From c1b4193791c18eb0818e1c5ec0594460c5253396 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?=
 <66256922+daniel-weisse@users.noreply.github.com>
Date: Fri, 21 Oct 2022 15:04:34 +0200
Subject: [PATCH] Add support for AWS to disk-mapper (#329)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---
 disk-mapper/cmd/main.go | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/disk-mapper/cmd/main.go b/disk-mapper/cmd/main.go
index a88f6cf94..61fcce8f8 100644
--- a/disk-mapper/cmd/main.go
+++ b/disk-mapper/cmd/main.go
@@ -15,7 +15,6 @@ import (
 	"net/http"
 	"net/url"
 	"path/filepath"
-	"strings"
 
 	"github.com/edgelesssys/constellation/v2/disk-mapper/internal/mapper"
 	"github.com/edgelesssys/constellation/v2/disk-mapper/internal/recoveryserver"
@@ -26,7 +25,9 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/gcp"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/qemu"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
+	awscloud "github.com/edgelesssys/constellation/v2/internal/cloud/aws"
 	azurecloud "github.com/edgelesssys/constellation/v2/internal/cloud/azure"
+	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	gcpcloud "github.com/edgelesssys/constellation/v2/internal/cloud/gcp"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
 	qemucloud "github.com/edgelesssys/constellation/v2/internal/cloud/qemu"
@@ -43,6 +44,7 @@ import (
 const (
 	gcpStateDiskPath   = "/dev/disk/by-id/google-state-disk"
 	azureStateDiskPath = "/dev/disk/azure/scsi1/lun0"
+	awsStateDiskPath   = "/dev/sdb"
 	qemuStateDiskPath  = "/dev/vda"
 )
 
@@ -60,8 +62,24 @@ func main() {
 	var diskPath string
 	var issuer atls.Issuer
 	var metadataAPI setup.MetadataAPI
-	switch strings.ToLower(*csp) {
-	case "azure":
+	switch cloudprovider.FromString(*csp) {
+	case cloudprovider.AWS:
+		// on AWS Nitro platform, disks are attached over NVMe
+		// using udev rules, a symlink for our disk is created at /dev/sdb
+		diskPath, err = filepath.EvalSymlinks(awsStateDiskPath)
+		if err != nil {
+			_ = exportPCRs()
+			log.With(zap.Error(err)).Fatalf("Unable to resolve Azure state disk path")
+		}
+		metadataAPI, err = awscloud.New(context.Background())
+		if err != nil {
+			log.With(zap.Error(err)).Fatalf("Failed to set up AWS metadata API")
+		}
+
+		// TODO: Add attestation issuer for AWS
+		// issuer = aws.NewIssuer()
+
+	case cloudprovider.Azure:
 		diskPath, err = filepath.EvalSymlinks(azureStateDiskPath)
 		if err != nil {
 			_ = exportPCRs()
@@ -69,12 +87,12 @@ func main() {
 		}
 		metadataAPI, err = azurecloud.NewMetadata(context.Background())
 		if err != nil {
-			log.With(zap.Error).Fatalf("Failed to create Azure metadata API")
+			log.With(zap.Error).Fatalf("Failed to set up Azure metadata API")
 		}
 
 		issuer = azure.NewIssuer()
 
-	case "gcp":
+	case cloudprovider.GCP:
 		diskPath, err = filepath.EvalSymlinks(gcpStateDiskPath)
 		if err != nil {
 			_ = exportPCRs()
@@ -87,7 +105,7 @@ func main() {
 		}
 		metadataAPI = gcpcloud.New(gcpClient)
 
-	case "qemu":
+	case cloudprovider.QEMU:
 		diskPath = qemuStateDiskPath
 		issuer = qemu.NewIssuer()
 		metadataAPI = &qemucloud.Metadata{}