Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add support for AWS to disk-mapper (#329)

Browse Source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2022-10-21 15:04:34 +02:00 committed by GitHub
parent 90c94ec53e
commit c1b4193791
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
disk-mapper/cmd/main.go
View File

@ -15,7 +15,6 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"path/filepath" "path/filepath"
"strings"
"github.com/edgelesssys/constellation/v2/disk-mapper/internal/mapper" "github.com/edgelesssys/constellation/v2/disk-mapper/internal/mapper"
"github.com/edgelesssys/constellation/v2/disk-mapper/internal/recoveryserver" "github.com/edgelesssys/constellation/v2/disk-mapper/internal/recoveryserver"
@ -26,7 +25,9 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/gcp" "github.com/edgelesssys/constellation/v2/internal/attestation/gcp"
"github.com/edgelesssys/constellation/v2/internal/attestation/qemu" "github.com/edgelesssys/constellation/v2/internal/attestation/qemu"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
awscloud "github.com/edgelesssys/constellation/v2/internal/cloud/aws"
azurecloud "github.com/edgelesssys/constellation/v2/internal/cloud/azure" azurecloud "github.com/edgelesssys/constellation/v2/internal/cloud/azure"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
gcpcloud "github.com/edgelesssys/constellation/v2/internal/cloud/gcp" gcpcloud "github.com/edgelesssys/constellation/v2/internal/cloud/gcp"
"github.com/edgelesssys/constellation/v2/internal/cloud/metadata" "github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
qemucloud "github.com/edgelesssys/constellation/v2/internal/cloud/qemu" qemucloud "github.com/edgelesssys/constellation/v2/internal/cloud/qemu"
@ -43,6 +44,7 @@ import (
const ( const (
gcpStateDiskPath = "/dev/disk/by-id/google-state-disk" gcpStateDiskPath = "/dev/disk/by-id/google-state-disk"
azureStateDiskPath = "/dev/disk/azure/scsi1/lun0" azureStateDiskPath = "/dev/disk/azure/scsi1/lun0"
awsStateDiskPath = "/dev/sdb"
qemuStateDiskPath = "/dev/vda" qemuStateDiskPath = "/dev/vda"
) )
@ -60,8 +62,24 @@ func main() {
var diskPath string var diskPath string
var issuer atls.Issuer var issuer atls.Issuer
var metadataAPI setup.MetadataAPI var metadataAPI setup.MetadataAPI
switch strings.ToLower(*csp) { switch cloudprovider.FromString(*csp) {
case "azure": case cloudprovider.AWS:
// on AWS Nitro platform, disks are attached over NVMe
// using udev rules, a symlink for our disk is created at /dev/sdb
diskPath, err = filepath.EvalSymlinks(awsStateDiskPath)
if err != nil {
_ = exportPCRs()
log.With(zap.Error(err)).Fatalf("Unable to resolve Azure state disk path")
}
metadataAPI, err = awscloud.New(context.Background())
if err != nil {
log.With(zap.Error(err)).Fatalf("Failed to set up AWS metadata API")
}
// TODO: Add attestation issuer for AWS
// issuer = aws.NewIssuer()
case cloudprovider.Azure:
diskPath, err = filepath.EvalSymlinks(azureStateDiskPath) diskPath, err = filepath.EvalSymlinks(azureStateDiskPath)
if err != nil { if err != nil {
_ = exportPCRs() _ = exportPCRs()
@ -69,12 +87,12 @@ func main() {
} }
metadataAPI, err = azurecloud.NewMetadata(context.Background()) metadataAPI, err = azurecloud.NewMetadata(context.Background())
if err != nil { if err != nil {
log.With(zap.Error).Fatalf("Failed to create Azure metadata API") log.With(zap.Error).Fatalf("Failed to set up Azure metadata API")
} }
issuer = azure.NewIssuer() issuer = azure.NewIssuer()
case "gcp": case cloudprovider.GCP:
diskPath, err = filepath.EvalSymlinks(gcpStateDiskPath) diskPath, err = filepath.EvalSymlinks(gcpStateDiskPath)
if err != nil { if err != nil {
_ = exportPCRs() _ = exportPCRs()
@ -87,7 +105,7 @@ func main() {
} }
metadataAPI = gcpcloud.New(gcpClient) metadataAPI = gcpcloud.New(gcpClient)
case "qemu": case cloudprovider.QEMU:
diskPath = qemuStateDiskPath diskPath = qemuStateDiskPath
issuer = qemu.NewIssuer() issuer = qemu.NewIssuer()
metadataAPI = &qemucloud.Metadata{} metadataAPI = &qemucloud.Metadata{}