Remove exporting of PCRs from QEMU metadata API (#169)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-10-01 01:36:09 -04:00 · 2022-09-19 14:29:21 +02:00 · 2022-09-19 14:29:21 +02:00 · d0ba2eb6b7
commit d0ba2eb6b7
parent 7eb245d7ee
6 changed files with 8 additions and 49 deletions
--- a/hack/qemu-metadata-api/main.go
+++ b/hack/qemu-metadata-api/main.go
@ -11,9 +11,7 @@ import (

 	"github.com/edgelesssys/constellation/hack/qemu-metadata-api/server"
 	"github.com/edgelesssys/constellation/hack/qemu-metadata-api/virtwrapper"
-	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/logger"
-	"github.com/spf13/afero"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 	"libvirt.org/go/libvirt"
@ -31,7 +29,7 @@ func main() {
 	}
 	defer conn.Close()

-	serv := server.New(log, &virtwrapper.Connect{Conn: conn}, file.NewHandler(afero.NewOsFs()))
+	serv := server.New(log, &virtwrapper.Connect{Conn: conn})
 	if err := serv.ListenAndServe(*bindPort); err != nil {
 		log.With(zap.Error(err)).Fatalf("Failed to serve")
 	}
--- a/hack/qemu-metadata-api/server/server.go
+++ b/hack/qemu-metadata-api/server/server.go
@ -7,7 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-only
 package server

 import (
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
@ -17,25 +16,20 @@ import (

 	"github.com/edgelesssys/constellation/hack/qemu-metadata-api/virtwrapper"
 	"github.com/edgelesssys/constellation/internal/cloud/metadata"
-	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/logger"
 	"github.com/edgelesssys/constellation/internal/role"
 	"go.uber.org/zap"
 )

-const exportedPCRsDir = "/pcrs/"
-
 type Server struct {
 	log  *logger.Logger
 	virt virConnect
-	file file.Handler
 }

-func New(log *logger.Logger, conn virConnect, file file.Handler) *Server {
+func New(log *logger.Logger, conn virConnect) *Server {
 	return &Server{
 		log:  log,
 		virt: conn,
-		file: file,
 	}
 }

@ -187,23 +181,7 @@ func (s *Server) exportPCRs(w http.ResponseWriter, r *http.Request) {
 		}
 	}

-	// write PCRs as JSON and YAML to disk
-	if err := s.file.WriteJSON(exportedPCRsDir+nodeName+"_pcrs.json", pcrs, file.OptOverwrite); err != nil {
-		log.With(zap.Error(err)).Errorf("Failed to write pcrs to JSON")
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-
-	// convert []byte to base64 encoded strings for YAML encoding
-	pcrsYAML := make(map[uint32]string)
-	for k, v := range pcrs {
-		pcrsYAML[k] = base64.StdEncoding.EncodeToString(v)
-	}
-	if err := s.file.WriteYAML(exportedPCRsDir+nodeName+"_pcrs.yaml", pcrsYAML, file.OptOverwrite); err != nil {
-		log.With(zap.Error(err)).Errorf("Failed to write pcrs to YAML")
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
+	log.With(zap.String("node", nodeName)).With(zap.Any("pcrs", pcrs)).Infof("Received PCRs from node")
 }

 // listAll returns a list of all active peers.
--- a/hack/qemu-metadata-api/server/server_test.go
+++ b/hack/qemu-metadata-api/server/server_test.go
@ -18,9 +18,7 @@ import (

 	"github.com/edgelesssys/constellation/hack/qemu-metadata-api/virtwrapper"
 	"github.com/edgelesssys/constellation/internal/cloud/metadata"
-	"github.com/edgelesssys/constellation/internal/file"
 	"github.com/edgelesssys/constellation/internal/logger"
-	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"libvirt.org/go/libvirt"
@ -73,7 +71,7 @@ func TestListAll(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			assert := assert.New(t)

-			server := New(logger.NewTest(t), tc.connect, file.Handler{})
+			server := New(logger.NewTest(t), tc.connect)

 			res, err := server.listAll()

@ -150,7 +148,7 @@ func TestListSelf(t *testing.T) {
 			assert := assert.New(t)
 			require := require.New(t)

-			server := New(logger.NewTest(t), tc.connect, file.Handler{})
+			server := New(logger.NewTest(t), tc.connect)

 			req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, "http://192.0.0.1/self", nil)
 			require.NoError(err)
@ -212,7 +210,7 @@ func TestListPeers(t *testing.T) {
 			assert := assert.New(t)
 			require := require.New(t)

-			server := New(logger.NewTest(t), tc.connect, file.Handler{})
+			server := New(logger.NewTest(t), tc.connect)

 			req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, "http://192.0.0.1/peers", nil)
 			require.NoError(err)
@ -267,7 +265,7 @@ func TestPostLog(t *testing.T) {
 			assert := assert.New(t)
 			require := require.New(t)

-			server := New(logger.NewTest(t), &stubConnect{}, file.NewHandler(afero.NewMemMapFs()))
+			server := New(logger.NewTest(t), &stubConnect{})

 			req, err := http.NewRequestWithContext(context.Background(), tc.method, "http://192.0.0.1/logs", tc.message)
 			require.NoError(err)
@ -347,8 +345,7 @@ func TestExportPCRs(t *testing.T) {
 			assert := assert.New(t)
 			require := require.New(t)

-			file := file.NewHandler(afero.NewMemMapFs())
-			server := New(logger.NewTest(t), tc.connect, file)
+			server := New(logger.NewTest(t), tc.connect)

 			req, err := http.NewRequestWithContext(context.Background(), tc.method, "http://192.0.0.1/pcrs", strings.NewReader(tc.message))
 			require.NoError(err)
@ -363,9 +360,6 @@ func TestExportPCRs(t *testing.T) {
 			}

 			assert.Equal(http.StatusOK, w.Code)
-			output, err := file.Read(exportedPCRsDir + tc.connect.network.leases[0].Hostname + "_pcrs.json")
-			require.NoError(err)
-			assert.JSONEq(tc.message, string(output))
 		})
 	}
 }
--- a/terraform/libvirt/README.md
+++ b/terraform/libvirt/README.md
@ -13,7 +13,6 @@ See [variables.tf](./variables.tf) for a description of all available variables.
 ```tfvars
 constellation_coreos_image="/path/to/image.qcow2"
 # optional other vars, uncomment and change as needed
-# metadata_api_log_dir="path/to/folder/for/metadata"
 # control_plane_count=3
 # worker_count=2
 # vcpus=2
--- a/terraform/libvirt/main.tf
+++ b/terraform/libvirt/main.tf
@ -39,11 +39,6 @@ resource "docker_container" "qemu-metadata" {
    target = "/var/run/libvirt/libvirt-sock"
    type   = "bind"
  }
-  mounts {
-    source = var.metadata_api_log_dir
-    target = "/pcrs"
-    type   = "bind"
-  }
 }

 module "control_plane" {
--- a/terraform/libvirt/variables.tf
+++ b/terraform/libvirt/variables.tf
@ -51,8 +51,3 @@ variable "machine" {
  default     = "q35"
  description = "machine type. use 'q35' for secure boot and 'pc' for non secure boot. See 'qemu-system-x86_64 -machine help'"
 }
-
-variable "metadata_api_log_dir" {
-  type = string
-  description = "directory to store metadata log files. This must be an absolute path"
-}