refactor(initramfs): rename rotd to trustd (#148)

siderolabs · Aug 30, 2018 · b370ce0 · b370ce0
1 parent 80b5e36
commit b370ce0
Show file tree

Hide file tree

Showing 13 changed files with 113 additions and 105 deletions.
diff --git a/src/image/.conform.yaml b/src/image/.conform.yaml
@@ -65,6 +65,6 @@ tasks:
       COPY --from=dianemo/kernel:{{ .Docker.Image.Tag }} /tmp/lib/modules /generated/rootfs/lib/modules
       COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/osd /generated/rootfs/bin/osd
       COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/proxyd /generated/rootfs/bin/proxyd
-      COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/rotd /generated/rootfs/bin/rotd
+      COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/trustd /generated/rootfs/bin/trustd
       COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/init /generated/rootfs/bin/init
       RUN {{if .Git.IsClean}}XZ_OPT=-9e{{else}}XZ_OPT=-0{{end}} tar -cvpJf /generated/rootfs.tar.xz -C /generated/rootfs .
diff --git a/src/initramfs/.conform.yaml b/src/initramfs/.conform.yaml
@@ -15,34 +15,34 @@ stages:
       destination: ../../build/osctl-darwin-amd64
     tasks:
     - src
-    - osd
+    - init
+    - initramfs
+    - trustd
     - proxyd
-    - rotd
+    - osd
     - osctl
-    - init
     - test
-    - initramfs
     - image
   generate:
     artifacts:
     - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd/proto
       destination: ./cmd/osd
-    - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto
-      destination: ./cmd/rotd
+    - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto
+      destination: ./cmd/trustd
     tasks:
     - proto
 tasks:
   image:
     template: |
       FROM scratch
       WORKDIR /tmp
-      COPY --from=src /osctl-linux-amd64 osctl-linux-amd64
-      COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64
-      COPY --from=src /osd osd
-      COPY --from=src /proxyd proxyd
-      COPY --from=src /rotd rotd
       COPY --from=src /initramfs/init init
       COPY --from=src /initramfs/initramfs.xz initramfs.xz
+      COPY --from=src /trustd trustd
+      COPY --from=src /proxyd proxyd
+      COPY --from=src /osd osd
+      COPY --from=src /osctl-linux-amd64 osctl-linux-amd64
+      COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64
       CMD false
   init:
     template: |
@@ -107,27 +107,22 @@ tasks:
       WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd
       COPY ./cmd/osd/proto ./proto
       RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto
-      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd
-      COPY ./cmd/rotd/proto ./proto
+      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd
+      COPY ./cmd/trustd/proto ./proto
       RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto
   proxyd:
     template: |
       WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }}
       {{ if and .Git.IsClean .Git.IsTag }}
       RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build  -a \
-        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \
+        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \
         -o /{{ .Docker.CurrentStage }}
       {{ else }}
       RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \
-        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \
+        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \
         -o /{{ .Docker.CurrentStage }}
       {{ end }}
       RUN chmod +x /{{ .Docker.CurrentStage }}
-  rotd:
-    template: |
-      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }}
-      RUN CGO_ENABLED=0 go build -a -ldflags "-s -w" -o /{{ .Docker.CurrentStage }}
-      RUN chmod +x /{{ .Docker.CurrentStage }}
   src:
     template: |
       FROM dianemo/tools:{{ .Docker.Image.Tag }} AS {{ .Docker.CurrentStage }}
@@ -147,3 +142,16 @@ tasks:
       RUN chmod +x ./hack/test.sh
       RUN ./hack/test.sh --lint ./hack/golangci-lint.yaml
       RUN ./hack/test.sh --unit
+  trustd:
+    template: |
+      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }}
+      {{ if and .Git.IsClean .Git.IsTag }}
+      RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build  -a \
+        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \
+        -o /{{ .Docker.CurrentStage }}
+      {{ else }}
+      RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \
+        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \
+        -o /{{ .Docker.CurrentStage }}
+      {{ end }}
+      RUN chmod +x /{{ .Docker.CurrentStage }}
diff --git a/src/initramfs/cmd/init/main.go b/src/initramfs/cmd/init/main.go
@@ -110,8 +110,8 @@ func root() (err error) {
 	log.Println("starting OS services")
 	services.Start(&service.OSD{})
 	if data.Services.Kubeadm.Init != nil {
-		services.Start(&service.ROTD{})
-		services.Start(&service.ProxyD{})
+		services.Start(&service.Trustd{})
+		services.Start(&service.Proxyd{})
 	}
 
 	// Start the services essential to running Kubernetes.

diff --git a/src/initramfs/cmd/init/pkg/service/kubeadm.go b/src/initramfs/cmd/init/pkg/service/kubeadm.go
@@ -15,7 +15,7 @@ import (
 
 	"github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants"
 	"github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions"
-	"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto"
+	"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/net"
@@ -90,8 +90,8 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) {
 
 	creds := basic.NewCredentials(
 		data.Security.OS.CA.Crt,
-		data.Services.ROTD.Username,
-		data.Services.ROTD.Password,
+		data.Services.Trustd.Username,
+		data.Services.Trustd.Password,
 	)
 
 	var conn *grpc.ClientConn
@@ -107,7 +107,7 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) {
 	if err != nil {
 		return
 	}
-	client := proto.NewROTDClient(conn)
+	client := proto.NewTrustdClient(conn)
 
 	files := []string{
 		"/etc/kubernetes/pki/ca.crt",
@@ -248,7 +248,7 @@ func parse(data userdata.UserData) ([]byte, error) {
 	return buf.Bytes(), err
 }
 
-func writeFiles(client proto.ROTDClient, files []string) (err error) {
+func writeFiles(client proto.TrustdClient, files []string) (err error) {
 	errChan := make(chan error)
 	doneChan := make(chan bool)
 	ctx, cancelFunc := context.WithTimeout(context.Background(), 5*time.Minute)

diff --git a/src/initramfs/cmd/init/pkg/service/proxyd.go b/src/initramfs/cmd/init/pkg/service/proxyd.go
@@ -6,22 +6,22 @@ import (
 	"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
 )
 
-// ProxyD implements the Service interface. It serves as the concrete type with
+// Proxyd implements the Service interface. It serves as the concrete type with
 // the required methods.
-type ProxyD struct{}
+type Proxyd struct{}
 
 // Pre implements the Service interface.
-func (p *ProxyD) Pre(data userdata.UserData) error {
+func (p *Proxyd) Pre(data userdata.UserData) error {
 	return nil
 }
 
 // Post implements the Service interface.
-func (p *ProxyD) Post(data userdata.UserData) (err error) {
+func (p *Proxyd) Post(data userdata.UserData) (err error) {
 	return nil
 }
 
 // Cmd implements the Service interface.
-func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
+func (p *Proxyd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
 	cmdArgs.Name = "proxyd"
 	cmdArgs.Path = "/bin/proxyd"
 	cmdArgs.Args = []string{}
@@ -30,12 +30,12 @@ func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
 }
 
 // Condition implements the Service interface.
-func (p *ProxyD) Condition(data userdata.UserData) func() (bool, error) {
+func (p *Proxyd) Condition(data userdata.UserData) func() (bool, error) {
 	return conditions.WaitForFileExists("/etc/kubernetes/admin.conf")
 }
 
 // Env implements the Service interface.
-func (p *ProxyD) Env() []string { return []string{} }
+func (p *Proxyd) Env() []string { return []string{} }
 
 // Type implements the Service interface.
-func (p *ProxyD) Type() Type { return Forever }
+func (p *Proxyd) Type() Type { return Forever }
diff --git a/src/initramfs/cmd/init/pkg/service/rotd.go b/src/initramfs/cmd/init/pkg/service/rotd.go
@@ -7,24 +7,24 @@ import (
 	"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
 )
 
-// ROTD implements the Service interface. It serves as the concrete type with
+// Trustd implements the Service interface. It serves as the concrete type with
 // the required methods.
-type ROTD struct{}
+type Trustd struct{}
 
 // Pre implements the Service interface.
-func (p *ROTD) Pre(data userdata.UserData) error {
+func (p *Trustd) Pre(data userdata.UserData) error {
 	return nil
 }
 
 // Post implements the Service interface.
-func (p *ROTD) Post(data userdata.UserData) (err error) {
+func (p *Trustd) Post(data userdata.UserData) (err error) {
 	return nil
 }
 
 // Cmd implements the Service interface.
-func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
-	cmdArgs.Name = "rotd"
-	cmdArgs.Path = "/bin/rotd"
+func (p *Trustd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
+	cmdArgs.Name = "trustd"
+	cmdArgs.Path = "/bin/trustd"
 	cmdArgs.Args = []string{
 		"--port=50001",
 		"--userdata=" + constants.UserDataPath,
@@ -34,12 +34,12 @@ func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
 }
 
 // Condition implements the Service interface.
-func (p *ROTD) Condition(data userdata.UserData) func() (bool, error) {
+func (p *Trustd) Condition(data userdata.UserData) func() (bool, error) {
 	return conditions.None()
 }
 
 // Env implements the Service interface.
-func (p *ROTD) Env() []string { return []string{} }
+func (p *Trustd) Env() []string { return []string{} }
 
 // Type implements the Service interface.
-func (p *ROTD) Type() Type { return Forever }
+func (p *Trustd) Type() Type { return Forever }
diff --git a/src/initramfs/cmd/osd/main.go b/src/initramfs/cmd/osd/main.go
@@ -39,20 +39,20 @@ func main() {
 	}
 
 	if *generate {
-		if len(data.Services.ROTD.Endpoints) == 0 {
+		if len(data.Services.Trustd.Endpoints) == 0 {
 			log.Fatalf("at least one root of trust endpoint is required")
 		}
 
 		creds := basic.NewCredentials(
 			data.Security.OS.CA.Crt,
-			data.Services.ROTD.Username,
-			data.Services.ROTD.Password,
+			data.Services.Trustd.Username,
+			data.Services.Trustd.Password,
 		)
 
 		// TODO: In the case of failure, attempt to generate the identity from
 		// another RoT.
 		var conn *grpc.ClientConn
-		conn, err = basic.NewConnection(data.Services.ROTD.Endpoints[0], *rotPort, creds)
+		conn, err = basic.NewConnection(data.Services.Trustd.Endpoints[0], *rotPort, creds)
 		if err != nil {
 			return
 		}

diff --git a/src/initramfs/cmd/osd/pkg/gen/gen.go b/src/initramfs/cmd/osd/pkg/gen/gen.go
@@ -9,7 +9,7 @@ import (
 	stdlibnet "net"
 	"time"
 
-	"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto"
+	"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/net"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
@@ -18,19 +18,19 @@ import (
 
 // Generator represents the OS identity generator.
 type Generator struct {
-	client proto.ROTDClient
+	client proto.TrustdClient
 }
 
 // NewGenerator initializes a Generator with a preconfigured grpc.ClientConn.
 func NewGenerator(conn *grpc.ClientConn) (g *Generator) {
-	client := proto.NewROTDClient(conn)
+	client := proto.NewTrustdClient(conn)
 
 	return &Generator{
 		client: client,
 	}
 }
 
-// Certificate implements the proto.ROTDClient interface.
+// Certificate implements the proto.TrustdClient interface.
 func (g *Generator) Certificate(in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) {
 	ctx := context.Background()
 	resp, err = g.client.Certificate(ctx, in)

diff --git a/src/initramfs/cmd/rotd/main.go → src/initramfs/cmd/trustd/main.go b/src/initramfs/cmd/rotd/main.go → src/initramfs/cmd/trustd/main.go
@@ -4,7 +4,7 @@ import (
 	"flag"
 	"log"
 
-	"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/pkg/reg"
+	"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/pkg/reg"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/factory"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/tls"
@@ -40,8 +40,8 @@ func main() {
 
 	creds := basic.NewCredentials(
 		data.Security.OS.CA.Crt,
-		data.Services.ROTD.Username,
-		data.Services.ROTD.Password,
+		data.Services.Trustd.Username,
+		data.Services.Trustd.Password,
 	)
 
 	err = factory.Listen(

diff --git a/src/initramfs/cmd/rotd/pkg/reg/reg.go → src/initramfs/cmd/trustd/pkg/reg/reg.go b/src/initramfs/cmd/rotd/pkg/reg/reg.go → src/initramfs/cmd/trustd/pkg/reg/reg.go
@@ -11,24 +11,24 @@ import (
 	"path"
 	"time"
 
-	"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto"
+	"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
 	"google.golang.org/grpc"
 )
 
 // Registrator is the concrete type that implements the factory.Registrator and
-// proto.ROTDServer interfaces.
+// proto.TrustdServer interfaces.
 type Registrator struct {
 	Data *userdata.OSSecurity
 }
 
 // Register implements the factory.Registrator interface.
 func (r *Registrator) Register(s *grpc.Server) {
-	proto.RegisterROTDServer(s, r)
+	proto.RegisterTrustdServer(s, r)
 }
 
-// Certificate implements the proto.ROTDServer interface.
+// Certificate implements the proto.TrustdServer interface.
 func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) {
 	// TODO: Verify that the request is coming from the IP addresss declared in
 	// the CSR.
@@ -44,7 +44,7 @@ func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequ
 	return resp, nil
 }
 
-// WriteFile implements the proto.ROTDServer interface.
+// WriteFile implements the proto.TrustdServer interface.
 func (r *Registrator) WriteFile(ctx context.Context, in *proto.WriteFileRequest) (resp *proto.WriteFileResponse, err error) {
 	if err = os.MkdirAll(path.Dir(in.Path), os.ModeDir); err != nil {
 		return