From cd7b1167941b471790eeafb04a3e27b8bfe599c1 Mon Sep 17 00:00:00 2001 From: Malte Poll Date: Thu, 25 May 2023 14:33:57 +0200 Subject: [PATCH] cli: image measurements (v2) --- .../cmd/configfetchmeasurements_test.go | 4 ++-- .../measurement-generator/generate.go | 2 +- .../attestation/measurements/measurements.go | 7 ------ internal/osimage/archive/archive.go | 4 ++-- internal/versionsapi/BUILD.bazel | 1 + internal/versionsapi/apiconstants.go | 22 +++++++++++++++++++ internal/versionsapi/client/client.go | 4 ++-- internal/versionsapi/version.go | 13 +++++------ internal/versionsapi/version_test.go | 4 ++-- 9 files changed, 38 insertions(+), 23 deletions(-) create mode 100644 internal/versionsapi/apiconstants.go diff --git a/cli/internal/cmd/configfetchmeasurements_test.go b/cli/internal/cmd/configfetchmeasurements_test.go index 966392e9d..5da1e04c2 100644 --- a/cli/internal/cmd/configfetchmeasurements_test.go +++ b/cli/internal/cmd/configfetchmeasurements_test.go @@ -119,8 +119,8 @@ func TestUpdateURLs(t *testing.T) { }, }, flags: &fetchMeasurementsFlags{}, - wantMeasurementsURL: ver.ArtifactsURL("v2") + "/image/measurements.json", - wantMeasurementsSigURL: ver.ArtifactsURL("v2") + "/image/measurements.json.sig", + wantMeasurementsURL: ver.ArtifactsURL(versionsapi.APIV2) + "/image/measurements.json", + wantMeasurementsSigURL: ver.ArtifactsURL(versionsapi.APIV2) + "/image/measurements.json.sig", }, "both set by user": { conf: &config.Config{ diff --git a/internal/attestation/measurements/measurement-generator/generate.go b/internal/attestation/measurements/measurement-generator/generate.go index d55be9516..544062adc 100644 --- a/internal/attestation/measurements/measurement-generator/generate.go +++ b/internal/attestation/measurements/measurement-generator/generate.go @@ -150,7 +150,7 @@ func measurementURL(image, file string) (*url.URL, error) { } return url.Parse( - version.ArtifactsURL("v2") + path.Join("/image", file), + version.ArtifactsURL(versionsapi.APIV2) + path.Join("/image", file), ) } diff --git a/internal/attestation/measurements/measurements.go b/internal/attestation/measurements/measurements.go index 0fded0d15..7f5655146 100644 --- a/internal/attestation/measurements/measurements.go +++ b/internal/attestation/measurements/measurements.go @@ -62,13 +62,6 @@ const ( // M are Platform Configuration Register (PCR) values that make up the Measurements. type M map[uint32]Measurement -// WithMetadata is a struct supposed to provide CSP & image metadata next to measurements. -type WithMetadata struct { - CSP cloudprovider.Provider `json:"csp" yaml:"csp"` - Image string `json:"image" yaml:"image"` - Measurements M `json:"measurements" yaml:"measurements"` -} - // ImageMeasurementsV2 is a struct to hold measurements for a specific image. // .List contains measurements for all variants of the image. type ImageMeasurementsV2 struct { diff --git a/internal/osimage/archive/archive.go b/internal/osimage/archive/archive.go index 58b269180..5cb833b7a 100644 --- a/internal/osimage/archive/archive.go +++ b/internal/osimage/archive/archive.go @@ -46,8 +46,8 @@ func New(ctx context.Context, region, bucket string, log *logger.Logger) (*Archi } // Archive reads the OS image in img and uploads it as key. -func (a *Archivist) Archive(ctx context.Context, version versionsapi.Version, csp, variant string, img io.Reader) (string, error) { - key, err := url.JoinPath(version.ArtifactPath("v1"), version.Kind.String(), "csp", csp, variant, "image.raw") +func (a *Archivist) Archive(ctx context.Context, version versionsapi.Version, csp, attestationVariant string, img io.Reader) (string, error) { + key, err := url.JoinPath(version.ArtifactPath(versionsapi.APIV1), version.Kind.String(), "csp", csp, attestationVariant, "image.raw") if err != nil { return "", err } diff --git a/internal/versionsapi/BUILD.bazel b/internal/versionsapi/BUILD.bazel index fcd844870..466ab3b62 100644 --- a/internal/versionsapi/BUILD.bazel +++ b/internal/versionsapi/BUILD.bazel @@ -4,6 +4,7 @@ load("//bazel/go:go_test.bzl", "go_test") go_library( name = "versionsapi", srcs = [ + "apiconstants.go", "cliinfo.go", "imageinfo.go", "latest.go", diff --git a/internal/versionsapi/apiconstants.go b/internal/versionsapi/apiconstants.go new file mode 100644 index 000000000..bca2b2b4c --- /dev/null +++ b/internal/versionsapi/apiconstants.go @@ -0,0 +1,22 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package versionsapi + +var ( + // APIV1 is the v1 API version. + APIV1 = apiVersion{slug: "v1"} + // APIV2 is the v2 API version. + APIV2 = apiVersion{slug: "v2"} +) + +type apiVersion struct { + slug string +} + +func (v apiVersion) String() string { + return v.slug +} diff --git a/internal/versionsapi/client/client.go b/internal/versionsapi/client/client.go index 35f1462ea..4519afc57 100644 --- a/internal/versionsapi/client/client.go +++ b/internal/versionsapi/client/client.go @@ -185,8 +185,8 @@ func (c *Client) DeleteVersion(ctx context.Context, ver versionsapi.Version) err retErr = errors.Join(retErr, fmt.Errorf("updating latest version: %w", err)) } - c.log.Debugf("Deleting artifact path %s for %s", ver.ArtifactPath("v1"), ver.Version) - if err := c.deletePath(ctx, ver.ArtifactPath("v1")); err != nil { + c.log.Debugf("Deleting artifact path %s for %s", ver.ArtifactPath(versionsapi.APIV1), ver.Version) + if err := c.deletePath(ctx, ver.ArtifactPath(versionsapi.APIV1)); err != nil { retErr = errors.Join(retErr, fmt.Errorf("deleting artifact path: %w", err)) } diff --git a/internal/versionsapi/version.go b/internal/versionsapi/version.go index a81d36d01..9b7e7ca93 100644 --- a/internal/versionsapi/version.go +++ b/internal/versionsapi/version.go @@ -154,16 +154,16 @@ func (v Version) ListPath(gran Granularity) string { // ArtifactsURL returns the URL to the artifacts stored for this version. // The URL points to a directory. -func (v Version) ArtifactsURL(apiVersion string) string { - return constants.CDNRepositoryURL + "/" + v.ArtifactPath(apiVersion) +func (v Version) ArtifactsURL(apiVer apiVersion) string { + return constants.CDNRepositoryURL + "/" + v.ArtifactPath(apiVer) } // ArtifactPath returns the path to the artifacts stored for this version. // The path points to a directory. -func (v Version) ArtifactPath(apiVersion string) string { +func (v Version) ArtifactPath(apiVer apiVersion) string { return path.Join( constants.CDNAPIBase, - apiVersion, + apiVer.String(), "ref", v.Ref, "stream", v.Stream, v.Version, @@ -336,16 +336,15 @@ func ValidateStream(ref, stream string) error { // MeasurementURL builds the measurement and signature URLs for the given version. func MeasurementURL(version Version) (measurementURL, signatureURL *url.URL, err error) { - const apiVersion = "v2" if version.Kind != VersionKindImage { return &url.URL{}, &url.URL{}, fmt.Errorf("kind %q is not supported", version.Kind) } - measurementPath, err := url.JoinPath(version.ArtifactsURL(apiVersion), "image", constants.CDNMeasurementsFile) + measurementPath, err := url.JoinPath(version.ArtifactsURL(APIV2), "image", constants.CDNMeasurementsFile) if err != nil { return &url.URL{}, &url.URL{}, fmt.Errorf("joining path for measurement: %w", err) } - signaturePath, err := url.JoinPath(version.ArtifactsURL(apiVersion), "image", constants.CDNMeasurementsSignature) + signaturePath, err := url.JoinPath(version.ArtifactsURL(APIV2), "image", constants.CDNMeasurementsSignature) if err != nil { return &url.URL{}, &url.URL{}, fmt.Errorf("joining path for signature: %w", err) } diff --git a/internal/versionsapi/version_test.go b/internal/versionsapi/version_test.go index b7d4f3502..ec42233bb 100644 --- a/internal/versionsapi/version_test.go +++ b/internal/versionsapi/version_test.go @@ -561,9 +561,9 @@ func TestVersionArtifactPathURL(t *testing.T) { t.Run(name, func(t *testing.T) { assert := assert.New(t) - path := tc.ver.ArtifactPath("v1") + path := tc.ver.ArtifactPath(APIV1) assert.Equal(tc.wantPath, path) - url := tc.ver.ArtifactsURL("v1") + url := tc.ver.ArtifactsURL(APIV1) assert.Equal(constants.CDNRepositoryURL+"/"+tc.wantPath, url) }) }