diff --git a/src/cloud-api-adaptor/cmd/cloud-api-adaptor/main.go b/src/cloud-api-adaptor/cmd/cloud-api-adaptor/main.go index b103dc06d8..cbfa29bc34 100644 --- a/src/cloud-api-adaptor/cmd/cloud-api-adaptor/main.go +++ b/src/cloud-api-adaptor/cmd/cloud-api-adaptor/main.go @@ -25,7 +25,6 @@ import ( const ( programName = "cloud-api-adaptor" - AA_KBC_PARAMS_DEFAULT = "cc_kbc::http://127.0.0.1:8080" ) type daemonConfig struct { @@ -122,7 +121,6 @@ func (cfg *daemonConfig) Setup() (cmd.Starter, error) { flags.StringVar(&cfg.networkConfig.HostInterface, "host-interface", "", "Host Interface") flags.IntVar(&cfg.networkConfig.VXLANPort, "vxlan-port", vxlan.DefaultVXLANPort, "VXLAN UDP port number (VXLAN tunnel mode only") flags.IntVar(&cfg.networkConfig.VXLANMinID, "vxlan-min-id", vxlan.DefaultVXLANMinID, "Minimum VXLAN ID (VXLAN tunnel mode only") - flags.StringVar(&cfg.serverConfig.AAKBCParams, "aa-kbc-params", "", "attestation-agent KBC parameters") flags.BoolVar(&cfg.serverConfig.EnableCloudConfigVerify, "cloud-config-verify", false, "Enable cloud config verify - should use it for production") cloud.ParseCmd(flags) @@ -142,8 +140,6 @@ func (cfg *daemonConfig) Setup() (cmd.Starter, error) { cfg.serverConfig.SecureCommsInbounds = secureCommsInbounds cfg.serverConfig.SecureCommsOutbounds = secureCommsOutbounds cfg.serverConfig.SecureCommsKbsAddress = secureCommsKbsAddr - - cfg.serverConfig.AAKBCParams = AA_KBC_PARAMS_DEFAULT } else { if !disableTLS { cfg.serverConfig.TLSConfig = &tlsConfig diff --git a/src/cloud-api-adaptor/docs/addnewprovider.md b/src/cloud-api-adaptor/docs/addnewprovider.md index 8a2e6bb5af..de023f3185 100644 --- a/src/cloud-api-adaptor/docs/addnewprovider.md +++ b/src/cloud-api-adaptor/docs/addnewprovider.md @@ -282,7 +282,6 @@ optionals+="" [[ "${CERT_FILE}" ]] && [[ "${CERT_KEY}" ]] && optionals+="-cert-file ${CERT_FILE} -cert-key ${CERT_KEY} " [[ "${TLS_SKIP_VERIFY}" ]] && optionals+="-tls-skip-verify " [[ "${PROXY_TIMEOUT}" ]] && optionals+="-proxy-timeout ${PROXY_TIMEOUT} " -[[ "${AA_KBC_PARAMS}" ]] && optionals+="-aa-kbc-params ${AA_KBC_PARAMS} " [[ "${FORWARDER_PORT}" ]] && optionals+="-forwarder-port ${FORWARDER_PORT} " [[ "${CLOUD_CONFIG_VERIFY}" == "true" ]] && optionals+="-cloud-config-verify " @@ -396,7 +395,7 @@ cloud-api-adaptor version v0.8.2-dev cloud-api-adaptor: starting Cloud API Adaptor daemon for "libvirt" 2024/04/17 04:34:56 [adaptor/cloud/libvirt] libvirt config: &libvirt.Config{URI:"qemu+ssh://root@192.168.122.1/system?no_verify=1", PoolName:"default", NetworkName:"default", DataDir:"/opt/data-dir", DisableCVM:true, VolName:"podvm-base.qcow2", LaunchSecurity:"", Firmware:"/usr/share/edk2/ovmf/OVMF_CODE.fd"} 2024/04/17 04:34:56 [adaptor/cloud/libvirt] Created libvirt connection -2024/04/17 04:34:56 [adaptor] server config: &adaptor.ServerConfig{TLSConfig:(*tlsutil.TLSConfig)(0xc0000d4080), SocketPath:"/run/peerpod/hypervisor.sock", CriSocketPath:"", PauseImage:"", PodsDir:"/run/peerpod/pods", ForwarderPort:"15150", ProxyTimeout:300000000000, AAKBCParams:"", EnableCloudConfigVerify:false} +2024/04/17 04:34:56 [adaptor] server config: &adaptor.ServerConfig{TLSConfig:(*tlsutil.TLSConfig)(0xc0000d4080), SocketPath:"/run/peerpod/hypervisor.sock", CriSocketPath:"", PauseImage:"", PodsDir:"/run/peerpod/pods", ForwarderPort:"15150", ProxyTimeout:300000000000, EnableCloudConfigVerify:false} 2024/04/17 04:34:56 [util/k8sops] initialized PeerPodService 2024/04/17 04:34:56 [probe/probe] Using port: 8000 2024/04/17 04:34:56 [adaptor] server started diff --git a/src/cloud-api-adaptor/docs/initdata.md b/src/cloud-api-adaptor/docs/initdata.md index 883595a1e0..02733ba3cb 100644 --- a/src/cloud-api-adaptor/docs/initdata.md +++ b/src/cloud-api-adaptor/docs/initdata.md @@ -2,7 +2,6 @@ The document describes the implementation of the [initdata](https://github.com/confidential-containers/trustee/blob/main/kbs/docs/initdata.md) spec in PeerPods. -Initdata is used when `AA_KBC_PARAMS` is not set at the moment, the plan is to remove `AA_KBC_PARAMS` support after `initdata` function works completely. ## Initdata example diff --git a/src/cloud-api-adaptor/entrypoint.sh b/src/cloud-api-adaptor/entrypoint.sh index 113c2ca9df..b520405ab3 100755 --- a/src/cloud-api-adaptor/entrypoint.sh +++ b/src/cloud-api-adaptor/entrypoint.sh @@ -18,7 +18,6 @@ optionals+="" [[ "${CERT_FILE}" ]] && [[ "${CERT_KEY}" ]] && optionals+="-cert-file ${CERT_FILE} -cert-key ${CERT_KEY} " [[ "${TLS_SKIP_VERIFY}" ]] && optionals+="-tls-skip-verify " [[ "${PROXY_TIMEOUT}" ]] && optionals+="-proxy-timeout ${PROXY_TIMEOUT} " -[[ "${AA_KBC_PARAMS}" ]] && optionals+="-aa-kbc-params ${AA_KBC_PARAMS} " [[ "${FORWARDER_PORT}" ]] && optionals+="-forwarder-port ${FORWARDER_PORT} " [[ "${CLOUD_CONFIG_VERIFY}" == "true" ]] && optionals+="-cloud-config-verify " [[ "${SECURE_COMMS}" == "true" ]] && optionals+="-secure-comms " diff --git a/src/cloud-api-adaptor/install/overlays/azure/kustomization.yaml b/src/cloud-api-adaptor/install/overlays/azure/kustomization.yaml index 4131d98a84..ba6cdc0e59 100644 --- a/src/cloud-api-adaptor/install/overlays/azure/kustomization.yaml +++ b/src/cloud-api-adaptor/install/overlays/azure/kustomization.yaml @@ -33,7 +33,6 @@ configMapGenerator: # /subscriptions//resourceGroups//providers/Microsoft.Compute/images/ - AZURE_IMAGE_ID="" #set - SSH_USERNAME="" #set peer pod vm admin user name - - AA_KBC_PARAMS="" #set KBC params for podvm #- DISABLECVM="" # Uncomment it if you want a generic VM #- PAUSE_IMAGE="" # Uncomment and set if you want to use a specific pause image #- VXLAN_PORT="" # Uncomment and set if you want to use a specific vxlan port. Defaults to 4789 diff --git a/src/cloud-api-adaptor/install/overlays/libvirt/kustomization.yaml b/src/cloud-api-adaptor/install/overlays/libvirt/kustomization.yaml index 4f19d79e79..c66667a90d 100644 --- a/src/cloud-api-adaptor/install/overlays/libvirt/kustomization.yaml +++ b/src/cloud-api-adaptor/install/overlays/libvirt/kustomization.yaml @@ -24,7 +24,6 @@ configMapGenerator: - LIBVIRT_POOL="default" # set - DISABLECVM="true" # set as false to enable confidential VM - SECURE_COMMS="false" # set as true to enable Secure Comms - - AA_KBC_PARAMS="" #set KBC params for podvm #- LIBVIRT_LAUNCH_SECURITY="" #sev or s390-pv #- LIBVIRT_FIRMWARE="" # Uncomment and set if you want to change the firmware path. Defaults to /usr/share/edk2/ovmf/OVMF_CODE.fd #- LIBVIRT_VOL_NAME="" # Uncomment and set if you want to use a specific volume name. Defaults to podvm-base.qcow2 diff --git a/src/cloud-api-adaptor/pkg/aa/config.go b/src/cloud-api-adaptor/pkg/aa/config.go deleted file mode 100644 index a7e089c818..0000000000 --- a/src/cloud-api-adaptor/pkg/aa/config.go +++ /dev/null @@ -1,51 +0,0 @@ -package aa - -import ( - "fmt" - "strings" - - toml "github.com/pelletier/go-toml/v2" -) - -const ( - ConfigFilePath = "/run/peerpod/aa.toml" -) - -type AAConfig struct { - TokenCfg struct { - CocoAs struct { - URL string `toml:"url"` - } `toml:"coco_as"` - Kbs struct { - URL string `toml:"url"` - } `toml:"kbs"` - } `toml:"token_configs"` -} - -func parseAAKBCParams(aaKBCParams string) (string, error) { - parts := strings.SplitN(aaKBCParams, "::", 2) - if len(parts) != 2 { - return "", fmt.Errorf("Invalid aa-kbs-params input: %s", aaKBCParams) - } - _, url := parts[0], parts[1] - return url, nil -} - -func CreateConfigFile(aaKBCParams string) (string, error) { - url, err := parseAAKBCParams(aaKBCParams) - if err != nil { - return "", err - } - - config := AAConfig{} - // Assume KBS and AS has same endpoint - // Need a new parameter in addition to aaKBCParams if deploy AS and KBS separately. - config.TokenCfg.CocoAs.URL = url - config.TokenCfg.Kbs.URL = url - - bytes, err := toml.Marshal(config) - if err != nil { - return "", err - } - return string(bytes), nil -} diff --git a/src/cloud-api-adaptor/pkg/aa/config_test.go b/src/cloud-api-adaptor/pkg/aa/config_test.go deleted file mode 100644 index 2a6f53ea07..0000000000 --- a/src/cloud-api-adaptor/pkg/aa/config_test.go +++ /dev/null @@ -1,36 +0,0 @@ -package aa - -import ( - "testing" -) - -func Test_parseAAKBCParams(t *testing.T) { - url, err := parseAAKBCParams("cc_kbc::http://127.0.0.1:8080") - if err != nil { - t.Error(err) - } - - expected := "http://127.0.0.1:8080" - if url != expected { - t.Errorf("Expected %s, got %s", expected, url) - } -} - -func TestConfigFile(t *testing.T) { - refcfg := `[token_configs] -[token_configs.coco_as] -url = 'http://127.0.0.1:8080' - -[token_configs.kbs] -url = 'http://127.0.0.1:8080' -` - - config, err := CreateConfigFile("cc_kbc::http://127.0.0.1:8080") - if err != nil { - t.Error(err) - } - - if config != refcfg { - t.Errorf("Expected: \n%s, got: \n%s", refcfg, config) - } -} diff --git a/src/cloud-api-adaptor/pkg/adaptor/cloud/cloud.go b/src/cloud-api-adaptor/pkg/adaptor/cloud/cloud.go index 5fd0e1e32f..b470ce24e4 100644 --- a/src/cloud-api-adaptor/pkg/adaptor/cloud/cloud.go +++ b/src/cloud-api-adaptor/pkg/adaptor/cloud/cloud.go @@ -19,11 +19,9 @@ import ( "github.com/containerd/containerd/pkg/cri/annotations" pb "github.com/kata-containers/kata-containers/src/runtime/protocols/hypervisor" - "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/aa" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/adaptor/k8sops" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/adaptor/proxy" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/agent" - "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/cdh" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/forwarder" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/podnetwork" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/securecomms/wnssh" @@ -35,7 +33,9 @@ import ( const ( SrcAuthfilePath = "/root/containers/auth.json" + AaFilePath = "/run/peerpod/aa.toml" AuthFilePath = "/run/peerpod/auth.json" + CdhFilePath = "/run/peerpod/cdh.toml" InitdataPath = "/run/peerpod/initdata" Version = "0.0.0" ) @@ -81,7 +81,7 @@ func (s *cloudService) removeSandbox(id sandboxID) error { } func NewService(provider provider.Provider, proxyFactory proxy.Factory, workerNode podnetwork.WorkerNode, - secureComms bool, secureCommsInbounds, secureCommsOutbounds, kbsAddress, podsDir, daemonPort, aaKBCParams, sshport string) Service { + secureComms bool, secureCommsInbounds, secureCommsOutbounds, kbsAddress, podsDir, daemonPort, sshport string) Service { var err error var sshClient *wnssh.SshClient @@ -101,7 +101,6 @@ func NewService(provider provider.Provider, proxyFactory proxy.Factory, workerNo podsDir: podsDir, daemonPort: daemonPort, workerNode: workerNode, - aaKBCParams: aaKBCParams, sshClient: sshClient, } s.cond = sync.NewCond(&s.mutex) @@ -296,39 +295,13 @@ func (s *cloudService) CreateVM(ctx context.Context, req *pb.CreateVMRequest) (r } } - if s.aaKBCParams != "" { // Keep AA_KBC_PARAMS support as it is used by e2e test, KBS is dynamic k8s service in e2e test - logger.Printf("aaKBCParams: %s, support cc_kbc::*", s.aaKBCParams) - toml, err := cdh.CreateConfigFile(s.aaKBCParams) - if err != nil { - return nil, fmt.Errorf("creating CDH config: %w", err) - } - cloudConfig.WriteFiles = append(cloudConfig.WriteFiles, cloudinit.WriteFile{ - Path: cdh.ConfigFilePath, - Content: toml, - }) - - toml, err = aa.CreateConfigFile(s.aaKBCParams) - if err != nil { - return nil, fmt.Errorf("creating attestation agent config: %w", err) - } - cloudConfig.WriteFiles = append(cloudConfig.WriteFiles, cloudinit.WriteFile{ - Path: aa.ConfigFilePath, - Content: toml, - }) - } - initdataStr := util.GetInitdataFromAnnotation(req.Annotations) logger.Printf("initdata: %s", initdataStr) if initdataStr != "" { - if s.aaKBCParams != "" { - logger.Printf("Initdata ignored because AA_KBC_PARAMS set") - } else { - logger.Printf("Set and use initdata when no AA_KBC_PARAMS") - cloudConfig.WriteFiles = append(cloudConfig.WriteFiles, cloudinit.WriteFile{ - Path: InitdataPath, - Content: initdataStr, - }) - } + cloudConfig.WriteFiles = append(cloudConfig.WriteFiles, cloudinit.WriteFile{ + Path: InitdataPath, + Content: initdataStr, + }) } sandbox := &sandbox{ diff --git a/src/cloud-api-adaptor/pkg/adaptor/cloud/cloud_test.go b/src/cloud-api-adaptor/pkg/adaptor/cloud/cloud_test.go index a8030ef72c..f41900cc00 100644 --- a/src/cloud-api-adaptor/pkg/adaptor/cloud/cloud_test.go +++ b/src/cloud-api-adaptor/pkg/adaptor/cloud/cloud_test.go @@ -117,7 +117,7 @@ func TestCloudService(t *testing.T) { podsDir: dir, } - s := NewService(&mockProvider{}, proxyFactory, &mockWorkerNode{}, false, "", "", "", dir, forwarder.DefaultListenPort, "", "") + s := NewService(&mockProvider{}, proxyFactory, &mockWorkerNode{}, false, "", "", "", dir, forwarder.DefaultListenPort, "") assert.NotNil(t, s) diff --git a/src/cloud-api-adaptor/pkg/adaptor/cloud/types.go b/src/cloud-api-adaptor/pkg/adaptor/cloud/types.go index edb23d7028..7e7295340e 100644 --- a/src/cloud-api-adaptor/pkg/adaptor/cloud/types.go +++ b/src/cloud-api-adaptor/pkg/adaptor/cloud/types.go @@ -35,7 +35,6 @@ type cloudService struct { daemonPort string mutex sync.Mutex ppService *k8sops.PeerPodService - aaKBCParams string sshClient *wnssh.SshClient } diff --git a/src/cloud-api-adaptor/pkg/adaptor/server.go b/src/cloud-api-adaptor/pkg/adaptor/server.go index 8b58a888b3..75643658b4 100644 --- a/src/cloud-api-adaptor/pkg/adaptor/server.go +++ b/src/cloud-api-adaptor/pkg/adaptor/server.go @@ -39,7 +39,6 @@ type ServerConfig struct { PodsDir string ForwarderPort string ProxyTimeout time.Duration - AAKBCParams string EnableCloudConfigVerify bool SecureComms bool SecureCommsInbounds string @@ -71,7 +70,7 @@ func NewServer(provider provider.Provider, cfg *ServerConfig, workerNode podnetw agentFactory := proxy.NewFactory(cfg.PauseImage, cfg.TLSConfig, cfg.ProxyTimeout) cloudService := cloud.NewService(provider, agentFactory, workerNode, - cfg.SecureComms, cfg.SecureCommsInbounds, cfg.SecureCommsOutbounds, cfg.SecureCommsKbsAddress, cfg.PodsDir, cfg.ForwarderPort, cfg.AAKBCParams, sshutil.SSHPORT) + cfg.SecureComms, cfg.SecureCommsInbounds, cfg.SecureCommsOutbounds, cfg.SecureCommsKbsAddress, cfg.PodsDir, cfg.ForwarderPort, sshutil.SSHPORT) vmInfoService := vminfo.NewService(cloudService) return &server{ diff --git a/src/cloud-api-adaptor/pkg/cdh/config.go b/src/cloud-api-adaptor/pkg/cdh/config.go deleted file mode 100644 index 0cc405a9c5..0000000000 --- a/src/cloud-api-adaptor/pkg/cdh/config.go +++ /dev/null @@ -1,48 +0,0 @@ -package cdh - -import ( - "fmt" - "strings" - - "github.com/pelletier/go-toml/v2" -) - -const ( - ConfigFilePath = "/run/peerpod/cdh.toml" - Socket = "unix:///run/confidential-containers/cdh.sock" -) - -type Credential struct{} - -type Config struct { - Socket string `toml:"socket"` - KBC KBCConfig `toml:"kbc"` - Credentials []Credential `toml:"credentials"` -} - -type KBCConfig struct { - Name string `toml:"name"` - URL string `toml:"url"` -} - -func parseAAKBCParams(aaKBCParams string) (*Config, error) { - parts := strings.SplitN(aaKBCParams, "::", 2) - if len(parts) != 2 { - return nil, fmt.Errorf("Invalid aa-kbs-params input: %s", aaKBCParams) - } - name, url := parts[0], parts[1] - kbcConfig := KBCConfig{name, url} - return &Config{Socket, kbcConfig, []Credential{}}, nil -} - -func CreateConfigFile(aaKBCParams string) (string, error) { - config, err := parseAAKBCParams(aaKBCParams) - if err != nil { - return "", err - } - bytes, err := toml.Marshal(config) - if err != nil { - return "", err - } - return string(bytes), nil -} diff --git a/src/cloud-api-adaptor/pkg/cdh/config_test.go b/src/cloud-api-adaptor/pkg/cdh/config_test.go deleted file mode 100644 index d3eb093a4b..0000000000 --- a/src/cloud-api-adaptor/pkg/cdh/config_test.go +++ /dev/null @@ -1,42 +0,0 @@ -package cdh - -import ( - "fmt" - "testing" - - "github.com/pelletier/go-toml/v2" -) - -func TestCDHConfigFileFromAAKBCParams(t *testing.T) { - refdoc := ` -socket = "%s" -credentials = [] -[kbc] -name = "cc_kbc" -url = "http://1.2.3.4:8080" -` - refdoc = fmt.Sprintf(refdoc, Socket) - var refcfg Config - err := toml.Unmarshal([]byte(refdoc), &refcfg) - if err != nil { - panic(err) - } - - config, err := parseAAKBCParams("cc_kbc::http://1.2.3.4:8080") - if err != nil { - t.Error(err) - } - - if config.KBC.Name != refcfg.KBC.Name { - t.Errorf("Expected %s, got %s", refcfg.KBC.Name, config.KBC.Name) - } - if config.KBC.URL != refcfg.KBC.URL { - t.Errorf("Expected %s, got %s", refcfg.KBC.URL, config.KBC.URL) - } - if config.Socket != refcfg.Socket { - t.Errorf("Expected %s, got %s", refcfg.Socket, config.Socket) - } - if len(config.Credentials) != 0 { - t.Errorf("Expected empty credentials array") - } -} diff --git a/src/cloud-api-adaptor/pkg/userdata/provision.go b/src/cloud-api-adaptor/pkg/userdata/provision.go index cc5f2909ec..f7ae922d47 100644 --- a/src/cloud-api-adaptor/pkg/userdata/provision.go +++ b/src/cloud-api-adaptor/pkg/userdata/provision.go @@ -14,10 +14,8 @@ import ( "time" "github.com/avast/retry-go/v4" - "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/aa" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/adaptor/cloud" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/agent" - "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/cdh" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/pkg/forwarder" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-providers/aws" "github.com/confidential-containers/cloud-api-adaptor/src/cloud-providers/azure" @@ -33,8 +31,8 @@ const ( ) var logger = log.New(log.Writer(), "[userdata/provision] ", log.LstdFlags|log.Lmsgprefix) -var WriteFilesList = []string{aa.ConfigFilePath, cdh.ConfigFilePath, agent.ConfigFilePath, forwarder.DefaultConfigPath, cloud.AuthFilePath, cloud.InitdataPath} -var InitdDataFilesList = []string{aa.ConfigFilePath, cdh.ConfigFilePath, PolicyPath} +var WriteFilesList = []string{cloud.AaFilePath, cloud.CdhFilePath, agent.ConfigFilePath, forwarder.DefaultConfigPath, cloud.AuthFilePath, cloud.InitdataPath} +var InitdDataFilesList = []string{cloud.AaFilePath, cloud.CdhFilePath, PolicyPath} type Config struct { fetchTimeout int diff --git a/src/cloud-api-adaptor/test/provisioner/azure/provision_common.go b/src/cloud-api-adaptor/test/provisioner/azure/provision_common.go index cc4bcc84c4..c00ad5f589 100644 --- a/src/cloud-api-adaptor/test/provisioner/azure/provision_common.go +++ b/src/cloud-api-adaptor/test/provisioner/azure/provision_common.go @@ -381,7 +381,7 @@ func (p *AzureCloudProvisioner) UploadPodvm(imagePath string, ctx context.Contex func isAzureKustomizeConfigMapKey(key string) bool { switch key { - case "CLOUD_PROVIDER", "AZURE_SUBSCRIPTION_ID", "AZURE_REGION", "AZURE_INSTANCE_SIZE", "AZURE_RESOURCE_GROUP", "AZURE_SUBNET_ID", "AZURE_IMAGE_ID", "SSH_USERNAME", "AA_KBC_PARAMS", "TAGS": + case "CLOUD_PROVIDER", "AZURE_SUBSCRIPTION_ID", "AZURE_REGION", "AZURE_INSTANCE_SIZE", "AZURE_RESOURCE_GROUP", "AZURE_SUBNET_ID", "AZURE_IMAGE_ID", "SSH_USERNAME", "TAGS": return true default: return false diff --git a/src/cloud-api-adaptor/test/provisioner/docker/provision_common.go b/src/cloud-api-adaptor/test/provisioner/docker/provision_common.go index f715500f1f..fb92e3b555 100644 --- a/src/cloud-api-adaptor/test/provisioner/docker/provision_common.go +++ b/src/cloud-api-adaptor/test/provisioner/docker/provision_common.go @@ -206,7 +206,7 @@ func NewDockerInstallOverlay(installDir, provider string) (pv.InstallOverlay, er func isDockerKustomizeConfigMapKey(key string) bool { switch key { - case "CLOUD_PROVIDER", "DOCKER_HOST", "DOCKER_API_VERSION", "DOCKER_PODVM_IMAGE", "DOCKER_NETWORK_NAME", "AA_KBC_PARAMS": + case "CLOUD_PROVIDER", "DOCKER_HOST", "DOCKER_API_VERSION", "DOCKER_PODVM_IMAGE", "DOCKER_NETWORK_NAME": return true default: return false diff --git a/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go b/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go index d6532d6e99..9081a54a7a 100644 --- a/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go +++ b/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go @@ -326,7 +326,6 @@ func (lio *LibvirtInstallOverlay) Edit(ctx context.Context, cfg *envconf.Config, "podvm_volume": {"", "LIBVIRT_VOL_NAME"}, "uri": {"qemu+ssh://root@192.168.122.1/system?no_verify=1", "LIBVIRT_URI"}, "vxlan_port": {"", "VXLAN_PORT"}, - "AA_KBC_PARAMS": {"", "AA_KBC_PARAMS"}, } for k, v := range mapProps { diff --git a/src/cloud-api-adaptor/test/tools/provisioner-cli/main.go b/src/cloud-api-adaptor/test/tools/provisioner-cli/main.go index c97836a4e9..d8bd86088b 100644 --- a/src/cloud-api-adaptor/test/tools/provisioner-cli/main.go +++ b/src/cloud-api-adaptor/test/tools/provisioner-cli/main.go @@ -108,12 +108,10 @@ func main() { if err != nil { log.Fatal(err) } - - kbsparams := "cc_kbc::" + kbsEndpoint - log.Infof("KBS PARAMS: %s", kbsparams) + + log.Infof("keyBrokerService: %s", kbsEndpoint) props = provisioner.GetProperties(context.TODO(), cfg) - props["AA_KBC_PARAMS"] = kbsparams } cloudAPIAdaptor, err := pv.NewCloudAPIAdaptor(cloudProvider, installDirectory) diff --git a/src/cloud-providers/util/cloudinit/cloudconfig.go b/src/cloud-providers/util/cloudinit/cloudconfig.go index 49d23f13a8..fa261fc479 100644 --- a/src/cloud-providers/util/cloudinit/cloudconfig.go +++ b/src/cloud-providers/util/cloudinit/cloudconfig.go @@ -13,7 +13,6 @@ import ( const ( DefaultAuthfileLimit = 12288 // TODO: use a whole userdata limit mechanism instead of limiting authfile - DefaultAAKBCParamsPath = "/etc/attestation-agent/kbc-params.json" ) // https://cloudinit.readthedocs.io/en/latest/topics/format.html#cloud-config-data diff --git a/src/cloud-providers/util/cloudinit/cloudconfig_test.go b/src/cloud-providers/util/cloudinit/cloudconfig_test.go index 50641af336..9dec9e98c1 100644 --- a/src/cloud-providers/util/cloudinit/cloudconfig_test.go +++ b/src/cloud-providers/util/cloudinit/cloudconfig_test.go @@ -137,11 +137,10 @@ func TestUserDataWithDaemonAndAuth(t *testing.T) { } -// Test userData with a daemon.json file, an auth.json file and -// kbc-params. -// The test should verify that the config has the daemon.json, auth.json and kbc-params +// Test userData with a daemon.json file, an auth.json file +// The test should verify that the config has the daemon.json, auth.json // files in the write_files section. -func TestUserDataWithDaemonAndAuthAndAAKBCParams(t *testing.T) { +func TestUserDataWithDaemonAndAuth(t *testing.T) { testDaemonConfigJson := `{ "pod-network": { "podip": "10.244.0.19/24", @@ -218,7 +217,7 @@ func TestUserDataWithDaemonAndAuthAndAAKBCParams(t *testing.T) { // Pretty print the userData output fmt.Printf("userData: %s\n", output) - // Verify that the output yaml has the testDaemonConfigJson, testb64AuthJson and testAAKBCParams contents + // Verify that the output yaml has the testDaemonConfigJson, testb64AuthJson // in the write_files section if !strings.Contains(output.WriteFiles[0].Content, testDaemonConfigJson) { t.Fatalf("Expect %q, got %q", testDaemonConfigJson, output.WriteFiles[0].Content)