API changes

fortanix · Nov 29, 2024 · 028f982 · 028f982
1 parent 5ba09c9
commit 028f982
Show file tree

Hide file tree

Showing 14 changed files with 341 additions and 176 deletions.
diff --git a/ENV_VARS.md b/ENV_VARS.md
@@ -9,8 +9,6 @@ Format used to describe the variables - key name -- description -- example (opti
 The following list of variables are used while running the converted salmiac image.
 
 ##### Filesystem related variables
-- FS_DSM_ENDPOINT - Override the default value of DSM_ENDPOINT used for filesystem persistence.
-  The default value is "https://amer.smartkey.io/"
 - FS_API_KEY - API key used for authenticating with DSM if the salmiac app is not converted with app
   certs enabled.
 

diff --git a/api-model/src/converter.rs b/api-model/src/converter.rs
@@ -174,6 +174,12 @@ pub struct ConverterOptions {
     /// filesystem persistance
     #[cfg_attr(feature = "serde", serde(default = "default_to_false"))]
     pub enable_overlay_filesystem_persistence: Option<bool>,
+
+    #[cfg_attr(feature = "serde", serde(skip_serializing_if = "Option::is_none"))]
+    pub ccm_configuration: Option<CcmConfiguration>,
+
+    #[cfg_attr(feature = "serde", serde(skip_serializing_if = "Option::is_none"))]
+    pub dsm_configuration: Option<DsmConfiguration>
 }
 
 #[cfg(feature = "serde")]
@@ -274,3 +280,33 @@ impl CertificateConfig {
         }
     }
 }
+
+/// Describes the information required to access CCM
+#[derive(Clone, Eq, PartialEq, Debug)]
+#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
+pub struct CcmConfiguration {
+    pub ccm_url: String,
+}
+
+impl Default for CcmConfiguration {
+    fn default() -> Self {
+        CcmConfiguration {
+            ccm_url: "ccm.fortanix.com:443".to_string(),
+        }
+    }
+}
+
+/// Describes the information required to access DSM
+#[derive(Clone, Eq, PartialEq, Debug)]
+#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
+pub struct DsmConfiguration {
+    pub dsm_url: String,
+}
+
+impl Default for DsmConfiguration {
+    fn default() -> Self {
+        DsmConfiguration {
+            dsm_url: "https://apps.amer.smartkey.io/".to_string(),
+        }
+    }
+}
diff --git a/api-model/src/enclave.rs b/api-model/src/enclave.rs
@@ -7,7 +7,7 @@
 #[cfg(feature = "serde")]
 use serde::{Deserialize, Serialize};
 
-use crate::converter::CertificateConfig;
+use crate::converter::{CertificateConfig, DsmConfiguration};
 
 use std::ops::Deref;
 
@@ -26,6 +26,10 @@ pub struct EnclaveManifest {
     pub env_vars: Vec<String>,
 
     pub enable_overlay_filesystem_persistence: bool,
+
+    pub ccm_backend_url: CcmBackendUrl,
+
+    pub dsm_configuration: DsmConfiguration,
 }
 
 #[derive(Debug)]
@@ -116,4 +120,39 @@ impl From<&str> for User {
             User(value.to_string())
         }
     }
+}
+
+#[derive(Debug, Clone, Eq, PartialEq)]
+#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
+pub struct CcmBackendUrl {
+    pub host: String,
+
+    pub port: u16,
+}
+
+impl CcmBackendUrl {
+    pub fn new(url: &str) -> Result<Self, String> {
+        let split: Vec<_> = url.split(":").collect();
+
+        if split.len() != 2 {
+            return Err("ccm_url should be in format <ip address>:<port>".to_string());
+        }
+
+        match split[1].parse::<u16>() {
+            Err(err) => Err(format!("ccm_url port should be a number. {:?}", err)),
+            Ok(port) => Ok(CcmBackendUrl {
+                host: split[0].to_string(),
+                port,
+            }),
+        }
+    }
+}
+
+impl Default for CcmBackendUrl {
+    fn default() -> Self {
+        CcmBackendUrl {
+            host: "ccm.fortanix.com".to_string(),
+            port: 443,
+        }
+    }
 }
diff --git a/tools/container-converter/Cargo.lock b/tools/container-converter/Cargo.lock
diff --git a/tools/container-converter/Cargo.toml b/tools/container-converter/Cargo.toml
@@ -29,6 +29,8 @@ tar = { git = "https://github.com/alexcrichton/tar-rs" }
 tempfile = "3.2.0"
 tokio = { version = "1.0.1", features = ["macros", "rt"] }
 toml = "0.5.8"
+url = "2.2.2"
+lazy_static = "1.4.0"
 
 [dev-dependencies]
 chrono = "0.4.22"
diff --git a/tools/container-converter/src/image_builder/enclave.rs b/tools/container-converter/src/image_builder/enclave.rs
@@ -4,8 +4,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-use api_model::enclave::{EnclaveManifest, FileSystemConfig, UserConfig};
-use api_model::converter::{ConverterOptions, CertificateConfig};
+use api_model::enclave::{EnclaveManifest, FileSystemConfig, UserConfig, CcmBackendUrl};
+use api_model::converter::{ConverterOptions, CertificateConfig, DsmConfiguration};
 use docker_image_reference::Reference as DockerReference;
 use log::{info, debug, warn};
 use nix::unistd::chown;
@@ -86,15 +86,19 @@ pub(crate) fn get_image_env(input_image: &ImageWithDetails<'_>, converter_option
     }
     result
 }
-
+#[derive(Debug, Eq, PartialEq)]
 pub(crate) struct EnclaveSettings {
     user_name: String,
 
     pub(crate) env_vars: Vec<String>,
 
     is_debug: bool,
 
-    enable_overlay_filesystem_persistence: bool
+    enable_overlay_filesystem_persistence: bool,
+
+    ccm_backend_url: CcmBackendUrl,
+
+    dsm_configuration: DsmConfiguration
 }
 
 impl EnclaveSettings {
@@ -103,7 +107,9 @@ impl EnclaveSettings {
             user_name: input_image.details.config.user.clone(),
             env_vars: vec![rust_log_env_var("enclave")],
             is_debug: converter_options.debug.unwrap_or(false),
-            enable_overlay_filesystem_persistence: converter_options.enable_overlay_filesystem_persistence.unwrap_or(false)
+            enable_overlay_filesystem_persistence: converter_options.enable_overlay_filesystem_persistence.unwrap_or(false),
+            ccm_backend_url: CcmBackendUrl::new(converter_options.ccm_configuration.clone().unwrap_or_default().ccm_url.as_str()).unwrap_or_default(),
+            dsm_configuration: converter_options.dsm_configuration.clone().unwrap_or_default()
         }
     }
 }
@@ -152,6 +158,8 @@ impl<'a> EnclaveImageBuilder<'a> {
     ) -> Result<NitroEnclaveMeasurements> {
         let is_debug = enclave_settings.is_debug;
         let enable_overlay_filesystem_persistence = enclave_settings.enable_overlay_filesystem_persistence;
+        let ccm_backend_url = enclave_settings.ccm_backend_url.clone();
+        let dsm_configuration = enclave_settings.dsm_configuration.clone();
 
         let build_context = BuildContext::new(&self.dir.path()).map_err(|message| ConverterError {
             message,
@@ -172,7 +180,9 @@ impl<'a> EnclaveImageBuilder<'a> {
             file_system_config,
             is_debug,
             env_vars,
-            enable_overlay_filesystem_persistence
+            enable_overlay_filesystem_persistence,
+            ccm_backend_url,
+            dsm_configuration,
         };
 
         self.create_manifest_file(enclave_manifest, &build_context)?;

diff --git a/tools/container-converter/src/image_builder/mod.rs b/tools/container-converter/src/image_builder/mod.rs
@@ -184,7 +184,9 @@ mod tests {
             push_converted_image: None,
             env_vars: vec![],
             java_mode: None,
-            enable_overlay_filesystem_persistence: None
+            enable_overlay_filesystem_persistence: None,
+            ccm_configuration: None,
+            dsm_configuration: None,
         };
 
         let mut test = |input_image_env_vars: Option<Vec<String>>,