mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-25 14:56:18 -05:00
Remove exporting of PCRs from QEMU metadata API (#169)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
parent
7eb245d7ee
commit
d0ba2eb6b7
@ -11,9 +11,7 @@ import (
|
||||
|
||||
"github.com/edgelesssys/constellation/hack/qemu-metadata-api/server"
|
||||
"github.com/edgelesssys/constellation/hack/qemu-metadata-api/virtwrapper"
|
||||
"github.com/edgelesssys/constellation/internal/file"
|
||||
"github.com/edgelesssys/constellation/internal/logger"
|
||||
"github.com/spf13/afero"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
"libvirt.org/go/libvirt"
|
||||
@ -31,7 +29,7 @@ func main() {
|
||||
}
|
||||
defer conn.Close()
|
||||
|
||||
serv := server.New(log, &virtwrapper.Connect{Conn: conn}, file.NewHandler(afero.NewOsFs()))
|
||||
serv := server.New(log, &virtwrapper.Connect{Conn: conn})
|
||||
if err := serv.ListenAndServe(*bindPort); err != nil {
|
||||
log.With(zap.Error(err)).Fatalf("Failed to serve")
|
||||
}
|
||||
|
@ -7,7 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-only
|
||||
package server
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
@ -17,25 +16,20 @@ import (
|
||||
|
||||
"github.com/edgelesssys/constellation/hack/qemu-metadata-api/virtwrapper"
|
||||
"github.com/edgelesssys/constellation/internal/cloud/metadata"
|
||||
"github.com/edgelesssys/constellation/internal/file"
|
||||
"github.com/edgelesssys/constellation/internal/logger"
|
||||
"github.com/edgelesssys/constellation/internal/role"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
const exportedPCRsDir = "/pcrs/"
|
||||
|
||||
type Server struct {
|
||||
log *logger.Logger
|
||||
virt virConnect
|
||||
file file.Handler
|
||||
}
|
||||
|
||||
func New(log *logger.Logger, conn virConnect, file file.Handler) *Server {
|
||||
func New(log *logger.Logger, conn virConnect) *Server {
|
||||
return &Server{
|
||||
log: log,
|
||||
virt: conn,
|
||||
file: file,
|
||||
}
|
||||
}
|
||||
|
||||
@ -187,23 +181,7 @@ func (s *Server) exportPCRs(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
// write PCRs as JSON and YAML to disk
|
||||
if err := s.file.WriteJSON(exportedPCRsDir+nodeName+"_pcrs.json", pcrs, file.OptOverwrite); err != nil {
|
||||
log.With(zap.Error(err)).Errorf("Failed to write pcrs to JSON")
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
// convert []byte to base64 encoded strings for YAML encoding
|
||||
pcrsYAML := make(map[uint32]string)
|
||||
for k, v := range pcrs {
|
||||
pcrsYAML[k] = base64.StdEncoding.EncodeToString(v)
|
||||
}
|
||||
if err := s.file.WriteYAML(exportedPCRsDir+nodeName+"_pcrs.yaml", pcrsYAML, file.OptOverwrite); err != nil {
|
||||
log.With(zap.Error(err)).Errorf("Failed to write pcrs to YAML")
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
log.With(zap.String("node", nodeName)).With(zap.Any("pcrs", pcrs)).Infof("Received PCRs from node")
|
||||
}
|
||||
|
||||
// listAll returns a list of all active peers.
|
||||
|
@ -18,9 +18,7 @@ import (
|
||||
|
||||
"github.com/edgelesssys/constellation/hack/qemu-metadata-api/virtwrapper"
|
||||
"github.com/edgelesssys/constellation/internal/cloud/metadata"
|
||||
"github.com/edgelesssys/constellation/internal/file"
|
||||
"github.com/edgelesssys/constellation/internal/logger"
|
||||
"github.com/spf13/afero"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"libvirt.org/go/libvirt"
|
||||
@ -73,7 +71,7 @@ func TestListAll(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
|
||||
server := New(logger.NewTest(t), tc.connect, file.Handler{})
|
||||
server := New(logger.NewTest(t), tc.connect)
|
||||
|
||||
res, err := server.listAll()
|
||||
|
||||
@ -150,7 +148,7 @@ func TestListSelf(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
require := require.New(t)
|
||||
|
||||
server := New(logger.NewTest(t), tc.connect, file.Handler{})
|
||||
server := New(logger.NewTest(t), tc.connect)
|
||||
|
||||
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, "http://192.0.0.1/self", nil)
|
||||
require.NoError(err)
|
||||
@ -212,7 +210,7 @@ func TestListPeers(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
require := require.New(t)
|
||||
|
||||
server := New(logger.NewTest(t), tc.connect, file.Handler{})
|
||||
server := New(logger.NewTest(t), tc.connect)
|
||||
|
||||
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, "http://192.0.0.1/peers", nil)
|
||||
require.NoError(err)
|
||||
@ -267,7 +265,7 @@ func TestPostLog(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
require := require.New(t)
|
||||
|
||||
server := New(logger.NewTest(t), &stubConnect{}, file.NewHandler(afero.NewMemMapFs()))
|
||||
server := New(logger.NewTest(t), &stubConnect{})
|
||||
|
||||
req, err := http.NewRequestWithContext(context.Background(), tc.method, "http://192.0.0.1/logs", tc.message)
|
||||
require.NoError(err)
|
||||
@ -347,8 +345,7 @@ func TestExportPCRs(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
require := require.New(t)
|
||||
|
||||
file := file.NewHandler(afero.NewMemMapFs())
|
||||
server := New(logger.NewTest(t), tc.connect, file)
|
||||
server := New(logger.NewTest(t), tc.connect)
|
||||
|
||||
req, err := http.NewRequestWithContext(context.Background(), tc.method, "http://192.0.0.1/pcrs", strings.NewReader(tc.message))
|
||||
require.NoError(err)
|
||||
@ -363,9 +360,6 @@ func TestExportPCRs(t *testing.T) {
|
||||
}
|
||||
|
||||
assert.Equal(http.StatusOK, w.Code)
|
||||
output, err := file.Read(exportedPCRsDir + tc.connect.network.leases[0].Hostname + "_pcrs.json")
|
||||
require.NoError(err)
|
||||
assert.JSONEq(tc.message, string(output))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
@ -13,7 +13,6 @@ See [variables.tf](./variables.tf) for a description of all available variables.
|
||||
```tfvars
|
||||
constellation_coreos_image="/path/to/image.qcow2"
|
||||
# optional other vars, uncomment and change as needed
|
||||
# metadata_api_log_dir="path/to/folder/for/metadata"
|
||||
# control_plane_count=3
|
||||
# worker_count=2
|
||||
# vcpus=2
|
||||
|
@ -39,11 +39,6 @@ resource "docker_container" "qemu-metadata" {
|
||||
target = "/var/run/libvirt/libvirt-sock"
|
||||
type = "bind"
|
||||
}
|
||||
mounts {
|
||||
source = var.metadata_api_log_dir
|
||||
target = "/pcrs"
|
||||
type = "bind"
|
||||
}
|
||||
}
|
||||
|
||||
module "control_plane" {
|
||||
|
@ -51,8 +51,3 @@ variable "machine" {
|
||||
default = "q35"
|
||||
description = "machine type. use 'q35' for secure boot and 'pc' for non secure boot. See 'qemu-system-x86_64 -machine help'"
|
||||
}
|
||||
|
||||
variable "metadata_api_log_dir" {
|
||||
type = string
|
||||
description = "directory to store metadata log files. This must be an absolute path"
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user