Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-12-15 16:09:39 -05:00
Code Issues Projects Releases Packages Wiki Activity

cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169)

Browse source 
* Fix incorrect use of masterSecret salt for clusterID generation

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-08-07 15:24:46 +02:00 committed by GitHub
parent bd26e6bae7
commit 8dbe79500f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 166 additions and 114 deletions
Download patch file Download diff file Expand all files Collapse all files

10
cli/internal/helm/overrides.go
View file

@ -20,6 +20,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/cloud/openstack"
"github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
)
// TODO(malt3): switch over to DNS name on AWS and Azure
@ -52,7 +53,8 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
// extraConstellationServicesValues extends the given values map by some values depending on user input.
// Values set inside this function are only applied during init, not during upgrade.
func extraConstellationServicesValues(cfg *config.Config, masterSecret, salt []byte, uid, serviceAccURI string, output terraform.ApplyOutput,
func extraConstellationServicesValues(
cfg *config.Config, masterSecret uri.MasterSecret, measurementSalt []byte, uid, serviceAccURI string, output terraform.ApplyOutput,
) (map[string]any, error) {
attestationConfigJSON, err := json.Marshal(cfg.GetAttestationConfig())
if err != nil {
@ -60,7 +62,7 @@ func extraConstellationServicesValues(cfg *config.Config, masterSecret, salt []b
}
extraVals := map[string]any{}
extraVals["join-service"] = map[string]any{
"measurementSalt": base64.StdEncoding.EncodeToString(salt),
"measurementSalt": base64.StdEncoding.EncodeToString(measurementSalt),
"attestationVariant": cfg.GetAttestationConfig().GetVariant().String(),
"attestationConfig": string(attestationConfigJSON),
}
@ -73,8 +75,8 @@ func extraConstellationServicesValues(cfg *config.Config, masterSecret, salt []b
}
extraVals["key-service"] = map[string]any{
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret),
"salt": base64.StdEncoding.EncodeToString(salt),
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key),
"salt": base64.StdEncoding.EncodeToString(masterSecret.Salt),
}
switch cfg.GetProvider() {
case cloudprovider.OpenStack: