confidential-data-hub: Read config from file

Hard-code reading aa_kbc_params from /etc/agent-config.toml Fixes: #364 Signed-off-by: stevenhorsman <[email protected]>
confidential-containers · Sep 20, 2023 · 7133ccf · 7133ccf
1 parent 223f5c9
commit 7133ccf
Showing 1 changed file with 45 additions and 2 deletions.
diff --git a/confidential-data-hub/kms/src/plugins/kbs/mod.rs b/confidential-data-hub/kms/src/plugins/kbs/mod.rs
@@ -14,14 +14,18 @@ mod sev;
 mod offline_fs;
 
 use std::sync::Arc;
-
+use anyhow::Context;
 use async_trait::async_trait;
 use lazy_static::lazy_static;
 pub use resource_uri::ResourceUri;
+use std::path::Path;
+use serde::Deserialize;
 use tokio::sync::Mutex;
 
 use crate::{Annotations, Error, Getter, Result};
 
+const PEER_POD_CONFIG_PATH: &str = "/peerpod/daemon.json";
+
 enum RealClient {
     #[cfg(feature = "kbs")]
     Cc(cc_kbc::CcKbc),
@@ -32,7 +36,13 @@ enum RealClient {
 
 impl RealClient {
     async fn new() -> Result<Self> {
-        let (kbc, _kbs_host) = get_aa_params_from_cmdline().await?;
+        // Check for /peerpod/daemon.json to see if we are in a peer pod
+        // If so we need to read from the agent-config file, not /proc/cmdline
+        let (kbc, _kbs_host) = match Path::new(PEER_POD_CONFIG_PATH).exists() {
+            true => get_aa_params_from_config_file().await?,
+            false => get_aa_params_from_cmdline().await?,
+        };
+
         let c = match &kbc[..] {
             #[cfg(feature = "kbs")]
             "cc_kbc" => RealClient::Cc(cc_kbc::CcKbc::new(&_kbs_host).await?),
@@ -126,3 +136,36 @@ async fn get_aa_params_from_cmdline() -> Result<(String, String)> {
 
     Ok((aa_kbc_params[0].to_string(), aa_kbc_params[1].to_string()))
 }
+
+async fn get_aa_params_from_config_file() -> Result<(String, String)> {
+    use tokio::fs;
+
+    // We only care about the aa_kbc_params value at the moment
+    #[derive(Debug, Deserialize)]
+    struct AgentConfig {
+        aa_kbc_params: Option<String>,
+    }
+
+    // Hard-code agent config path to "/etc/agent-config.toml" as a workaround
+    let agent_config_str = fs::read_to_string("/etc/agent-config.toml")
+        .context("Failed to read /etc/agent-config.toml file")?;
+
+    let agent_config: AgentConfig = toml::from_str(&agent_config_str)
+        .context("Failed to deserialize /etc/agent-config.toml")?;
+
+    let aa_kbc_params = agent_config
+        .aa_kbc_params
+        .ok_or(Error::KbsClientError(
+            "no `aa_kbc_params` found in /etc/agent-config.toml".into(),
+        ))?
+        .split("::")
+        .collect::<Vec<&str>>();
+
+    if aa_kbc_params.len() != 2 {
+        return Err(Error::KbsClientError(
+            "Illegal `aa_kbc_params` format provided in /etc/agent-config.toml.".to_string(),
+        ));
+    }
+
+    Ok((aa_kbc_params[0].to_string(), aa_kbc_params[1].to_string()))
+}