diff --git a/.github/workflows/aa_basic.yml b/.github/workflows/aa_basic.yml index 0eff512a0..8adb69cab 100644 --- a/.github/workflows/aa_basic.yml +++ b/.github/workflows/aa_basic.yml @@ -40,12 +40,10 @@ jobs: include: - instance: ubuntu-22.04 make_args: "" - cargo_test_opts: "--features openssl,rust-crypto,all-attesters,kbs,coco_as" - cargo_lint_opts: "--workspace" + cargo_test_opts: "--features openssl,rust-crypto,all-attesters,kbs,coco_as,ttrpc,grpc" - instance: s390x make_args: "ATTESTER=se-attester TEE_PLATFORM=se" cargo_test_opts: "--no-default-features --features openssl,passport,se-attester,kbs,coco_as" - cargo_lint_opts: "--no-default-features --features openssl,se-attester,kbs,coco_as -p attestation-agent -p attester -p coco_keyprovider -p kbc -p kbs_protocol -p crypto -p resource_uri" runs-on: ${{ matrix.instance }} steps: - name: Code checkout @@ -109,8 +107,5 @@ jobs: args: --all -- --check - name: Run rust lint check - uses: actions-rs/cargo@v1 - with: - command: clippy - # We are getting error in generated code due to derive_partial_eq_without_eq check, so ignore it for now - args: ${{ matrix.cargo_lint_opts }} -- -D warnings -A clippy::derive-partial-eq-without-eq + run: | + make lint diff --git a/Cargo.lock b/Cargo.lock index 6a9197a11..24d26235c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3373,7 +3373,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" dependencies = [ "cfg-if", - "windows-targets 0.52.6", + "windows-targets 0.48.5", ] [[package]] @@ -6589,9 +6589,9 @@ dependencies = [ [[package]] name = "ttrpc" -version = "0.8.1" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55ea338db445bee75c596cf8a478fbfcefad5a943c9e92a7e1c805c65ed39551" +checksum = "e376927d4422245ae3e0a0d7df0e805f99652536999b5c671144de9fe4120d8c" dependencies = [ "async-trait", "byteorder", @@ -6622,9 +6622,9 @@ dependencies = [ [[package]] name = "ttrpc-compiler" -version = "0.6.2" +version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0672eb06e5663ad190c7b93b2973f5d730259859b62e4e3381301a12a7441107" +checksum = "04c4c51f20209ae3ec2579b947b54cf52685825238002bc2e5af8e1e075d4813" dependencies = [ "derive-new", "prost 0.8.0", diff --git a/Cargo.toml b/Cargo.toml index 18fafa718..8b8562cfa 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -65,7 +65,7 @@ tokio = "1.39" toml = "0.8.19" tonic = "0.12" tonic-build = "0.12" -ttrpc = "0.8.0" +ttrpc = "0.8.2" ttrpc-codegen = "0.4.2" url = "2.5.2" uuid = "1" diff --git a/api-server-rest/build.rs b/api-server-rest/build.rs index 781cbc9a4..7d9b6afee 100644 --- a/api-server-rest/build.rs +++ b/api-server-rest/build.rs @@ -88,23 +88,6 @@ fn main() -> std::io::Result<()> { ]; let protobuf_customized = ProtobufCustomize::default().gen_mod_rs(false); - use std::fs::File; - use std::io::{Read, Write}; - - fn replace_text_in_file(file_name: &str, from: &str, to: &str) -> Result<(), std::io::Error> { - let mut src = File::open(file_name)?; - let mut contents = String::new(); - src.read_to_string(&mut contents).unwrap(); - drop(src); - - let new_contents = contents.replace(from, to); - - let mut dst = File::create(file_name)?; - dst.write_all(new_contents.as_bytes())?; - - Ok(()) - } - Codegen::new() .out_dir("src/ttrpc_proto") .inputs(&protos) @@ -118,17 +101,6 @@ fn main() -> std::io::Result<()> { .run() .expect("Generate ttrpc protocol code failed."); - // Fix clippy warnings of code generated from ttrpc_codegen - replace_text_in_file( - "src/ttrpc_proto/attestation_agent_ttrpc.rs", - "#![allow(box_pointers)]\n", - "", - )?; - replace_text_in_file( - "src/ttrpc_proto/confidential_data_hub_ttrpc.rs", - "#![allow(box_pointers)]\n", - "", - )?; generate_openapi_document().expect("Generate restful OpenAPI yaml failed."); Ok(()) diff --git a/api-server-rest/src/ttrpc_proto/attestation_agent_ttrpc.rs b/api-server-rest/src/ttrpc_proto/attestation_agent_ttrpc.rs index 675e8561d..0aa87cafe 100644 --- a/api-server-rest/src/ttrpc_proto/attestation_agent_ttrpc.rs +++ b/api-server-rest/src/ttrpc_proto/attestation_agent_ttrpc.rs @@ -1,4 +1,4 @@ -// This file is generated by ttrpc-compiler 0.6.2. Do not edit +// This file is generated by ttrpc-compiler 0.6.3. Do not edit // @generated #![cfg_attr(rustfmt, rustfmt_skip)] @@ -43,7 +43,7 @@ impl AttestationAgentServiceClient { } struct GetEvidenceMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -54,7 +54,7 @@ impl ::ttrpc::r#async::MethodHandler for GetEvidenceMethod { } struct GetTokenMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -74,7 +74,7 @@ pub trait AttestationAgentService: Sync { } } -pub fn create_attestation_agent_service(service: Arc>) -> HashMap { +pub fn create_attestation_agent_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); diff --git a/api-server-rest/src/ttrpc_proto/confidential_data_hub_ttrpc.rs b/api-server-rest/src/ttrpc_proto/confidential_data_hub_ttrpc.rs index 07012c55a..e131ae169 100644 --- a/api-server-rest/src/ttrpc_proto/confidential_data_hub_ttrpc.rs +++ b/api-server-rest/src/ttrpc_proto/confidential_data_hub_ttrpc.rs @@ -1,4 +1,4 @@ -// This file is generated by ttrpc-compiler 0.6.2. Do not edit +// This file is generated by ttrpc-compiler 0.6.3. Do not edit // @generated #![cfg_attr(rustfmt, rustfmt_skip)] @@ -38,7 +38,7 @@ impl GetResourceServiceClient { } struct GetResourceMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -55,7 +55,7 @@ pub trait GetResourceService: Sync { } } -pub fn create_get_resource_service(service: Arc>) -> HashMap { +pub fn create_get_resource_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); diff --git a/attestation-agent/Makefile b/attestation-agent/Makefile index 5884ed4c7..ed2dce50b 100644 --- a/attestation-agent/Makefile +++ b/attestation-agent/Makefile @@ -108,12 +108,26 @@ else features := $(features),rust-crypto endif +ifeq ($(ARCH), s390x) + LINT_OPTION = lint-s390x +else + LINT_OPTION = lint-default +endif + build: cd attestation-agent && $(RUST_FLAGS) cargo build $(release) --no-default-features --features "$(features)" $(binary) $(LIBC_FLAG) mv $(TARGET_DIR)/$(binary_name) $(TARGET) TARGET := $(TARGET_DIR)/$(BIN_NAME) +lint: $(LINT_OPTION) + +lint-default: + cd attestation-agent && cargo clippy --features kbs,coco_as,bin,grpc,ttrpc,all-attesters + +lint-s390x: + cd attestation-agent && cargo clippy --no-default-features --features openssl,kbs,coco_as,bin,grpc,ttrpc + install: install -D -m0755 $(TARGET) $(DESTDIR)/$(BIN_NAME) diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs index 1f09147f4..55d3c497d 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs @@ -165,8 +165,7 @@ impl AttestationAgentService for AA { } pub fn start_ttrpc_service(aa: AttestationAgent) -> Result> { - let service = Box::new(AA { inner: aa }) as Box; - + let service = AA { inner: aa }; let service = Arc::new(service); let get_resource_service = create_attestation_agent_service(service); Ok(get_resource_service) diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs index 69634d962..4b6cfcac1 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs @@ -1,4 +1,4 @@ -// This file is generated by rust-protobuf 3.5.0. Do not edit +// This file is generated by rust-protobuf 3.5.1. Do not edit // .proto file is parsed by pure // @generated @@ -9,7 +9,6 @@ #![allow(unused_attributes)] #![cfg_attr(rustfmt, rustfmt::skip)] -#![allow(box_pointers)] #![allow(dead_code)] #![allow(missing_docs)] #![allow(non_camel_case_types)] @@ -23,7 +22,7 @@ /// Generated files are compatible only with the same version /// of protobuf runtime. -const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_5_0; +const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_5_1; // @@protoc_insertion_point(message:attestation_agent.GetEvidenceRequest) #[derive(PartialEq,Clone,Default,Debug)] diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs index baa18f5b7..50e1b0929 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs @@ -1,10 +1,9 @@ -// This file is generated by ttrpc-compiler 0.6.2. Do not edit +// This file is generated by ttrpc-compiler 0.6.3. Do not edit // @generated #![cfg_attr(rustfmt, rustfmt_skip)] #![allow(unknown_lints)] #![allow(clipto_camel_casepy)] -#![allow(box_pointers)] #![allow(dead_code)] #![allow(missing_docs)] #![allow(non_camel_case_types)] @@ -64,7 +63,7 @@ impl AttestationAgentServiceClient { } struct GetEvidenceMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -75,7 +74,7 @@ impl ::ttrpc::r#async::MethodHandler for GetEvidenceMethod { } struct GetTokenMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -86,7 +85,7 @@ impl ::ttrpc::r#async::MethodHandler for GetTokenMethod { } struct ExtendRuntimeMeasurementMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -97,7 +96,7 @@ impl ::ttrpc::r#async::MethodHandler for ExtendRuntimeMeasurementMethod { } struct CheckInitDataMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -108,7 +107,7 @@ impl ::ttrpc::r#async::MethodHandler for CheckInitDataMethod { } struct UpdateConfigurationMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -119,7 +118,7 @@ impl ::ttrpc::r#async::MethodHandler for UpdateConfigurationMethod { } struct GetTeeTypeMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -151,7 +150,7 @@ pub trait AttestationAgentService: Sync { } } -pub fn create_attestation_agent_service(service: Arc>) -> HashMap { +pub fn create_attestation_agent_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); diff --git a/attestation-agent/kbs_protocol/build.rs b/attestation-agent/kbs_protocol/build.rs index 704457c90..5bb896da4 100644 --- a/attestation-agent/kbs_protocol/build.rs +++ b/attestation-agent/kbs_protocol/build.rs @@ -46,11 +46,6 @@ fn main() -> Result<(), Box> { "client: client", "client", )?; - replace_text_in_file( - "src/token_provider/aa/attestation_agent_ttrpc.rs", - "#![allow(box_pointers)]\n", - "", - )?; } Ok(()) diff --git a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs index a2ff57e23..85fe45a8f 100644 --- a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs +++ b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs @@ -1,4 +1,4 @@ -// This file is generated by ttrpc-compiler 0.6.2. Do not edit +// This file is generated by ttrpc-compiler 0.6.3. Do not edit // @generated #![cfg_attr(rustfmt, rustfmt_skip)] @@ -63,7 +63,7 @@ impl AttestationAgentServiceClient { } struct GetEvidenceMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -74,7 +74,7 @@ impl ::ttrpc::r#async::MethodHandler for GetEvidenceMethod { } struct GetTokenMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -85,7 +85,7 @@ impl ::ttrpc::r#async::MethodHandler for GetTokenMethod { } struct ExtendRuntimeMeasurementMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -96,7 +96,7 @@ impl ::ttrpc::r#async::MethodHandler for ExtendRuntimeMeasurementMethod { } struct CheckInitDataMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -107,7 +107,7 @@ impl ::ttrpc::r#async::MethodHandler for CheckInitDataMethod { } struct UpdateConfigurationMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -118,7 +118,7 @@ impl ::ttrpc::r#async::MethodHandler for UpdateConfigurationMethod { } struct GetTeeTypeMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -150,7 +150,7 @@ pub trait AttestationAgentService: Sync { } } -pub fn create_attestation_agent_service(service: Arc>) -> HashMap { +pub fn create_attestation_agent_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); diff --git a/confidential-data-hub/hub/build.rs b/confidential-data-hub/hub/build.rs index 7d930f81c..a87a5612a 100644 --- a/confidential-data-hub/hub/build.rs +++ b/confidential-data-hub/hub/build.rs @@ -51,16 +51,6 @@ fn main() { // Fix clippy warnings of code generated from ttrpc_codegen replace_text_in_file("src/bin/protos/api_ttrpc.rs", "client: client", "client"); - replace_text_in_file( - "src/bin/protos/api_ttrpc.rs", - "#![allow(box_pointers)]\n", - "", - ); - replace_text_in_file( - "src/bin/protos/keyprovider_ttrpc.rs", - "#![allow(box_pointers)]\n", - "", - ); } #[cfg(feature = "bin")] diff --git a/confidential-data-hub/hub/src/bin/grpc_server/mod.rs b/confidential-data-hub/hub/src/bin/grpc_server/mod.rs index 7f16e112e..24b7fb1ea 100644 --- a/confidential-data-hub/hub/src/bin/grpc_server/mod.rs +++ b/confidential-data-hub/hub/src/bin/grpc_server/mod.rs @@ -9,7 +9,6 @@ use confidential_data_hub::{hub::Hub, DataHub}; use log::{debug, error}; use std::{error::Error as _, net::SocketAddr, sync::Arc}; use storage::volume_type::Storage; -use tokio::sync::RwLock; use tonic::{transport::Server, Request, Response, Status}; use crate::{ @@ -18,7 +17,7 @@ use crate::{ }; use api::{ get_resource_service_server::{GetResourceService, GetResourceServiceServer}, - image_pull_service_server::ImagePullService, + image_pull_service_server::{ImagePullService, ImagePullServiceServer}, key_provider_service_server::{KeyProviderService, KeyProviderServiceServer}, sealed_secret_service_server::{SealedSecretService, SealedSecretServiceServer}, secure_mount_service_server::{SecureMountService, SecureMountServiceServer}, @@ -33,7 +32,7 @@ mod api { } pub struct Cdh { - inner: RwLock, + inner: Hub, } #[tonic::async_trait] @@ -45,13 +44,15 @@ impl SealedSecretService for Arc { debug!("[gRPC CDH] get new UnsealSecret request"); let request = request.into_inner(); - let cdh = self.inner.read().await; - - let plaintext = cdh.unseal_secret(request.secret).await.map_err(|e| { - let detailed_error = format_error!(e); - error!("[gRPC CDH] Call CDH to unseal secret failed:\n{detailed_error}"); - Status::internal(format!("[ERROR] CDH unseal secret failed: {}", e)) - })?; + let plaintext = self + .inner + .unseal_secret(request.secret) + .await + .map_err(|e| { + let detailed_error = format_error!(e); + error!("[gRPC CDH] Call CDH to unseal secret failed:\n{detailed_error}"); + Status::internal(format!("[ERROR] CDH unseal secret failed: {}", e)) + })?; debug!("[gRPC CDH] Unseal secret successfully!"); @@ -70,13 +71,15 @@ impl GetResourceService for Arc { debug!("[gRPC CDH] get new GetResource request"); let request = request.into_inner(); - let cdh = self.inner.read().await; - - let resource = cdh.get_resource(request.resource_path).await.map_err(|e| { - let detailed_error = format_error!(e); - error!("[gRPC CDH] Call CDH to get resource failed:\n{detailed_error}"); - Status::internal(format!("[ERROR] CDH get resource failed: {}", e)) - })?; + let resource = self + .inner + .get_resource(request.resource_path) + .await + .map_err(|e| { + let detailed_error = format_error!(e); + error!("[gRPC CDH] Call CDH to get resource failed:\n{detailed_error}"); + Status::internal(format!("[ERROR] CDH get resource failed: {}", e)) + })?; debug!("[gRPC CDH] Get resource successfully!"); @@ -95,14 +98,13 @@ impl SecureMountService for Arc { debug!("[gRPC CDH] get new SecureMount request"); let request = request.into_inner(); - let cdh = self.inner.read().await; let storage = Storage { volume_type: request.volume_type, options: request.options, flags: request.flags, mount_point: request.mount_point, }; - let mount_path = cdh.secure_mount(storage).await.map_err(|e| { + let mount_path = self.inner.secure_mount(storage).await.map_err(|e| { let detailed_error = format_error!(e); error!("[gRPC CDH] Call CDH to secure mount failed:\n{detailed_error}"); Status::internal(format!("[ERROR] CDH secure mount failed: {}", e)) @@ -125,9 +127,8 @@ impl ImagePullService for Arc { debug!("[gRPC CDH] get new ImagePull request"); let request = request.into_inner(); - let cdh = self.inner.read().await; - - let manifest_digest = cdh + let manifest_digest = self + .inner .pull_image(&request.image_url, &request.bundle_path) .await .map_err(|e| { @@ -160,8 +161,6 @@ impl KeyProviderService for Arc { debug!("[gRPC CDH] get new UnwrapKey request"); let request = request.into_inner(); - let cdh = self.inner.read().await; - let key_provider_input: KeyProviderInput = serde_json::from_slice( &request.key_provider_key_wrap_protocol_input[..], ) @@ -177,11 +176,15 @@ impl KeyProviderService for Arc { Status::internal(format!("[ERROR] CDH Unwrap Key failed: {}", e)) })?; - let decrypted_optsdata = cdh.unwrap_key(&annotation_packet).await.map_err(|e| { - let detailed_error = format_error!(e); - error!("[gRPC CDH] Call CDH to Unwrap Key failed:\n{detailed_error}"); - Status::internal(format!("[ERROR] CDH Unwrap Key failed: {}", e)) - })?; + let decrypted_optsdata = self + .inner + .unwrap_key(&annotation_packet) + .await + .map_err(|e| { + let detailed_error = format_error!(e); + error!("[gRPC CDH] Call CDH to Unwrap Key failed:\n{detailed_error}"); + Status::internal(format!("[ERROR] CDH Unwrap Key failed: {}", e)) + })?; // Construct output structure and serialize it as the return value of gRPC let output_struct = KeyUnwrapOutput { @@ -206,13 +209,14 @@ impl KeyProviderService for Arc { } } -pub async fn start_grpc_service(socket: SocketAddr, cdh: Hub) -> Result<()> { - let service = Cdh { inner: cdh.into() }; +pub async fn start_grpc_service(socket: SocketAddr, inner: Hub) -> Result<()> { + let service = Cdh { inner }; let service = Arc::new(service); Server::builder() .add_service(SealedSecretServiceServer::new(service.clone())) .add_service(GetResourceServiceServer::new(service.clone())) .add_service(SecureMountServiceServer::new(service.clone())) + .add_service(ImagePullServiceServer::new(service.clone())) .add_service(KeyProviderServiceServer::new(service)) .serve(socket) .await?; diff --git a/confidential-data-hub/hub/src/bin/protos/api_ttrpc.rs b/confidential-data-hub/hub/src/bin/protos/api_ttrpc.rs index 7142428e3..35d2c704d 100644 --- a/confidential-data-hub/hub/src/bin/protos/api_ttrpc.rs +++ b/confidential-data-hub/hub/src/bin/protos/api_ttrpc.rs @@ -1,4 +1,4 @@ -// This file is generated by ttrpc-compiler 0.6.2. Do not edit +// This file is generated by ttrpc-compiler 0.6.3. Do not edit // @generated #![cfg_attr(rustfmt, rustfmt_skip)] @@ -38,7 +38,7 @@ impl SealedSecretServiceClient { } struct UnsealSecretMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -55,7 +55,7 @@ pub trait SealedSecretService: Sync { } } -pub fn create_sealed_secret_service(service: Arc>) -> HashMap { +pub fn create_sealed_secret_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); @@ -86,7 +86,7 @@ impl GetResourceServiceClient { } struct GetResourceMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -103,7 +103,7 @@ pub trait GetResourceService: Sync { } } -pub fn create_get_resource_service(service: Arc>) -> HashMap { +pub fn create_get_resource_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); @@ -134,7 +134,7 @@ impl SecureMountServiceClient { } struct SecureMountMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -151,7 +151,7 @@ pub trait SecureMountService: Sync { } } -pub fn create_secure_mount_service(service: Arc>) -> HashMap { +pub fn create_secure_mount_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); @@ -182,7 +182,7 @@ impl ImagePullServiceClient { } struct PullImageMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -199,7 +199,7 @@ pub trait ImagePullService: Sync { } } -pub fn create_image_pull_service(service: Arc>) -> HashMap { +pub fn create_image_pull_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); diff --git a/confidential-data-hub/hub/src/bin/protos/keyprovider_ttrpc.rs b/confidential-data-hub/hub/src/bin/protos/keyprovider_ttrpc.rs index 059b79f72..9d4364cb9 100644 --- a/confidential-data-hub/hub/src/bin/protos/keyprovider_ttrpc.rs +++ b/confidential-data-hub/hub/src/bin/protos/keyprovider_ttrpc.rs @@ -1,4 +1,4 @@ -// This file is generated by ttrpc-compiler 0.6.2. Do not edit +// This file is generated by ttrpc-compiler 0.6.3. Do not edit // @generated #![cfg_attr(rustfmt, rustfmt_skip)] @@ -43,7 +43,7 @@ impl KeyProviderServiceClient { } struct WrapKeyMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -54,7 +54,7 @@ impl ::ttrpc::r#async::MethodHandler for WrapKeyMethod { } struct UnWrapKeyMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -74,7 +74,7 @@ pub trait KeyProviderService: Sync { } } -pub fn create_key_provider_service(service: Arc>) -> HashMap { +pub fn create_key_provider_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); diff --git a/confidential-data-hub/hub/src/bin/ttrpc-cdh.rs b/confidential-data-hub/hub/src/bin/ttrpc-cdh.rs index 9138da32f..869619ee3 100644 --- a/confidential-data-hub/hub/src/bin/ttrpc-cdh.rs +++ b/confidential-data-hub/hub/src/bin/ttrpc-cdh.rs @@ -41,14 +41,6 @@ struct Cli { config: Option, } -macro_rules! ttrpc_service { - ($func: expr, $conf: expr) => {{ - let server = Server::new($conf).await?; - let server = Arc::new(Box::new(server) as _); - $func(server) - }}; -} - #[tokio::main] async fn main() -> Result<()> { env_logger::init_from_env(env_logger::Env::new().default_filter_or("info")); @@ -64,20 +56,17 @@ async fn main() -> Result<()> { create_socket_parent_directory(unix_socket_path).await?; clean_previous_sock_file(unix_socket_path).await?; - let sealed_secret_service = ttrpc_service!(create_sealed_secret_service, &config); - let get_resource_service = ttrpc_service!(create_get_resource_service, &config); - let key_provider_service = ttrpc_service!(create_key_provider_service, &config); - let secure_mount_service = ttrpc_service!(create_secure_mount_service, &config); - let image_pull_service = ttrpc_service!(create_image_pull_service, &config); + let server = Server::new(&config).await.context("create CDH instance")?; + let server = Arc::new(server); let mut server = TtrpcServer::new() .bind(&config.socket) .context("cannot bind cdh ttrpc service")? - .register_service(sealed_secret_service) - .register_service(get_resource_service) - .register_service(secure_mount_service) - .register_service(key_provider_service) - .register_service(image_pull_service); + .register_service(create_sealed_secret_service(server.clone() as _)) + .register_service(create_get_resource_service(server.clone() as _)) + .register_service(create_key_provider_service(server.clone() as _)) + .register_service(create_secure_mount_service(server.clone() as _)) + .register_service(create_image_pull_service(server.clone() as _)); info!( "[ttRPC] Confidential Data Hub starts to listen to request: {}", diff --git a/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs b/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs index e7a71e5b4..448c49323 100644 --- a/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs +++ b/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs @@ -3,15 +3,13 @@ // SPDX-License-Identifier: Apache-2.0 // -use std::{error::Error as _, sync::Arc}; +use std::error::Error as _; use anyhow::Result; use async_trait::async_trait; use confidential_data_hub::{hub::Hub, CdhConfig, DataHub}; -use lazy_static::lazy_static; use log::{debug, error}; use storage::volume_type::Storage; -use tokio::sync::RwLock; use ttrpc::{asynchronous::TtrpcContext, Code, Error, Status}; use crate::{ @@ -30,26 +28,15 @@ use crate::{ }, }; -lazy_static! { - static ref HUB: Arc>> = Arc::new(RwLock::new(None)); +pub struct Server { + hub: Hub, } -pub struct Server; - impl Server { - async fn init(config: &CdhConfig) -> Result<()> { - let mut writer = HUB.write().await; - if writer.is_none() { - let hub = Hub::new(config.clone()).await?; - *writer = Some(hub); - } - - Ok(()) - } - pub async fn new(config: &CdhConfig) -> Result { - Self::init(config).await?; - Ok(Self) + let hub = Hub::new(config.clone()).await?; + + Ok(Self { hub }) } } @@ -61,9 +48,7 @@ impl SealedSecretService for Server { input: UnsealSecretInput, ) -> ::ttrpc::Result { debug!("[ttRPC CDH] get new UnsealSecret request"); - let reader = HUB.read().await; - let reader = reader.as_ref().expect("must be initialized"); - let plaintext = reader.unseal_secret(input.secret).await.map_err(|e| { + let plaintext = self.hub.unseal_secret(input.secret).await.map_err(|e| { let detailed_error = format_error!(e); error!("[ttRPC CDH] UnsealSecret :\n{detailed_error}"); let mut status = Status::new(); @@ -87,9 +72,7 @@ impl GetResourceService for Server { req: GetResourceRequest, ) -> ::ttrpc::Result { debug!("[ttRPC CDH] get new GetResource request"); - let reader = HUB.read().await; - let reader = reader.as_ref().expect("must be initialized"); - let resource = reader.get_resource(req.ResourcePath).await.map_err(|e| { + let resource = self.hub.get_resource(req.ResourcePath).await.map_err(|e| { let detailed_error = format_error!(e); error!("[ttRPC CDH] GetResource :\n{detailed_error}"); let mut status = Status::new(); @@ -113,8 +96,6 @@ impl KeyProviderService for Server { req: KeyProviderKeyWrapProtocolInput, ) -> ::ttrpc::Result { debug!("[ttRPC CDH] get new UnWrapKey request"); - let reader = HUB.read().await; - let reader = reader.as_ref().expect("must be initialized"); let key_provider_input: KeyProviderInput = serde_json::from_slice(&req.KeyProviderKeyWrapProtocolInput[..]).map_err(|e| { error!("[ttRPC CDH] UnwrapKey parse KeyProviderInput failed : {e:?}"); @@ -133,7 +114,7 @@ impl KeyProviderService for Server { })?; debug!("[ttRPC CDH] Call CDH to Unwrap Key..."); - let decrypted_optsdata = reader.unwrap_key(&annotation_packet).await.map_err(|e| { + let decrypted_optsdata = self.hub.unwrap_key(&annotation_packet).await.map_err(|e| { let detailed_error = format_error!(e); error!("[ttRPC CDH] UnWrapKey :\n{detailed_error}"); let mut status = Status::new(); @@ -173,15 +154,13 @@ impl SecureMountService for Server { req: SecureMountRequest, ) -> ::ttrpc::Result { debug!("[ttRPC CDH] get new secure mount request"); - let reader = HUB.read().await; - let reader = reader.as_ref().expect("must be initialized"); let storage = Storage { volume_type: req.volume_type, options: req.options, flags: req.flags, mount_point: req.mount_point, }; - let resource = reader.secure_mount(storage).await.map_err(|e| { + let resource = self.hub.secure_mount(storage).await.map_err(|e| { let detailed_error = format_error!(e); error!("[ttRPC CDH] Secure Mount :\n{detailed_error}"); let mut status = Status::new(); @@ -205,9 +184,8 @@ impl ImagePullService for Server { req: ImagePullRequest, ) -> ::ttrpc::Result { debug!("[ttRPC CDH] get new image pull request"); - let reader = HUB.read().await; - let reader = reader.as_ref().expect("must be initialized"); - let manifest_digest = reader + let manifest_digest = self + .hub .pull_image(&req.image_url, &req.bundle_path) .await .map_err(|e| { diff --git a/image-rs/build.rs b/image-rs/build.rs index e07ba4dd0..1399e2c96 100644 --- a/image-rs/build.rs +++ b/image-rs/build.rs @@ -3,53 +3,21 @@ // SPDX-License-Identifier: Apache-2.0 // -fn main() -> Result<(), Box> { +fn main() { #[cfg(feature = "tonic-build")] tonic_build::compile_protos("./protos/getresource.proto").expect("tonic build"); #[cfg(feature = "ttrpc-codegen")] - { - use std::fs::File; - use std::io::{Read, Write}; - - fn replace_text_in_file( - file_name: &str, - from: &str, - to: &str, - ) -> Result<(), std::io::Error> { - let mut src = File::open(file_name)?; - let mut contents = String::new(); - src.read_to_string(&mut contents).unwrap(); - drop(src); - - let new_contents = contents.replace(from, to); - - let mut dst = File::create(file_name)?; - dst.write_all(new_contents.as_bytes())?; - - Ok(()) - } - - ttrpc_codegen::Codegen::new() - .out_dir("./src/resource/kbs/ttrpc_proto") - .input("./protos/getresource.proto") - .include("./protos") - .rust_protobuf() - .customize(ttrpc_codegen::Customize { - async_all: true, - ..Default::default() - }) - .rust_protobuf_customize(ttrpc_codegen::ProtobufCustomize::default().gen_mod_rs(false)) - .run() - .expect("ttrpc build"); - - // Fix clippy warnings of code generated from ttrpc_codegen - replace_text_in_file( - "src/resource/kbs/ttrpc_proto/getresource_ttrpc.rs", - "#![allow(box_pointers)]\n", - "", - )?; - } - - Ok(()) + ttrpc_codegen::Codegen::new() + .out_dir("./src/resource/kbs/ttrpc_proto") + .input("./protos/getresource.proto") + .include("./protos") + .rust_protobuf() + .customize(ttrpc_codegen::Customize { + async_all: true, + ..Default::default() + }) + .rust_protobuf_customize(ttrpc_codegen::ProtobufCustomize::default().gen_mod_rs(false)) + .run() + .expect("ttrpc build"); } diff --git a/image-rs/src/resource/kbs/ttrpc_proto/getresource_ttrpc.rs b/image-rs/src/resource/kbs/ttrpc_proto/getresource_ttrpc.rs index 5e8aebecf..b565ca784 100644 --- a/image-rs/src/resource/kbs/ttrpc_proto/getresource_ttrpc.rs +++ b/image-rs/src/resource/kbs/ttrpc_proto/getresource_ttrpc.rs @@ -1,4 +1,4 @@ -// This file is generated by ttrpc-compiler 0.6.2. Do not edit +// This file is generated by ttrpc-compiler 0.6.3. Do not edit // @generated #![cfg_attr(rustfmt, rustfmt_skip)] @@ -38,7 +38,7 @@ impl GetResourceServiceClient { } struct GetResourceMethod { - service: Arc>, + service: Arc, } #[async_trait] @@ -55,7 +55,7 @@ pub trait GetResourceService: Sync { } } -pub fn create_get_resource_service(service: Arc>) -> HashMap { +pub fn create_get_resource_service(service: Arc) -> HashMap { let mut ret = HashMap::new(); let mut methods = HashMap::new(); let streams = HashMap::new(); diff --git a/ocicrypt-rs/build.rs b/ocicrypt-rs/build.rs index 70d102daf..fb12e2557 100644 --- a/ocicrypt-rs/build.rs +++ b/ocicrypt-rs/build.rs @@ -50,11 +50,6 @@ fn main() -> Result<(), Box> { "client: client", "client", )?; - replace_text_in_file( - "src/utils/ttrpc/keyprovider_ttrpc.rs", - "#![allow(box_pointers)]\n", - "", - )?; } Ok(()) diff --git a/ocicrypt-rs/src/utils/ttrpc/keyprovider_ttrpc.rs b/ocicrypt-rs/src/utils/ttrpc/keyprovider_ttrpc.rs index 9a68b073e..7f18d5a51 100644 --- a/ocicrypt-rs/src/utils/ttrpc/keyprovider_ttrpc.rs +++ b/ocicrypt-rs/src/utils/ttrpc/keyprovider_ttrpc.rs @@ -1,4 +1,4 @@ -// This file is generated by ttrpc-compiler 0.6.2. Do not edit +// This file is generated by ttrpc-compiler 0.6.3. Do not edit // @generated #![cfg_attr(rustfmt, rustfmt_skip)] @@ -44,7 +44,7 @@ impl KeyProviderServiceClient { } struct WrapKeyMethod { - service: Arc>, + service: Arc, } impl ::ttrpc::MethodHandler for WrapKeyMethod { @@ -55,7 +55,7 @@ impl ::ttrpc::MethodHandler for WrapKeyMethod { } struct UnWrapKeyMethod { - service: Arc>, + service: Arc, } impl ::ttrpc::MethodHandler for UnWrapKeyMethod { @@ -74,7 +74,7 @@ pub trait KeyProviderService { } } -pub fn create_key_provider_service(service: Arc>) -> HashMap> { +pub fn create_key_provider_service(service: Arc) -> HashMap> { let mut methods = HashMap::new(); methods.insert("/keyprovider.KeyProviderService/WrapKey".to_string(),