From b370ce043e2a578b78ca2aa7cc28f11aadf8d0cc Mon Sep 17 00:00:00 2001 From: Andrew Rynhard Date: Thu, 30 Aug 2018 07:45:15 -0700 Subject: [PATCH] refactor(initramfs): rename rotd to trustd (#148) --- src/image/.conform.yaml | 2 +- src/initramfs/.conform.yaml | 48 +++++++----- src/initramfs/cmd/init/main.go | 4 +- src/initramfs/cmd/init/pkg/service/kubeadm.go | 10 +-- src/initramfs/cmd/init/pkg/service/proxyd.go | 16 ++-- src/initramfs/cmd/init/pkg/service/rotd.go | 20 ++--- src/initramfs/cmd/osd/main.go | 8 +- src/initramfs/cmd/osd/pkg/gen/gen.go | 8 +- src/initramfs/cmd/{rotd => trustd}/main.go | 6 +- .../cmd/{rotd => trustd}/pkg/reg/reg.go | 10 +-- .../cmd/{rotd => trustd}/proto/api.pb.go | 76 +++++++++---------- .../cmd/{rotd => trustd}/proto/api.proto | 4 +- src/initramfs/pkg/userdata/userdata.go | 6 +- 13 files changed, 113 insertions(+), 105 deletions(-) rename src/initramfs/cmd/{rotd => trustd}/main.go (90%) rename src/initramfs/cmd/{rotd => trustd}/pkg/reg/reg.go (90%) rename src/initramfs/cmd/{rotd => trustd}/proto/api.pb.go (80%) rename src/initramfs/cmd/{rotd => trustd}/proto/api.proto (92%) diff --git a/src/image/.conform.yaml b/src/image/.conform.yaml index 66b9334345..028d2bfcab 100644 --- a/src/image/.conform.yaml +++ b/src/image/.conform.yaml @@ -65,6 +65,6 @@ tasks: COPY --from=dianemo/kernel:{{ .Docker.Image.Tag }} /tmp/lib/modules /generated/rootfs/lib/modules COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/osd /generated/rootfs/bin/osd COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/proxyd /generated/rootfs/bin/proxyd - COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/rotd /generated/rootfs/bin/rotd + COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/trustd /generated/rootfs/bin/trustd COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/init /generated/rootfs/bin/init RUN {{if .Git.IsClean}}XZ_OPT=-9e{{else}}XZ_OPT=-0{{end}} tar -cvpJf /generated/rootfs.tar.xz -C /generated/rootfs . diff --git a/src/initramfs/.conform.yaml b/src/initramfs/.conform.yaml index 3429192dee..65edf5033d 100644 --- a/src/initramfs/.conform.yaml +++ b/src/initramfs/.conform.yaml @@ -15,20 +15,20 @@ stages: destination: ../../build/osctl-darwin-amd64 tasks: - src - - osd + - init + - initramfs + - trustd - proxyd - - rotd + - osd - osctl - - init - test - - initramfs - image generate: artifacts: - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd/proto destination: ./cmd/osd - - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto - destination: ./cmd/rotd + - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto + destination: ./cmd/trustd tasks: - proto tasks: @@ -36,13 +36,13 @@ tasks: template: | FROM scratch WORKDIR /tmp - COPY --from=src /osctl-linux-amd64 osctl-linux-amd64 - COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64 - COPY --from=src /osd osd - COPY --from=src /proxyd proxyd - COPY --from=src /rotd rotd COPY --from=src /initramfs/init init COPY --from=src /initramfs/initramfs.xz initramfs.xz + COPY --from=src /trustd trustd + COPY --from=src /proxyd proxyd + COPY --from=src /osd osd + COPY --from=src /osctl-linux-amd64 osctl-linux-amd64 + COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64 CMD false init: template: | @@ -107,27 +107,22 @@ tasks: WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd COPY ./cmd/osd/proto ./proto RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto - WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd - COPY ./cmd/rotd/proto ./proto + WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd + COPY ./cmd/trustd/proto ./proto RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto proxyd: template: | WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} {{ if and .Git.IsClean .Git.IsTag }} RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ - -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \ + -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \ -o /{{ .Docker.CurrentStage }} {{ else }} RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ - -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \ + -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \ -o /{{ .Docker.CurrentStage }} {{ end }} RUN chmod +x /{{ .Docker.CurrentStage }} - rotd: - template: | - WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} - RUN CGO_ENABLED=0 go build -a -ldflags "-s -w" -o /{{ .Docker.CurrentStage }} - RUN chmod +x /{{ .Docker.CurrentStage }} src: template: | FROM dianemo/tools:{{ .Docker.Image.Tag }} AS {{ .Docker.CurrentStage }} @@ -147,3 +142,16 @@ tasks: RUN chmod +x ./hack/test.sh RUN ./hack/test.sh --lint ./hack/golangci-lint.yaml RUN ./hack/test.sh --unit + trustd: + template: | + WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} + {{ if and .Git.IsClean .Git.IsTag }} + RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ + -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \ + -o /{{ .Docker.CurrentStage }} + {{ else }} + RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ + -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \ + -o /{{ .Docker.CurrentStage }} + {{ end }} + RUN chmod +x /{{ .Docker.CurrentStage }} diff --git a/src/initramfs/cmd/init/main.go b/src/initramfs/cmd/init/main.go index d65b95df7e..e11de1597c 100644 --- a/src/initramfs/cmd/init/main.go +++ b/src/initramfs/cmd/init/main.go @@ -110,8 +110,8 @@ func root() (err error) { log.Println("starting OS services") services.Start(&service.OSD{}) if data.Services.Kubeadm.Init != nil { - services.Start(&service.ROTD{}) - services.Start(&service.ProxyD{}) + services.Start(&service.Trustd{}) + services.Start(&service.Proxyd{}) } // Start the services essential to running Kubernetes. diff --git a/src/initramfs/cmd/init/pkg/service/kubeadm.go b/src/initramfs/cmd/init/pkg/service/kubeadm.go index 1260dca174..ab231d35f2 100644 --- a/src/initramfs/cmd/init/pkg/service/kubeadm.go +++ b/src/initramfs/cmd/init/pkg/service/kubeadm.go @@ -15,7 +15,7 @@ import ( "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions" - "github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto" + "github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto" "github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509" "github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic" "github.com/autonomy/dianemo/src/initramfs/pkg/net" @@ -90,8 +90,8 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) { creds := basic.NewCredentials( data.Security.OS.CA.Crt, - data.Services.ROTD.Username, - data.Services.ROTD.Password, + data.Services.Trustd.Username, + data.Services.Trustd.Password, ) var conn *grpc.ClientConn @@ -107,7 +107,7 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) { if err != nil { return } - client := proto.NewROTDClient(conn) + client := proto.NewTrustdClient(conn) files := []string{ "/etc/kubernetes/pki/ca.crt", @@ -248,7 +248,7 @@ func parse(data userdata.UserData) ([]byte, error) { return buf.Bytes(), err } -func writeFiles(client proto.ROTDClient, files []string) (err error) { +func writeFiles(client proto.TrustdClient, files []string) (err error) { errChan := make(chan error) doneChan := make(chan bool) ctx, cancelFunc := context.WithTimeout(context.Background(), 5*time.Minute) diff --git a/src/initramfs/cmd/init/pkg/service/proxyd.go b/src/initramfs/cmd/init/pkg/service/proxyd.go index bf2785df39..ff187e2159 100644 --- a/src/initramfs/cmd/init/pkg/service/proxyd.go +++ b/src/initramfs/cmd/init/pkg/service/proxyd.go @@ -6,22 +6,22 @@ import ( "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" ) -// ProxyD implements the Service interface. It serves as the concrete type with +// Proxyd implements the Service interface. It serves as the concrete type with // the required methods. -type ProxyD struct{} +type Proxyd struct{} // Pre implements the Service interface. -func (p *ProxyD) Pre(data userdata.UserData) error { +func (p *Proxyd) Pre(data userdata.UserData) error { return nil } // Post implements the Service interface. -func (p *ProxyD) Post(data userdata.UserData) (err error) { +func (p *Proxyd) Post(data userdata.UserData) (err error) { return nil } // Cmd implements the Service interface. -func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { +func (p *Proxyd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { cmdArgs.Name = "proxyd" cmdArgs.Path = "/bin/proxyd" cmdArgs.Args = []string{} @@ -30,12 +30,12 @@ func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { } // Condition implements the Service interface. -func (p *ProxyD) Condition(data userdata.UserData) func() (bool, error) { +func (p *Proxyd) Condition(data userdata.UserData) func() (bool, error) { return conditions.WaitForFileExists("/etc/kubernetes/admin.conf") } // Env implements the Service interface. -func (p *ProxyD) Env() []string { return []string{} } +func (p *Proxyd) Env() []string { return []string{} } // Type implements the Service interface. -func (p *ProxyD) Type() Type { return Forever } +func (p *Proxyd) Type() Type { return Forever } diff --git a/src/initramfs/cmd/init/pkg/service/rotd.go b/src/initramfs/cmd/init/pkg/service/rotd.go index fa10ec22a3..cbf6d3dc45 100644 --- a/src/initramfs/cmd/init/pkg/service/rotd.go +++ b/src/initramfs/cmd/init/pkg/service/rotd.go @@ -7,24 +7,24 @@ import ( "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" ) -// ROTD implements the Service interface. It serves as the concrete type with +// Trustd implements the Service interface. It serves as the concrete type with // the required methods. -type ROTD struct{} +type Trustd struct{} // Pre implements the Service interface. -func (p *ROTD) Pre(data userdata.UserData) error { +func (p *Trustd) Pre(data userdata.UserData) error { return nil } // Post implements the Service interface. -func (p *ROTD) Post(data userdata.UserData) (err error) { +func (p *Trustd) Post(data userdata.UserData) (err error) { return nil } // Cmd implements the Service interface. -func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { - cmdArgs.Name = "rotd" - cmdArgs.Path = "/bin/rotd" +func (p *Trustd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { + cmdArgs.Name = "trustd" + cmdArgs.Path = "/bin/trustd" cmdArgs.Args = []string{ "--port=50001", "--userdata=" + constants.UserDataPath, @@ -34,12 +34,12 @@ func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { } // Condition implements the Service interface. -func (p *ROTD) Condition(data userdata.UserData) func() (bool, error) { +func (p *Trustd) Condition(data userdata.UserData) func() (bool, error) { return conditions.None() } // Env implements the Service interface. -func (p *ROTD) Env() []string { return []string{} } +func (p *Trustd) Env() []string { return []string{} } // Type implements the Service interface. -func (p *ROTD) Type() Type { return Forever } +func (p *Trustd) Type() Type { return Forever } diff --git a/src/initramfs/cmd/osd/main.go b/src/initramfs/cmd/osd/main.go index dee6473b28..943ce1db9f 100644 --- a/src/initramfs/cmd/osd/main.go +++ b/src/initramfs/cmd/osd/main.go @@ -39,20 +39,20 @@ func main() { } if *generate { - if len(data.Services.ROTD.Endpoints) == 0 { + if len(data.Services.Trustd.Endpoints) == 0 { log.Fatalf("at least one root of trust endpoint is required") } creds := basic.NewCredentials( data.Security.OS.CA.Crt, - data.Services.ROTD.Username, - data.Services.ROTD.Password, + data.Services.Trustd.Username, + data.Services.Trustd.Password, ) // TODO: In the case of failure, attempt to generate the identity from // another RoT. var conn *grpc.ClientConn - conn, err = basic.NewConnection(data.Services.ROTD.Endpoints[0], *rotPort, creds) + conn, err = basic.NewConnection(data.Services.Trustd.Endpoints[0], *rotPort, creds) if err != nil { return } diff --git a/src/initramfs/cmd/osd/pkg/gen/gen.go b/src/initramfs/cmd/osd/pkg/gen/gen.go index de897624b6..439204a1b9 100644 --- a/src/initramfs/cmd/osd/pkg/gen/gen.go +++ b/src/initramfs/cmd/osd/pkg/gen/gen.go @@ -9,7 +9,7 @@ import ( stdlibnet "net" "time" - "github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto" + "github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto" "github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509" "github.com/autonomy/dianemo/src/initramfs/pkg/net" "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" @@ -18,19 +18,19 @@ import ( // Generator represents the OS identity generator. type Generator struct { - client proto.ROTDClient + client proto.TrustdClient } // NewGenerator initializes a Generator with a preconfigured grpc.ClientConn. func NewGenerator(conn *grpc.ClientConn) (g *Generator) { - client := proto.NewROTDClient(conn) + client := proto.NewTrustdClient(conn) return &Generator{ client: client, } } -// Certificate implements the proto.ROTDClient interface. +// Certificate implements the proto.TrustdClient interface. func (g *Generator) Certificate(in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) { ctx := context.Background() resp, err = g.client.Certificate(ctx, in) diff --git a/src/initramfs/cmd/rotd/main.go b/src/initramfs/cmd/trustd/main.go similarity index 90% rename from src/initramfs/cmd/rotd/main.go rename to src/initramfs/cmd/trustd/main.go index 1232bd8a0b..bc503119d9 100644 --- a/src/initramfs/cmd/rotd/main.go +++ b/src/initramfs/cmd/trustd/main.go @@ -4,7 +4,7 @@ import ( "flag" "log" - "github.com/autonomy/dianemo/src/initramfs/cmd/rotd/pkg/reg" + "github.com/autonomy/dianemo/src/initramfs/cmd/trustd/pkg/reg" "github.com/autonomy/dianemo/src/initramfs/pkg/grpc/factory" "github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic" "github.com/autonomy/dianemo/src/initramfs/pkg/grpc/tls" @@ -40,8 +40,8 @@ func main() { creds := basic.NewCredentials( data.Security.OS.CA.Crt, - data.Services.ROTD.Username, - data.Services.ROTD.Password, + data.Services.Trustd.Username, + data.Services.Trustd.Password, ) err = factory.Listen( diff --git a/src/initramfs/cmd/rotd/pkg/reg/reg.go b/src/initramfs/cmd/trustd/pkg/reg/reg.go similarity index 90% rename from src/initramfs/cmd/rotd/pkg/reg/reg.go rename to src/initramfs/cmd/trustd/pkg/reg/reg.go index cfda49c3af..346c1476d9 100644 --- a/src/initramfs/cmd/rotd/pkg/reg/reg.go +++ b/src/initramfs/cmd/trustd/pkg/reg/reg.go @@ -11,24 +11,24 @@ import ( "path" "time" - "github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto" + "github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto" "github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509" "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" "google.golang.org/grpc" ) // Registrator is the concrete type that implements the factory.Registrator and -// proto.ROTDServer interfaces. +// proto.TrustdServer interfaces. type Registrator struct { Data *userdata.OSSecurity } // Register implements the factory.Registrator interface. func (r *Registrator) Register(s *grpc.Server) { - proto.RegisterROTDServer(s, r) + proto.RegisterTrustdServer(s, r) } -// Certificate implements the proto.ROTDServer interface. +// Certificate implements the proto.TrustdServer interface. func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) { // TODO: Verify that the request is coming from the IP addresss declared in // the CSR. @@ -44,7 +44,7 @@ func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequ return resp, nil } -// WriteFile implements the proto.ROTDServer interface. +// WriteFile implements the proto.TrustdServer interface. func (r *Registrator) WriteFile(ctx context.Context, in *proto.WriteFileRequest) (resp *proto.WriteFileResponse, err error) { if err = os.MkdirAll(path.Dir(in.Path), os.ModeDir); err != nil { return diff --git a/src/initramfs/cmd/rotd/proto/api.pb.go b/src/initramfs/cmd/trustd/proto/api.pb.go similarity index 80% rename from src/initramfs/cmd/rotd/proto/api.pb.go rename to src/initramfs/cmd/trustd/proto/api.pb.go index a9df065425..666cb1bad2 100644 --- a/src/initramfs/cmd/rotd/proto/api.pb.go +++ b/src/initramfs/cmd/trustd/proto/api.pb.go @@ -35,7 +35,7 @@ func (m *CertificateRequest) Reset() { *m = CertificateRequest{} } func (m *CertificateRequest) String() string { return proto.CompactTextString(m) } func (*CertificateRequest) ProtoMessage() {} func (*CertificateRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_92247eb635a417db, []int{0} + return fileDescriptor_api_6d48f67e45b68bdd, []int{0} } func (m *CertificateRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_CertificateRequest.Unmarshal(m, b) @@ -74,7 +74,7 @@ func (m *CertificateResponse) Reset() { *m = CertificateResponse{} } func (m *CertificateResponse) String() string { return proto.CompactTextString(m) } func (*CertificateResponse) ProtoMessage() {} func (*CertificateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_api_92247eb635a417db, []int{1} + return fileDescriptor_api_6d48f67e45b68bdd, []int{1} } func (m *CertificateResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_CertificateResponse.Unmarshal(m, b) @@ -115,7 +115,7 @@ func (m *WriteFileRequest) Reset() { *m = WriteFileRequest{} } func (m *WriteFileRequest) String() string { return proto.CompactTextString(m) } func (*WriteFileRequest) ProtoMessage() {} func (*WriteFileRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_92247eb635a417db, []int{2} + return fileDescriptor_api_6d48f67e45b68bdd, []int{2} } func (m *WriteFileRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_WriteFileRequest.Unmarshal(m, b) @@ -167,7 +167,7 @@ func (m *WriteFileResponse) Reset() { *m = WriteFileResponse{} } func (m *WriteFileResponse) String() string { return proto.CompactTextString(m) } func (*WriteFileResponse) ProtoMessage() {} func (*WriteFileResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_api_92247eb635a417db, []int{3} + return fileDescriptor_api_6d48f67e45b68bdd, []int{3} } func (m *WriteFileResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_WriteFileResponse.Unmarshal(m, b) @@ -202,107 +202,107 @@ var _ grpc.ClientConn // is compatible with the grpc package it is being compiled against. const _ = grpc.SupportPackageIsVersion4 -// ROTDClient is the client API for ROTD service. +// TrustdClient is the client API for Trustd service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type ROTDClient interface { +type TrustdClient interface { Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) } -type rOTDClient struct { +type trustdClient struct { cc *grpc.ClientConn } -func NewROTDClient(cc *grpc.ClientConn) ROTDClient { - return &rOTDClient{cc} +func NewTrustdClient(cc *grpc.ClientConn) TrustdClient { + return &trustdClient{cc} } -func (c *rOTDClient) Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) { +func (c *trustdClient) Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) { out := new(CertificateResponse) - err := c.cc.Invoke(ctx, "/proto.ROTD/Certificate", in, out, opts...) + err := c.cc.Invoke(ctx, "/proto.Trustd/Certificate", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *rOTDClient) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) { +func (c *trustdClient) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) { out := new(WriteFileResponse) - err := c.cc.Invoke(ctx, "/proto.ROTD/WriteFile", in, out, opts...) + err := c.cc.Invoke(ctx, "/proto.Trustd/WriteFile", in, out, opts...) if err != nil { return nil, err } return out, nil } -// ROTDServer is the server API for ROTD service. -type ROTDServer interface { +// TrustdServer is the server API for Trustd service. +type TrustdServer interface { Certificate(context.Context, *CertificateRequest) (*CertificateResponse, error) WriteFile(context.Context, *WriteFileRequest) (*WriteFileResponse, error) } -func RegisterROTDServer(s *grpc.Server, srv ROTDServer) { - s.RegisterService(&_ROTD_serviceDesc, srv) +func RegisterTrustdServer(s *grpc.Server, srv TrustdServer) { + s.RegisterService(&_Trustd_serviceDesc, srv) } -func _ROTD_Certificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _Trustd_Certificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(CertificateRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(ROTDServer).Certificate(ctx, in) + return srv.(TrustdServer).Certificate(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.ROTD/Certificate", + FullMethod: "/proto.Trustd/Certificate", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ROTDServer).Certificate(ctx, req.(*CertificateRequest)) + return srv.(TrustdServer).Certificate(ctx, req.(*CertificateRequest)) } return interceptor(ctx, in, info, handler) } -func _ROTD_WriteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _Trustd_WriteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(WriteFileRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(ROTDServer).WriteFile(ctx, in) + return srv.(TrustdServer).WriteFile(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.ROTD/WriteFile", + FullMethod: "/proto.Trustd/WriteFile", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ROTDServer).WriteFile(ctx, req.(*WriteFileRequest)) + return srv.(TrustdServer).WriteFile(ctx, req.(*WriteFileRequest)) } return interceptor(ctx, in, info, handler) } -var _ROTD_serviceDesc = grpc.ServiceDesc{ - ServiceName: "proto.ROTD", - HandlerType: (*ROTDServer)(nil), +var _Trustd_serviceDesc = grpc.ServiceDesc{ + ServiceName: "proto.Trustd", + HandlerType: (*TrustdServer)(nil), Methods: []grpc.MethodDesc{ { MethodName: "Certificate", - Handler: _ROTD_Certificate_Handler, + Handler: _Trustd_Certificate_Handler, }, { MethodName: "WriteFile", - Handler: _ROTD_WriteFile_Handler, + Handler: _Trustd_WriteFile_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "api.proto", } -func init() { proto.RegisterFile("api.proto", fileDescriptor_api_92247eb635a417db) } +func init() { proto.RegisterFile("api.proto", fileDescriptor_api_6d48f67e45b68bdd) } -var fileDescriptor_api_92247eb635a417db = []byte{ - // 217 bytes of a gzipped FileDescriptorProto +var fileDescriptor_api_6d48f67e45b68bdd = []byte{ + // 219 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x05, 0x53, 0x4a, 0x6a, 0x5c, 0x42, 0xce, 0xa9, 0x45, 0x25, 0x99, 0x69, 0x99, 0xc9, 0x89, 0x25, 0xa9, 0x41, 0xa9, 0x85, 0xa5, 0xa9, 0xc5, 0x25, 0x42, @@ -312,9 +312,9 @@ var fileDescriptor_api_92247eb635a417db = []byte{ 0xd5, 0x2d, 0x33, 0x07, 0x6e, 0xa4, 0x10, 0x17, 0x4b, 0x41, 0x62, 0x49, 0x06, 0x58, 0x21, 0x67, 0x10, 0x98, 0x0d, 0x12, 0x4b, 0x49, 0x2c, 0x49, 0x94, 0x60, 0x02, 0x6b, 0x06, 0xb3, 0xc1, 0xea, 0x52, 0x8b, 0x72, 0x25, 0x98, 0x15, 0x18, 0x35, 0x58, 0x83, 0xc0, 0x6c, 0x25, 0x61, 0x2e, 0x41, - 0x24, 0xf3, 0x20, 0x56, 0x1b, 0x4d, 0x60, 0xe4, 0x62, 0x09, 0xf2, 0x0f, 0x71, 0x11, 0x72, 0xe3, - 0xe2, 0x46, 0x72, 0x9a, 0x90, 0x24, 0xc4, 0x83, 0x7a, 0x98, 0xde, 0x92, 0x92, 0xc2, 0x26, 0x05, - 0x31, 0x4e, 0x89, 0x41, 0xc8, 0x81, 0x8b, 0x13, 0x6e, 0x8b, 0x90, 0x38, 0x54, 0x29, 0xba, 0x3f, - 0xa4, 0x24, 0x30, 0x25, 0x60, 0x26, 0x24, 0xb1, 0x81, 0xa5, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff, - 0xff, 0x45, 0xd6, 0xa4, 0x2f, 0x67, 0x01, 0x00, 0x00, + 0x24, 0xf3, 0x20, 0x56, 0x1b, 0x4d, 0x62, 0xe4, 0x62, 0x0b, 0x29, 0x2a, 0x2d, 0x2e, 0x49, 0x11, + 0x72, 0xe3, 0xe2, 0x46, 0x72, 0x9c, 0x90, 0x24, 0xc4, 0x8b, 0x7a, 0x98, 0x1e, 0x93, 0x92, 0xc2, + 0x26, 0x05, 0x31, 0x50, 0x89, 0x41, 0xc8, 0x81, 0x8b, 0x13, 0x6e, 0x8f, 0x90, 0x38, 0x54, 0x29, + 0xba, 0x4f, 0xa4, 0x24, 0x30, 0x25, 0x60, 0x26, 0x24, 0xb1, 0x81, 0xa5, 0x8c, 0x01, 0x01, 0x00, + 0x00, 0xff, 0xff, 0x80, 0xe5, 0x5e, 0xbe, 0x69, 0x01, 0x00, 0x00, } diff --git a/src/initramfs/cmd/rotd/proto/api.proto b/src/initramfs/cmd/trustd/proto/api.proto similarity index 92% rename from src/initramfs/cmd/rotd/proto/api.proto rename to src/initramfs/cmd/trustd/proto/api.proto index 89a46141f5..0a0ba06240 100644 --- a/src/initramfs/cmd/rotd/proto/api.proto +++ b/src/initramfs/cmd/trustd/proto/api.proto @@ -3,8 +3,8 @@ syntax = "proto3"; package proto; -// The ROTD service definition. -service ROTD { +// The Trustd service definition. +service Trustd { rpc Certificate(CertificateRequest) returns (CertificateResponse) {} rpc WriteFile(WriteFileRequest) returns (WriteFileResponse) {} } diff --git a/src/initramfs/pkg/userdata/userdata.go b/src/initramfs/pkg/userdata/userdata.go index 479e8afccf..27a18cf461 100644 --- a/src/initramfs/pkg/userdata/userdata.go +++ b/src/initramfs/pkg/userdata/userdata.go @@ -47,7 +47,7 @@ type Networking struct { // Services represents the set of services available to configure. type Services struct { Kubeadm *Kubeadm `yaml:"kubeadm"` - ROTD *ROTD `yaml:"rotd"` + Trustd *Trustd `yaml:"trustd"` } // File represents a files to write to disk. @@ -73,12 +73,12 @@ type InitConfiguration struct { SelfHosted bool `yaml:"selfHosted,omitempty"` } -// ROTD describes the configuration of the Root of Trust (RoT) service. The +// Trustd describes the configuration of the Root of Trust (RoT) service. The // username and password are used by master nodes, and worker nodes. The master // nodes use them to authenticate clients, while the workers use them to // authenticate as a client. The endpoints should only be specified in the // worker user data, and should include all master nodes participating as a RoT. -type ROTD struct { +type Trustd struct { Username string `yaml:"username"` Password string `yaml:"password"` Endpoints []string `yaml:"endpoints,omitempty"`