feat: Add possibility to pass env vars to enclave (#1134)

## Description:
<!-- Describe this change, how it works, and the motivation behind it.
-->

## Is this change user facing?
NO
<!-- If yes, please add the "user facing" label to the PR -->
<!-- If yes, don't forget to include docs changes where relevant -->

## References (if applicable):
<!-- Add relevant Github Issues, Discord threads, or other helpful
information. -->

cli/cli/commands/cloud/load/load.go

@@ -95,9 +95,18 @@ func run(ctx context.Context, _ *flags.ParsedFlags, args *args.ParsedArgs) error
 	if err != nil {
 		return stacktrace.Propagate(err, "While attempting to reload the context with uuid %s an error occurred while removing it from the context store", parsedContext.Uuid)
 	}
-	if add.AddContext(parsedContext) != nil {
+	if add.AddContext(parsedContext, assembleEnvVars(result)) != nil {
 		return stacktrace.Propagate(err, "Unable to add context to context store")
 	}
 	contextIdentifier := parsedContext.GetName()
 	return context_switch.SwitchContext(ctx, contextIdentifier)
 }
+
+func assembleEnvVars(cloudInstanceConfig *api.GetCloudInstanceConfigResponse) *string {
+	if cloudInstanceConfig.GetUserKey() == nil {
+		return nil
+	}
+	envVars := fmt.Sprintf(`{"AWS_ACCESS_KEY_ID": %q, "AWS_SECRET_ACCESS_KEY": %q, "USER_ID": %q}`,
+		cloudInstanceConfig.GetUserKey().GetId(), cloudInstanceConfig.GetUserKey().GetSecret(), cloudInstanceConfig.UserId)
+	return &envVars
+}

cli/cli/commands/kurtosis_context/add/add.go

@@ -7,6 +7,7 @@ import (
 	"github.com/kurtosis-tech/kurtosis/cli/cli/command_framework/lowlevel/args"
 	"github.com/kurtosis-tech/kurtosis/cli/cli/command_framework/lowlevel/flags"
 	"github.com/kurtosis-tech/kurtosis/cli/cli/command_str_consts"
+	"github.com/kurtosis-tech/kurtosis/contexts-config-store/api/golang"
 	"github.com/kurtosis-tech/kurtosis/contexts-config-store/api/golang/generated"
 	"github.com/kurtosis-tech/kurtosis/contexts-config-store/store"
 	"github.com/kurtosis-tech/stacktrace"
@@ -51,15 +52,30 @@ func run(_ context.Context, _ *flags.ParsedFlags, args *args.ParsedArgs) error {
 	if err != nil {
 		return stacktrace.Propagate(err, "Unable to read content of context file at '%s'", contextFilePath)
 	}
-	return AddContext(newContextToAdd)
+	return AddContext(newContextToAdd, nil)
 }
 
-func AddContext(newContextToAdd *generated.KurtosisContext) error {
+func AddContext(newContextToAdd *generated.KurtosisContext, envVars *string) error {
 	logrus.Infof("Adding new context '%s'", newContextToAdd.GetName())
 	contextsConfigStore := store.GetContextsConfigStore()
-	if err := contextsConfigStore.AddNewContext(newContextToAdd); err != nil {
+	var enrichedContextData *generated.KurtosisContext
+	if envVars != nil && *envVars != "" {
+		enrichedContextData = golang.NewRemoteV0Context(
+			newContextToAdd.GetUuid(),
+			newContextToAdd.GetName(),
+			newContextToAdd.GetRemoteContextV0().GetHost(),
+			newContextToAdd.GetRemoteContextV0().GetRemotePortalPort(),
+			newContextToAdd.GetRemoteContextV0().GetKurtosisBackendPort(),
+			newContextToAdd.GetRemoteContextV0().GetTunnelPort(),
+			newContextToAdd.GetRemoteContextV0().GetTlsConfig(),
+			envVars,
+		)
+	} else {
+		enrichedContextData = newContextToAdd
+	}
+	if err := contextsConfigStore.AddNewContext(enrichedContextData); err != nil {
 		return stacktrace.Propagate(err, "New context '%s' with UUID '%s' could not be added to the list of "+
-			"contexts already configured", newContextToAdd.GetName(), newContextToAdd.GetUuid().GetValue())
+			"contexts already configured", enrichedContextData.GetName(), enrichedContextData.GetUuid().GetValue())
 	}
 	logrus.Info("Context successfully added")
 	return nil

cli/cli/helpers/engine_manager/engine_existence_guarantor.go

@@ -67,6 +67,8 @@ type engineExistenceGuarantor struct {
 	onBastionHost bool
 
 	poolSize uint8
+
+	enclaveEnvVars string
 }
 
 func newEngineExistenceGuarantorWithDefaultVersion(
@@ -80,6 +82,7 @@ func newEngineExistenceGuarantorWithDefaultVersion(
 	kurtosisClusterType resolved_config.KurtosisClusterType,
 	onBastionHost bool,
 	poolSize uint8,
+	enclaveEnvVars string,
 ) *engineExistenceGuarantor {
 	return newEngineExistenceGuarantorWithCustomVersion(
 		ctx,
@@ -93,6 +96,7 @@ func newEngineExistenceGuarantorWithDefaultVersion(
 		kurtosisClusterType,
 		onBastionHost,
 		poolSize,
+		enclaveEnvVars,
 	)
 }
 
@@ -108,6 +112,7 @@ func newEngineExistenceGuarantorWithCustomVersion(
 	kurtosisClusterType resolved_config.KurtosisClusterType,
 	onBastionHost bool,
 	poolSize uint8,
+	enclaveEnvVars string,
 ) *engineExistenceGuarantor {
 	return &engineExistenceGuarantor{
 		ctx:                                  ctx,
@@ -123,6 +128,7 @@ func newEngineExistenceGuarantorWithCustomVersion(
 		kurtosisClusterType:                       kurtosisClusterType,
 		onBastionHost:                             onBastionHost,
 		poolSize:                                  poolSize,
+		enclaveEnvVars:                            enclaveEnvVars,
 	}
 }
 
@@ -151,6 +157,7 @@ func (guarantor *engineExistenceGuarantor) VisitStopped() error {
 			guarantor.engineServerKurtosisBackendConfigSupplier,
 			guarantor.onBastionHost,
 			guarantor.poolSize,
+			guarantor.enclaveEnvVars,
 		)
 	} else {
 		_, _, engineLaunchErr = guarantor.engineServerLauncher.LaunchWithCustomVersion(
@@ -163,6 +170,7 @@ func (guarantor *engineExistenceGuarantor) VisitStopped() error {
 			guarantor.engineServerKurtosisBackendConfigSupplier,
 			guarantor.onBastionHost,
 			guarantor.poolSize,
+			guarantor.enclaveEnvVars,
 		)
 	}
 	if engineLaunchErr != nil {

cli/cli/helpers/engine_manager/engine_manager.go

@@ -41,6 +41,7 @@ type EngineManager struct {
 	engineServerKurtosisBackendConfigSupplier engine_server_launcher.KurtosisBackendConfigSupplier
 	clusterConfig                             *resolved_config.KurtosisClusterConfig
 	onBastionHost                             bool
+	enclaveEnvVars                            string
 	// Make engine IP, port, and protocol configurable in the future
 }
 
@@ -84,19 +85,22 @@ func NewEngineManager(ctx context.Context) (*EngineManager, error) {
 	engineBackendConfigSupplier := clusterConfig.GetEngineBackendConfigSupplier()
 
 	onBastionHost := false
+	var enclaveEnvVars string
 	currentContext, _ := store.GetContextsConfigStore().GetCurrentContext()
 	if currentContext != nil {
 		if store.IsRemote(currentContext) {
 			onBastionHost = true
+			enclaveEnvVars = currentContext.GetRemoteContextV0().GetEnvVars()
 		}
 	}
 
 	return &EngineManager{
 		kurtosisBackend:   kurtosisBackend,
 		shouldSendMetrics: kurtosisConfig.GetShouldSendMetrics(),
 		engineServerKurtosisBackendConfigSupplier: engineBackendConfigSupplier,
-		clusterConfig: clusterConfig,
-		onBastionHost: onBastionHost,
+		clusterConfig:  clusterConfig,
+		onBastionHost:  onBastionHost,
+		enclaveEnvVars: enclaveEnvVars,
 	}, nil
 }
 
@@ -186,6 +190,7 @@ func (manager *EngineManager) StartEngineIdempotentlyWithDefaultVersion(ctx cont
 		clusterType,
 		manager.onBastionHost,
 		poolSize,
+		manager.enclaveEnvVars,
 	)
 	// TODO Need to handle the Kubernetes case, where a gateway needs to be started after the engine is started but
 	//  before we can return an EngineClient
@@ -216,6 +221,7 @@ func (manager *EngineManager) StartEngineIdempotentlyWithCustomVersion(ctx conte
 		clusterType,
 		manager.onBastionHost,
 		poolSize,
+		manager.enclaveEnvVars,
 	)
 	engineClient, engineClientCloseFunc, err := manager.startEngineWithGuarantor(ctx, status, engineGuarantor)
 	if err != nil {

contexts-config-store/api/golang/contexts_config_constructors.go

@@ -24,3 +24,29 @@ func NewLocalOnlyContext(uuid *generated.ContextUuid, name string) *generated.Ku
 		},
 	}
 }
+
+func NewRemoteV0Context(
+	uuid *generated.ContextUuid,
+	name string,
+	host string,
+	remotePortalPort uint32,
+	kurtosisBackendPort uint32,
+	tunnelPort uint32,
+	tlsConfig *generated.TlsConfig,
+	envVars *string,
+) *generated.KurtosisContext {
+	return &generated.KurtosisContext{
+		Uuid: uuid,
+		Name: name,
+		KurtosisContextInfo: &generated.KurtosisContext_RemoteContextV0{
+			RemoteContextV0: &generated.RemoteContextV0{
+				Host:                host,
+				RemotePortalPort:    remotePortalPort,
+				KurtosisBackendPort: kurtosisBackendPort,
+				TunnelPort:          tunnelPort,
+				TlsConfig:           tlsConfig,
+				EnvVars:             envVars,
+			},
+		},
+	}
+}

contexts-config-store/api/protobuf/contexts_config.proto

@@ -48,6 +48,8 @@ message RemoteContextV0 {
 
   // TLS config to use to connect to remote Kurtosis. If absent, HTTP will be used
   optional TlsConfig tls_config = 5;
+
+  optional string env_vars = 6;
 }
 
 message TlsConfig {

contexts-config-store/store/serde/kurtosis_context_test.go

@@ -37,6 +37,7 @@ var (
 					ClientCertificate:    []byte(fakeCert),
 					ClientKey:            []byte(fakeKey),
 				},
+				EnvVars: new(string),
 			},
 		},
 	}
@@ -55,7 +56,8 @@ var (
 			"certificateAuthority":"ZmFrZS1jYQ==",
 			"clientCertificate":"ZmFrZS1jZXJ0", 
 			"clientKey":"ZmFrZS1rZXk="
-		}
+		},
+		"envVars": ""
 	}
 }`
 )

core/launcher/api_container_launcher/api_container_launcher.go

@@ -37,6 +37,7 @@ func (launcher ApiContainerLauncher) LaunchWithDefaultVersion(
 	enclaveId enclave.EnclaveUUID,
 	grpcListenPort uint16,
 	backendConfigSupplier KurtosisBackendConfigSupplier,
+	enclaveEnvVars string,
 ) (
 	resultApiContainer *api_container.APIContainer,
 	resultErr error,
@@ -48,6 +49,7 @@ func (launcher ApiContainerLauncher) LaunchWithDefaultVersion(
 		enclaveId,
 		grpcListenPort,
 		backendConfigSupplier,
+		enclaveEnvVars,
 	)
 	if err != nil {
 		return nil, stacktrace.Propagate(err, "An error occurred launching the API container with default version tag '%v'", kurtosis_version.KurtosisVersion)
@@ -62,6 +64,7 @@ func (launcher ApiContainerLauncher) LaunchWithCustomVersion(
 	enclaveUuid enclave.EnclaveUUID,
 	grpcPortNum uint16,
 	backendConfigSupplier KurtosisBackendConfigSupplier,
+	enclaveEnvVars string,
 ) (
 	resultApiContainer *api_container.APIContainer,
 	resultErr error,
@@ -75,6 +78,7 @@ func (launcher ApiContainerLauncher) LaunchWithCustomVersion(
 		enclaveDataVolumeDirpath,
 		kurtosisBackendType,
 		kurtosisBackendConfig,
+		enclaveEnvVars,
 	)
 	if err != nil {
 		return nil, stacktrace.Propagate(err, "An error occurred creating the API container args")

core/launcher/args/api_container_args.go

@@ -34,6 +34,8 @@ type APIContainerArgs struct {
 
 	// Should be deserialized differently depending on value of KurtosisBackendType
 	KurtosisBackendConfig interface{} `json:"kurtosisBackendConfig"`
+
+	EnclaveEnvVars string `json:"enclaveEnvVars"`
 }
 
 func (args *APIContainerArgs) UnmarshalJSON(data []byte) error {
@@ -78,6 +80,7 @@ func NewAPIContainerArgs(
 	enclaveDataVolumeDirpath string,
 	kurtosisBackendType KurtosisBackendType,
 	kurtosisBackendConfig interface{},
+	enclaveEnvVars string,
 ) (*APIContainerArgs, error) {
 	result := &APIContainerArgs{
 		Version:                  version,
@@ -87,6 +90,7 @@ func NewAPIContainerArgs(
 		EnclaveDataVolumeDirpath: enclaveDataVolumeDirpath,
 		KurtosisBackendType:      kurtosisBackendType,
 		KurtosisBackendConfig:    kurtosisBackendConfig,
+		EnclaveEnvVars:           enclaveEnvVars,
 	}
 
 	if err := result.validate(); err != nil {

core/server/api_container/main.go

@@ -164,7 +164,7 @@ func runMain() error {
 	runtimeValueStore := runtime_value_store.NewRuntimeValueStore()
 	// TODO: Consolidate Interpreter, Validator and Executor into a single interface
 	startosisRunner := startosis_engine.NewStartosisRunner(
-		startosis_engine.NewStartosisInterpreter(serviceNetwork, gitPackageContentProvider, runtimeValueStore),
+		startosis_engine.NewStartosisInterpreter(serviceNetwork, gitPackageContentProvider, runtimeValueStore, serverArgs.EnclaveEnvVars),
 		startosis_engine.NewStartosisValidator(&kurtosisBackend, serviceNetwork, filesArtifactStore),
 		startosis_engine.NewStartosisExecutor(runtimeValueStore))