mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-12 17:34:28 -05:00
b10b13b173
* Add test logger * Refactor access manager logging * Refactor activation service logging * Refactor debugd logging * Refactor kms server logging * Refactor disk-mapper logging Signed-off-by: Daniel Weiße <dw@edgeless.systems>
84 lines
2.6 KiB
Go
84 lines
2.6 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"flag"
|
|
"fmt"
|
|
"net"
|
|
|
|
"github.com/edgelesssys/constellation/internal/constants"
|
|
"github.com/edgelesssys/constellation/internal/file"
|
|
"github.com/edgelesssys/constellation/internal/logger"
|
|
"github.com/edgelesssys/constellation/kms/server/kmsapi"
|
|
"github.com/edgelesssys/constellation/kms/server/kmsapi/kmsproto"
|
|
"github.com/edgelesssys/constellation/kms/server/setup"
|
|
"github.com/spf13/afero"
|
|
"go.uber.org/zap"
|
|
"go.uber.org/zap/zapcore"
|
|
|
|
"google.golang.org/grpc"
|
|
)
|
|
|
|
func main() {
|
|
port := flag.String("port", "9000", "Port gRPC server listens on")
|
|
masterSecretPath := flag.String("master-secret", "/constellation/constellation-mastersecret.base64", "Path to the Constellation master secret")
|
|
|
|
flag.Parse()
|
|
|
|
log := logger.New(logger.JSONLog, zapcore.InfoLevel)
|
|
|
|
log.With(zap.String("version", constants.VersionInfo)).Infof("Constellation Key Management Service")
|
|
|
|
masterKey, err := readMainSecret(*masterSecretPath)
|
|
if err != nil {
|
|
log.With(zap.Error(err)).Fatalf("Failed to read master secret")
|
|
}
|
|
|
|
conKMS, err := setup.SetUpKMS(context.Background(), setup.NoStoreURI, setup.ClusterKMSURI)
|
|
if err != nil {
|
|
log.With(zap.Error(err)).Fatalf("Failed to setup KMS")
|
|
}
|
|
|
|
if err := conKMS.CreateKEK(context.Background(), "Constellation", masterKey); err != nil {
|
|
log.With(zap.Error(err)).Fatalf("Failed to create KMS KEK from MasterKey")
|
|
}
|
|
|
|
lis, err := net.Listen("tcp", net.JoinHostPort("", *port))
|
|
if err != nil {
|
|
log.With(zap.Error(err)).Fatalf("Failed to listen")
|
|
}
|
|
|
|
srv := kmsapi.New(log.Named("server"), conKMS)
|
|
|
|
log.Named("gRPC").WithIncreasedLevel(zapcore.WarnLevel).ReplaceGRPCLogger()
|
|
// TODO: Launch server with aTLS to allow attestation for clients.
|
|
grpcServer := grpc.NewServer(log.Named("gRPC").GetServerUnaryInterceptor())
|
|
|
|
kmsproto.RegisterAPIServer(grpcServer, srv)
|
|
|
|
log.Infof("Starting key management service on %s", lis.Addr().String())
|
|
if err := grpcServer.Serve(lis); err != nil {
|
|
log.With(zap.Error(err)).Fatalf("Failed to serve")
|
|
}
|
|
}
|
|
|
|
// readMainSecret reads the base64 encoded main secret file from specified path and returns the secret as bytes.
|
|
func readMainSecret(fileName string) ([]byte, error) {
|
|
if fileName == "" {
|
|
return nil, errors.New("no filename to master secret provided")
|
|
}
|
|
|
|
fileHandler := file.NewHandler(afero.NewOsFs())
|
|
|
|
secretBytes, err := fileHandler.Read(fileName)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if len(secretBytes) < constants.MasterSecretLengthMin {
|
|
return nil, fmt.Errorf("provided master secret is smaller than the required minimum of %d bytes", constants.MasterSecretLengthMin)
|
|
}
|
|
|
|
return secretBytes, nil
|
|
}
|