From 54ab3b5e76fd0275b7c9e0a748c6a406dbd8ebc6 Mon Sep 17 00:00:00 2001 From: Qi Feng Huo Date: Wed, 7 Aug 2024 14:45:09 +0800 Subject: [PATCH] initdata: update document and test case for certs Update md file and test case for certs Signed-off-by: Qi Feng Huo --- src/cloud-api-adaptor/docs/initdata.md | 61 +++++++++++++++++- .../pkg/userdata/provision_test.go | 62 ++++++++++++++++++- 2 files changed, 118 insertions(+), 5 deletions(-) diff --git a/src/cloud-api-adaptor/docs/initdata.md b/src/cloud-api-adaptor/docs/initdata.md index 986b16ec3..46a9f54e6 100644 --- a/src/cloud-api-adaptor/docs/initdata.md +++ b/src/cloud-api-adaptor/docs/initdata.md @@ -21,6 +21,30 @@ url = 'http://127.0.0.1:8080' [token_configs.kbs] url = 'http://127.0.0.1:8080' +cert = """ +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUR/UNh13GFam4emgludtype/S9BIwDQYJKoZIhvcNAQEL +BQAwdTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFpoZWppYW5nMREwDwYDVQQHDAhI +YW5nemhvdTERMA8GA1UECgwIQUFTLVRFU1QxFDASBgNVBAsMC0RldmVsb3BtZW50 +MRcwFQYDVQQDDA5BQVMtVEVTVC1IVFRQUzAeFw0yNDAzMTgwNzAzNTNaFw0yNTAz +MTgwNzAzNTNaMHUxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhaaGVqaWFuZzERMA8G +A1UEBwwISGFuZ3pob3UxETAPBgNVBAoMCEFBUy1URVNUMRQwEgYDVQQLDAtEZXZl +bG9wbWVudDEXMBUGA1UEAwwOQUFTLVRFU1QtSFRUUFMwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDfp1aBr6LiNRBlJUcDGcAbcUCPG6UzywtVIc8+comS +ay//gwz2AkDmFVvqwI4bdp/NUCwSC6ShHzxsrCEiagRKtA3af/ckM7hOkb4S6u/5 +ewHHFcL6YOUp+NOH5/dSLrFHLjet0dt4LkyNBPe7mKAyCJXfiX3wb25wIBB0Tfa0 +p5VoKzwWeDQBx7aX8TKbG6/FZIiOXGZdl24DGARiqE3XifX7DH9iVZ2V2RL9+3WY +05GETNFPKtcrNwTy8St8/HsWVxjAzGFzf75Lbys9Ff3JMDsg9zQzgcJJzYWisxlY +g3CmnbENP0eoHS4WjQlTUyY0mtnOwodo4Vdf8ZOkU4wJAgMBAAGjHjAcMBoGA1Ud +EQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAKW32spii +t2JB7C1IvYpJw5mQ5bhIlldE0iB5rwWvNbuDgPrgfTI4xiX5sumdHw+P2+GU9KXF +nWkFRZ9W/26xFrVgGIS/a07aI7xrlp0Oj+1uO91UhCL3HhME/0tPC6z1iaFeZp8Y +T1tLnafqiGiThFUgvg6PKt86enX60vGaTY7sslRlgbDr9sAi/NDSS7U1PviuC6yo +yJi7BDiRSx7KrMGLscQ+AKKo2RF1MLzlJMa1kIZfvKDBXFzRd61K5IjDRQ4HQhwX +DYEbQvoZIkUTc1gBUWDcAUS5ztbJg9LCb9WVtvUTqTP2lGuNymOvdsuXq+sAZh9b +M9QaC1mzQ/OStg== +-----END CERTIFICATE----- +""" ''' "cdh.toml" = ''' @@ -30,6 +54,39 @@ credentials = [] [kbc] name = 'cc_kbc' url = 'http://1.2.3.4:8080' +kbs_cert = """ +-----BEGIN CERTIFICATE----- +MIIFTDCCAvugAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA +oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBATB7MRQwEgYD +VQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDASBgNVBAcMC1NhbnRhIENs +YXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5jZWQgTWljcm8gRGV2aWNl +czESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTIzMDEyNDE3NTgyNloXDTMwMDEyNDE3 +NTgyNlowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD +VQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2Vk +IE1pY3JvIERldmljZXMxETAPBgNVBAMMCFNFVi1WQ0VLMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAExmG1ZbuoAQK93USRyZQcsyobfbaAEoKEELf/jK39cOVJt1t4s83W +XM3rqIbS7qHUHQw/FGyOvdaEUs5+wwxpCWfDnmJMAQ+ctgZqgDEKh1NqlOuuKcKq +2YAWE5cTH7sHo4IBFjCCARIwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC +BAoWCE1pbGFuLUIwMBEGCisGAQQBnHgBAwEEAwIBAzARBgorBgEEAZx4AQMCBAMC +AQAwEQYKKwYBBAGceAEDBAQDAgEAMBEGCisGAQQBnHgBAwUEAwIBADARBgorBgEE +AZx4AQMGBAMCAQAwEQYKKwYBBAGceAEDBwQDAgEAMBEGCisGAQQBnHgBAwMEAwIB +CDARBgorBgEEAZx4AQMIBAMCAXMwTQYJKwYBBAGceAEEBEDDhCejDUx6+dlvehW5 +cmmCWmTLdqI1L/1dGBFdia1HP46MC82aXZKGYSutSq37RCYgWjueT+qCMBE1oXDk +d1JOMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0B +AQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBA4ICAQACgCai9x8DAWzX/2IelNWm +ituEBSiq9C9eDnBEckQYikAhPasfagnoWFAtKu/ZWTKHi+BMbhKwswBS8W0G1ywi +cUWGlzigI4tdxxf1YBJyCoTSNssSbKmIh5jemBfrvIBo1yEd+e56ZJMdhN8e+xWU +bvovUC2/7Dl76fzAaACLSorZUv5XPJwKXwEOHo7FIcREjoZn+fKjJTnmdXce0LD6 +9RHr+r+ceyE79gmK31bI9DYiJoL4LeGdXZ3gMOVDR1OnDos5lOBcV+quJ6JujpgH +d9g3Sa7Du7pusD9Fdap98ocZslRfFjFi//2YdVM4MKbq6IwpYNB+2PCEKNC7SfbO +NgZYJuPZnM/wViES/cP7MZNJ1KUKBI9yh6TmlSsZZOclGJvrOsBZimTXpATjdNMt +cluKwqAUUzYQmU7bf2TMdOXyA9iH5wIpj1kWGE1VuFADTKILkTc6LzLzOWCofLxf +onhTtSDtzIv/uel547GZqq+rVRvmIieEuEvDETwuookfV6qu3D/9KuSr9xiznmEg +xynud/f525jppJMcD/ofbQxUZuGKvb3f3zy+aLxqidoX7gca2Xd9jyUy5Y/83+ZN +bz4PZx81UJzXVI9ABEh8/xilATh1ZxOePTBJjN7lgr0lXtKYjV/43yyxgUYrXNZS +oLSG2dLCK9mjjraPjau34Q== +-----END CERTIFICATE----- +""" ''' "policy.rego" = ''' @@ -75,7 +132,7 @@ metadata: run: busybox name: busybox annotations: - io.katacontainers.config.runtime.cc_init_data: YWxnb3JpdGhtID0gInNoYTM4NCIKdmVyc2lvbiA9ICIwLjEuMCIKCltkYXRhXQoiYWEudG9tbCIgPSAnJycKW3Rva2VuX2NvbmZpZ3NdClt0b2tlbl9jb25maWdzLmNvY29fYXNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCgpbdG9rZW5fY29uZmlncy5rYnNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCicnJwoKImNkaC50b21sIiAgPSAnJycKc29ja2V0ID0gJ3VuaXg6Ly8vcnVuL2NvbmZpZGVudGlhbC1jb250YWluZXJzL2NkaC5zb2NrJwpjcmVkZW50aWFscyA9IFtdCgpba2JjXQpuYW1lID0gJ2NjX2tiYycKdXJsID0gJ2h0dHA6Ly8xLjIuMy40OjgwODAnCicnJwoKInBvbGljeS5yZWdvIiA9ICcnJwpwYWNrYWdlIGFnZW50X3BvbGljeQoKaW1wb3J0IGZ1dHVyZS5rZXl3b3Jkcy5pbgppbXBvcnQgZnV0dXJlLmtleXdvcmRzLmV2ZXJ5CgppbXBvcnQgaW5wdXQKCiMgRGVmYXVsdCB2YWx1ZXMsIHJldHVybmVkIGJ5IE9QQSB3aGVuIHJ1bGVzIGNhbm5vdCBiZSBldmFsdWF0ZWQgdG8gdHJ1ZS4KZGVmYXVsdCBDb3B5RmlsZVJlcXVlc3QgOj0gZmFsc2UKZGVmYXVsdCBDcmVhdGVDb250YWluZXJSZXF1ZXN0IDo9IGZhbHNlCmRlZmF1bHQgQ3JlYXRlU2FuZGJveFJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IERlc3Ryb3lTYW5kYm94UmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgRXhlY1Byb2Nlc3NSZXF1ZXN0IDo9IGZhbHNlCmRlZmF1bHQgR2V0T09NRXZlbnRSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBHdWVzdERldGFpbHNSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBPbmxpbmVDUFVNZW1SZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBQdWxsSW1hZ2VSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBSZWFkU3RyZWFtUmVxdWVzdCA6PSBmYWxzZQpkZWZhdWx0IFJlbW92ZUNvbnRhaW5lclJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFJlbW92ZVN0YWxlVmlydGlvZnNTaGFyZU1vdW50c1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFNpZ25hbFByb2Nlc3NSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBTdGFydENvbnRhaW5lclJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFN0YXRzQ29udGFpbmVyUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVHR5V2luUmVzaXplUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVXBkYXRlRXBoZW1lcmFsTW91bnRzUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVXBkYXRlSW50ZXJmYWNlUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVXBkYXRlUm91dGVzUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgV2FpdFByb2Nlc3NSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBXcml0ZVN0cmVhbVJlcXVlc3QgOj0gZmFsc2UKJycn + io.katacontainers.config.runtime.cc_init_data: YWxnb3JpdGhtID0gInNoYTM4NCIKdmVyc2lvbiA9ICIwLjEuMCIKCltkYXRhXQoiYWEudG9tbCIgPSAnJycKW3Rva2VuX2NvbmZpZ3NdClt0b2tlbl9jb25maWdzLmNvY29fYXNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCgpbdG9rZW5fY29uZmlncy5rYnNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCmNlcnQgPSAiIiIKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsakNDQW42Z0F3SUJBZ0lVUi9VTmgxM0dGYW00ZW1nbHVkdHlwZS9TOUJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2RURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdNQ0Zwb1pXcHBZVzVuTVJFd0R3WURWUVFIREFoSQpZVzVuZW1odmRURVJNQThHQTFVRUNnd0lRVUZUTFZSRlUxUXhGREFTQmdOVkJBc01DMFJsZG1Wc2IzQnRaVzUwCk1SY3dGUVlEVlFRRERBNUJRVk10VkVWVFZDMUlWRlJRVXpBZUZ3MHlOREF6TVRnd056QXpOVE5hRncweU5UQXoKTVRnd056QXpOVE5hTUhVeEN6QUpCZ05WQkFZVEFrTk9NUkV3RHdZRFZRUUlEQWhhYUdWcWFXRnVaekVSTUE4RwpBMVVFQnd3SVNHRnVaM3BvYjNVeEVUQVBCZ05WQkFvTUNFRkJVeTFVUlZOVU1SUXdFZ1lEVlFRTERBdEVaWFpsCmJHOXdiV1Z1ZERFWE1CVUdBMVVFQXd3T1FVRlRMVlJGVTFRdFNGUlVVRk13Z2dFaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURmcDFhQnI2TGlOUkJsSlVjREdjQWJjVUNQRzZVenl3dFZJYzgrY29tUwpheS8vZ3d6MkFrRG1GVnZxd0k0YmRwL05VQ3dTQzZTaEh6eHNyQ0VpYWdSS3RBM2FmL2NrTTdoT2tiNFM2dS81CmV3SEhGY0w2WU9VcCtOT0g1L2RTTHJGSExqZXQwZHQ0TGt5TkJQZTdtS0F5Q0pYZmlYM3diMjV3SUJCMFRmYTAKcDVWb0t6d1dlRFFCeDdhWDhUS2JHNi9GWklpT1hHWmRsMjRER0FSaXFFM1hpZlg3REg5aVZaMlYyUkw5KzNXWQowNUdFVE5GUEt0Y3JOd1R5OFN0OC9Ic1dWeGpBekdGemY3NUxieXM5RmYzSk1Ec2c5elF6Z2NKSnpZV2lzeGxZCmczQ21uYkVOUDBlb0hTNFdqUWxUVXlZMG10bk93b2RvNFZkZjhaT2tVNHdKQWdNQkFBR2pIakFjTUJvR0ExVWQKRVFRVE1CR0NDV3h2WTJGc2FHOXpkSWNFZndBQUFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFLVzMyc3BpaQp0MkpCN0MxSXZZcEp3NW1RNWJoSWxsZEUwaUI1cndXdk5idURnUHJnZlRJNHhpWDVzdW1kSHcrUDIrR1U5S1hGCm5Xa0ZSWjlXLzI2eEZyVmdHSVMvYTA3YUk3eHJscDBPaisxdU85MVVoQ0wzSGhNRS8wdFBDNnoxaWFGZVpwOFkKVDF0TG5hZnFpR2lUaEZVZ3ZnNlBLdDg2ZW5YNjB2R2FUWTdzc2xSbGdiRHI5c0FpL05EU1M3VTFQdml1QzZ5bwp5Smk3QkRpUlN4N0tyTUdMc2NRK0FLS28yUkYxTUx6bEpNYTFrSVpmdktEQlhGelJkNjFLNUlqRFJRNEhRaHdYCkRZRWJRdm9aSWtVVGMxZ0JVV0RjQVVTNXp0YkpnOUxDYjlXVnR2VVRxVFAybEd1TnltT3Zkc3VYcStzQVpoOWIKTTlRYUMxbXpRL09TdGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiIiIgonJycKCiJjZGgudG9tbCIgID0gJycnCnNvY2tldCA9ICd1bml4Oi8vL3J1bi9jb25maWRlbnRpYWwtY29udGFpbmVycy9jZGguc29jaycKY3JlZGVudGlhbHMgPSBbXQoKW2tiY10KbmFtZSA9ICdjY19rYmMnCnVybCA9ICdodHRwOi8vMS4yLjMuNDo4MDgwJwprYnNfY2VydCA9ICIiIgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRlREQ0NBdnVnQXdJQkFnSUJBREJHQmdrcWhraUc5dzBCQVFvd09hQVBNQTBHQ1dDR1NBRmxBd1FDQWdVQQpvUnd3R2dZSktvWklodmNOQVFFSU1BMEdDV0NHU0FGbEF3UUNBZ1VBb2dNQ0FUQ2pBd0lCQVRCN01SUXdFZ1lEClZRUUxEQXRGYm1kcGJtVmxjbWx1WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhGREFTQmdOVkJBY01DMU5oYm5SaElFTnMKWVhKaE1Rc3dDUVlEVlFRSURBSkRRVEVmTUIwR0ExVUVDZ3dXUVdSMllXNWpaV1FnVFdsamNtOGdSR1YyYVdObApjekVTTUJBR0ExVUVBd3dKVTBWV0xVMXBiR0Z1TUI0WERUSXpNREV5TkRFM05UZ3lObG9YRFRNd01ERXlOREUzCk5UZ3lObG93ZWpFVU1CSUdBMVVFQ3d3TFJXNW5hVzVsWlhKcGJtY3hDekFKQmdOVkJBWVRBbFZUTVJRd0VnWUQKVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUVDQXdDUTBFeEh6QWRCZ05WQkFvTUZrRmtkbUZ1WTJWawpJRTFwWTNKdklFUmxkbWxqWlhNeEVUQVBCZ05WQkFNTUNGTkZWaTFXUTBWTE1IWXdFQVlIS29aSXpqMENBUVlGCks0RUVBQ0lEWWdBRXhtRzFaYnVvQVFLOTNVU1J5WlFjc3lvYmZiYUFFb0tFRUxmL2pLMzljT1ZKdDF0NHM4M1cKWE0zcnFJYlM3cUhVSFF3L0ZHeU92ZGFFVXM1K3d3eHBDV2ZEbm1KTUFRK2N0Z1pxZ0RFS2gxTnFsT3V1S2NLcQoyWUFXRTVjVEg3c0hvNElCRmpDQ0FSSXdFQVlKS3dZQkJBR2NlQUVCQkFNQ0FRQXdGd1lKS3dZQkJBR2NlQUVDCkJBb1dDRTFwYkdGdUxVSXdNQkVHQ2lzR0FRUUJuSGdCQXdFRUF3SUJBekFSQmdvckJnRUVBWng0QVFNQ0JBTUMKQVFBd0VRWUtLd1lCQkFHY2VBRURCQVFEQWdFQU1CRUdDaXNHQVFRQm5IZ0JBd1VFQXdJQkFEQVJCZ29yQmdFRQpBWng0QVFNR0JBTUNBUUF3RVFZS0t3WUJCQUdjZUFFREJ3UURBZ0VBTUJFR0Npc0dBUVFCbkhnQkF3TUVBd0lCCkNEQVJCZ29yQmdFRUFaeDRBUU1JQkFNQ0FYTXdUUVlKS3dZQkJBR2NlQUVFQkVERGhDZWpEVXg2K2RsdmVoVzUKY21tQ1dtVExkcUkxTC8xZEdCRmRpYTFIUDQ2TUM4MmFYWktHWVN1dFNxMzdSQ1lnV2p1ZVQrcUNNQkUxb1hEawpkMUpPTUVZR0NTcUdTSWIzRFFFQkNqQTVvQTh3RFFZSllJWklBV1VEQkFJQ0JRQ2hIREFhQmdrcWhraUc5dzBCCkFRZ3dEUVlKWUlaSUFXVURCQUlDQlFDaUF3SUJNS01EQWdFQkE0SUNBUUFDZ0NhaTl4OERBV3pYLzJJZWxOV20KaXR1RUJTaXE5QzllRG5CRWNrUVlpa0FoUGFzZmFnbm9XRkF0S3UvWldUS0hpK0JNYmhLd3N3QlM4VzBHMXl3aQpjVVdHbHppZ0k0dGR4eGYxWUJKeUNvVFNOc3NTYkttSWg1amVtQmZydklCbzF5RWQrZTU2WkpNZGhOOGUreFdVCmJ2b3ZVQzIvN0RsNzZmekFhQUNMU29yWlV2NVhQSndLWHdFT0hvN0ZJY1JFam9abitmS2pKVG5tZFhjZTBMRDYKOVJIcityK2NleUU3OWdtSzMxYkk5RFlpSm9MNExlR2RYWjNnTU9WRFIxT25Eb3M1bE9CY1YrcXVKNkp1anBnSApkOWczU2E3RHU3cHVzRDlGZGFwOThvY1pzbFJmRmpGaS8vMllkVk00TUticTZJd3BZTkIrMlBDRUtOQzdTZmJPCk5nWllKdVBabk0vd1ZpRVMvY1A3TVpOSjFLVUtCSTl5aDZUbWxTc1paT2NsR0p2ck9zQlppbVRYcEFUamROTXQKY2x1S3dxQVVVellRbVU3YmYyVE1kT1h5QTlpSDV3SXBqMWtXR0UxVnVGQURUS0lMa1RjNkx6THpPV0NvZkx4ZgpvbmhUdFNEdHpJdi91ZWw1NDdHWnFxK3JWUnZtSWllRXVFdkRFVHd1b29rZlY2cXUzRC85S3VTcjl4aXpubUVnCnh5bnVkL2Y1MjVqcHBKTWNEL29mYlF4VVp1R0t2YjNmM3p5K2FMeHFpZG9YN2djYTJYZDlqeVV5NVkvODMrWk4KYno0UFp4ODFVSnpYVkk5QUJFaDgveGlsQVRoMVp4T2VQVEJKak43bGdyMGxYdEtZalYvNDN5eXhnVVlyWE5aUwpvTFNHMmRMQ0s5bWpqcmFQamF1MzRRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoiIiIKJycnCgoicG9saWN5LnJlZ28iID0gJycnCnBhY2thZ2UgYWdlbnRfcG9saWN5CgppbXBvcnQgZnV0dXJlLmtleXdvcmRzLmluCmltcG9ydCBmdXR1cmUua2V5d29yZHMuZXZlcnkKCmltcG9ydCBpbnB1dAoKIyBEZWZhdWx0IHZhbHVlcywgcmV0dXJuZWQgYnkgT1BBIHdoZW4gcnVsZXMgY2Fubm90IGJlIGV2YWx1YXRlZCB0byB0cnVlLgpkZWZhdWx0IENvcHlGaWxlUmVxdWVzdCA6PSBmYWxzZQpkZWZhdWx0IENyZWF0ZUNvbnRhaW5lclJlcXVlc3QgOj0gZmFsc2UKZGVmYXVsdCBDcmVhdGVTYW5kYm94UmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgRGVzdHJveVNhbmRib3hSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBFeGVjUHJvY2Vzc1JlcXVlc3QgOj0gZmFsc2UKZGVmYXVsdCBHZXRPT01FdmVudFJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IEd1ZXN0RGV0YWlsc1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IE9ubGluZUNQVU1lbVJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFB1bGxJbWFnZVJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFJlYWRTdHJlYW1SZXF1ZXN0IDo9IGZhbHNlCmRlZmF1bHQgUmVtb3ZlQ29udGFpbmVyUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgUmVtb3ZlU3RhbGVWaXJ0aW9mc1NoYXJlTW91bnRzUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgU2lnbmFsUHJvY2Vzc1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFN0YXJ0Q29udGFpbmVyUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgU3RhdHNDb250YWluZXJSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBUdHlXaW5SZXNpemVSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBVcGRhdGVFcGhlbWVyYWxNb3VudHNSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBVcGRhdGVJbnRlcmZhY2VSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBVcGRhdGVSb3V0ZXNSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBXYWl0UHJvY2Vzc1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFdyaXRlU3RyZWFtUmVxdWVzdCA6PSBmYWxzZQonJyc= spec: containers: - image: quay.io/prometheus/busybox @@ -107,7 +164,7 @@ It also calculates the digest `/run/peerpod/initdata.digest` based on the `algor `/run/peerpod/initdata.digest` could be used by the TEE drivers. -The digest can be calculated manually and set to attestation service policy before hand if needed. To calculate the digest, use a tool (for example some online sha tools) to calculate the hash value based on the initdata annotation string. The calculated sha384 is: `14980c75860de9adcba2e0e494fc612f0f4fe3d86f5dc8e238a3255acfdf43bf82b9ccfc21da95d639ff0c98cc15e05e` for above sample. +The digest can be calculated manually and set to attestation service policy before hand if needed. To calculate the digest, use a tool (for example some online sha tools) to calculate the hash value based on the initdata annotation string. The calculated sha384 is: `9a9118fe416a0460023e146e580fb31d2155a22ac8b111f9a480d3eb7c6de8048b5f648a2961170f45b689526048a09a` for above sample. ## TODO A large policy bodies that cannot be provisioned via IMDS user-data, the limitation depends on providers IMDS limitation. We need add checking and limitations according to test result future. diff --git a/src/cloud-api-adaptor/pkg/userdata/provision_test.go b/src/cloud-api-adaptor/pkg/userdata/provision_test.go index e87808007..ab95a1fe3 100644 --- a/src/cloud-api-adaptor/pkg/userdata/provision_test.go +++ b/src/cloud-api-adaptor/pkg/userdata/provision_test.go @@ -59,6 +59,39 @@ credentials = [] [kbc] name = 'cc_kbc' url = 'http://1.2.3.4:8080' +kbs_cert = """ +-----BEGIN CERTIFICATE----- +MIIFTDCCAvugAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA +oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBATB7MRQwEgYD +VQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDASBgNVBAcMC1NhbnRhIENs +YXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5jZWQgTWljcm8gRGV2aWNl +czESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTIzMDEyNDE3NTgyNloXDTMwMDEyNDE3 +NTgyNlowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD +VQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2Vk +IE1pY3JvIERldmljZXMxETAPBgNVBAMMCFNFVi1WQ0VLMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAExmG1ZbuoAQK93USRyZQcsyobfbaAEoKEELf/jK39cOVJt1t4s83W +XM3rqIbS7qHUHQw/FGyOvdaEUs5+wwxpCWfDnmJMAQ+ctgZqgDEKh1NqlOuuKcKq +2YAWE5cTH7sHo4IBFjCCARIwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC +BAoWCE1pbGFuLUIwMBEGCisGAQQBnHgBAwEEAwIBAzARBgorBgEEAZx4AQMCBAMC +AQAwEQYKKwYBBAGceAEDBAQDAgEAMBEGCisGAQQBnHgBAwUEAwIBADARBgorBgEE +AZx4AQMGBAMCAQAwEQYKKwYBBAGceAEDBwQDAgEAMBEGCisGAQQBnHgBAwMEAwIB +CDARBgorBgEEAZx4AQMIBAMCAXMwTQYJKwYBBAGceAEEBEDDhCejDUx6+dlvehW5 +cmmCWmTLdqI1L/1dGBFdia1HP46MC82aXZKGYSutSq37RCYgWjueT+qCMBE1oXDk +d1JOMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0B +AQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBA4ICAQACgCai9x8DAWzX/2IelNWm +ituEBSiq9C9eDnBEckQYikAhPasfagnoWFAtKu/ZWTKHi+BMbhKwswBS8W0G1ywi +cUWGlzigI4tdxxf1YBJyCoTSNssSbKmIh5jemBfrvIBo1yEd+e56ZJMdhN8e+xWU +bvovUC2/7Dl76fzAaACLSorZUv5XPJwKXwEOHo7FIcREjoZn+fKjJTnmdXce0LD6 +9RHr+r+ceyE79gmK31bI9DYiJoL4LeGdXZ3gMOVDR1OnDos5lOBcV+quJ6JujpgH +d9g3Sa7Du7pusD9Fdap98ocZslRfFjFi//2YdVM4MKbq6IwpYNB+2PCEKNC7SfbO +NgZYJuPZnM/wViES/cP7MZNJ1KUKBI9yh6TmlSsZZOclGJvrOsBZimTXpATjdNMt +cluKwqAUUzYQmU7bf2TMdOXyA9iH5wIpj1kWGE1VuFADTKILkTc6LzLzOWCofLxf +onhTtSDtzIv/uel547GZqq+rVRvmIieEuEvDETwuookfV6qu3D/9KuSr9xiznmEg +xynud/f525jppJMcD/ofbQxUZuGKvb3f3zy+aLxqidoX7gca2Xd9jyUy5Y/83+ZN +bz4PZx81UJzXVI9ABEh8/xilATh1ZxOePTBJjN7lgr0lXtKYjV/43yyxgUYrXNZS +oLSG2dLCK9mjjraPjau34Q== +-----END CERTIFICATE----- +""" ` var testAAConfig string = `[token_configs] @@ -67,6 +100,30 @@ url = 'http://127.0.0.1:8080' [token_configs.kbs] url = 'http://127.0.0.1:8080' +cert = """ +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIUR/UNh13GFam4emgludtype/S9BIwDQYJKoZIhvcNAQEL +BQAwdTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFpoZWppYW5nMREwDwYDVQQHDAhI +YW5nemhvdTERMA8GA1UECgwIQUFTLVRFU1QxFDASBgNVBAsMC0RldmVsb3BtZW50 +MRcwFQYDVQQDDA5BQVMtVEVTVC1IVFRQUzAeFw0yNDAzMTgwNzAzNTNaFw0yNTAz +MTgwNzAzNTNaMHUxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhaaGVqaWFuZzERMA8G +A1UEBwwISGFuZ3pob3UxETAPBgNVBAoMCEFBUy1URVNUMRQwEgYDVQQLDAtEZXZl +bG9wbWVudDEXMBUGA1UEAwwOQUFTLVRFU1QtSFRUUFMwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDfp1aBr6LiNRBlJUcDGcAbcUCPG6UzywtVIc8+comS +ay//gwz2AkDmFVvqwI4bdp/NUCwSC6ShHzxsrCEiagRKtA3af/ckM7hOkb4S6u/5 +ewHHFcL6YOUp+NOH5/dSLrFHLjet0dt4LkyNBPe7mKAyCJXfiX3wb25wIBB0Tfa0 +p5VoKzwWeDQBx7aX8TKbG6/FZIiOXGZdl24DGARiqE3XifX7DH9iVZ2V2RL9+3WY +05GETNFPKtcrNwTy8St8/HsWVxjAzGFzf75Lbys9Ff3JMDsg9zQzgcJJzYWisxlY +g3CmnbENP0eoHS4WjQlTUyY0mtnOwodo4Vdf8ZOkU4wJAgMBAAGjHjAcMBoGA1Ud +EQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAKW32spii +t2JB7C1IvYpJw5mQ5bhIlldE0iB5rwWvNbuDgPrgfTI4xiX5sumdHw+P2+GU9KXF +nWkFRZ9W/26xFrVgGIS/a07aI7xrlp0Oj+1uO91UhCL3HhME/0tPC6z1iaFeZp8Y +T1tLnafqiGiThFUgvg6PKt86enX60vGaTY7sslRlgbDr9sAi/NDSS7U1PviuC6yo +yJi7BDiRSx7KrMGLscQ+AKKo2RF1MLzlJMa1kIZfvKDBXFzRd61K5IjDRQ4HQhwX +DYEbQvoZIkUTc1gBUWDcAUS5ztbJg9LCb9WVtvUTqTP2lGuNymOvdsuXq+sAZh9b +M9QaC1mzQ/OStg== +-----END CERTIFICATE----- +""" ` var testPolicyConfig string = `package agent_policy @@ -100,9 +157,8 @@ default WaitProcessRequest := true default WriteStreamRequest := false ` -var testCheckSum = "14980c75860de9adcba2e0e494fc612f0f4fe3d86f5dc8e238a3255acfdf43bf82b9ccfc21da95d639ff0c98cc15e05e" - -var cc_init_data = "YWxnb3JpdGhtID0gInNoYTM4NCIKdmVyc2lvbiA9ICIwLjEuMCIKCltkYXRhXQoiYWEudG9tbCIgPSAnJycKW3Rva2VuX2NvbmZpZ3NdClt0b2tlbl9jb25maWdzLmNvY29fYXNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCgpbdG9rZW5fY29uZmlncy5rYnNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCicnJwoKImNkaC50b21sIiAgPSAnJycKc29ja2V0ID0gJ3VuaXg6Ly8vcnVuL2NvbmZpZGVudGlhbC1jb250YWluZXJzL2NkaC5zb2NrJwpjcmVkZW50aWFscyA9IFtdCgpba2JjXQpuYW1lID0gJ2NjX2tiYycKdXJsID0gJ2h0dHA6Ly8xLjIuMy40OjgwODAnCicnJwoKInBvbGljeS5yZWdvIiA9ICcnJwpwYWNrYWdlIGFnZW50X3BvbGljeQoKaW1wb3J0IGZ1dHVyZS5rZXl3b3Jkcy5pbgppbXBvcnQgZnV0dXJlLmtleXdvcmRzLmV2ZXJ5CgppbXBvcnQgaW5wdXQKCiMgRGVmYXVsdCB2YWx1ZXMsIHJldHVybmVkIGJ5IE9QQSB3aGVuIHJ1bGVzIGNhbm5vdCBiZSBldmFsdWF0ZWQgdG8gdHJ1ZS4KZGVmYXVsdCBDb3B5RmlsZVJlcXVlc3QgOj0gZmFsc2UKZGVmYXVsdCBDcmVhdGVDb250YWluZXJSZXF1ZXN0IDo9IGZhbHNlCmRlZmF1bHQgQ3JlYXRlU2FuZGJveFJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IERlc3Ryb3lTYW5kYm94UmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgRXhlY1Byb2Nlc3NSZXF1ZXN0IDo9IGZhbHNlCmRlZmF1bHQgR2V0T09NRXZlbnRSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBHdWVzdERldGFpbHNSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBPbmxpbmVDUFVNZW1SZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBQdWxsSW1hZ2VSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBSZWFkU3RyZWFtUmVxdWVzdCA6PSBmYWxzZQpkZWZhdWx0IFJlbW92ZUNvbnRhaW5lclJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFJlbW92ZVN0YWxlVmlydGlvZnNTaGFyZU1vdW50c1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFNpZ25hbFByb2Nlc3NSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBTdGFydENvbnRhaW5lclJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFN0YXRzQ29udGFpbmVyUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVHR5V2luUmVzaXplUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVXBkYXRlRXBoZW1lcmFsTW91bnRzUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVXBkYXRlSW50ZXJmYWNlUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgVXBkYXRlUm91dGVzUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgV2FpdFByb2Nlc3NSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBXcml0ZVN0cmVhbVJlcXVlc3QgOj0gZmFsc2UKJycn" +var testCheckSum = "9a9118fe416a0460023e146e580fb31d2155a22ac8b111f9a480d3eb7c6de8048b5f648a2961170f45b689526048a09a" +var cc_init_data = "YWxnb3JpdGhtID0gInNoYTM4NCIKdmVyc2lvbiA9ICIwLjEuMCIKCltkYXRhXQoiYWEudG9tbCIgPSAnJycKW3Rva2VuX2NvbmZpZ3NdClt0b2tlbl9jb25maWdzLmNvY29fYXNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCgpbdG9rZW5fY29uZmlncy5rYnNdCnVybCA9ICdodHRwOi8vMTI3LjAuMC4xOjgwODAnCmNlcnQgPSAiIiIKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsakNDQW42Z0F3SUJBZ0lVUi9VTmgxM0dGYW00ZW1nbHVkdHlwZS9TOUJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2RURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdNQ0Zwb1pXcHBZVzVuTVJFd0R3WURWUVFIREFoSQpZVzVuZW1odmRURVJNQThHQTFVRUNnd0lRVUZUTFZSRlUxUXhGREFTQmdOVkJBc01DMFJsZG1Wc2IzQnRaVzUwCk1SY3dGUVlEVlFRRERBNUJRVk10VkVWVFZDMUlWRlJRVXpBZUZ3MHlOREF6TVRnd056QXpOVE5hRncweU5UQXoKTVRnd056QXpOVE5hTUhVeEN6QUpCZ05WQkFZVEFrTk9NUkV3RHdZRFZRUUlEQWhhYUdWcWFXRnVaekVSTUE4RwpBMVVFQnd3SVNHRnVaM3BvYjNVeEVUQVBCZ05WQkFvTUNFRkJVeTFVUlZOVU1SUXdFZ1lEVlFRTERBdEVaWFpsCmJHOXdiV1Z1ZERFWE1CVUdBMVVFQXd3T1FVRlRMVlJGVTFRdFNGUlVVRk13Z2dFaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURmcDFhQnI2TGlOUkJsSlVjREdjQWJjVUNQRzZVenl3dFZJYzgrY29tUwpheS8vZ3d6MkFrRG1GVnZxd0k0YmRwL05VQ3dTQzZTaEh6eHNyQ0VpYWdSS3RBM2FmL2NrTTdoT2tiNFM2dS81CmV3SEhGY0w2WU9VcCtOT0g1L2RTTHJGSExqZXQwZHQ0TGt5TkJQZTdtS0F5Q0pYZmlYM3diMjV3SUJCMFRmYTAKcDVWb0t6d1dlRFFCeDdhWDhUS2JHNi9GWklpT1hHWmRsMjRER0FSaXFFM1hpZlg3REg5aVZaMlYyUkw5KzNXWQowNUdFVE5GUEt0Y3JOd1R5OFN0OC9Ic1dWeGpBekdGemY3NUxieXM5RmYzSk1Ec2c5elF6Z2NKSnpZV2lzeGxZCmczQ21uYkVOUDBlb0hTNFdqUWxUVXlZMG10bk93b2RvNFZkZjhaT2tVNHdKQWdNQkFBR2pIakFjTUJvR0ExVWQKRVFRVE1CR0NDV3h2WTJGc2FHOXpkSWNFZndBQUFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFLVzMyc3BpaQp0MkpCN0MxSXZZcEp3NW1RNWJoSWxsZEUwaUI1cndXdk5idURnUHJnZlRJNHhpWDVzdW1kSHcrUDIrR1U5S1hGCm5Xa0ZSWjlXLzI2eEZyVmdHSVMvYTA3YUk3eHJscDBPaisxdU85MVVoQ0wzSGhNRS8wdFBDNnoxaWFGZVpwOFkKVDF0TG5hZnFpR2lUaEZVZ3ZnNlBLdDg2ZW5YNjB2R2FUWTdzc2xSbGdiRHI5c0FpL05EU1M3VTFQdml1QzZ5bwp5Smk3QkRpUlN4N0tyTUdMc2NRK0FLS28yUkYxTUx6bEpNYTFrSVpmdktEQlhGelJkNjFLNUlqRFJRNEhRaHdYCkRZRWJRdm9aSWtVVGMxZ0JVV0RjQVVTNXp0YkpnOUxDYjlXVnR2VVRxVFAybEd1TnltT3Zkc3VYcStzQVpoOWIKTTlRYUMxbXpRL09TdGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiIiIgonJycKCiJjZGgudG9tbCIgID0gJycnCnNvY2tldCA9ICd1bml4Oi8vL3J1bi9jb25maWRlbnRpYWwtY29udGFpbmVycy9jZGguc29jaycKY3JlZGVudGlhbHMgPSBbXQoKW2tiY10KbmFtZSA9ICdjY19rYmMnCnVybCA9ICdodHRwOi8vMS4yLjMuNDo4MDgwJwprYnNfY2VydCA9ICIiIgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRlREQ0NBdnVnQXdJQkFnSUJBREJHQmdrcWhraUc5dzBCQVFvd09hQVBNQTBHQ1dDR1NBRmxBd1FDQWdVQQpvUnd3R2dZSktvWklodmNOQVFFSU1BMEdDV0NHU0FGbEF3UUNBZ1VBb2dNQ0FUQ2pBd0lCQVRCN01SUXdFZ1lEClZRUUxEQXRGYm1kcGJtVmxjbWx1WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhGREFTQmdOVkJBY01DMU5oYm5SaElFTnMKWVhKaE1Rc3dDUVlEVlFRSURBSkRRVEVmTUIwR0ExVUVDZ3dXUVdSMllXNWpaV1FnVFdsamNtOGdSR1YyYVdObApjekVTTUJBR0ExVUVBd3dKVTBWV0xVMXBiR0Z1TUI0WERUSXpNREV5TkRFM05UZ3lObG9YRFRNd01ERXlOREUzCk5UZ3lObG93ZWpFVU1CSUdBMVVFQ3d3TFJXNW5hVzVsWlhKcGJtY3hDekFKQmdOVkJBWVRBbFZUTVJRd0VnWUQKVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUVDQXdDUTBFeEh6QWRCZ05WQkFvTUZrRmtkbUZ1WTJWawpJRTFwWTNKdklFUmxkbWxqWlhNeEVUQVBCZ05WQkFNTUNGTkZWaTFXUTBWTE1IWXdFQVlIS29aSXpqMENBUVlGCks0RUVBQ0lEWWdBRXhtRzFaYnVvQVFLOTNVU1J5WlFjc3lvYmZiYUFFb0tFRUxmL2pLMzljT1ZKdDF0NHM4M1cKWE0zcnFJYlM3cUhVSFF3L0ZHeU92ZGFFVXM1K3d3eHBDV2ZEbm1KTUFRK2N0Z1pxZ0RFS2gxTnFsT3V1S2NLcQoyWUFXRTVjVEg3c0hvNElCRmpDQ0FSSXdFQVlKS3dZQkJBR2NlQUVCQkFNQ0FRQXdGd1lKS3dZQkJBR2NlQUVDCkJBb1dDRTFwYkdGdUxVSXdNQkVHQ2lzR0FRUUJuSGdCQXdFRUF3SUJBekFSQmdvckJnRUVBWng0QVFNQ0JBTUMKQVFBd0VRWUtLd1lCQkFHY2VBRURCQVFEQWdFQU1CRUdDaXNHQVFRQm5IZ0JBd1VFQXdJQkFEQVJCZ29yQmdFRQpBWng0QVFNR0JBTUNBUUF3RVFZS0t3WUJCQUdjZUFFREJ3UURBZ0VBTUJFR0Npc0dBUVFCbkhnQkF3TUVBd0lCCkNEQVJCZ29yQmdFRUFaeDRBUU1JQkFNQ0FYTXdUUVlKS3dZQkJBR2NlQUVFQkVERGhDZWpEVXg2K2RsdmVoVzUKY21tQ1dtVExkcUkxTC8xZEdCRmRpYTFIUDQ2TUM4MmFYWktHWVN1dFNxMzdSQ1lnV2p1ZVQrcUNNQkUxb1hEawpkMUpPTUVZR0NTcUdTSWIzRFFFQkNqQTVvQTh3RFFZSllJWklBV1VEQkFJQ0JRQ2hIREFhQmdrcWhraUc5dzBCCkFRZ3dEUVlKWUlaSUFXVURCQUlDQlFDaUF3SUJNS01EQWdFQkE0SUNBUUFDZ0NhaTl4OERBV3pYLzJJZWxOV20KaXR1RUJTaXE5QzllRG5CRWNrUVlpa0FoUGFzZmFnbm9XRkF0S3UvWldUS0hpK0JNYmhLd3N3QlM4VzBHMXl3aQpjVVdHbHppZ0k0dGR4eGYxWUJKeUNvVFNOc3NTYkttSWg1amVtQmZydklCbzF5RWQrZTU2WkpNZGhOOGUreFdVCmJ2b3ZVQzIvN0RsNzZmekFhQUNMU29yWlV2NVhQSndLWHdFT0hvN0ZJY1JFam9abitmS2pKVG5tZFhjZTBMRDYKOVJIcityK2NleUU3OWdtSzMxYkk5RFlpSm9MNExlR2RYWjNnTU9WRFIxT25Eb3M1bE9CY1YrcXVKNkp1anBnSApkOWczU2E3RHU3cHVzRDlGZGFwOThvY1pzbFJmRmpGaS8vMllkVk00TUticTZJd3BZTkIrMlBDRUtOQzdTZmJPCk5nWllKdVBabk0vd1ZpRVMvY1A3TVpOSjFLVUtCSTl5aDZUbWxTc1paT2NsR0p2ck9zQlppbVRYcEFUamROTXQKY2x1S3dxQVVVellRbVU3YmYyVE1kT1h5QTlpSDV3SXBqMWtXR0UxVnVGQURUS0lMa1RjNkx6THpPV0NvZkx4ZgpvbmhUdFNEdHpJdi91ZWw1NDdHWnFxK3JWUnZtSWllRXVFdkRFVHd1b29rZlY2cXUzRC85S3VTcjl4aXpubUVnCnh5bnVkL2Y1MjVqcHBKTWNEL29mYlF4VVp1R0t2YjNmM3p5K2FMeHFpZG9YN2djYTJYZDlqeVV5NVkvODMrWk4KYno0UFp4ODFVSnpYVkk5QUJFaDgveGlsQVRoMVp4T2VQVEJKak43bGdyMGxYdEtZalYvNDN5eXhnVVlyWE5aUwpvTFNHMmRMQ0s5bWpqcmFQamF1MzRRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoiIiIKJycnCgoicG9saWN5LnJlZ28iID0gJycnCnBhY2thZ2UgYWdlbnRfcG9saWN5CgppbXBvcnQgZnV0dXJlLmtleXdvcmRzLmluCmltcG9ydCBmdXR1cmUua2V5d29yZHMuZXZlcnkKCmltcG9ydCBpbnB1dAoKIyBEZWZhdWx0IHZhbHVlcywgcmV0dXJuZWQgYnkgT1BBIHdoZW4gcnVsZXMgY2Fubm90IGJlIGV2YWx1YXRlZCB0byB0cnVlLgpkZWZhdWx0IENvcHlGaWxlUmVxdWVzdCA6PSBmYWxzZQpkZWZhdWx0IENyZWF0ZUNvbnRhaW5lclJlcXVlc3QgOj0gZmFsc2UKZGVmYXVsdCBDcmVhdGVTYW5kYm94UmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgRGVzdHJveVNhbmRib3hSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBFeGVjUHJvY2Vzc1JlcXVlc3QgOj0gZmFsc2UKZGVmYXVsdCBHZXRPT01FdmVudFJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IEd1ZXN0RGV0YWlsc1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IE9ubGluZUNQVU1lbVJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFB1bGxJbWFnZVJlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFJlYWRTdHJlYW1SZXF1ZXN0IDo9IGZhbHNlCmRlZmF1bHQgUmVtb3ZlQ29udGFpbmVyUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgUmVtb3ZlU3RhbGVWaXJ0aW9mc1NoYXJlTW91bnRzUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgU2lnbmFsUHJvY2Vzc1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFN0YXJ0Q29udGFpbmVyUmVxdWVzdCA6PSB0cnVlCmRlZmF1bHQgU3RhdHNDb250YWluZXJSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBUdHlXaW5SZXNpemVSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBVcGRhdGVFcGhlbWVyYWxNb3VudHNSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBVcGRhdGVJbnRlcmZhY2VSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBVcGRhdGVSb3V0ZXNSZXF1ZXN0IDo9IHRydWUKZGVmYXVsdCBXYWl0UHJvY2Vzc1JlcXVlc3QgOj0gdHJ1ZQpkZWZhdWx0IFdyaXRlU3RyZWFtUmVxdWVzdCA6PSBmYWxzZQonJyc=" // Test server to simulate the metadata service func startTestServer() *httptest.Server {