-
Notifications
You must be signed in to change notification settings - Fork 15
/
main.go
122 lines (101 loc) · 3.99 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
package main
import (
"encoding/base64"
"encoding/json"
"flag"
"fmt"
"os"
"github.com/Microsoft/confidential-sidecar-containers/pkg/attest"
"github.com/Microsoft/confidential-sidecar-containers/pkg/common"
"github.com/sirupsen/logrus"
)
type AzureInfo struct {
CertFetcher attest.CertFetcher `json:"certcache,omitempty"`
Identity common.Identity `json:"identity,omitempty"`
}
type RemoteFilesystemsInformation struct {
AzureInfo AzureInfo `json:"azure_info"`
AzureFilesystems []AzureFilesystem `json:"azure_filesystems"`
}
// AzureFilesystem contains information about a filesystem image stored in Azure
// Blob Storage.
type AzureFilesystem struct {
// This is the URL of the image
AzureUrl string `json:"azure_url"`
// This is a private AzureUrl
AzureUrlPrivate bool `json:"azure_url_private"`
// This is the path where the filesystem will be exposed in the container.
MountPoint string `json:"mount_point"`
// This is the information used by encfs to derive the encryption key of the filesystem
// if the key being released is a private RSA key
KeyDerivationBlob common.KeyDerivationBlob `json:"key_derivation,omitempty"`
// This is the information used by skr to release the encryption key of the filesystem
KeyBlob common.KeyBlob `json:"key,omitempty"`
// This is a testing key hexstring encoded to be used against the filesystem. This should
// be used only for testing.
RawKeyHexString string `json:"raw_key,omitempty"`
// This is a flag specifying if this file system is read-write
ReadWrite bool `json:"read_write,omitempty"`
}
func usage() {
fmt.Printf("Usage of %s:\n", os.Args[0])
flag.PrintDefaults()
}
func main() {
base64string := flag.String("base64", "", "base64-encoded json string with all information")
logLevel := flag.String("loglevel", "warning", "Logging Level: trace, debug, info, warning, error, fatal, panic.")
logFile := flag.String("logfile", "", "Logging Target: An optional file name/path. Omit for console output.")
flag.Usage = usage
flag.Parse()
if *logFile != "" {
// If the file doesn't exist, create it. If it exists, append to it.
file, err := os.OpenFile(*logFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
logrus.Fatal(err)
}
defer file.Close()
logrus.SetOutput(file)
}
level, err := logrus.ParseLevel(*logLevel)
if err != nil {
logrus.Fatal(err)
}
logrus.SetLevel(level)
logrus.SetFormatter(&logrus.TextFormatter{FullTimestamp: false, DisableQuote: true, DisableTimestamp: true})
logrus.Infof("Starting %s...", os.Args[0])
logrus.Infof("Args:")
logrus.Infof(" Log Level: %s", *logLevel)
logrus.Infof(" Log File: %s", *logFile)
logrus.Debugf(" base64: %s", *base64string)
logrus.Info("Creating temporary directory")
tempDir, err := os.MkdirTemp("", "remotefs")
if err != nil {
logrus.Fatalf("Failed to create temp dir: %s", err.Error())
}
logrus.Infof("Temporary directory: %s", tempDir)
// Decode information
bytes, err := base64.StdEncoding.DecodeString(*base64string)
if err != nil {
logrus.Fatalf("Failed to decode base64: %s", err.Error())
}
info := RemoteFilesystemsInformation{}
err = json.Unmarshal(bytes, &info)
if err != nil {
logrus.Fatalf("Failed to unmarshal base64 string: %s", err.Error())
}
// populate missing attributes in KeyBlob
for i, _ := range info.AzureFilesystems {
// set the api versions and the tee type for which the authority will authorize secure key release
info.AzureFilesystems[i].KeyBlob.AKV.APIVersion = "api-version=7.4"
info.AzureFilesystems[i].KeyBlob.Authority.APIVersion = "api-version=2020-10-01"
info.AzureFilesystems[i].KeyBlob.Authority.TEEType = "SevSnpVM"
}
logrus.Debugf("JSON = %+v", info)
err = MountAzureFilesystems(tempDir, info)
if err != nil {
logrus.Fatalf("Failed to mount filesystems: %s", err.Error())
}
os.Exit(0)
}