AB#2512 Config secrets via env var & config refactoring (#544)

* refactor measurements to use consistent types and less byte pushing * refactor: only rely on a single multierr dependency * extend config creation with envar support * document changes Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2025-05-02 06:16:08 -04:00 · 2022-11-15 15:40:49 +01:00 · 2022-11-15 15:40:49 +01:00 · bb76a4e4c8
commit bb76a4e4c8
parent 80a801629e
42 changed files with 932 additions and 791 deletions
--- a/hack/qemu-metadata-api/server/server.go
+++ b/hack/qemu-metadata-api/server/server.go
@ -15,6 +15,7 @@ import (
 	"strings"

 	"github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/virtwrapper"
+	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/role"
@ -197,7 +198,7 @@ func (s *Server) exportPCRs(w http.ResponseWriter, r *http.Request) {
 	}

 	// unmarshal the request body into a map of PCRs
-	var pcrs map[uint32][]byte
+	var pcrs measurements.M
 	if err := json.NewDecoder(r.Body).Decode(&pcrs); err != nil {
 		log.With(zap.Error(err)).Errorf("Failed to read request body")
 		http.Error(w, err.Error(), http.StatusInternalServerError)
--- a/hack/qemu-metadata-api/server/server_test.go
+++ b/hack/qemu-metadata-api/server/server_test.go
@ -17,6 +17,7 @@ import (
 	"testing"

 	"github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/virtwrapper"
+	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/stretchr/testify/assert"
@ -306,12 +307,12 @@ func TestExportPCRs(t *testing.T) {
 			remoteAddr: "192.0.100.1:1234",
 			connect:    defaultConnect,
 			method:     http.MethodPost,
-			message:    mustMarshal(t, map[uint32][]byte{0: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")}),
+			message:    mustMarshal(t, measurements.M{0: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")}),
 		},
 		"incorrect method": {
 			remoteAddr: "192.0.100.1:1234",
 			connect:    defaultConnect,
-			message:    mustMarshal(t, map[uint32][]byte{0: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")}),
+			message:    mustMarshal(t, measurements.M{0: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")}),
 			method:     http.MethodGet,
 			wantErr:    true,
 		},
@ -320,7 +321,7 @@ func TestExportPCRs(t *testing.T) {
 			connect: &stubConnect{
 				getNetworkErr: errors.New("error"),
 			},
-			message: mustMarshal(t, map[uint32][]byte{0: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")}),
+			message: mustMarshal(t, measurements.M{0: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")}),
 			method:  http.MethodPost,
 			wantErr: true,
 		},
@ -335,7 +336,7 @@ func TestExportPCRs(t *testing.T) {
 			remoteAddr: "localhost",
 			connect:    defaultConnect,
 			method:     http.MethodPost,
-			message:    mustMarshal(t, map[uint32][]byte{0: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")}),
+			message:    mustMarshal(t, measurements.M{0: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")}),
 			wantErr:    true,
 		},
 	}