Daniel Weiße 3467df6b69 Move attestation, atls and oid packages to internal directory
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-08 17:17:06 +02:00

108 lines
2.7 KiB
Go

package main
import (
"context"
"flag"
"fmt"
"log"
"os"
"path/filepath"
"strings"
"time"
azurecloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/azure"
gcpcloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/gcp"
"github.com/edgelesssys/constellation/coordinator/core"
"github.com/edgelesssys/constellation/internal/attestation/azure"
"github.com/edgelesssys/constellation/internal/attestation/gcp"
"github.com/edgelesssys/constellation/internal/attestation/qemu"
"github.com/edgelesssys/constellation/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/state/keyservice"
"github.com/edgelesssys/constellation/state/mapper"
"github.com/edgelesssys/constellation/state/setup"
"github.com/spf13/afero"
)
const (
gcpStateDiskPath = "/dev/disk/by-id/google-state-disk"
azureStateDiskPath = "/dev/disk/azure/scsi1/lun0"
qemuStateDiskPath = "/dev/vda"
)
var csp = flag.String("csp", "", "Cloud Service Provider the image is running on")
func main() {
flag.Parse()
log.Printf("Starting disk-mapper for csp %q\n", *csp)
// set up metadata API and quote issuer for aTLS connections
var err error
var diskPathErr error
var diskPath string
var issuer core.QuoteIssuer
var metadata core.ProviderMetadata
switch strings.ToLower(*csp) {
case "azure":
diskPath, diskPathErr = filepath.EvalSymlinks(azureStateDiskPath)
metadata, err = azurecloud.NewMetadata(context.Background())
if err != nil {
exit(err)
}
issuer = azure.NewIssuer()
case "gcp":
diskPath, diskPathErr = filepath.EvalSymlinks(gcpStateDiskPath)
issuer = gcp.NewIssuer()
gcpClient, err := gcpcloud.NewClient(context.Background())
if err != nil {
exit(err)
}
metadata = gcpcloud.New(gcpClient)
case "qemu":
diskPath = qemuStateDiskPath
issuer = qemu.NewIssuer()
fmt.Fprintf(os.Stderr, "warning: cloud services are not supported for csp %q\n", *csp)
metadata = &core.ProviderMetadataFake{}
default:
diskPathErr = fmt.Errorf("csp %q is not supported by Constellation", *csp)
}
if diskPathErr != nil {
exit(fmt.Errorf("unable to determine state disk path: %w", diskPathErr))
}
// initialize device mapper
mapper, err := mapper.New(diskPath)
if err != nil {
exit(err)
}
defer mapper.Close()
setupManger := setup.New(
*csp,
afero.Afero{Fs: afero.NewOsFs()},
keyservice.New(issuer, metadata, 20*time.Second), // try to request a key every 20 seconds
mapper,
setup.DiskMounter{},
vtpm.OpenVTPM,
)
// prepare the state disk
if mapper.IsLUKSDevice() {
err = setupManger.PrepareExistingDisk()
} else {
err = setupManger.PrepareNewDisk()
}
exit(err)
}
func exit(err error) {
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
os.Exit(0)
}