Add new generate measurements matrix CI/CD action (now with AWS support) (#641)

2025-05-12 11:12:27 -04:00 · 2022-11-25 12:08:24 +01:00 · 2022-11-25 12:08:24 +01:00 · 89b25f8ebb
commit 89b25f8ebb
parent 6af54142f2
11 changed files with 533 additions and 322 deletions
--- a/hack/pcr-reader/main.go
+++ b/hack/pcr-reader/main.go
@ -17,6 +17,7 @@ import (
 	"net"
 	"os"
 	"strconv"
+	"strings"
 	"time"

 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
@ -35,6 +36,10 @@ func main() {
 	format := flag.String("format", "json", "Output format: json, yaml (default json)")
 	quiet := flag.Bool("q", false, "Set to disable output")
 	timeout := flag.Duration("timeout", 2*time.Minute, "Wait this duration for the verification service to become available")
+	metadata := flag.Bool("metadata", false, "Include image metadata (CSP, image UID) for publishing")
+	csp := flag.String("csp", "", "Define CSP for metadata")
+	image := flag.String("image", "", "Define image UID for metadata from which image the PCRs are taken from")
+
 	flag.Parse()

 	if *coordIP == "" || *port == "" {
@ -42,6 +47,12 @@ func main() {
 		os.Exit(1)
 	}

+	if *metadata && (*csp == "" || *image == "") {
+		fmt.Println("If you enable metadata, you also need to define a CSP and an image to include from as arguments.")
+		flag.Usage()
+		os.Exit(1)
+	}
+
 	addr := net.JoinHostPort(*coordIP, *port)
 	ctx, cancel := context.WithTimeout(context.Background(), *timeout)
 	defer cancel()
@ -51,15 +62,28 @@ func main() {
 		log.Fatal(err)
 	}

-	measurements, err := validatePCRAttDoc(attDocRaw)
+	pcrs, err := validatePCRAttDoc(attDocRaw)
 	if err != nil {
 		log.Fatal(err)
 	}

-	if !*quiet {
-		if err := printPCRs(os.Stdout, measurements, *format); err != nil {
-			log.Fatal(err)
+	if *quiet {
+		return
+	}
+
+	if *metadata {
+		outputWithMetadata := measurements.WithMetadata{
+			CSP:          strings.ToLower(*csp),
+			Image:        strings.ToLower(*image),
+			Measurements: pcrs,
 		}
+		err = printPCRsWithMetadata(os.Stdout, outputWithMetadata, *format)
+	} else {
+		err = printPCRs(os.Stdout, pcrs, *format)
+	}
+
+	if err != nil {
+		log.Fatal(err)
 	}
 }

@ -127,6 +151,19 @@ func printPCRs(w io.Writer, pcrs measurements.M, format string) error {
 	}
 }

+// printPCRs formats and prints PCRs to the given writer.
+// format can be one of 'json' or 'yaml'. If it doesn't match defaults to 'json'.
+func printPCRsWithMetadata(w io.Writer, outputWithMetadata measurements.WithMetadata, format string) error {
+	switch format {
+	case "json":
+		return printPCRsJSONWithMetadata(w, outputWithMetadata)
+	case "yaml":
+		return printPCRsYAMLWithMetadata(w, outputWithMetadata)
+	default:
+		return printPCRsJSONWithMetadata(w, outputWithMetadata)
+	}
+}
+
 func printPCRsYAML(w io.Writer, pcrs measurements.M) error {
 	pcrYAML, err := yaml.Marshal(pcrs)
 	if err != nil {
@ -136,6 +173,15 @@ func printPCRsYAML(w io.Writer, pcrs measurements.M) error {
 	return nil
 }

+func printPCRsYAMLWithMetadata(w io.Writer, outputWithMetadata measurements.WithMetadata) error {
+	pcrYAML, err := yaml.Marshal(outputWithMetadata)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(w, "%s", string(pcrYAML))
+	return nil
+}
+
 func printPCRsJSON(w io.Writer, pcrs measurements.M) error {
 	pcrJSON, err := json.MarshalIndent(pcrs, "", "  ")
 	if err != nil {
@ -144,3 +190,12 @@ func printPCRsJSON(w io.Writer, pcrs measurements.M) error {
 	fmt.Fprintf(w, "%s", string(pcrJSON))
 	return nil
 }
+
+func printPCRsJSONWithMetadata(w io.Writer, outputWithMetadata measurements.WithMetadata) error {
+	pcrJSON, err := json.MarshalIndent(outputWithMetadata, "", "  ")
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(w, "%s", string(pcrJSON))
+	return nil
+}