Skip to content

Commit

Permalink
initdata: update document and test case for certs
Browse files Browse the repository at this point in the history 
Update md file and test case for certs

Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
  • Loading branch information
Qi Feng Huo committed Aug 7, 2024
1 parent bf3d5f6 commit 54ab3b5
Show file tree
Hide file tree
Showing 2 changed files with 118 additions and 5 deletions.
61 changes: 59 additions & 2 deletions src/cloud-api-adaptor/docs/initdata.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,30 @@ url = 'http://127.0.0.1:8080'
[token_configs.kbs]
url = 'http://127.0.0.1:8080'
cert = """
-----BEGIN CERTIFICATE-----
MIIDljCCAn6gAwIBAgIUR/UNh13GFam4emgludtype/S9BIwDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFpoZWppYW5nMREwDwYDVQQHDAhI
YW5nemhvdTERMA8GA1UECgwIQUFTLVRFU1QxFDASBgNVBAsMC0RldmVsb3BtZW50
MRcwFQYDVQQDDA5BQVMtVEVTVC1IVFRQUzAeFw0yNDAzMTgwNzAzNTNaFw0yNTAz
MTgwNzAzNTNaMHUxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhaaGVqaWFuZzERMA8G
A1UEBwwISGFuZ3pob3UxETAPBgNVBAoMCEFBUy1URVNUMRQwEgYDVQQLDAtEZXZl
bG9wbWVudDEXMBUGA1UEAwwOQUFTLVRFU1QtSFRUUFMwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDfp1aBr6LiNRBlJUcDGcAbcUCPG6UzywtVIc8+comS
ay//gwz2AkDmFVvqwI4bdp/NUCwSC6ShHzxsrCEiagRKtA3af/ckM7hOkb4S6u/5
ewHHFcL6YOUp+NOH5/dSLrFHLjet0dt4LkyNBPe7mKAyCJXfiX3wb25wIBB0Tfa0
p5VoKzwWeDQBx7aX8TKbG6/FZIiOXGZdl24DGARiqE3XifX7DH9iVZ2V2RL9+3WY
05GETNFPKtcrNwTy8St8/HsWVxjAzGFzf75Lbys9Ff3JMDsg9zQzgcJJzYWisxlY
g3CmnbENP0eoHS4WjQlTUyY0mtnOwodo4Vdf8ZOkU4wJAgMBAAGjHjAcMBoGA1Ud
EQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAKW32spii
t2JB7C1IvYpJw5mQ5bhIlldE0iB5rwWvNbuDgPrgfTI4xiX5sumdHw+P2+GU9KXF
nWkFRZ9W/26xFrVgGIS/a07aI7xrlp0Oj+1uO91UhCL3HhME/0tPC6z1iaFeZp8Y
T1tLnafqiGiThFUgvg6PKt86enX60vGaTY7sslRlgbDr9sAi/NDSS7U1PviuC6yo
yJi7BDiRSx7KrMGLscQ+AKKo2RF1MLzlJMa1kIZfvKDBXFzRd61K5IjDRQ4HQhwX
DYEbQvoZIkUTc1gBUWDcAUS5ztbJg9LCb9WVtvUTqTP2lGuNymOvdsuXq+sAZh9b
M9QaC1mzQ/OStg==
-----END CERTIFICATE-----
"""
'''

"cdh.toml" = '''
Expand All @@ -30,6 +54,39 @@ credentials = []
[kbc]
name = 'cc_kbc'
url = 'http://1.2.3.4:8080'
kbs_cert = """
-----BEGIN CERTIFICATE-----
MIIFTDCCAvugAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBATB7MRQwEgYD
VQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDASBgNVBAcMC1NhbnRhIENs
YXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5jZWQgTWljcm8gRGV2aWNl
czESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTIzMDEyNDE3NTgyNloXDTMwMDEyNDE3
NTgyNlowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD
VQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2Vk
IE1pY3JvIERldmljZXMxETAPBgNVBAMMCFNFVi1WQ0VLMHYwEAYHKoZIzj0CAQYF
K4EEACIDYgAExmG1ZbuoAQK93USRyZQcsyobfbaAEoKEELf/jK39cOVJt1t4s83W
XM3rqIbS7qHUHQw/FGyOvdaEUs5+wwxpCWfDnmJMAQ+ctgZqgDEKh1NqlOuuKcKq
2YAWE5cTH7sHo4IBFjCCARIwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC
BAoWCE1pbGFuLUIwMBEGCisGAQQBnHgBAwEEAwIBAzARBgorBgEEAZx4AQMCBAMC
AQAwEQYKKwYBBAGceAEDBAQDAgEAMBEGCisGAQQBnHgBAwUEAwIBADARBgorBgEE
AZx4AQMGBAMCAQAwEQYKKwYBBAGceAEDBwQDAgEAMBEGCisGAQQBnHgBAwMEAwIB
CDARBgorBgEEAZx4AQMIBAMCAXMwTQYJKwYBBAGceAEEBEDDhCejDUx6+dlvehW5
cmmCWmTLdqI1L/1dGBFdia1HP46MC82aXZKGYSutSq37RCYgWjueT+qCMBE1oXDk
d1JOMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0B
AQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBA4ICAQACgCai9x8DAWzX/2IelNWm
ituEBSiq9C9eDnBEckQYikAhPasfagnoWFAtKu/ZWTKHi+BMbhKwswBS8W0G1ywi
cUWGlzigI4tdxxf1YBJyCoTSNssSbKmIh5jemBfrvIBo1yEd+e56ZJMdhN8e+xWU
bvovUC2/7Dl76fzAaACLSorZUv5XPJwKXwEOHo7FIcREjoZn+fKjJTnmdXce0LD6
9RHr+r+ceyE79gmK31bI9DYiJoL4LeGdXZ3gMOVDR1OnDos5lOBcV+quJ6JujpgH
d9g3Sa7Du7pusD9Fdap98ocZslRfFjFi//2YdVM4MKbq6IwpYNB+2PCEKNC7SfbO
NgZYJuPZnM/wViES/cP7MZNJ1KUKBI9yh6TmlSsZZOclGJvrOsBZimTXpATjdNMt
cluKwqAUUzYQmU7bf2TMdOXyA9iH5wIpj1kWGE1VuFADTKILkTc6LzLzOWCofLxf
onhTtSDtzIv/uel547GZqq+rVRvmIieEuEvDETwuookfV6qu3D/9KuSr9xiznmEg
xynud/f525jppJMcD/ofbQxUZuGKvb3f3zy+aLxqidoX7gca2Xd9jyUy5Y/83+ZN
bz4PZx81UJzXVI9ABEh8/xilATh1ZxOePTBJjN7lgr0lXtKYjV/43yyxgUYrXNZS
oLSG2dLCK9mjjraPjau34Q==
-----END CERTIFICATE-----
"""
'''

"policy.rego" = '''
Expand Down Expand Up @@ -75,7 +132,7 @@ metadata:
run: busybox
name: busybox
annotations:
io.katacontainers.config.runtime.cc_init_data: YWxnb3JpdGhtID0gInNoYTM4NCIKdmVyc2lvbiA9ICIwLjEuMCIKCltkYXRhXQoiYWEudG9tbCIgPSAnJycKW3Rva2VuX2NvbmZpZ3NdClt0b2tlbl9jb25maWdzLmNvY29fYXNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCgpbdG9rZW5fY29uZmlncy5rYnNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCicnJwoKImNkaC50b21sIiAgPSAnJycKc29ja2V0ID0gJ3VuaXg6Ly8vcnVuL2NvbmZpZGVudGlhbC1jb250YWluZXJzL2NkaC5zb2NrJwpjcmVkZW50aWFscyA9IFtdCgpba2JjXQpuYW1lID0gJ2NjX2tiYycKdXJsID0gJ2h0dHA6Ly8xLjIuMy40OjgwODAnCicnJwoKInBvbGljeS5yZWdvIiA9ICcnJwpwYWNrYWdlIGFnZW50X3BvbGljeQoKaW1wb3J0IGZ1dHVyZS5rZXl3b3Jkcy5pbgppbXBvcnQgZnV0dXJlLmtleXdvcmRzLmV2ZXJ5CgppbXBvcnQgaW5wdXQKCiMgRGVmYXVsdCB2YWx1ZXMsIHJldHVybmVkIGJ5IE9QQSB3aGVuIHJ1bGVzIGNhbm5vdCBiZSBldmFsdWF0ZWQgdG8gdHJ1ZS4KZGVmYXVsdCBDb3B5RmlsZVJlcXVlc3QgOj0gZmFsc2UKZGVmYXVsdCBDcmVhdGVDb250YWluZXJSZXF1ZXN0IDo9IGZhbHNlCmRlZmF1bHQgQ3JlYXRlU2FuZGJveFJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IERlc3Ryb3lTYW5kYm94UmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgRXhlY1Byb2Nlc3NSZXF1ZXN0IDo9IGZhbHNlCmRlZmF1bHQgR2V0T09NRXZlbnRSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBHdWVzdERldGFpbHNSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBPbmxpbmVDUFVNZW1SZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBQdWxsSW1hZ2VSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBSZWFkU3RyZWFtUmVxdWVzdCA6PSBmYWxzZQpkZWZhdWx0IFJlbW92ZUNvbnRhaW5lclJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFJlbW92ZVN0YWxlVmlydGlvZnNTaGFyZU1vdW50c1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFNpZ25hbFByb2Nlc3NSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBTdGFydENvbnRhaW5lclJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFN0YXRzQ29udGFpbmVyUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVHR5V2luUmVzaXplUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVXBkYXRlRXBoZW1lcmFsTW91bnRzUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVXBkYXRlSW50ZXJmYWNlUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVXBkYXRlUm91dGVzUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgV2FpdFByb2Nlc3NSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBXcml0ZVN0cmVhbVJlcXVlc3QgOj0gZmFsc2UKJycn
io.katacontainers.config.runtime.cc_init_data: YWxnb3JpdGhtID0gInNoYTM4NCIKdmVyc2lvbiA9ICIwLjEuMCIKCltkYXRhXQoiYWEudG9tbCIgPSAnJycKW3Rva2VuX2NvbmZpZ3NdClt0b2tlbl9jb25maWdzLmNvY29fYXNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCgpbdG9rZW5fY29uZmlncy5rYnNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCmNlcnQgPSAiIiIKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsakNDQW42Z0F3SUJBZ0lVUi9VTmgxM0dGYW00ZW1nbHVkdHlwZS9TOUJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2RURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdNQ0Zwb1pXcHBZVzVuTVJFd0R3WURWUVFIREFoSQpZVzVuZW1odmRURVJNQThHQTFVRUNnd0lRVUZUTFZSRlUxUXhGREFTQmdOVkJBc01DMFJsZG1Wc2IzQnRaVzUwCk1SY3dGUVlEVlFRRERBNUJRVk10VkVWVFZDMUlWRlJRVXpBZUZ3MHlOREF6TVRnd056QXpOVE5hRncweU5UQXoKTVRnd056QXpOVE5hTUhVeEN6QUpCZ05WQkFZVEFrTk9NUkV3RHdZRFZRUUlEQWhhYUdWcWFXRnVaekVSTUE4RwpBMVVFQnd3SVNHRnVaM3BvYjNVeEVUQVBCZ05WQkFvTUNFRkJVeTFVUlZOVU1SUXdFZ1lEVlFRTERBdEVaWFpsCmJHOXdiV1Z1ZERFWE1CVUdBMVVFQXd3T1FVRlRMVlJGVTFRdFNGUlVVRk13Z2dFaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURmcDFhQnI2TGlOUkJsSlVjREdjQWJjVUNQRzZVenl3dFZJYzgrY29tUwpheS8vZ3d6MkFrRG1GVnZxd0k0YmRwL05VQ3dTQzZTaEh6eHNyQ0VpYWdSS3RBM2FmL2NrTTdoT2tiNFM2dS81CmV3SEhGY0w2WU9VcCtOT0g1L2RTTHJGSExqZXQwZHQ0TGt5TkJQZTdtS0F5Q0pYZmlYM3diMjV3SUJCMFRmYTAKcDVWb0t6d1dlRFFCeDdhWDhUS2JHNi9GWklpT1hHWmRsMjRER0FSaXFFM1hpZlg3REg5aVZaMlYyUkw5KzNXWQowNUdFVE5GUEt0Y3JOd1R5OFN0OC9Ic1dWeGpBekdGemY3NUxieXM5RmYzSk1Ec2c5elF6Z2NKSnpZV2lzeGxZCmczQ21uYkVOUDBlb0hTNFdqUWxUVXlZMG10bk93b2RvNFZkZjhaT2tVNHdKQWdNQkFBR2pIakFjTUJvR0ExVWQKRVFRVE1CR0NDV3h2WTJGc2FHOXpkSWNFZndBQUFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFLVzMyc3BpaQp0MkpCN0MxSXZZcEp3NW1RNWJoSWxsZEUwaUI1cndXdk5idURnUHJnZlRJNHhpWDVzdW1kSHcrUDIrR1U5S1hGCm5Xa0ZSWjlXLzI2eEZyVmdHSVMvYTA3YUk3eHJscDBPaisxdU85MVVoQ0wzSGhNRS8wdFBDNnoxaWFGZVpwOFkKVDF0TG5hZnFpR2lUaEZVZ3ZnNlBLdDg2ZW5YNjB2R2FUWTdzc2xSbGdiRHI5c0FpL05EU1M3VTFQdml1QzZ5bwp5Smk3QkRpUlN4N0tyTUdMc2NRK0FLS28yUkYxTUx6bEpNYTFrSVpmdktEQlhGelJkNjFLNUlqRFJRNEhRaHdYCkRZRWJRdm9aSWtVVGMxZ0JVV0RjQVVTNXp0YkpnOUxDYjlXVnR2VVRxVFAybEd1TnltT3Zkc3VYcStzQVpoOWIKTTlRYUMxbXpRL09TdGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiIiIgonJycKCiJjZGgudG9tbCIgID0gJycnCnNvY2tldCA9ICd1bml4Oi8vL3J1bi9jb25maWRlbnRpYWwtY29udGFpbmVycy9jZGguc29jaycKY3JlZGVudGlhbHMgPSBbXQoKW2tiY10KbmFtZSA9ICdjY19rYmMnCnVybCA9ICdodHRwOi8vMS4yLjMuNDo4MDgwJwprYnNfY2VydCA9ICIiIgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRlREQ0NBdnVnQXdJQkFnSUJBREJHQmdrcWhraUc5dzBCQVFvd09hQVBNQTBHQ1dDR1NBRmxBd1FDQWdVQQpvUnd3R2dZSktvWklodmNOQVFFSU1BMEdDV0NHU0FGbEF3UUNBZ1VBb2dNQ0FUQ2pBd0lCQVRCN01SUXdFZ1lEClZRUUxEQXRGYm1kcGJtVmxjbWx1WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhGREFTQmdOVkJBY01DMU5oYm5SaElFTnMKWVhKaE1Rc3dDUVlEVlFRSURBSkRRVEVmTUIwR0ExVUVDZ3dXUVdSMllXNWpaV1FnVFdsamNtOGdSR1YyYVdObApjekVTTUJBR0ExVUVBd3dKVTBWV0xVMXBiR0Z1TUI0WERUSXpNREV5TkRFM05UZ3lObG9YRFRNd01ERXlOREUzCk5UZ3lObG93ZWpFVU1CSUdBMVVFQ3d3TFJXNW5hVzVsWlhKcGJtY3hDekFKQmdOVkJBWVRBbFZUTVJRd0VnWUQKVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUVDQXdDUTBFeEh6QWRCZ05WQkFvTUZrRmtkbUZ1WTJWawpJRTFwWTNKdklFUmxkbWxqWlhNeEVUQVBCZ05WQkFNTUNGTkZWaTFXUTBWTE1IWXdFQVlIS29aSXpqMENBUVlGCks0RUVBQ0lEWWdBRXhtRzFaYnVvQVFLOTNVU1J5WlFjc3lvYmZiYUFFb0tFRUxmL2pLMzljT1ZKdDF0NHM4M1cKWE0zcnFJYlM3cUhVSFF3L0ZHeU92ZGFFVXM1K3d3eHBDV2ZEbm1KTUFRK2N0Z1pxZ0RFS2gxTnFsT3V1S2NLcQoyWUFXRTVjVEg3c0hvNElCRmpDQ0FSSXdFQVlKS3dZQkJBR2NlQUVCQkFNQ0FRQXdGd1lKS3dZQkJBR2NlQUVDCkJBb1dDRTFwYkdGdUxVSXdNQkVHQ2lzR0FRUUJuSGdCQXdFRUF3SUJBekFSQmdvckJnRUVBWng0QVFNQ0JBTUMKQVFBd0VRWUtLd1lCQkFHY2VBRURCQVFEQWdFQU1CRUdDaXNHQVFRQm5IZ0JBd1VFQXdJQkFEQVJCZ29yQmdFRQpBWng0QVFNR0JBTUNBUUF3RVFZS0t3WUJCQUdjZUFFREJ3UURBZ0VBTUJFR0Npc0dBUVFCbkhnQkF3TUVBd0lCCkNEQVJCZ29yQmdFRUFaeDRBUU1JQkFNQ0FYTXdUUVlKS3dZQkJBR2NlQUVFQkVERGhDZWpEVXg2K2RsdmVoVzUKY21tQ1dtVExkcUkxTC8xZEdCRmRpYTFIUDQ2TUM4MmFYWktHWVN1dFNxMzdSQ1lnV2p1ZVQrcUNNQkUxb1hEawpkMUpPTUVZR0NTcUdTSWIzRFFFQkNqQTVvQTh3RFFZSllJWklBV1VEQkFJQ0JRQ2hIREFhQmdrcWhraUc5dzBCCkFRZ3dEUVlKWUlaSUFXVURCQUlDQlFDaUF3SUJNS01EQWdFQkE0SUNBUUFDZ0NhaTl4OERBV3pYLzJJZWxOV20KaXR1RUJTaXE5QzllRG5CRWNrUVlpa0FoUGFzZmFnbm9XRkF0S3UvWldUS0hpK0JNYmhLd3N3QlM4VzBHMXl3aQpjVVdHbHppZ0k0dGR4eGYxWUJKeUNvVFNOc3NTYkttSWg1amVtQmZydklCbzF5RWQrZTU2WkpNZGhOOGUreFdVCmJ2b3ZVQzIvN0RsNzZmekFhQUNMU29yWlV2NVhQSndLWHdFT0hvN0ZJY1JFam9abitmS2pKVG5tZFhjZTBMRDYKOVJIcityK2NleUU3OWdtSzMxYkk5RFlpSm9MNExlR2RYWjNnTU9WRFIxT25Eb3M1bE9CY1YrcXVKNkp1anBnSApkOWczU2E3RHU3cHVzRDlGZGFwOThvY1pzbFJmRmpGaS8vMllkVk00TUticTZJd3BZTkIrMlBDRUtOQzdTZmJPCk5nWllKdVBabk0vd1ZpRVMvY1A3TVpOSjFLVUtCSTl5aDZUbWxTc1paT2NsR0p2ck9zQlppbVRYcEFUamROTXQKY2x1S3dxQVVVellRbVU3YmYyVE1kT1h5QTlpSDV3SXBqMWtXR0UxVnVGQURUS0lMa1RjNkx6THpPV0NvZkx4ZgpvbmhUdFNEdHpJdi91ZWw1NDdHWnFxK3JWUnZtSWllRXVFdkRFVHd1b29rZlY2cXUzRC85S3VTcjl4aXpubUVnCnh5bnVkL2Y1MjVqcHBKTWNEL29mYlF4VVp1R0t2YjNmM3p5K2FMeHFpZG9YN2djYTJYZDlqeVV5NVkvODMrWk4KYno0UFp4ODFVSnpYVkk5QUJFaDgveGlsQVRoMVp4T2VQVEJKak43bGdyMGxYdEtZalYvNDN5eXhnVVlyWE5aUwpvTFNHMmRMQ0s5bWpqcmFQamF1MzRRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoiIiIKJycnCgoicG9saWN5LnJlZ28iID0gJycnCnBhY2thZ2UgYWdlbnRfcG9saWN5CgppbXBvcnQgZnV0dXJlLmtleXdvcmRzLmluCmltcG9ydCBmdXR1cmUua2V5d29yZHMuZXZlcnkKCmltcG9ydCBpbnB1dAoKIyBEZWZhdWx0IHZhbHVlcywgcmV0dXJuZWQgYnkgT1BBIHdoZW4gcnVsZXMgY2Fubm90IGJlIGV2YWx1YXRlZCB0byB0cnVlLgpkZWZhdWx0IENvcHlGaWxlUmVxdWVzdCA6PSBmYWxzZQpkZWZhdWx0IENyZWF0ZUNvbnRhaW5lclJlcXVlc3QgOj0gZmFsc2UKZGVmYXVsdCBDcmVhdGVTYW5kYm94UmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgRGVzdHJveVNhbmRib3hSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBFeGVjUHJvY2Vzc1JlcXVlc3QgOj0gZmFsc2UKZGVmYXVsdCBHZXRPT01FdmVudFJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IEd1ZXN0RGV0YWlsc1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IE9ubGluZUNQVU1lbVJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFB1bGxJbWFnZVJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFJlYWRTdHJlYW1SZXF1ZXN0IDo9IGZhbHNlCmRlZmF1bHQgUmVtb3ZlQ29udGFpbmVyUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgUmVtb3ZlU3RhbGVWaXJ0aW9mc1NoYXJlTW91bnRzUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgU2lnbmFsUHJvY2Vzc1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFN0YXJ0Q29udGFpbmVyUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgU3RhdHNDb250YWluZXJSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBUdHlXaW5SZXNpemVSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBVcGRhdGVFcGhlbWVyYWxNb3VudHNSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBVcGRhdGVJbnRlcmZhY2VSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBVcGRhdGVSb3V0ZXNSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBXYWl0UHJvY2Vzc1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFdyaXRlU3RyZWFtUmVxdWVzdCA6PSBmYWxzZQonJyc=
spec:
containers:
- image: quay.io/prometheus/busybox
Expand Down Expand Up @@ -107,7 +164,7 @@ It also calculates the digest `/run/peerpod/initdata.digest` based on the `algor

`/run/peerpod/initdata.digest` could be used by the TEE drivers.

The digest can be calculated manually and set to attestation service policy before hand if needed. To calculate the digest, use a tool (for example some online sha tools) to calculate the hash value based on the initdata annotation string. The calculated sha384 is: `14980c75860de9adcba2e0e494fc612f0f4fe3d86f5dc8e238a3255acfdf43bf82b9ccfc21da95d639ff0c98cc15e05e` for above sample.
The digest can be calculated manually and set to attestation service policy before hand if needed. To calculate the digest, use a tool (for example some online sha tools) to calculate the hash value based on the initdata annotation string. The calculated sha384 is: `9a9118fe416a0460023e146e580fb31d2155a22ac8b111f9a480d3eb7c6de8048b5f648a2961170f45b689526048a09a` for above sample.

## TODO
A large policy bodies that cannot be provisioned via IMDS user-data, the limitation depends on providers IMDS limitation. We need add checking and limitations according to test result future.
Loading

0 comments on commit 54ab3b5

Please sign in to comment.