diff --git a/src/libs/kata-types/src/initdata.rs b/src/libs/kata-types/src/initdata.rs index 43cd8ef081..4a28d72f82 100644 --- a/src/libs/kata-types/src/initdata.rs +++ b/src/libs/kata-types/src/initdata.rs @@ -175,7 +175,7 @@ fn adjust_digest(digest: &[u8], platform: ProtectedPlatform) -> Vec { } /// Parse initdata -fn parse_initdata(initdata_str: &str) -> Result { +pub fn parse_initdata(initdata_str: &str) -> Result { let initdata: InitData = toml::from_str(initdata_str)?; initdata.validate()?; diff --git a/src/tools/genpolicy/src/policy.rs b/src/tools/genpolicy/src/policy.rs index 0420a91bb0..b0a0eec254 100644 --- a/src/tools/genpolicy/src/policy.rs +++ b/src/tools/genpolicy/src/policy.rs @@ -577,7 +577,7 @@ impl AgentPolicy { if self.config.raw_out { std::io::stdout().write_all(policy.as_bytes()).unwrap(); } - let mut initdata = kata_types::initdata::InitData::new("sha256", "0.1.0"); + let mut initdata = self.config.initdata.clone(); initdata.insert_data("policy.rego", policy); kata_types::initdata::encode_initdata(&initdata) diff --git a/src/tools/genpolicy/src/utils.rs b/src/tools/genpolicy/src/utils.rs index e268244d65..241d80d964 100644 --- a/src/tools/genpolicy/src/utils.rs +++ b/src/tools/genpolicy/src/utils.rs @@ -5,6 +5,7 @@ use crate::layers_cache; use crate::settings; +use anyhow::Context; use clap::Parser; #[derive(Debug, Parser)] @@ -105,6 +106,9 @@ struct CommandLineOptions { layers_cache_file_path: Option, #[clap(short, long, help = "Print version information and exit")] version: bool, + + #[clap(long, help = "Path to the initdata TOML file", require_equals = true)] + initdata_path: Option, } /// Application configuration, derived from on command line parameters. @@ -126,6 +130,7 @@ pub struct Config { pub containerd_socket_path: Option, pub layers_cache: layers_cache::ImageLayersCache, pub version: bool, + pub initdata: kata_types::initdata::InitData, } impl Config { @@ -150,6 +155,18 @@ impl Config { let settings = settings::Settings::new(&args.json_settings_path); + let initdata = match args.initdata_path.as_deref() { + Some(p) => { + let s = std::fs::read_to_string(p) + .context(format!("Failed to read initdata file {}", p)) + .unwrap(); + kata_types::initdata::parse_initdata(&s) + .context(format!("Failed to parse initdata from {}", p)) + .unwrap() + } + None => kata_types::initdata::InitData::new("sha256", "0.1.0"), + }; + Self { use_cache: args.use_cached_files, insecure_registries: args.insecure_registry, @@ -164,6 +181,7 @@ impl Config { containerd_socket_path: args.containerd_socket_path, layers_cache: layers_cache::ImageLayersCache::new(&layers_cache_file_path), version: args.version, + initdata, } } } diff --git a/src/tools/genpolicy/tests/policy/main.rs b/src/tools/genpolicy/tests/policy/main.rs index 1b84ea4c59..5eeba23aa3 100644 --- a/src/tools/genpolicy/tests/policy/main.rs +++ b/src/tools/genpolicy/tests/policy/main.rs @@ -107,6 +107,7 @@ mod tests { use_cache: false, version: false, yaml_file: workdir.join("pod.yaml").to_str().map(|s| s.to_string()), + initdata: kata_types::initdata::InitData::new("sha256", "0.1.0"), }; // The container repos/network calls can be unreliable, so retry