rancher/kcrypt-challenger
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-09-25 20:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Small refactorings (renaming vars, create constants etc)

Browse Source 
Signed-off-by: Ettore Di Giacinto <ettore@spectrocloud.com>
This commit is contained in:
Dimitris Karakasilis
2023-01-19 16:24:39 +02:00
committed by Ettore Di Giacinto
parent 91c24586ea
commit 8898eb8ae9
3 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/discovery/client/enc.go
View File

@@ -12,6 +12,8 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
) )
const DefaultNVIndex = "0x1500000"
func getPass(server string, partition *block.Partition) (string, bool, error) { func getPass(server string, partition *block.Partition) (string, bool, error) {
msg, err := tpm.Get(server, msg, err := tpm.Get(server,
tpm.WithAdditionalHeader("label", partition.Label), tpm.WithAdditionalHeader("label", partition.Label),
@@ -48,7 +50,7 @@ func genAndStore(k Config) (string, error) {
if err != nil { if err != nil {
return "", err return "", err
} }
nvindex := "0x1500000" nvindex := DefaultNVIndex
if k.Kcrypt.Challenger.NVIndex != "" { if k.Kcrypt.Challenger.NVIndex != "" {
nvindex = k.Kcrypt.Challenger.NVIndex nvindex = k.Kcrypt.Challenger.NVIndex
} }
@@ -57,7 +59,7 @@ func genAndStore(k Config) (string, error) {
} }
func localPass(k Config) (string, error) { func localPass(k Config) (string, error) {
index := "0x1500000" index := DefaultNVIndex
if k.Kcrypt.Challenger.NVIndex != "" { if k.Kcrypt.Challenger.NVIndex != "" {
index = k.Kcrypt.Challenger.NVIndex index = k.Kcrypt.Challenger.NVIndex
} }

16
pkg/challenger/challenger.go
View File

@@ -15,6 +15,7 @@ import (
"github.com/kairos-io/kairos-challenger/controllers" "github.com/kairos-io/kairos-challenger/controllers"
tpm "github.com/kairos-io/tpm-helpers" tpm "github.com/kairos-io/tpm-helpers"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
@@ -113,7 +114,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
continue continue
} }
sealedVolumeData := findSecretFor(PassphraseRequestData{ sealedVolumeData := findVolumeFor(PassphraseRequestData{
TPMHash: hashEncoded, TPMHash: hashEncoded,
Label: label, Label: label,
DeviceName: name, DeviceName: name,
@@ -143,6 +144,11 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
} }
_, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{}) _, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{})
if err != nil { if err != nil {
if !apierrors.IsNotFound(err) {
fmt.Printf("Failed getting secret: %s\n", err.Error())
continue
}
secret := corev1.Secret{ secret := corev1.Secret{
TypeMeta: v1.TypeMeta{ TypeMeta: v1.TypeMeta{
Kind: "Secret", Kind: "Secret",
@@ -199,7 +205,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
return return
} }
sealedVolumeData := findSecretFor(PassphraseRequestData{ sealedVolumeData := findVolumeFor(PassphraseRequestData{
TPMHash: hashEncoded, TPMHash: hashEncoded,
Label: label, Label: label,
DeviceName: name, DeviceName: name,
@@ -230,10 +236,10 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
secret, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{}) secret, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{})
if err == nil { if err == nil {
passphrase := secret.Data[secretPath] passphrase := secret.Data[secretPath]
gen, generated := secret.Data[constants.GeneratedByKey] generatedBy, generated := secret.Data[constants.GeneratedByKey]
result := map[string]string{"passphrase": string(passphrase)} result := map[string]string{"passphrase": string(passphrase)}
if generated { if generated {
result[constants.GeneratedByKey] = string(gen) result[constants.GeneratedByKey] = string(generatedBy)
} }
err = json.NewEncoder(writer).Encode(result) err = json.NewEncoder(writer).Encode(result)
if err != nil { if err != nil {
@@ -277,7 +283,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
}() }()
} }
func findSecretFor(requestData PassphraseRequestData, volumeList *keyserverv1alpha1.SealedVolumeList) *SealedVolumeData { func findVolumeFor(requestData PassphraseRequestData, volumeList *keyserverv1alpha1.SealedVolumeList) *SealedVolumeData {
for _, v := range volumeList.Items { for _, v := range volumeList.Items {
if requestData.TPMHash == v.Spec.TPMHash { if requestData.TPMHash == v.Spec.TPMHash {
for _, p := range v.Spec.Partitions { for _, p := range v.Spec.Partitions {

10
pkg/challenger/challenger_test.go
View File

@@ -38,7 +38,7 @@ var _ = Describe("challenger", func() {
}) })
It("returns the sealed volume data", func() { It("returns the sealed volume data", func() {
volumeData := findSecretFor(requestData, volumeList) volumeData := findVolumeFor(requestData, volumeList)
Expect(volumeData).ToNot(BeNil()) Expect(volumeData).ToNot(BeNil())
Expect(volumeData.Quarantined).To(BeFalse()) Expect(volumeData.Quarantined).To(BeFalse())
Expect(volumeData.SecretName).To(Equal("the_secret")) Expect(volumeData.SecretName).To(Equal("the_secret"))
@@ -67,7 +67,7 @@ var _ = Describe("challenger", func() {
}) })
It("doesn't match a request with an empty field", func() { It("doesn't match a request with an empty field", func() {
volumeData := findSecretFor(requestData, volumeList) volumeData := findVolumeFor(requestData, volumeList)
Expect(volumeData).To(BeNil()) Expect(volumeData).To(BeNil())
}) })
}) })
@@ -86,7 +86,7 @@ var _ = Describe("challenger", func() {
}) })
It("returns the sealed volume data", func() { It("returns the sealed volume data", func() {
volumeData := findSecretFor(requestData, volumeList) volumeData := findVolumeFor(requestData, volumeList)
Expect(volumeData).ToNot(BeNil()) Expect(volumeData).ToNot(BeNil())
Expect(volumeData.Quarantined).To(BeFalse()) Expect(volumeData.Quarantined).To(BeFalse())
Expect(volumeData.SecretName).To(Equal("the_secret")) Expect(volumeData.SecretName).To(Equal("the_secret"))
@@ -108,7 +108,7 @@ var _ = Describe("challenger", func() {
}) })
It("returns the sealed volume data", func() { It("returns the sealed volume data", func() {
volumeData := findSecretFor(requestData, volumeList) volumeData := findVolumeFor(requestData, volumeList)
Expect(volumeData).ToNot(BeNil()) Expect(volumeData).ToNot(BeNil())
Expect(volumeData.Quarantined).To(BeFalse()) Expect(volumeData.Quarantined).To(BeFalse())
Expect(volumeData.SecretName).To(Equal("the_secret")) Expect(volumeData.SecretName).To(Equal("the_secret"))
@@ -130,7 +130,7 @@ var _ = Describe("challenger", func() {
}) })
It("returns nil sealedVolumeData", func() { It("returns nil sealedVolumeData", func() {
volumeData := findSecretFor(requestData, volumeList) volumeData := findVolumeFor(requestData, volumeList)
Expect(volumeData).To(BeNil()) Expect(volumeData).To(BeNil())
}) })
}) })