Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aa/cdh: make agent-config path configurable by env #429

Merged
merged 1 commit into from
Jan 11, 2024
Merged

aa/cdh: make agent-config path configurable by env #429

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 19 additions & 9 deletions attestation-agent/lib/src/token.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,13 @@
// SPDX-License-Identifier: Apache-2.0
//

use anyhow::{anyhow, Result};
use anyhow::{anyhow, Context, Result};
use kbs_protocol::{evidence_provider::NativeEvidenceProvider, KbsClientBuilder};
use log::debug;
use serde::{Deserialize, Serialize};
use std::env;
use std::path::Path;
use std::sync::OnceLock;
use tokio::fs;

const PEER_POD_CONFIG_PATH: &str = "/run/peerpod/daemon.json";
Expand All @@ -17,6 +20,8 @@ struct Message {
tee_keypair: String,
}

static KATA_AGENT_CONFIG_PATH: OnceLock<String> = OnceLock::new();

pub(crate) async fn get_kbs_token() -> Result<Vec<u8>> {
let evidence_provider = Box::new(NativeEvidenceProvider::new()?);

Expand Down Expand Up @@ -73,15 +78,20 @@ pub(crate) async fn get_kbc_params_from_config_file() -> Result<String> {
aa_kbc_params: Option<String>,
}

// Hard-code agent config path to "/etc/agent-config.toml" as a workaround
let agent_config_str = fs::read_to_string("/etc/agent-config.toml")
// check env for KATA_AGENT_CONFIG_PATH, fall back to default path
let path: &String = KATA_AGENT_CONFIG_PATH.get_or_init(|| {
env::var("KATA_AGENT_CONFIG_PATH").unwrap_or_else(|_| "/etc/agent-config.toml".into())
mkulke marked this conversation as resolved.
Show resolved Hide resolved
});

debug!("reading agent config from {}", path);
let agent_config_str = fs::read_to_string(path)
.await
.map_err(|e| anyhow!("Failed to read /etc/agent-config.toml file: {e}"))?;
.context(format!("Failed to read {path}"))?;

let agent_config: AgentConfig = toml::from_str(&agent_config_str)
.map_err(|e| anyhow!("Failed to deserialize /etc/agent-config.toml: {e}"))?;
let agent_config: AgentConfig =
toml::from_str(&agent_config_str).context(format!("Failed to deserialize {path}"))?;

agent_config.aa_kbc_params.ok_or(anyhow!(
"no `aa_kbc_params` found in /etc/agent-config.toml!",
))
agent_config
.aa_kbc_params
.ok_or(anyhow!("no `aa_kbc_params` found in {path}!"))
}
37 changes: 23 additions & 14 deletions confidential-data-hub/kms/src/plugins/kbs/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,20 @@ use std::sync::Arc;

use async_trait::async_trait;
use lazy_static::lazy_static;
use log::debug;
pub use resource_uri::ResourceUri;
use serde::Deserialize;
use std::fs;
use std::path::Path;
use std::sync::OnceLock;
use std::{env, fs};
use tokio::sync::Mutex;

use crate::{Annotations, Error, Getter, Result};

const PEER_POD_CONFIG_PATH: &str = "/run/peerpod/daemon.json";

static KATA_AGENT_CONFIG_PATH: OnceLock<String> = OnceLock::new();

enum RealClient {
#[cfg(feature = "kbs")]
Cc(cc_kbc::CcKbc),
Expand Down Expand Up @@ -145,25 +149,30 @@ async fn get_aa_params_from_config_file() -> Result<(String, String)> {
aa_kbc_params: Option<String>,
}

// Hard-code agent config path to "/etc/agent-config.toml" as a workaround
let agent_config_str = fs::read_to_string("/etc/agent-config.toml").map_err(|e| {
Error::KbsClientError(format!("Failed to read /etc/agent-config.toml file: {e}"))
})?;
// check env for KATA_AGENT_CONFIG_PATH, fall back to default path
let path: &String = KATA_AGENT_CONFIG_PATH.get_or_init(|| {
env::var("KATA_AGENT_CONFIG_PATH").unwrap_or_else(|_| "/etc/agent-config.toml".into())
});

debug!("reading agent config from {}", path);
let agent_config_str = fs::read_to_string(path)
.map_err(|e| Error::KbsClientError(format!("Failed to read {path} file: {e}")))?;

let agent_config: AgentConfig = toml::from_str(&agent_config_str).map_err(|e| {
Error::KbsClientError(format!("Failed to deserialize /etc/agent-config.toml: {e}"))
})?;
let agent_config: AgentConfig = toml::from_str(&agent_config_str)
.map_err(|e| Error::KbsClientError(format!("Failed to deserialize {path}: {e}")))?;

let aa_kbc_params = agent_config.aa_kbc_params.ok_or(Error::KbsClientError(
"no `aa_kbc_params` found in /etc/agent-config.toml".into(),
))?;
let aa_kbc_params = agent_config
.aa_kbc_params
.ok_or(Error::KbsClientError(format!(
"no `aa_kbc_params` found in {path}"
)))?;

let aa_kbc_params_vec = aa_kbc_params.split("::").collect::<Vec<&str>>();

if aa_kbc_params_vec.len() != 2 {
return Err(Error::KbsClientError(
"Illegal `aa_kbc_params` format provided in /etc/agent-config.toml.".to_string(),
));
return Err(Error::KbsClientError(format!(
"Illegal `aa_kbc_params` format provided in {path}."
)));
}

Ok((
Expand Down
Loading