error) { +func (c *NodeOperatorDeployment) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(c) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator_test.go index 2cb711442..c400867c4 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator_test.go @@ -22,7 +22,7 @@ func TestNodeOperatorMarshalUnmarshal(t *testing.T) { data, err := nmoDepl.Marshal() require.NoError(err) - var recreated nodeOperatorDeployment + var recreated NodeOperatorDeployment require.NoError(kubernetes.UnmarshalK8SResources(data, &recreated)) assert.Equal(nmoDepl, &recreated) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/verification.go b/bootstrapper/internal/kubernetes/k8sapi/resources/verification.go index 5caadf35b..c39924911 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/verification.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/verification.go @@ -21,13 +21,13 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" ) -type verificationDaemonset struct { +type VerificationDaemonset struct { DaemonSet apps.DaemonSet Service k8s.Service LoadBalancer k8s.Service } -func NewVerificationDaemonSet(csp, loadBalancerIP string) *verificationDaemonset { +func NewVerificationDaemonSet(csp, loadBalancerIP string) *VerificationDaemonset { var err error if strings.Contains(loadBalancerIP, ":") { loadBalancerIP, _, err = net.SplitHostPort(loadBalancerIP) @@ -35,7 +35,7 @@ func NewVerificationDaemonSet(csp, loadBalancerIP string) *verificationDaemonset panic(err) } } - return &verificationDaemonset{ + return &VerificationDaemonset{ DaemonSet: apps.DaemonSet{ TypeMeta: meta.TypeMeta{ APIVersion: "apps/v1", @@ -188,6 +188,6 @@ func NewVerificationDaemonSet(csp, loadBalancerIP string) *verificationDaemonset } } -func (v *verificationDaemonset) Marshal() ([]byte, error) { +func (v *VerificationDaemonset) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(v) } diff --git a/bootstrapper/internal/kubernetes/k8sapi/resources/verification_test.go b/bootstrapper/internal/kubernetes/k8sapi/resources/verification_test.go index 0f49a7b2a..bfc618fb8 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/resources/verification_test.go +++ b/bootstrapper/internal/kubernetes/k8sapi/resources/verification_test.go @@ -19,7 +19,7 @@ func TestNewVerificationDaemonset(t *testing.T) { deploymentYAML, err := deployment.Marshal() require.NoError(t, err) - var recreated verificationDaemonset + var recreated VerificationDaemonset require.NoError(t, kubernetes.UnmarshalK8SResources(deploymentYAML, &recreated)) assert.Equal(t, deployment, &recreated) } diff --git a/bootstrapper/internal/kubernetes/kubernetes.go b/bootstrapper/internal/kubernetes/kubernetes.go index 8e1acb074..fcd45b0eb 100644 --- a/bootstrapper/internal/kubernetes/kubernetes.go +++ b/bootstrapper/internal/kubernetes/kubernetes.go @@ -77,7 +77,7 @@ func New(cloudProvider string, clusterUtil clusterUtil, configProvider configura // InitCluster initializes a new Kubernetes cluster and applies pod network provider. func (k *KubeWrapper) InitCluster( ctx context.Context, cloudServiceAccountURI, versionString string, measurementSalt []byte, enforcedPCRs []uint32, - enforceIdKeyDigest bool, idKeyDigest []byte, azureCVM bool, kmsConfig resources.KMSConfig, sshUsers map[string]string, + enforceIDKeyDigest bool, idKeyDigest []byte, azureCVM bool, kmsConfig resources.KMSConfig, sshUsers map[string]string, helmDeployments []byte, conformanceMode bool, log *logger.Logger, ) ([]byte, error) { k8sVersion, err := versions.NewValidK8sVersion(versionString) @@ -200,7 +200,7 @@ func (k *KubeWrapper) InitCluster( return nil, fmt.Errorf("failed to setup internal ConfigMap: %w", err) } - if err := k.setupJoinService(k.cloudProvider, k.initialMeasurementsJSON, measurementSalt, enforcedPCRs, idKeyDigest, enforceIdKeyDigest); err != nil { + if err := k.setupJoinService(k.cloudProvider, k.initialMeasurementsJSON, measurementSalt, enforcedPCRs, idKeyDigest, enforceIDKeyDigest); err != nil { return nil, fmt.Errorf("setting up join service failed: %w", err) } @@ -321,7 +321,7 @@ func (k *KubeWrapper) GetKubeconfig() ([]byte, error) { } func (k *KubeWrapper) setupJoinService( - csp string, measurementsJSON, measurementSalt []byte, enforcedPCRs []uint32, initialIdKeyDigest []byte, enforceIdKeyDigest bool, + csp string, measurementsJSON, measurementSalt []byte, enforcedPCRs []uint32, initialIDKeyDigest []byte, enforceIDKeyDigest bool, ) error { enforcedPCRsJSON, err := json.Marshal(enforcedPCRs) if err != nil { @@ -329,7 +329,7 @@ func (k *KubeWrapper) setupJoinService( } joinConfiguration := resources.NewJoinServiceDaemonset( - csp, string(measurementsJSON), string(enforcedPCRsJSON), hex.EncodeToString(initialIdKeyDigest), strconv.FormatBool(enforceIdKeyDigest), measurementSalt, + csp, string(measurementsJSON), string(enforcedPCRsJSON), hex.EncodeToString(initialIDKeyDigest), strconv.FormatBool(enforceIDKeyDigest), measurementSalt, ) return k.clusterUtil.SetupJoinService(k.client, joinConfiguration) diff --git a/cli/internal/cloudcmd/validators.go b/cli/internal/cloudcmd/validators.go index 733808e25..7b05b0a85 100644 --- a/cli/internal/cloudcmd/validators.go +++ b/cli/internal/cloudcmd/validators.go @@ -29,7 +29,7 @@ type Validator struct { pcrs map[uint32][]byte enforcedPCRs []uint32 idkeydigest []byte - enforceIdKeyDigest bool + enforceIDKeyDigest bool azureCVM bool validator atls.Validator } @@ -47,11 +47,11 @@ func NewValidator(provider cloudprovider.Provider, config *config.Config) (*Vali if v.provider == cloudprovider.Azure { v.azureCVM = *config.Provider.Azure.ConfidentialVM if v.azureCVM { - idkeydigest, err := hex.DecodeString(config.Provider.Azure.IdKeyDigest) + idkeydigest, err := hex.DecodeString(config.Provider.Azure.IDKeyDigest) if err != nil { return nil, fmt.Errorf("bad config: decoding idkeydigest from config: %w", err) } - v.enforceIdKeyDigest = *config.Provider.Azure.EnforceIdKeyDigest + v.enforceIDKeyDigest = *config.Provider.Azure.EnforceIDKeyDigest v.idkeydigest = idkeydigest } } @@ -146,7 +146,7 @@ func (v *Validator) updateValidator(cmd *cobra.Command) { v.validator = gcp.NewValidator(v.pcrs, v.enforcedPCRs, log) case cloudprovider.Azure: if v.azureCVM { - v.validator = snp.NewValidator(v.pcrs, v.enforcedPCRs, v.idkeydigest, v.enforceIdKeyDigest, log) + v.validator = snp.NewValidator(v.pcrs, v.enforcedPCRs, v.idkeydigest, v.enforceIDKeyDigest, log) } else { v.validator = trustedlaunch.NewValidator(v.pcrs, v.enforcedPCRs, log) } diff --git a/cli/internal/cloudcmd/validators_test.go b/cli/internal/cloudcmd/validators_test.go index 0884b9fd7..644c99c87 100644 --- a/cli/internal/cloudcmd/validators_test.go +++ b/cli/internal/cloudcmd/validators_test.go @@ -39,8 +39,8 @@ func TestNewValidator(t *testing.T) { provider cloudprovider.Provider config *config.Config pcrs map[uint32][]byte - enforceIdKeyDigest bool - idkeydigest string + enforceIDKeyDigest bool + idKeyDigest string azureCVM bool wantErr bool }{ @@ -80,14 +80,14 @@ func TestNewValidator(t *testing.T) { "set idkeydigest": { provider: cloudprovider.Azure, pcrs: testPCRs, - idkeydigest: "414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141", - enforceIdKeyDigest: true, + idKeyDigest: "414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141", + enforceIDKeyDigest: true, }, "invalid idkeydigest": { provider: cloudprovider.Azure, pcrs: testPCRs, - idkeydigest: "41414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414", - enforceIdKeyDigest: true, + idKeyDigest: "41414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414", + enforceIDKeyDigest: true, azureCVM: true, wantErr: true, }, @@ -104,7 +104,7 @@ func TestNewValidator(t *testing.T) { } if tc.provider == cloudprovider.Azure { measurements := config.Measurements(tc.pcrs) - conf.Provider.Azure = &config.AzureConfig{Measurements: measurements, EnforceIdKeyDigest: &tc.enforceIdKeyDigest, IdKeyDigest: tc.idkeydigest, ConfidentialVM: &tc.azureCVM} + conf.Provider.Azure = &config.AzureConfig{Measurements: measurements, EnforceIDKeyDigest: &tc.enforceIDKeyDigest, IDKeyDigest: tc.idKeyDigest, ConfidentialVM: &tc.azureCVM} } if tc.provider == cloudprovider.QEMU { measurements := config.Measurements(tc.pcrs) diff --git a/cli/internal/cmd/create.go b/cli/internal/cmd/create.go index bfceecd27..5d7a8794d 100644 --- a/cli/internal/cmd/create.go +++ b/cli/internal/cmd/create.go @@ -77,7 +77,7 @@ func create(cmd *cobra.Command, creator cloudCreator, fileHandler file.Handler) if config.IsAzureNonCVM() { cmd.Println("Disabling Confidential VMs is insecure. Use only for evaluation purposes.") printedAWarning = true - if config.EnforcesIdKeyDigest() { + if config.EnforcesIDKeyDigest() { cmd.Println("Your config asks for enforcing the idkeydigest. This is only available on Confidential VMs. It will not be enforced.") } } diff --git a/cli/internal/cmd/init.go b/cli/internal/cmd/init.go index a4274774c..269509ece 100644 --- a/cli/internal/cmd/init.go +++ b/cli/internal/cmd/init.go @@ -138,7 +138,7 @@ func initialize(cmd *cobra.Command, newDialer func(validator *cloudcmd.Validator SshUserKeys: ssh.ToProtoSlice(sshUsers), HelmDeployments: helmDeployments, EnforcedPcrs: getEnforcedMeasurements(provider, config), - EnforceIdkeydigest: getEnforceIdKeyDigest(provider, config), + EnforceIdkeydigest: getEnforceIDKeyDigest(provider, config), ConformanceMode: flags.conformance, } resp, err := initCall(cmd.Context(), newDialer(validator), flags.endpoint, req) @@ -237,10 +237,10 @@ func getEnforcedMeasurements(provider cloudprovider.Provider, config *config.Con } } -func getEnforceIdKeyDigest(provider cloudprovider.Provider, config *config.Config) bool { +func getEnforceIDKeyDigest(provider cloudprovider.Provider, config *config.Config) bool { switch provider { case cloudprovider.Azure: - return *config.Provider.Azure.EnforceIdKeyDigest + return *config.Provider.Azure.EnforceIDKeyDigest default: return false } diff --git a/debugd/cmd/debugd/debugd.go b/debugd/cmd/debugd/debugd.go index af424bf97..ab8149b91 100644 --- a/debugd/cmd/debugd/debugd.go +++ b/debugd/cmd/debugd/debugd.go @@ -76,7 +76,7 @@ func main() { } sched := metadata.NewScheduler(log.Named("scheduler"), fetcher, ssh, download) serv := server.New(log.Named("server"), ssh, serviceManager, streamer) - if err := deploy.DeployDefaultServiceUnit(ctx, serviceManager); err != nil { + if err := deploy.DefaultServiceUnit(ctx, serviceManager); err != nil { log.Fatalf("%s", err) } diff --git a/debugd/internal/debugd/deploy/download_test.go b/debugd/internal/debugd/deploy/download_test.go index a2f282386..4e63071fe 100644 --- a/debugd/internal/debugd/deploy/download_test.go +++ b/debugd/internal/debugd/deploy/download_test.go @@ -179,13 +179,13 @@ type fakeDownloadServer struct { pb.UnimplementedDebugdServer } -func (f *fakeDownloadServer) DownloadBootstrapper(request *pb.DownloadBootstrapperRequest, stream pb.Debugd_DownloadBootstrapperServer) error { - for _, chunk := range f.chunks { +func (s *fakeDownloadServer) DownloadBootstrapper(request *pb.DownloadBootstrapperRequest, stream pb.Debugd_DownloadBootstrapperServer) error { + for _, chunk := range s.chunks { if err := stream.Send(&pb.Chunk{Content: chunk}); err != nil { return fmt.Errorf("sending chunk: %w", err) } } - return f.downladErr + return s.downladErr } func (s *fakeDownloadServer) DownloadAuthorizedKeys(context.Context, *pb.DownloadAuthorizedKeysRequest) (*pb.DownloadAuthorizedKeysResponse, error) { diff --git a/debugd/internal/debugd/deploy/service.go b/debugd/internal/debugd/deploy/service.go index c2da717b8..fb2989583 100644 --- a/debugd/internal/debugd/deploy/service.go +++ b/debugd/internal/debugd/deploy/service.go @@ -146,8 +146,8 @@ func (s *ServiceManager) WriteSystemdUnitFile(ctx context.Context, unit SystemdU return nil } -// DeployDefaultServiceUnit will write the default "bootstrapper.service" unit file. -func DeployDefaultServiceUnit(ctx context.Context, serviceManager *ServiceManager) error { +// DefaultServiceUnit will write the default "bootstrapper.service" unit file. +func DefaultServiceUnit(ctx context.Context, serviceManager *ServiceManager) error { if err := serviceManager.WriteSystemdUnitFile(ctx, SystemdUnit{ Name: debugd.BootstrapperSystemdUnitName, Contents: debugd.BootstrapperSystemdUnitContents, diff --git a/disk-mapper/internal/recoveryserver/server.go b/disk-mapper/internal/recoveryserver/server.go index cb902aa1a..fb38674a1 100644 --- a/disk-mapper/internal/recoveryserver/server.go +++ b/disk-mapper/internal/recoveryserver/server.go @@ -130,19 +130,19 @@ func (s *RecoveryServer) Recover(stream recoverproto.API_RecoverServer) error { return nil } -// stubServer implements the RecoveryServer interface but does not actually start a server. -type stubServer struct { +// StubServer implements the RecoveryServer interface but does not actually start a server. +type StubServer struct { log *logger.Logger } // NewStub returns a new stubbed RecoveryServer. // We use this to avoid having to start a server for worker nodes, since they don't require manual recovery. -func NewStub(log *logger.Logger) *stubServer { - return &stubServer{log: log} +func NewStub(log *logger.Logger) *StubServer { + return &StubServer{log: log} } // Serve waits until the context is canceled and returns nil. -func (s *stubServer) Serve(ctx context.Context, _ net.Listener, _ string) ([]byte, []byte, error) { +func (s *StubServer) Serve(ctx context.Context, _ net.Listener, _ string) ([]byte, []byte, error) { s.log.Infof("Running as worker node, skipping recovery server") <-ctx.Done() return nil, nil, ctx.Err() diff --git a/disk-mapper/internal/setup/setup.go b/disk-mapper/internal/setup/setup.go index fe80a2ff3..c01714594 100644 --- a/disk-mapper/internal/setup/setup.go +++ b/disk-mapper/internal/setup/setup.go @@ -38,8 +38,8 @@ const ( stateInfoPath = stateDiskMountPath + "/constellation/node_state.json" ) -// SetupManager handles formatting, mapping, mounting and unmounting of state disks. -type SetupManager struct { +// Manager handles formatting, mapping, mounting and unmounting of state disks. +type Manager struct { log *logger.Logger csp string diskPath string @@ -53,8 +53,8 @@ type SetupManager struct { // New initializes a SetupManager with the given parameters. func New(log *logger.Logger, csp string, diskPath string, fs afero.Afero, mapper DeviceMapper, mounter Mounter, openTPM vtpm.TPMOpenFunc, -) *SetupManager { - return &SetupManager{ +) *Manager { + return &Manager{ log: log, csp: csp, diskPath: diskPath, @@ -68,7 +68,7 @@ func New(log *logger.Logger, csp string, diskPath string, fs afero.Afero, // PrepareExistingDisk requests and waits for a decryption key to remap the encrypted state disk. // Once the disk is mapped, the function taints the node as initialized by updating it's PCRs. -func (s *SetupManager) PrepareExistingDisk(recover RecoveryDoer) error { +func (s *Manager) PrepareExistingDisk(recover RecoveryDoer) error { s.log.Infof("Preparing existing state disk") uuid := s.mapper.DiskUUID() @@ -113,7 +113,7 @@ func (s *SetupManager) PrepareExistingDisk(recover RecoveryDoer) error { } // PrepareNewDisk prepares an instances state disk by formatting the disk as a LUKS device using a random passphrase. -func (s *SetupManager) PrepareNewDisk() error { +func (s *Manager) PrepareNewDisk() error { s.log.Infof("Preparing new state disk") // generate and save temporary passphrase @@ -132,7 +132,7 @@ func (s *SetupManager) PrepareNewDisk() error { return s.mapper.MapDisk(stateDiskMappedName, string(passphrase)) } -func (s *SetupManager) readMeasurementSalt(path string) ([]byte, error) { +func (s *Manager) readMeasurementSalt(path string) ([]byte, error) { handler := file.NewHandler(s.fs) var state nodestate.NodeState if err := handler.ReadJSON(path, &state); err != nil { @@ -147,7 +147,7 @@ func (s *SetupManager) readMeasurementSalt(path string) ([]byte, error) { } // saveConfiguration saves the given passphrase and cryptsetup mapping configuration to disk. -func (s *SetupManager) saveConfiguration(passphrase []byte) error { +func (s *Manager) saveConfiguration(passphrase []byte) error { // passphrase if err := s.fs.MkdirAll(keyPath, os.ModePerm); err != nil { return err @@ -168,14 +168,14 @@ type RejoinClient interface { Start(context.Context, string) (key, secret []byte) } -type nodeRecoverer struct { +type NodeRecoverer struct { recoveryServer RecoveryServer rejoinClient RejoinClient } // NewNodeRecoverer initializes a new nodeRecoverer. -func NewNodeRecoverer(recoveryServer RecoveryServer, rejoinClient RejoinClient) *nodeRecoverer { - return &nodeRecoverer{ +func NewNodeRecoverer(recoveryServer RecoveryServer, rejoinClient RejoinClient) *NodeRecoverer { + return &NodeRecoverer{ recoveryServer: recoveryServer, rejoinClient: rejoinClient, } @@ -184,7 +184,7 @@ func NewNodeRecoverer(recoveryServer RecoveryServer, rejoinClient RejoinClient) // Do performs a recovery procedure on the given state disk. // The method starts a gRPC server to allow manual recovery by a user. // At the same time it tries to request a decryption key from all available Constellation control-plane nodes. -func (r *nodeRecoverer) Do(uuid, endpoint string) (passphrase, measurementSecret []byte, err error) { +func (r *NodeRecoverer) Do(uuid, endpoint string) (passphrase, measurementSecret []byte, err error) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() lis, err := net.Listen("tcp", endpoint) diff --git a/disk-mapper/internal/setup/setup_test.go b/disk-mapper/internal/setup/setup_test.go index ec30bcba6..f56b51aa8 100644 --- a/disk-mapper/internal/setup/setup_test.go +++ b/disk-mapper/internal/setup/setup_test.go @@ -135,7 +135,7 @@ func TestPrepareExistingDisk(t *testing.T) { require.NoError(t, handler.WriteJSON(stateInfoPath, nodestate.NodeState{MeasurementSalt: salt}, file.OptMkdirAll)) } - setupManager := &SetupManager{ + setupManager := &Manager{ log: logger.NewTest(t), csp: "test", diskPath: "disk-path", @@ -213,7 +213,7 @@ func TestPrepareNewDisk(t *testing.T) { t.Run(name, func(t *testing.T) { assert := assert.New(t) - setupManager := &SetupManager{ + setupManager := &Manager{ log: logger.NewTest(t), csp: "test", diskPath: "disk-path", diff --git a/internal/attestation/azure/issuer.go b/internal/attestation/azure/issuer.go index 6c6f937c0..0912b9854 100644 --- a/internal/attestation/azure/issuer.go +++ b/internal/attestation/azure/issuer.go @@ -16,9 +16,8 @@ import ( // NewIssuer returns an SNP issuer if it can successfully read the idkeydigest from the TPM. // Otherwise returns a Trusted Launch issuer. func NewIssuer() atls.Issuer { - if _, err := snp.GetIdKeyDigest(vtpm.OpenVTPM); err == nil { + if _, err := snp.GetIDKeyDigest(vtpm.OpenVTPM); err == nil { return snp.NewIssuer() - } else { - return trustedlaunch.NewIssuer() } + return trustedlaunch.NewIssuer() } diff --git a/internal/attestation/azure/snp/issuer.go b/internal/attestation/azure/snp/issuer.go index e841c5113..b289c7eff 100644 --- a/internal/attestation/azure/snp/issuer.go +++ b/internal/attestation/azure/snp/issuer.go @@ -28,8 +28,8 @@ const ( tpmAkIdx = 0x81000003 ) -// GetIdKeyDigest reads the idkeydigest from the snp report saved in the TPM's non-volatile memory. -func GetIdKeyDigest(open vtpm.TPMOpenFunc) ([]byte, error) { +// GetIDKeyDigest reads the idkeydigest from the snp report saved in the TPM's non-volatile memory. +func GetIDKeyDigest(open vtpm.TPMOpenFunc) ([]byte, error) { tpm, err := open() if err != nil { return nil, err @@ -75,7 +75,7 @@ func NewIssuer() *Issuer { // The attestation report is loaded from the TPM, the certificate chain is queried // from the cloud metadata API. // [1] https://github.com/AMDESE/sev-guest/blob/main/include/attestation.h -func getInstanceInfo(reportGetter tpmReportGetter, imdsAPI imdsApi) func(tpm io.ReadWriteCloser) ([]byte, error) { +func getInstanceInfo(reportGetter tpmReportGetter, imdsapi imdsAPI) func(tpm io.ReadWriteCloser) ([]byte, error) { return func(tpm io.ReadWriteCloser) ([]byte, error) { hclReport, err := reportGetter.get(tpm) if err != nil { @@ -88,7 +88,7 @@ func getInstanceInfo(reportGetter tpmReportGetter, imdsAPI imdsApi) func(tpm io. runtimeData, _, _ := bytes.Cut(hclReport[lenSnpReport+lenSnpReportRuntimeDataPadding:], []byte{0}) - vcekResponse, err := imdsAPI.getVcek(context.TODO()) + vcekResponse, err := imdsapi.getVcek(context.TODO()) if err != nil { return nil, fmt.Errorf("getVcekFromIMDS: %w", err) } @@ -128,6 +128,6 @@ type tpmReportGetter interface { get(tpm io.ReadWriteCloser) ([]byte, error) } -type imdsApi interface { +type imdsAPI interface { getVcek(ctx context.Context) (vcekResponse, error) } diff --git a/internal/attestation/azure/snp/issuer_test.go b/internal/attestation/azure/snp/issuer_test.go index 953b44139..219fc6a92 100644 --- a/internal/attestation/azure/snp/issuer_test.go +++ b/internal/attestation/azure/snp/issuer_test.go @@ -67,7 +67,7 @@ func TestGetSNPAttestation(t *testing.T) { err: nil, } - attestationJson, err := getInstanceInfo(&snpAttestationReport, imdsClient)(tpm) + attestationJSON, err := getInstanceInfo(&snpAttestationReport, imdsClient)(tpm) if tc.wantErr { assert.Error(err) return @@ -75,7 +75,7 @@ func TestGetSNPAttestation(t *testing.T) { assert.NoError(err) var instanceInfo azureInstanceInfo - err = json.Unmarshal(attestationJson, &instanceInfo) + err = json.Unmarshal(attestationJSON, &instanceInfo) assert.NoError(err) if tc.wantErr { diff --git a/internal/attestation/azure/snp/validator.go b/internal/attestation/azure/snp/validator.go index c27490548..da72477d1 100644 --- a/internal/attestation/azure/snp/validator.go +++ b/internal/attestation/azure/snp/validator.go @@ -159,16 +159,16 @@ func validateSNPReport(cert *x509.Certificate, expectedIDKeyDigest []byte, enfor return fmt.Errorf("mismatching vcek extensions: %w", err) } - sig_r := report.Signature.R[:] - sig_s := report.Signature.S[:] + sigR := report.Signature.R[:] + sigS := report.Signature.S[:] // Table 107 in https://www.amd.com/system/files/TechDocs/56860.pdf mentions little endian signature components. // They come out of the certificate as big endian. - reverseEndian(sig_r) - reverseEndian(sig_s) + reverseEndian(sigR) + reverseEndian(sigS) - rParam := new(big.Int).SetBytes(sig_r) - sParam := new(big.Int).SetBytes(sig_s) + rParam := new(big.Int).SetBytes(sigR) + sParam := new(big.Int).SetBytes(sigS) sequence := ecdsaSig{rParam, sParam} sigEncoded, err := asn1.Marshal(sequence) if err != nil { diff --git a/internal/attestation/azure/snp/validator_test.go b/internal/attestation/azure/snp/validator_test.go index 71ebd6d98..25e43b1c0 100644 --- a/internal/attestation/azure/snp/validator_test.go +++ b/internal/attestation/azure/snp/validator_test.go @@ -41,7 +41,7 @@ func TestTrustedKeyFromSNP(t *testing.T) { defaultRuntimeData := "7b226b657973223a5b7b226b6964223a2248434c416b507562222c226b65795f6f7073223a5b22656e6372797074225d2c226b7479223a22525341222c2265223a2241514142222c226e223a22747946717641414166324746656c6b5737566352684a6e4132597659364c6a427a65554e3276614d5a6e5a74685f74466e574d6b4b35415874757379434e656c337569703356475a7a54617a3558327447566a4772732d4d56486361703951647771555856573367394f515f74456269786378372d78626c554a516b474551666e626253646e5049326c764c7a4f73315a5f30766a65444178765351726d616773366e592d634a4157482d706744564a79487470735553735f5142576b6c617a44736f3557486d6e4d743973394d75696c57586f7830525379586e55656151796859316a753752545363526e5658754e7936377a5f454a6e774d393264727746623841556430534a5f396f687645596c34615a52444543476f3056726a635348552d4a474a6575574335566844425235454f6f4356424267716539653833765f6c4a784933574c65326f7653495a49497a416d625351227d5d2c22766d2d636f6e66696775726174696f6e223a7b22636f6e736f6c652d656e61626c6564223a747275652c2263757272656e742d74696d65223a313636313435353339312c227365637572652d626f6f74223a66616c73652c2274706d2d656e61626c6564223a747275652c22766d556e697175654964223a2242364339384333422d344543372d344441362d424432462d374439384432304437423735227d7d" defaultVCEK := "-----BEGIN CERTIFICATE-----\nMIIFTDCCAvugAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA\noRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBATB7MRQwEgYD\nVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDASBgNVBAcMC1NhbnRhIENs\nYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5jZWQgTWljcm8gRGV2aWNl\nczESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTIyMDYyOTE2MzEzMFoXDTI5MDYyOTE2\nMzEzMFowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD\nVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2Vk\nIE1pY3JvIERldmljZXMxETAPBgNVBAMMCFNFVi1WQ0VLMHYwEAYHKoZIzj0CAQYF\nK4EEACIDYgAEhPX8Cl9uA7PxqNGzeqamJNYJLx/VFE/s3+8qOWtaztKNcn1PaAI4\nndE+yaVfMHsiA8CLTylumpWXcVBHPYV9kPEVrtozhvrrT5Oii9OpZPYHJ7/WPVmM\nJ3K8/Iz3AshTo4IBFjCCARIwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC\nBAoWCE1pbGFuLUIwMBEGCisGAQQBnHgBAwEEAwIBAjARBgorBgEEAZx4AQMCBAMC\nAQAwEQYKKwYBBAGceAEDBAQDAgEAMBEGCisGAQQBnHgBAwUEAwIBADARBgorBgEE\nAZx4AQMGBAMCAQAwEQYKKwYBBAGceAEDBwQDAgEAMBEGCisGAQQBnHgBAwMEAwIB\nBjARBgorBgEEAZx4AQMIBAMCAV0wTQYJKwYBBAGceAEEBECeRKrvAs/Kb926ymac\nbP0p4auNl+vJOYVxKKy7E7h0DfMUNtNOhuX4rgzf6zoOGF20beysF2zHfXYcIqG5\n3PJbMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0B\nAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBA4ICAQBXXzX8w+z06JNKLVAa9vyE\njC69c7uvfTPScqLzOCV+S8yZ7Ibpn6gdRcgn5s3F7uerVs9/8mq+rDpMzLTVxLei\nYAW9jDS9VdEgfUp3GzzL1g3zsWNZPpWuAu0Cw1V7KnQ9kiGsJMRKerx8QLrm+aAH\nOiob4XHl2naUx9aILzCLbNgLBdh6Tw2XkGj8NB9O7kNQoINEz6U+cAJL5LWzuoYt\nW1IJkYUEMydvLImFHeFIFtB2wI4mTSuCjtb/pBUeRdvDm5dmY/VPvh+CkvCeXNze\nHPZ8vcQ+ZZNS44O9rMnSUOtRFZb3ow3atXsx53Gy9rp41Bd0OZgSMrnHH74lDQX0\nkkNP+UrRYs66q0gJaSZglzkWfHLtAGfuRh9XyBh4kBgHcjF1Qh6frTpotX9t+0V/\nQZv3KjPVMsGaUN407WHEoAl6qX6TSS/An2EdXgqbhXS5O81gzatWDTcT2D3VJG1N\nHYtkh1J5WmrFTphc7OhxmVk7l3UkWPyS8Oi8be2y8Q4x0wgviZn5eOa/djpHoarW\nLS91KKPZXGyXlj49TlCjbl4RfyKYOd/HqgAYYdtqBe84AyJQRvuD5gWmdBzagncb\nyKjs6tYr74aAGnAqulp+yqvrzb7teUQmCMkROfzFjYZmLByqw6UGRdHgCf8hOzmO\nch4hf9cHRLAUJpqynRmb+g==\n-----END CERTIFICATE-----\n" defaultCertChain := "-----BEGIN CERTIFICATE-----\nMIIGiTCCBDigAwIBAgIDAQABMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTgyNDIwWhcNNDUxMDIy\nMTgyNDIwWjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJU0VWLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEAnU2drrNTfbhNQIllf+W2y+ROCbSzId1aKZft\n2T9zjZQOzjGccl17i1mIKWl7NTcB0VYXt3JxZSzOZjsjLNVAEN2MGj9TiedL+Qew\nKZX0JmQEuYjm+WKksLtxgdLp9E7EZNwNDqV1r0qRP5tB8OWkyQbIdLeu4aCz7j/S\nl1FkBytev9sbFGzt7cwnjzi9m7noqsk+uRVBp3+In35QPdcj8YflEmnHBNvuUDJh\nLCJMW8KOjP6++Phbs3iCitJcANEtW4qTNFoKW3CHlbcSCjTM8KsNbUx3A8ek5EVL\njZWH1pt9E3TfpR6XyfQKnY6kl5aEIPwdW3eFYaqCFPrIo9pQT6WuDSP4JCYJbZne\nKKIbZjzXkJt3NQG32EukYImBb9SCkm9+fS5LZFg9ojzubMX3+NkBoSXI7OPvnHMx\njup9mw5se6QUV7GqpCA2TNypolmuQ+cAaxV7JqHE8dl9pWf+Y3arb+9iiFCwFt4l\nAlJw5D0CTRTC1Y5YWFDBCrA/vGnmTnqG8C+jjUAS7cjjR8q4OPhyDmJRPnaC/ZG5\nuP0K0z6GoO/3uen9wqshCuHegLTpOeHEJRKrQFr4PVIwVOB0+ebO5FgoyOw43nyF\nD5UKBDxEB4BKo/0uAiKHLRvvgLbORbU8KARIs1EoqEjmF8UtrmQWV2hUjwzqwvHF\nei8rPxMCAwEAAaOBozCBoDAdBgNVHQ4EFgQUO8ZuGCrD/T1iZEib47dHLLT8v/gw\nHwYDVR0jBBgwFoAUhawa0UP3yKxV1MUdQUir1XhK1FMwEgYDVR0TAQH/BAgwBgEB\n/wIBADAOBgNVHQ8BAf8EBAMCAQQwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cHM6Ly9r\nZHNpbnRmLmFtZC5jb20vdmNlay92MS9NaWxhbi9jcmwwRgYJKoZIhvcNAQEKMDmg\nDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKID\nAgEwowMCAQEDggIBAIgeUQScAf3lDYqgWU1VtlDbmIN8S2dC5kmQzsZ/HtAjQnLE\nPI1jh3gJbLxL6gf3K8jxctzOWnkYcbdfMOOr28KT35IaAR20rekKRFptTHhe+DFr\n3AFzZLDD7cWK29/GpPitPJDKCvI7A4Ug06rk7J0zBe1fz/qe4i2/F12rvfwCGYhc\nRxPy7QF3q8fR6GCJdB1UQ5SlwCjFxD4uezURztIlIAjMkt7DFvKRh+2zK+5plVGG\nFsjDJtMz2ud9y0pvOE4j3dH5IW9jGxaSGStqNrabnnpF236ETr1/a43b8FFKL5QN\nmt8Vr9xnXRpznqCRvqjr+kVrb6dlfuTlliXeQTMlBoRWFJORL8AcBJxGZ4K2mXft\nl1jU5TLeh5KXL9NW7a/qAOIUs2FiOhqrtzAhJRg9Ij8QkQ9Pk+cKGzw6El3T3kFr\nEg6zkxmvMuabZOsdKfRkWfhH2ZKcTlDfmH1H0zq0Q2bG3uvaVdiCtFY1LlWyB38J\nS2fNsR/Py6t5brEJCFNvzaDky6KeC4ion/cVgUai7zzS3bGQWzKDKU35SqNU2WkP\nI8xCZ00WtIiKKFnXWUQxvlKmmgZBIYPe01zD0N8atFxmWiSnfJl690B9rJpNR/fI\najxCW3Seiws6r1Zm+tCuVbMiNtpS9ThjNX4uve5thyfE2DgoxRFvY1CsoF5M\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----\n" - defaultIdKeyDigest := "57e229e0ffe5fa92d0faddff6cae0e61c926fc9ef9afd20a8b8cfcf7129db9338cbe5bf3f6987733a2bf65d06dc38fc1" + defaultIDKeyDigest := "57e229e0ffe5fa92d0faddff6cae0e61c926fc9ef9afd20a8b8cfcf7129db9338cbe5bf3f6987733a2bf65d06dc38fc1" testCases := map[string]struct { report string @@ -49,7 +49,7 @@ func TestTrustedKeyFromSNP(t *testing.T) { vcek string certChain string idkeydigest string - enforceIdKeyDigest bool + enforceIDKeyDigest bool wantErr bool assertCorrectError func(error) }{ @@ -58,16 +58,16 @@ func TestTrustedKeyFromSNP(t *testing.T) { runtimeData: defaultRuntimeData, vcek: defaultVCEK, certChain: defaultCertChain, - idkeydigest: defaultIdKeyDigest, - enforceIdKeyDigest: true, + idkeydigest: defaultIDKeyDigest, + enforceIDKeyDigest: true, }, "invalid report signature": { report: "02000000020000001f0003000000000001000000000000000000000000000000020000000000000000000000000000000000000001000000020000000000065d010000000000000000000000000000000ccc0895ef2f2c3b8c8568f5a2bb65ff5bf9387a09359742ad41e686cacfd38b00000000000000000000000000000000000000000000000000000000000000005677f1de87289e7ad2c7e99c805d0468b1a9ccd83f0d245afa5242d405da4d5725852f8c6550564870e5f3206dfb1841000000000000000000000000000000000000000000000000000000000000000057e229e0ffe5fa92d0faddff6cae0e61c926fc9ef9afd20a8b8cfcf7129db9338cbe5bf3f6987733a2bf65d06dc38fc100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f7240b24a1babe2ece844c4f792bcd9844bf6907d14aeea00156310b9538daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000000065d0000000000000000000000000000000000000000000000009e44aaef02cfca6fddbaca669c6cfd29e1ab8d97ebc939857128acbb13b8740df31436d34e86e5f8ae0cdfeb3a0e185db46decac176cc77d761c22a1b9dcf25b020000000000065d0133010001330100020000000000065d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccb7dc15abff884802e774b39adba8e6ff7efcf05e115c91588e657065151056a320f70c788d0e3619391052922e422b000000000000000000000000000000000000000000000000e8dbf581140443bbc681c50eca8639a76ef6cab34e0780cbca977e2e2a03f8b864fd4e9774b0f8055511567e031e59bf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005c02000001000000020000000100000048020000", runtimeData: defaultRuntimeData, vcek: defaultVCEK, certChain: defaultCertChain, - idkeydigest: defaultIdKeyDigest, - enforceIdKeyDigest: true, + idkeydigest: defaultIDKeyDigest, + enforceIDKeyDigest: true, wantErr: true, assertCorrectError: func(err error) { target := &signatureError{} @@ -79,8 +79,8 @@ func TestTrustedKeyFromSNP(t *testing.T) { runtimeData: defaultRuntimeData, vcek: "-----BEGIN CERTIFICATE-----\nMIIFTDCCAvugAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA\noRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBATB7MRQwEgYD\nVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDASBgNVBAcMC1NhbnRhIENs\nYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5jZWQgTWljcm8gRGV2aWNl\nczESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTIyMDYxMTE2MjE0OFoXDTI5MDYxMTE2\nMjE0OFowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD\nVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2Vk\nIE1pY3JvIERldmljZXMxETAPBgNVBAMMCFNFVi1WQ0VLMHYwEAYHKoZIzj0CAQYF\nK4EEACIDYgAEdBdzuRwdnQvH5MMutYl0GqQc6kwh0NRueQhDm00i5XLCgV0NLvlX\nrhKuomRLKFdyT9ddzcgZGYlB5lpc1MPZvOOKWAxsniZ1fB3EcMcbS5blPM3yl1Ca\nGzwBMEq/P7dfo4IBFjCCARIwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC\nBAoWCE1pbGFuLUIwMBEGCisGAQQBnHgBAwEEAwIBAjARBgorBgEEAZx4AQMCBAMC\nAQAwEQYKKwYBBAGceAEDBAQDAgEAMBEGCisGAQQBnHgBAwUEAwIBADARBgorBgEE\nAZx4AQMGBAMCAQAwEQYKKwYBBAGceAEDBwQDAgEAMBEGCisGAQQBnHgBAwMEAwIB\nBjARBgorBgEEAZx4AQMIBAMCAV0wTQYJKwYBBAGceAEEBEDTy4KCFroFQ6PWI7+Q\nTHqQj0c5tch4VsqwbhdisV/kXizUuNiEBniVILiO2mLY3zZYMYHKEDm3NbhCaVO+\nQOgSMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0B\nAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBA4ICAQBkge6Vsbnni2DTPrXw4To9\nSR6vwsgRKiUxyu/tB18DiDcjO/HpFa1l8COt6Gg690Hnn4ezYAIYw4co/SoJQ0+v\nerxiQqJJAHgpKQ3QqNdnESlyM9eZaZN5ND4S+gXtnFb4K42FzAAy6cyuXKVsrh8B\nuMJnK0sHm3+8qDUXz/NjL95kG/wGSB6LOSk0sll2VFKaolMmH+VhR4m6zO7z8/SA\nt/cPXsZ+/Me/ZP46WibHGHhvLD8kSuyVmt+SIlx9wjdRHqNBNtvx4VEMMZwJX2o+\n0T6nuZ4cnrHK18zdb+K8/3qCFprdHRDD5bo491fnIsAYGGIfcNmAz2uCI9j9TE6R\nGGS2k1jQgWls19nw/Ra++8Kf/roR6WVax8k2R8+XV9eRZ33TqDXAHSbGcZbynaEb\neo6V8MKwLbVNi/7MP6b90nEtvN0SLRbKCJvEn/iHUHQa9BnT14zeTJw2gR/uG+M5\nxC+q9+nKMhIAGOIyxpFp67XBJSSOJut9bmvaPpLIC+/Mr+GKiM+YMQHzYwH6fuDT\no8LVlmuDiOz78BzmD/zy3DaYWTkHourKa7x/DSwuF8MQkvquwEHwkuikpLyo+b54\nSzqt81FR21rUxbkaUv9urRyYfzZ3m3ogApAveGdYPo1y4sl1FPd8X5+aVeghGyXU\nL9lHQ8+Y53Pf/ZQ/gYI0dQ==\n-----END CERTIFICATE-----\n", certChain: defaultCertChain, - idkeydigest: defaultIdKeyDigest, - enforceIdKeyDigest: true, + idkeydigest: defaultIDKeyDigest, + enforceIDKeyDigest: true, wantErr: true, assertCorrectError: func(err error) { target := &vcekError{} @@ -92,8 +92,8 @@ func TestTrustedKeyFromSNP(t *testing.T) { runtimeData: defaultRuntimeData, vcek: defaultVCEK, certChain: "-----BEGIN CERTIFICATE-----\nMIIGiTCCBDigAwIBAgIDAQABMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTgyNDIwWhcNNDUxMDIy\nMTgyNDIwWjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YV5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJU0VWLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEAnU2drrNTfbhNQIllf+W2y+ROCbSzId1aKZft\n2T9zjZQOzjGccl17i1mIKWl7NTcB0VYXt3JxZSzOZjsjLNVAEN2MGj9TiedL+Qew\nKZX0JmQEuYjm+WKksLtxgdLp9E7EZNwNDqV1r0qRP5tB8OWkyQbIdLeu4aCz7j/S\nl1FkBytev9sbFGzt7cwnjzi9m7noqsk+uRVBp3+In35QPdcj8YflEmnHBNvuUDJh\nLCJMW8KOjP6++Phbs3iCitJcANEtW4qTNFoKW3CHlbcSCjTM8KsNbUx3A8ek5EVL\njZWH1pt9E3TfpR6XyfQKnY6kl5aEIPwdW3eFYaqCFPrIo9pQT6WuDSP4JCYJbZne\nKKIbZjzXkJt3NQG32EukYImBb9SCkm9+fS5LZFg9ojzubMX3+NkBoSXI7OPvnHMx\njup9mw5se6QUV7GqpCA2TNypolmuQ+cAaxV7JqHE8dl9pWf+Y3arb+9iiFCwFt4l\nAlJw5D0CTRTC1Y5YWFDBCrA/vGnmTnqG8C+jjUAS7cjjR8q4OPhyDmJRPnaC/ZG5\nuP0K0z6GoO/3uen9wqshCuHegLTpOeHEJRKrQFr4PVIwVOB0+ebO5FgoyOw43nyF\nD5UKBDxEB4BKo/0uAiKHLRvvgLbORbU8KARIs1EoqEjmF8UtrmQWV2hUjwzqwvHF\nei8rPxMCAwEAAaOBozCBoDAdBgNVHQ4EFgQUO8ZuGCrD/T1iZEib47dHLLT8v/gw\nHwYDVR0jBBgwFoAUhawa0UP3yKxV1MUdQUir1XhK1FMwEgYDVR0TAQH/BAgwBgEB\n/wIBADAOBgNVHQ8BAf8EBAMCAQQwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cHM6Ly9r\nZHNpbnRmLmFtZC5jb20vdmNlay92MS9NaWxhbi9jcmwwRgYJKoZIhvcNAQEKMDmg\nDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKID\nAgEwowMCAQEDggIBAIgeUQScAf3lDYqgWU1VtlDbmIN8S2dC5kmQzsZ/HtAjQnLE\nPI1jh3gJbLxL6gf3K8jxctzOWnkYcbdfMOOr28KT35IaAR20rekKRFptTHhe+DFr\n3AFzZLDD7cWK29/GpPitPJDKCvI7A4Ug06rk7J0zBe1fz/qe4i2/F12rvfwCGYhc\nRxPy7QF3q8fR6GCJdB1UQ5SlwCjFxD4uezURztIlIAjMkt7DFvKRh+2zK+5plVGG\nFsjDJtMz2ud9y0pvOE4j3dH5IW9jGxaSGStqNrabnnpF236ETr1/a43b8FFKL5QN\nmt8Vr9xnXRpznqCRvqjr+kVrb6dlfuTlliXeQTMlBoRWFJORL8AcBJxGZ4K2mXft\nl1jU5TLeh5KXL9NW7a/qAOIUs2FiOhqrtzAhJRg9Ij8QkQ9Pk+cKGzw6El3T3kFr\nEg6zkxmvMuabZOsdKfRkWfhH2ZKcTlDfmH1H0zq0Q2bG3uvaVdiCtFY1LlWyB38J\nS2fNsR/Py6t5brEJCFNvzaDky6KeC4ion/cVgUai7zzS3bGQWzKDKU35SqNU2WkP\nI8xCZ00WtIiKKFnXWUQxvlKmmgZBIYPe01zD0N8atFxmWiSnfJl690B9rJpNR/fI\najxCW3Seiws6r1Zm+tCuVbMiNtpS9ThjNX4uve5thyfE2DgoxRFvY1CsoF5M\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIGiTCCBDigAwIBAgIDAQABMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTgyNDIwWhcNNDUxMDIy\nMTgyNDIwWjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJU0VWLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEAnU2drrNTfbhNQIllf+W2y+ROCbSzId1aKZft\n2T9zjZQOzjGccl17i1mIKWl7NTcB0VYXt3JxZSzOZjsjLNVAEN2MGj9TiedL+Qew\nKZX0JmQEuYjm+WKksLtxgdLp9E7EZNwNDqV1r0qRP5tB8OWkyQbIdLeu4aCz7j/S\nl1FkBytev9sbFGzt7cwnjzi9m7noqsk+uRVBp3+In35QPdcj8YflEmnHBNvuUDJh\nLCJMW8KOjP6++Phbs3iCitJcANEtW4qTNFoKW3CHlbcSCjTM8KsNbUx3A8ek5EVL\njZWH1pt9E3TfpR6XyfQKnY6kl5aEIPwdW3eFYaqCFPrIo9pQT6WuDSP4JCYJbZne\nKKIbZjzXkJt3NQG32EukYImBb9SCkm9+fS5LZFg9ojzubMX3+NkBoSXI7OPvnHMx\njup9mw5se6QUV7GqpCA2TNypolmuQ+cAaxV7JqHE8dl9pWf+Y3arb+9iiFCwFt4l\nAlJw5D0CTRTC1Y5YWFDBCrA/vGnmTnqG8C+jjUAS7cjjR8q4OPhyDmJRPnaC/ZG5\nuP0K0z6GoO/3uen9wqshCuHegLTpOeHEJRKrQFr4PVIwVOB0+ebO5FgoyOw43nyF\nD5UKBDxEB4BKo/0uAiKHLRvvgLbORbU8KARIs1EoqEjmF8UtrmQWV2hUjwzqwvHF\nei8rPxMCAwEAAaOBozCBoDAdBgNVHQ4EFgQUO8ZuGCrD/T1iZEib47dHLLT8v/gw\nHwYDVR0jBBgwFoAUhawa0UP3yKxV1MUdQUir1XhK1FMwEgYDVR0TAQH/BAgwBgEB\n/wIBADAOBgNVHQ8BAf8EBAMCAQQwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cHM6Ly9r\nZHNpbnRmLmFtZC5jb20vdmNlay92MS9NaWxhbi9jcmwwRgYJKoZIhvcNAQEKMDmg\nDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKID\nAgEwowMCAQEDggIBAIgeUQScAf3lDYqgWU1VtlDbmIN8S2dC5kmQzsZ/HtAjQnLE\nPI1jh3gJbLxL6gf3K8jxctzOWnkYcbdfMOOr28KT35IaAR20rekKRFptTHhe+DFr\n3AFzZLDD7cWK29/GpPitPJDKCvI7A4Ug06rk7J0zBe1fz/qe4i2/F12rvfwCGYhc\nRxPy7QF3q8fR6GCJdB1UQ5SlwCjFxD4uezURztIlIAjMkt7DFvKRh+2zK+5plVGG\nFsjDJtMz2ud9y0pvOE4j3dH5IW9jGxaSGStqNrabnnpF236ETr1/a43b8FFKL5QN\nmt8Vr9xnXRpznqCRvqjr+kVrb6dlfuTlliXeQTMlBoRWFJORL8AcBJxGZ4K2mXft\nl1jU5TLeh5KXL9NW7a/qAOIUs2FiOhqrtzAhJRg9Ij8QkQ9Pk+cKGzw6El3T3kFr\nEg6zkxmvMuabZOsdKfRkWfhH2ZKcTlDfmH1H0zq0Q2bG3uvaVdiCtFY1LlWyB38J\nS2fNsR/Py6t5brEJCFNvzaDky6KeC4ion/cVgUai7zzS3bGQWzKDKU35SqNU2WkP\nI8xCZ00WtIiKKFnXWUQxvlKmmgZBIYPe01zD0N8atFxmWiSnfJl690B9rJpNR/fI\najxCW3Seiws6r1Zm+tCuVbMiNtpS9ThjNX4uve5thyfE2DgoxRFvY1CsoF5M\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----\n", - idkeydigest: defaultIdKeyDigest, - enforceIdKeyDigest: true, + idkeydigest: defaultIDKeyDigest, + enforceIDKeyDigest: true, wantErr: true, assertCorrectError: func(err error) { target := &askError{} @@ -105,8 +105,8 @@ func TestTrustedKeyFromSNP(t *testing.T) { runtimeData: "7b226b657973223a5b7b226b6964223a2248434c426b507562222c226b65795f6f7073223a5b22656e6372797074225d2c226b7479223a22525341222c2265223a2241514142222c226e223a22747946717641414166324746656c6b5737566352684a6e4132597659364c6a427a65554e3276614d5a6e5a74685f74466e574d6b4b35415874757379434e656c337569703356475a7a54617a3558327447566a4772732d4d56486361703951647771555856573367394f515f74456269786378372d78626c554a516b474551666e626253646e5049326c764c7a4f73315a5f30766a65444178765351726d616773366e592d634a4157482d706744564a79487470735553735f5142576b6c617a44736f3557486d6e4d743973394d75696c57586f7830525379586e55656151796859316a753752545363526e5658754e7936377a5f454a6e774d393264727746623841556430534a5f396f687645596c34615a52444543476f3056726a635348552d4a474a6575574335566844425235454f6f4356424267716539653833765f6c4a784933574c65326f7653495a49497a416d625351227d5d2c22766d2d636f6e66696775726174696f6e223a7b22636f6e736f6c652d656e61626c6564223a747275652c2263757272656e742d74696d65223a313636313435353339312c227365637572652d626f6f74223a66616c73652c2274706d2d656e61626c6564223a747275652c22766d556e697175654964223a2242364339384333422d344543372d344441362d424432462d374439384432304437423735227d7d", vcek: defaultVCEK, certChain: defaultCertChain, - idkeydigest: defaultIdKeyDigest, - enforceIdKeyDigest: true, + idkeydigest: defaultIDKeyDigest, + enforceIDKeyDigest: true, wantErr: true, assertCorrectError: func(err error) { target := errors.New("unexpected runtimeData digest in TPM") @@ -119,7 +119,7 @@ func TestTrustedKeyFromSNP(t *testing.T) { vcek: defaultVCEK, certChain: defaultCertChain, idkeydigest: "67e229e0ffe5fa92d0faddff6cae0e61c926fc9ef9afd20a8b8cfcf7129db9338cbe5bf3f6987733a2bf65d06dc38fc1", - enforceIdKeyDigest: true, + enforceIDKeyDigest: true, wantErr: true, assertCorrectError: func(err error) { target := &idKeyError{} @@ -138,8 +138,8 @@ func TestTrustedKeyFromSNP(t *testing.T) { runtimeData: defaultRuntimeData, vcek: defaultVCEK, certChain: defaultCertChain, - idkeydigest: defaultIdKeyDigest, - enforceIdKeyDigest: true, + idkeydigest: defaultIDKeyDigest, + enforceIDKeyDigest: true, wantErr: true, assertCorrectError: func(err error) { target := &versionError{} @@ -151,8 +151,8 @@ func TestTrustedKeyFromSNP(t *testing.T) { runtimeData: defaultRuntimeData, vcek: defaultVCEK, certChain: defaultCertChain, - idkeydigest: defaultIdKeyDigest, - enforceIdKeyDigest: true, + idkeydigest: defaultIDKeyDigest, + enforceIDKeyDigest: true, wantErr: true, assertCorrectError: func(err error) { target := &versionError{} @@ -164,8 +164,8 @@ func TestTrustedKeyFromSNP(t *testing.T) { runtimeData: defaultRuntimeData, vcek: defaultVCEK, certChain: defaultCertChain, - idkeydigest: defaultIdKeyDigest, - enforceIdKeyDigest: true, + idkeydigest: defaultIDKeyDigest, + enforceIDKeyDigest: true, wantErr: true, assertCorrectError: func(err error) { target := &versionError{} @@ -177,8 +177,8 @@ func TestTrustedKeyFromSNP(t *testing.T) { runtimeData: defaultRuntimeData, vcek: defaultVCEK, certChain: defaultCertChain, - idkeydigest: defaultIdKeyDigest, - enforceIdKeyDigest: true, + idkeydigest: defaultIDKeyDigest, + enforceIDKeyDigest: true, wantErr: true, assertCorrectError: func(err error) { assert.ErrorIs(t, err, errDebugEnabled) @@ -201,7 +201,7 @@ func TestTrustedKeyFromSNP(t *testing.T) { idkeydigest, err := hex.DecodeString(tc.idkeydigest) assert.NoError(err) - key, err := getTrustedKey(&instanceInfo, idkeydigest, tc.enforceIdKeyDigest, nil)(akPub, statement) + key, err := getTrustedKey(&instanceInfo, idkeydigest, tc.enforceIDKeyDigest, nil)(akPub, statement) if tc.wantErr { tc.assertCorrectError(err) } else { diff --git a/internal/config/config.go b/internal/config/config.go index 2ded850fb..6ee0661cb 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -135,10 +135,10 @@ type AzureConfig struct { EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"` // description: | // Expected value for the field 'idkeydigest' in the AMD SEV-SNP attestation report. Only usable with ConfidentialVMs. See 4.6 and 7.3 in: https://www.amd.com/system/files/TechDocs/56860.pdf - IdKeyDigest string `yaml:"idKeyDigest" validate:"required_if=EnforceIdKeyDigest true,omitempty,hexadecimal,len=96"` + IDKeyDigest string `yaml:"idKeyDigest" validate:"required_if=EnforceIdKeyDigest true,omitempty,hexadecimal,len=96"` // description: | // Enforce the specified idKeyDigest value during remote attestation. - EnforceIdKeyDigest *bool `yaml:"enforceIdKeyDigest" validate:"required"` + EnforceIDKeyDigest *bool `yaml:"enforceIdKeyDigest" validate:"required"` // description: | // Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"` @@ -223,8 +223,8 @@ func Default() *Config { StateDiskType: "Premium_LRS", Measurements: copyPCRMap(azurePCRs), EnforcedMeasurements: []uint32{4, 8, 9, 11, 12}, - IdKeyDigest: "57486a447ec0f1958002a22a06b7673b9fd27d11e1c6527498056054c5fa92d23c50f9de44072760fe2b6fb89740b696", - EnforceIdKeyDigest: func() *bool { b := true; return &b }(), + IDKeyDigest: "57486a447ec0f1958002a22a06b7673b9fd27d11e1c6527498056054c5fa92d23c50f9de44072760fe2b6fb89740b696", + EnforceIDKeyDigest: func() *bool { b := true; return &b }(), ConfidentialVM: func() *bool { b := true; return &b }(), }, GCP: &GCPConfig{ @@ -509,8 +509,8 @@ func (c *Config) IsAzureNonCVM() bool { return c.Provider.Azure != nil && c.Provider.Azure.ConfidentialVM != nil && !*c.Provider.Azure.ConfidentialVM } -func (c *Config) EnforcesIdKeyDigest() bool { - return c.Provider.Azure != nil && c.Provider.Azure.EnforceIdKeyDigest != nil && *c.Provider.Azure.EnforceIdKeyDigest +func (c *Config) EnforcesIDKeyDigest() bool { + return c.Provider.Azure != nil && c.Provider.Azure.EnforceIDKeyDigest != nil && *c.Provider.Azure.EnforceIDKeyDigest } // FromFile returns config file with `name` read from `fileHandler` by parsing diff --git a/internal/constants/constants.go b/internal/constants/constants.go index 0a4077b95..c658cb96e 100644 --- a/internal/constants/constants.go +++ b/internal/constants/constants.go @@ -81,10 +81,10 @@ const ( MeasurementSaltFilename = "measurementSalt" // MeasurementSecretFilename is the filename of the secret used in creation of the clusterID. MeasurementSecretFilename = "measurementSecret" - // IdKeyDigestFilename is the name of the file holding the currently enforced idkeydigest. - IdKeyDigestFilename = "idkeydigest" - // EnforceIdKeyDigestFilename is the name of the file configuring whether idkeydigest is enforced or not. - EnforceIdKeyDigestFilename = "enforceIdKeyDigest" + // IDKeyDigestFilename is the name of the file holding the currently enforced idkeydigest. + IDKeyDigestFilename = "idkeydigest" + // EnforceIDKeyDigestFilename is the name of the file configuring whether idkeydigest is enforced or not. + EnforceIDKeyDigestFilename = "enforceIdKeyDigest" // AzureCVM is the name of the file indicating whether the cluster is expected to run on CVMs or not. AzureCVM = "azureCVM" // K8sVersion is the filename of the mapped "k8s-version" configMap file. diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 2b38cea0d..23d23f785 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -58,15 +58,20 @@ const ( NodeMaintenanceOperatorVersion = "v0.13.1-alpha1" // currently supported versions. - V1_22 ValidK8sVersion = "1.22" - V1_23 ValidK8sVersion = "1.23" - V1_24 ValidK8sVersion = "1.24" - V1_25 ValidK8sVersion = "1.25" + //nolint:revive + V1_22 ValidK8sVersion = "1.22" + //nolint:revive + V1_23 ValidK8sVersion = "1.23" + //nolint:revive + V1_24 ValidK8sVersion = "1.24" + //nolint:revive + V1_25 ValidK8sVersion = "1.25" + Default ValidK8sVersion = V1_23 ) // versionConfigs holds download URLs for all required kubernetes components for every supported version. -var VersionConfigs map[ValidK8sVersion]KubernetesVersion = map[ValidK8sVersion]KubernetesVersion{ +var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ V1_22: { PatchVersion: "1.22.12", CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", diff --git a/internal/watcher/validator.go b/internal/watcher/validator.go index db1c7707f..11c843c68 100644 --- a/internal/watcher/validator.go +++ b/internal/watcher/validator.go @@ -108,21 +108,21 @@ func (u *Updatable) Update() error { u.log.Debugf("Enforced PCRs: %v", enforced) var idkeydigest []byte - var enforceIdKeyDigest bool + var enforceIDKeyDigest bool if u.csp == cloudprovider.Azure && u.azureCVM { u.log.Infof("Updating encforceIdKeyDigest value") - enforceRaw, err := u.fileHandler.Read(filepath.Join(constants.ServiceBasePath, constants.EnforceIdKeyDigestFilename)) + enforceRaw, err := u.fileHandler.Read(filepath.Join(constants.ServiceBasePath, constants.EnforceIDKeyDigestFilename)) if err != nil { return err } - enforceIdKeyDigest, err = strconv.ParseBool(string(enforceRaw)) + enforceIDKeyDigest, err = strconv.ParseBool(string(enforceRaw)) if err != nil { return fmt.Errorf("parsing content of EnforceIdKeyDigestFilename: %s: %w", enforceRaw, err) } - u.log.Debugf("New encforceIdKeyDigest value: %v", enforceIdKeyDigest) + u.log.Debugf("New encforceIdKeyDigest value: %v", enforceIDKeyDigest) u.log.Infof("Updating expected idkeydigest") - idkeydigestRaw, err := u.fileHandler.Read(filepath.Join(constants.ServiceBasePath, constants.IdKeyDigestFilename)) + idkeydigestRaw, err := u.fileHandler.Read(filepath.Join(constants.ServiceBasePath, constants.IDKeyDigestFilename)) if err != nil { return err } @@ -133,7 +133,7 @@ func (u *Updatable) Update() error { u.log.Debugf("New idkeydigest: %x", idkeydigest) } - u.Validator = u.newValidator(measurements, enforced, idkeydigest, enforceIdKeyDigest, u.log) + u.Validator = u.newValidator(measurements, enforced, idkeydigest, enforceIDKeyDigest, u.log) return nil } diff --git a/internal/watcher/validator_test.go b/internal/watcher/validator_test.go index b834b128b..2cb1b91aa 100644 --- a/internal/watcher/validator_test.go +++ b/internal/watcher/validator_test.go @@ -84,11 +84,11 @@ func TestNewUpdateableValidator(t *testing.T) { []uint32{11}, )) require.NoError(handler.Write( - filepath.Join(constants.ServiceBasePath, constants.IdKeyDigestFilename), + filepath.Join(constants.ServiceBasePath, constants.IDKeyDigestFilename), []byte{}, )) require.NoError(handler.Write( - filepath.Join(constants.ServiceBasePath, constants.EnforceIdKeyDigestFilename), + filepath.Join(constants.ServiceBasePath, constants.EnforceIDKeyDigestFilename), []byte("false"), )) require.NoError(handler.Write( @@ -145,11 +145,11 @@ func TestUpdate(t *testing.T) { []uint32{11}, )) require.NoError(handler.Write( - filepath.Join(constants.ServiceBasePath, constants.IdKeyDigestFilename), + filepath.Join(constants.ServiceBasePath, constants.IDKeyDigestFilename), []byte{}, )) require.NoError(handler.Write( - filepath.Join(constants.ServiceBasePath, constants.EnforceIdKeyDigestFilename), + filepath.Join(constants.ServiceBasePath, constants.EnforceIDKeyDigestFilename), []byte("false"), )) require.NoError(handler.Write( @@ -215,11 +215,11 @@ func TestUpdateConcurrency(t *testing.T) { []uint32{11}, )) require.NoError(handler.Write( - filepath.Join(constants.ServiceBasePath, constants.IdKeyDigestFilename), + filepath.Join(constants.ServiceBasePath, constants.IDKeyDigestFilename), []byte{}, )) require.NoError(handler.Write( - filepath.Join(constants.ServiceBasePath, constants.EnforceIdKeyDigestFilename), + filepath.Join(constants.ServiceBasePath, constants.EnforceIDKeyDigestFilename), []byte("false"), )) require.NoError(handler.Write( diff --git a/kms/cmd/main.go b/kms/cmd/main.go index f9f5f86a9..479567ffa 100644 --- a/kms/cmd/main.go +++ b/kms/cmd/main.go @@ -58,7 +58,7 @@ func main() { // set up Key Management Service ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) defer cancel() - conKMS, err := setup.SetUpKMS(ctx, setup.NoStoreURI, keyURI) + conKMS, err := setup.KMS(ctx, setup.NoStoreURI, keyURI) if err != nil { log.With(zap.Error(err)).Fatalf("Failed to setup KMS") } diff --git a/kms/kms/cluster/cluster.go b/kms/kms/cluster/cluster.go index 373c33812..fed44504a 100644 --- a/kms/kms/cluster/cluster.go +++ b/kms/kms/cluster/cluster.go @@ -13,25 +13,25 @@ import ( "github.com/edgelesssys/constellation/v2/internal/crypto" ) -// ClusterKMS implements the kms.CloudKMS interface for in cluster key management. -type ClusterKMS struct { +// KMS implements the kms.CloudKMS interface for in cluster key management. +type KMS struct { masterKey []byte salt []byte } // New creates a new ClusterKMS. -func New(salt []byte) *ClusterKMS { - return &ClusterKMS{salt: salt} +func New(salt []byte) *KMS { + return &KMS{salt: salt} } // CreateKEK sets the ClusterKMS masterKey. -func (c *ClusterKMS) CreateKEK(ctx context.Context, keyID string, kek []byte) error { +func (c *KMS) CreateKEK(ctx context.Context, keyID string, kek []byte) error { c.masterKey = kek return nil } // GetDEK derives a key from the KMS masterKey. -func (c *ClusterKMS) GetDEK(ctx context.Context, kekID string, dekID string, dekSize int) ([]byte, error) { +func (c *KMS) GetDEK(ctx context.Context, kekID string, dekID string, dekSize int) ([]byte, error) { if len(c.masterKey) == 0 { return nil, errors.New("master key not set for Constellation KMS") } diff --git a/kms/setup/setup.go b/kms/setup/setup.go index a62b6a949..109ee3250 100644 --- a/kms/setup/setup.go +++ b/kms/setup/setup.go @@ -40,8 +40,8 @@ type KMSInformation struct { KeyEncryptionKeyID string } -// SetUpKMS creates a KMS and key store from the given parameters. -func SetUpKMS(ctx context.Context, storageURI, kmsURI string) (kms.CloudKMS, error) { +// KMS creates a KMS and key store from the given parameters. +func KMS(ctx context.Context, storageURI, kmsURI string) (kms.CloudKMS, error) { store, err := getStore(ctx, storageURI) if err != nil { return nil, err diff --git a/kms/setup/setup_test.go b/kms/setup/setup_test.go index ec47be6ac..7f0175248 100644 --- a/kms/setup/setup_test.go +++ b/kms/setup/setup_test.go @@ -131,11 +131,11 @@ func TestGetKMS(t *testing.T) { func TestSetUpKMS(t *testing.T) { assert := assert.New(t) - kms, err := SetUpKMS(context.Background(), "storage://unknown", "kms://unknown") + kms, err := KMS(context.Background(), "storage://unknown", "kms://unknown") assert.Error(err) assert.Nil(kms) - kms, err = SetUpKMS(context.Background(), "storage://no-store", "kms://cluster-kms?salt="+base64.URLEncoding.EncodeToString([]byte("salt"))) + kms, err = KMS(context.Background(), "storage://no-store", "kms://cluster-kms?salt="+base64.URLEncoding.EncodeToString([]byte("salt"))) assert.NoError(err) assert.NotNil(kms) } diff --git a/operators/constellation-node-operator/internal/azure/client/nodeimage.go b/operators/constellation-node-operator/internal/azure/client/nodeimage.go index b5833a05d..d2c83a938 100644 --- a/operators/constellation-node-operator/internal/azure/client/nodeimage.go +++ b/operators/constellation-node-operator/internal/azure/client/nodeimage.go @@ -32,9 +32,8 @@ func (c *Client) GetNodeImage(ctx context.Context, providerID string) (string, e } if resp.Properties.StorageProfile.ImageReference.ID != nil { return *resp.Properties.StorageProfile.ImageReference.ID, nil - } else { - return *resp.Properties.StorageProfile.ImageReference.CommunityGalleryImageID, nil } + return *resp.Properties.StorageProfile.ImageReference.CommunityGalleryImageID, nil } // GetScalingGroupID returns the scaling group ID of the node. diff --git a/operators/constellation-node-operator/internal/azure/client/nodeimage_test.go b/operators/constellation-node-operator/internal/azure/client/nodeimage_test.go index 4c574695d..66941d11d 100644 --- a/operators/constellation-node-operator/internal/azure/client/nodeimage_test.go +++ b/operators/constellation-node-operator/internal/azure/client/nodeimage_test.go @@ -222,7 +222,7 @@ func TestCreateNode(t *testing.T) { list: tc.preexistingVMs, fetchErr: tc.fetchErr, } - poller := NewStubCapacityPoller(tc.pollErr) + poller := newStubCapacityPoller(tc.pollErr) client := Client{ virtualMachineScaleSetVMsAPI: &stubvirtualMachineScaleSetVMsAPI{ pager: pager, @@ -357,7 +357,7 @@ type stubCapacityPoller struct { doneC chan struct{} } -func NewStubCapacityPoller(pollErr error) *stubCapacityPoller { +func newStubCapacityPoller(pollErr error) *stubCapacityPoller { return &stubCapacityPoller{ pollErr: pollErr, pollC: make(chan struct{}), diff --git a/operators/constellation-node-operator/internal/azure/client/scalinggroup.go b/operators/constellation-node-operator/internal/azure/client/scalinggroup.go index e2f63f6de..286885b0e 100644 --- a/operators/constellation-node-operator/internal/azure/client/scalinggroup.go +++ b/operators/constellation-node-operator/internal/azure/client/scalinggroup.go @@ -34,9 +34,8 @@ func (c *Client) GetScalingGroupImage(ctx context.Context, scalingGroupID string } if res.Properties.VirtualMachineProfile.StorageProfile.ImageReference.ID != nil { return *res.Properties.VirtualMachineProfile.StorageProfile.ImageReference.ID, nil - } else { - return *res.Properties.VirtualMachineProfile.StorageProfile.ImageReference.CommunityGalleryImageID, nil } + return *res.Properties.VirtualMachineProfile.StorageProfile.ImageReference.CommunityGalleryImageID, nil } // SetScalingGroupImage sets the image URI of the scaling group.