This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/develop by this push:
new fb3c93c [config] Specify inbound services in build config
fb3c93c is described below
commit fb3c93c14eb5c0e87eaab2e64dbe3a9a65c20b7c
Author: Mingshen Sun <[email protected]>
AuthorDate: Thu Feb 6 17:15:03 2020 -0800
[config] Specify inbound services in build config
---
config/build.config.toml | 7 +++++
config/config_gen/main.rs | 11 ++++++++
config/config_gen/templates/config.j2 | 45 +++++++++++++++++++++++++-----
services/authentication/enclave/src/lib.rs | 11 ++------
4 files changed, 59 insertions(+), 15 deletions(-)
diff --git a/config/build.config.toml b/config/build.config.toml
index 40baf89..eeb2e5d 100644
--- a/config/build.config.toml
+++ b/config/build.config.toml
@@ -12,3 +12,10 @@ auditor_public_keys = [
# RPC max message size
rpc_max_message_size = 409600
+
+# Specify accepted inbound services to enforce incoming connections via mutual
attestation
+[inbound]
+access_control = ["teaclave_management_service"]
+authentication = ["teaclave_frontend_service"]
+storage = ["teaclave_frontend_service", "teaclave_management_service"]
+management = ["teaclave_frontend_service"]
diff --git a/config/config_gen/main.rs b/config/config_gen/main.rs
index 14e6048..45c99f5 100644
--- a/config/config_gen/main.rs
+++ b/config/config_gen/main.rs
@@ -14,6 +14,15 @@ struct BuildConfigToml {
ias_root_ca_cert: ConfigSource,
auditor_public_keys: Vec<ConfigSource>,
rpc_max_message_size: u32,
+ inbound: Inbound,
+}
+
+#[derive(Serialize, Deserialize)]
+struct Inbound {
+ access_control: Vec<String>,
+ authentication: Vec<String>,
+ management: Vec<String>,
+ storage: Vec<String>,
}
#[derive(Debug, Serialize, Deserialize)]
@@ -44,6 +53,7 @@ struct ConfigTemplate {
ias_root_ca_cert: String,
auditor_public_keys: Vec<String>,
rpc_max_message_size: u32,
+ inbound: Inbound,
}
fn generate_build_config(toml: &Path, out: &Path) {
@@ -61,6 +71,7 @@ fn generate_build_config(toml: &Path, out: &Path) {
ias_root_ca_cert,
auditor_public_keys,
rpc_max_message_size: config.rpc_max_message_size,
+ inbound: config.inbound,
};
let mut f = File::create(out).expect(&format!("Failed to create file: {}",
out.display()));
f.write_all(&config_template.render().unwrap().as_bytes())
diff --git a/config/config_gen/templates/config.j2
b/config/config_gen/templates/config.j2
index 5a2bd31..6dd4f26 100644
--- a/config/config_gen/templates/config.j2
+++ b/config/config_gen/templates/config.j2
@@ -1,16 +1,47 @@
#[derive(Debug)]
-pub struct BuildConfig<'a> {
- pub ias_root_ca_cert: &'a [u8],
- pub auditor_public_keys: &'a [&'a [u8]; {{ auditor_public_keys.len() }}],
+pub struct BuildConfig {
+ pub ias_root_ca_cert: &'static [u8],
+ pub auditor_public_keys: &'static [&'static [u8]; {{
auditor_public_keys.len() }}],
pub rpc_max_message_size: u64,
+ pub inbound: Inbounds,
}
-pub static BUILD_CONFIG: BuildConfig<'static> = BuildConfig {
+#[derive(Debug)]
+pub struct Inbounds {
+ pub access_control: &'static [&'static str; {{
inbound.access_control.len() }}],
+ pub authentication: &'static [&'static str; {{
inbound.authentication.len() }}],
+ pub management: &'static [&'static str; {{ inbound.management.len() }}],
+ pub storage: &'static [&'static str; {{ inbound.storage.len() }}],
+}
+
+pub const BUILD_CONFIG: BuildConfig = BuildConfig {
ias_root_ca_cert: &{{ ias_root_ca_cert }},
auditor_public_keys: &[
-{% for k in auditor_public_keys %}
- &{{ k }},
-{% endfor %}
+ {%- for k in auditor_public_keys %}
+ &{{ k }},
+ {%- endfor %}
],
rpc_max_message_size: {{ rpc_max_message_size }},
+ inbound: Inbounds {
+ access_control: &[
+ {%- for s in inbound.access_control %}
+ "{{ s }}",
+ {%- endfor %}
+ ],
+ authentication: &[
+ {%- for s in inbound.authentication %}
+ "{{ s }}",
+ {%- endfor %}
+ ],
+ management: &[
+ {%- for s in inbound.management %}
+ "{{ s }}",
+ {%- endfor %}
+ ],
+ storage: &[
+ {%- for s in inbound.storage %}
+ "{{ s }}",
+ {%- endfor %}
+ ],
+ }
};
diff --git a/services/authentication/enclave/src/lib.rs
b/services/authentication/enclave/src/lib.rs
index 38a4e0a..d958fb7 100644
--- a/services/authentication/enclave/src/lib.rs
+++ b/services/authentication/enclave/src/lib.rs
@@ -127,18 +127,13 @@ fn start_service(args: &StartServiceInput) ->
anyhow::Result<()> {
.as_ref()
.expect("auditor signatures"),
)?;
- let inbound_services = args
- .config
- .internal_endpoints
+ let accepted_enclave_attrs: Vec<teaclave_types::EnclaveAttr> = BUILD_CONFIG
+ .inbound
.authentication
- .inbound_services
- .as_ref()
- .expect("inbound_service");
- let accepted_enclave_attrs: Vec<teaclave_types::EnclaveAttr> =
inbound_services
.iter()
.map(|service| {
enclave_info
- .get_enclave_attr(&format!("teaclave_{}_service", service))
+ .get_enclave_attr(service)
.expect("enclave_info")
})
.collect();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
