Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
064151a956
constellation/kms/server/cmd/main.go
Christoph Meyer db5468a886 Deploy KMS server image in Constellation 
Add image pull secret for ghcr.io
2022-05-31 11:13:26 +02:00

76 lines
2.1 KiB
Go
Raw Blame History

package main
import (
"context"
"errors"
"flag"
"fmt"
"log"
"net"
"github.com/edgelesssys/constellation/internal/constants"
"github.com/edgelesssys/constellation/internal/file"
"github.com/edgelesssys/constellation/kms/server/kmsapi"
"github.com/edgelesssys/constellation/kms/server/kmsapi/kmsproto"
"github.com/edgelesssys/constellation/kms/server/setup"
"github.com/spf13/afero"
"go.uber.org/zap"
"google.golang.org/grpc"
)
func main() {
port := flag.String("p", "9000", "Port gRPC server listens on")
masterSecretPath := flag.String("master-secret", "/constellation/constellation-mastersecret.base64", "Path to the Constellation master secret")
flag.Parse()
masterKey, err := readMainSecret(*masterSecretPath)
if err != nil {
log.Fatalf("Failed to read master secret: %v", err)
}
conKMS, err := setup.SetUpKMS(context.Background(), setup.NoStoreURI, setup.ClusterKMSURI)
if err != nil {
log.Fatalf("Failed to setup KMS: %v", err)
}
if err := conKMS.CreateKEK(context.Background(), "Constellation", masterKey); err != nil {
log.Fatalf("Failed to create KMS KEK from MasterKey: %v", err)
}
lis, err := net.Listen("tcp", net.JoinHostPort("0.0.0.0", *port))
if err != nil {
log.Fatalf("Failed to listen: %v", err)
}
srv := kmsapi.New(&zap.Logger{}, conKMS)
// TODO: Launch server with aTLS to allow attestation for clients.
grpcServer := grpc.NewServer()
kmsproto.RegisterAPIServer(grpcServer, srv)
if err := grpcServer.Serve(lis); err != nil {
log.Fatalf("Failed to serve: %s", err)
}
}
// readMainSecret reads the base64 encoded main secret file from specified path and returns the secret as bytes.
func readMainSecret(fileName string) ([]byte, error) {
if fileName == "" {
return nil, errors.New("no filename to master secret provided")
}
fileHandler := file.NewHandler(afero.NewOsFs())
secretBytes, err := fileHandler.Read(fileName)
if err != nil {
return nil, err
}
if len(secretBytes) < constants.MasterSecretLengthMin {
return nil, fmt.Errorf("provided master secret is smaller than the required minimum of %d bytes", constants.MasterSecretLengthMin)
}
return secretBytes, nil
}
Reference in New Issue View Git Blame Copy Permalink