mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-09-15 13:58:55 +00:00
kata-agent: Allow unrecognized fields in InitData
To make it flexibility and extensibility This change modifies the Kata Agent's handling of `InitData` to allow for unrecognized key-value pairs. The `InitData` field now directly utilizes `HashMap<String, String>`, enabling it to carry arbitrary metadata and information that may be consumed by other components Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
This commit is contained in:
alex.lyn
23
src/agent/Cargo.lock
generated
23
src/agent/Cargo.lock
generated
@@ -1,6 +1,6 @@
|
||||
# This file is automatically @generated by Cargo.
|
||||
# It is not intended for manual editing.
|
||||
version = 3
|
||||
version = 4
|
||||
|
||||
[[package]]
|
||||
name = "addr2line"
|
||||
@@ -1199,6 +1199,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7ced92e76e966ca2fd84c8f7aa01a4aea65b0eb6648d72f7c8f3e2764a67fece"
|
||||
dependencies = [
|
||||
"crc32fast",
|
||||
"libz-sys",
|
||||
"miniz_oxide",
|
||||
]
|
||||
|
||||
@@ -2074,7 +2075,9 @@ dependencies = [
|
||||
"base64 0.13.1",
|
||||
"bitmask-enum",
|
||||
"byte-unit",
|
||||
"flate2",
|
||||
"glob",
|
||||
"hex",
|
||||
"lazy_static",
|
||||
"num_cpus",
|
||||
"oci-spec",
|
||||
@@ -2083,6 +2086,7 @@ dependencies = [
|
||||
"serde",
|
||||
"serde-enum-str",
|
||||
"serde_json",
|
||||
"sha2",
|
||||
"slog",
|
||||
"slog-scope",
|
||||
"sysinfo",
|
||||
@@ -2160,6 +2164,17 @@ version = "0.2.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9a7cbbd4ad467251987c6e5b47d53b11a5a05add08f2447a9e2d70aef1e0d138"
|
||||
|
||||
[[package]]
|
||||
name = "libz-sys"
|
||||
version = "1.1.22"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8b70e7a7df205e92a1a4cd9aaae7898dac0aa555503cc0a649494d0d60e7651d"
|
||||
dependencies = [
|
||||
"cc",
|
||||
"pkg-config",
|
||||
"vcpkg",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "linux-raw-sys"
|
||||
version = "0.3.8"
|
||||
@@ -4666,6 +4681,12 @@ version = "1.11.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "943ce29a8a743eb10d6082545d861b24f9d1b160b7d741e0f2cdf726bec909c5"
|
||||
|
||||
[[package]]
|
||||
name = "vcpkg"
|
||||
version = "0.2.15"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
|
||||
|
||||
[[package]]
|
||||
name = "version_check"
|
||||
version = "0.9.5"
|
||||
|
||||
@@ -15,7 +15,7 @@ use anyhow::{bail, Context, Result};
|
||||
use async_compression::tokio::bufread::GzipDecoder;
|
||||
use base64::{engine::general_purpose::STANDARD, Engine};
|
||||
use const_format::concatcp;
|
||||
use serde::Deserialize;
|
||||
use kata_types::initdata::InitData;
|
||||
use sha2::{Digest, Sha256, Sha384, Sha512};
|
||||
use slog::Logger;
|
||||
use tokio::io::{AsyncReadExt, AsyncSeekExt};
|
||||
@@ -23,6 +23,10 @@ use tokio::io::{AsyncReadExt, AsyncSeekExt};
|
||||
/// This is the target directory to store the extracted initdata.
|
||||
pub const INITDATA_PATH: &str = "/run/confidential-containers/initdata";
|
||||
|
||||
const AA_CONFIG_KEY: &str = "aa.toml";
|
||||
const CDH_CONFIG_KEY: &str = "cdh.toml";
|
||||
const POLICY_KEY: &str = "policy.rego";
|
||||
|
||||
/// The path of AA's config file
|
||||
pub const AA_CONFIG_PATH: &str = concatcp!(INITDATA_PATH, "/aa.toml");
|
||||
|
||||
@@ -32,30 +36,6 @@ pub const CDH_CONFIG_PATH: &str = concatcp!(INITDATA_PATH, "/cdh.toml");
|
||||
/// Magic number of initdata device
|
||||
pub const INITDATA_MAGIC_NUMBER: &[u8] = b"initdata";
|
||||
|
||||
/// Now only initdata `0.1.0` is defined.
|
||||
const INITDATA_VERSION: &str = "0.1.0";
|
||||
|
||||
/// Initdata defined in
|
||||
/// <https://github.com/confidential-containers/trustee/blob/47d7a2338e0be76308ac19be5c0c172c592780aa/kbs/docs/initdata.md>
|
||||
#[derive(Deserialize)]
|
||||
pub struct Initdata {
|
||||
version: String,
|
||||
algorithm: String,
|
||||
data: DefinedFields,
|
||||
}
|
||||
|
||||
/// Well-defined keys for initdata of kata/CoCo
|
||||
#[derive(Deserialize, Default)]
|
||||
#[serde(deny_unknown_fields)]
|
||||
pub struct DefinedFields {
|
||||
#[serde(rename = "aa.toml")]
|
||||
aa_config: Option<String>,
|
||||
#[serde(rename = "cdh.toml")]
|
||||
cdh_config: Option<String>,
|
||||
#[serde(rename = "policy.rego")]
|
||||
policy: Option<String>,
|
||||
}
|
||||
|
||||
async fn detect_initdata_device(logger: &Logger) -> Result<Option<String>> {
|
||||
let dev_dir = Path::new("/dev");
|
||||
let mut read_dir = tokio::fs::read_dir(dev_dir).await?;
|
||||
@@ -137,29 +117,26 @@ pub async fn initialize_initdata(logger: &Logger) -> Result<Option<InitdataRetur
|
||||
.await
|
||||
.inspect_err(|e| error!(logger, "Failed to read initdata: {e:?}"))?;
|
||||
|
||||
let initdata: Initdata =
|
||||
let initdata: InitData =
|
||||
toml::from_slice(&initdata_content).context("parse initdata failed")?;
|
||||
info!(logger, "Initdata version: {}", initdata.version);
|
||||
info!(logger, "Initdata version: {}", initdata.version());
|
||||
initdata.validate()?;
|
||||
|
||||
if initdata.version != INITDATA_VERSION {
|
||||
bail!("Unsupported initdata version");
|
||||
}
|
||||
|
||||
let digest = match &initdata.algorithm[..] {
|
||||
let digest = match initdata.algorithm() {
|
||||
"sha256" => Sha256::digest(&initdata_content).to_vec(),
|
||||
"sha384" => Sha384::digest(&initdata_content).to_vec(),
|
||||
"sha512" => Sha512::digest(&initdata_content).to_vec(),
|
||||
others => bail!("Unsupported hash algorithm {others}"),
|
||||
};
|
||||
|
||||
if let Some(config) = initdata.data.aa_config {
|
||||
if let Some(config) = initdata.get_coco_data(AA_CONFIG_KEY) {
|
||||
tokio::fs::write(AA_CONFIG_PATH, config)
|
||||
.await
|
||||
.context("write aa config failed")?;
|
||||
info!(logger, "write AA config from initdata");
|
||||
}
|
||||
|
||||
if let Some(config) = initdata.data.cdh_config {
|
||||
if let Some(config) = initdata.get_coco_data(CDH_CONFIG_KEY) {
|
||||
tokio::fs::write(CDH_CONFIG_PATH, config)
|
||||
.await
|
||||
.context("write cdh config failed")?;
|
||||
@@ -170,7 +147,7 @@ pub async fn initialize_initdata(logger: &Logger) -> Result<Option<InitdataRetur
|
||||
|
||||
let res = InitdataReturnValue {
|
||||
digest,
|
||||
_policy: initdata.data.policy,
|
||||
_policy: initdata.get_coco_data(POLICY_KEY).cloned(),
|
||||
};
|
||||
|
||||
Ok(Some(res))
|
||||
|
||||
@@ -63,6 +63,11 @@ impl InitData {
|
||||
}
|
||||
}
|
||||
|
||||
/// get coco data
|
||||
pub fn get_coco_data(&self, key: &str) -> Option<&String> {
|
||||
self.data.get(key)
|
||||
}
|
||||
|
||||
/// insert data items
|
||||
pub fn insert_data(&mut self, key: impl Into<String>, value: impl Into<String>) {
|
||||
self.data.insert(key.into(), value.into());
|
||||
|
||||
Reference in New Issue
Block a user