genpolicy: take path to initdata from command line if provided

Otherwise use default initdata.

Signed-off-by: Saul Paredes <saulparedes@microsoft.com>

src/libs/kata-types/src/initdata.rs

@@ -175,7 +175,7 @@ fn adjust_digest(digest: &[u8], platform: ProtectedPlatform) -> Vec<u8> {
 }
 
 /// Parse initdata
-fn parse_initdata(initdata_str: &str) -> Result<InitData> {
+pub fn parse_initdata(initdata_str: &str) -> Result<InitData> {
     let initdata: InitData = toml::from_str(initdata_str)?;
     initdata.validate()?;
 

src/tools/genpolicy/src/policy.rs

@@ -577,7 +577,7 @@ impl AgentPolicy {
         if self.config.raw_out {
             std::io::stdout().write_all(policy.as_bytes()).unwrap();
         }
-        let mut initdata = kata_types::initdata::InitData::new("sha256", "0.1.0");
+        let mut initdata = self.config.initdata.clone();
         initdata.insert_data("policy.rego", policy);
 
         kata_types::initdata::encode_initdata(&initdata)

src/tools/genpolicy/src/utils.rs

@@ -5,6 +5,7 @@
 
 use crate::layers_cache;
 use crate::settings;
+use anyhow::Context;
 use clap::Parser;
 
 #[derive(Debug, Parser)]
@@ -105,6 +106,9 @@ struct CommandLineOptions {
     layers_cache_file_path: Option<String>,
     #[clap(short, long, help = "Print version information and exit")]
     version: bool,
+
+    #[clap(long, help = "Path to the initdata TOML file", require_equals = true)]
+    initdata_path: Option<String>,
 }
 
 /// Application configuration, derived from on command line parameters.
@@ -126,6 +130,7 @@ pub struct Config {
     pub containerd_socket_path: Option<String>,
     pub layers_cache: layers_cache::ImageLayersCache,
     pub version: bool,
+    pub initdata: kata_types::initdata::InitData,
 }
 
 impl Config {
@@ -150,6 +155,18 @@ impl Config {
 
         let settings = settings::Settings::new(&args.json_settings_path);
 
+        let initdata = match args.initdata_path.as_deref() {
+            Some(p) => {
+                let s = std::fs::read_to_string(p)
+                    .context(format!("Failed to read initdata file {}", p))
+                    .unwrap();
+                kata_types::initdata::parse_initdata(&s)
+                    .context(format!("Failed to parse initdata from {}", p))
+                    .unwrap()
+            }
+            None => kata_types::initdata::InitData::new("sha256", "0.1.0"),
+        };
+
         Self {
             use_cache: args.use_cached_files,
             insecure_registries: args.insecure_registry,
@@ -164,6 +181,7 @@ impl Config {
             containerd_socket_path: args.containerd_socket_path,
             layers_cache: layers_cache::ImageLayersCache::new(&layers_cache_file_path),
             version: args.version,
+            initdata,
         }
     }
 }

src/tools/genpolicy/tests/policy/main.rs

@@ -107,6 +107,7 @@ mod tests {
             use_cache: false,
             version: false,
             yaml_file: workdir.join("pod.yaml").to_str().map(|s| s.to_string()),
+            initdata: kata_types::initdata::InitData::new("sha256", "0.1.0"),
         };
 
         // The container repos/network calls can be unreliable, so retry