Skip to content

Commit 775bacf

Browse files
abuabraham-ttdabuabraham-ttd
authored
Remove and replace additional operations in enclave start (#1289)
* Remove and replace additional operations in enclave start
1 parent 0347876 commit 775bacf

14 files changed

Lines changed: 102 additions & 233 deletions

Makefile.eif

Lines changed: 11 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -13,46 +13,37 @@ all: build_eif
1313

1414
build_eif: uid2operator.eif euidoperator.eif
1515

16-
uid2operator.eif: build_artifacts build_configs build/proxies.nitro.yaml build/syslog-ng-client.conf build/syslog-ng-core_4.6.0-1_amd64.deb build/syslog-ng-ose-pub.asc build/entrypoint.sh build/vsockpx build/Dockerfile build/load_config.py build/make_config.py
16+
uid2operator.eif: build_artifacts build_configs build/proxies.nitro.yaml build/syslog-ng-client.conf build/syslog-ng-core_4.6.0-1_amd64.deb build/syslog-ng-ose-pub.asc build/entrypoint.sh build/vsockpx build/Dockerfile
1717
cd build; docker build -t uid2operator . --build-arg JAR_VERSION=`cat package.version` --build-arg IMAGE_VERSION=`cat package.version`-`git show --format="%h" --no-patch`; docker save -o ./uid2operator.tar uid2operator; docker cp ./uid2operator.tar amazonlinux:/uid2operator.tar; rm -f ./uid2operator.tar
1818
docker exec amazonlinux bash aws_nitro_eif.sh uid2operator
1919

20-
euidoperator.eif: build_artifacts build_configs build/proxies.nitro.yaml build/syslog-ng-client.conf build/syslog-ng-core_4.6.0-1_amd64.deb build/syslog-ng-ose-pub.asc build/entrypoint.sh build/vsockpx build/Dockerfile build/load_config.py build/make_config.py
20+
euidoperator.eif: build_artifacts build_configs build/proxies.nitro.yaml build/syslog-ng-client.conf build/syslog-ng-core_4.6.0-1_amd64.deb build/syslog-ng-ose-pub.asc build/entrypoint.sh build/vsockpx build/Dockerfile
2121
cd build; docker build -t euidoperator . --build-arg IDENTITY_SCOPE='EUID' --build-arg JAR_VERSION=`cat package.version` --build-arg IMAGE_VERSION=`cat package.version`-`git show --format="%h" --no-patch`; docker save -o ./euidoperator.tar euidoperator; docker cp ./euidoperator.tar amazonlinux:/euidoperator.tar; rm -f ./euidoperator.tar
2222
docker exec amazonlinux bash aws_nitro_eif.sh euidoperator
2323

24-
##################################################################################################################################################################
25-
26-
# Config scripts
27-
28-
build/load_config.py: ./scripts/aws/load_config.py
29-
cp ./scripts/aws/load_config.py ./build/
30-
31-
build/make_config.py: ./scripts/aws/make_config.py
32-
cp ./scripts/aws/make_config.py ./build/
3324

3425
##################################################################################################################################################################
3526

3627
# Configs
3728

3829
.PHONY: build_configs
3930

40-
build_configs: build/conf/default-config.json build/conf/prod-uid2-config.json build/conf/integ-uid2-config.json build/conf/prod-euid-config.json build/conf/integ-euid-config.json build/conf/logback.xml build/conf/logback-debug.xml
31+
build_configs: build/conf/default-config.json build/conf/euid-integ-config.json build/conf/euid-prod-config.json build/conf/uid2-integ-config.json build/conf/uid2-prod-config.json build/conf/logback.xml build/conf/logback-debug.xml
4132

4233
build/conf/default-config.json: build_artifacts ./scripts/aws/conf/default-config.json
4334
cp ./scripts/aws/conf/default-config.json ./build/conf/
4435

45-
build/conf/prod-uid2-config.json: build_artifacts ./scripts/aws/conf/prod-uid2-config.json
46-
cp ./scripts/aws/conf/prod-uid2-config.json ./build/conf/
36+
build/conf/euid-integ-config.json: build_artifacts ./scripts/aws/conf/euid-integ-config.json
37+
cp ./scripts/aws/conf/euid-integ-config.json ./build/conf/
4738

48-
build/conf/prod-euid-config.json: build_artifacts ./scripts/aws/conf/prod-euid-config.json
49-
cp ./scripts/aws/conf/prod-euid-config.json ./build/conf/
39+
build/conf/euid-prod-config.json: build_artifacts ./scripts/aws/conf/euid-prod-config.json
40+
cp ./scripts/aws/conf/euid-prod-config.json ./build/conf/
5041

51-
build/conf/integ-uid2-config.json: build_artifacts ./scripts/aws/conf/integ-uid2-config.json
52-
cp ./scripts/aws/conf/integ-uid2-config.json ./build/conf/
42+
build/conf/uid2-integ-config.json: build_artifacts ./scripts/aws/conf/uid2-integ-config.json
43+
cp ./scripts/aws/conf/uid2-integ-config.json ./build/conf/
5344

54-
build/conf/integ-euid-config.json: build_artifacts ./scripts/aws/conf/integ-euid-config.json
55-
cp ./scripts/aws/conf/integ-euid-config.json ./build/conf/
45+
build/conf/uid2-prod-config.json: build_artifacts ./scripts/aws/conf/uid2-prod-config.json
46+
cp ./scripts/aws/conf/uid2-prod-config.json ./build/conf/
5647

5748
build/conf/logback.xml: build_artifacts ./scripts/aws/conf/logback.xml
5849
cp ./scripts/aws/conf/logback.xml ./build/conf/

scripts/aws/Dockerfile

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -31,14 +31,10 @@ COPY ./target/${JAR_NAME}-${JAR_VERSION}-jar-with-dependencies.jar /app/${JAR_NA
3131
COPY ./static /app/static
3232
COPY ./libjnsm.so /app/lib/
3333
COPY ./vsockpx /app/
34-
COPY ./make_config.py /app/
3534
COPY ./entrypoint.sh /app/
3635
COPY ./proxies.nitro.yaml /app/
3736
COPY ./conf/default-config.json /app/conf/
38-
COPY ./conf/prod-uid2-config.json /app/conf/
39-
COPY ./conf/integ-uid2-config.json /app/conf/
40-
COPY ./conf/prod-euid-config.json /app/conf/
41-
COPY ./conf/integ-euid-config.json /app/conf/
37+
COPY ./conf/*.json /app/conf/
4238
COPY ./conf/*.xml /app/conf/
4339
COPY ./syslog-ng-client.conf /etc/syslog-ng/syslog-ng.conf
4440

scripts/aws/EUID_CloudFormation.template.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -165,7 +165,7 @@ Resources:
165165
- !If [IsIntegEnvironment, 'https://core.integ.euid.eu', 'https://core.prod.euid.eu']
166166
- ', "optout_base_url": '
167167
- !If [IsIntegEnvironment, 'https://optout.integ.euid.eu', 'https://optout.prod.euid.eu']
168-
- ', "api_token": "'
168+
- ', "operator_key": "'
169169
- Ref: APIToken
170170
- '"'
171171
- ', "service_instances": 6'

scripts/aws/UID_CloudFormation.template.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,7 @@ Resources:
193193
- !If [IsIntegEnvironment, 'https://core-integ.uidapi.com', 'https://core.uidapi.com']
194194
- ', "optout_base_url": '
195195
- !If [IsIntegEnvironment, 'https://optout-integ.uidapi.com', 'https://optout.uidapi.com']
196-
- ', "api_token": "'
196+
- ', "operator_key": "'
197197
- Ref: APIToken
198198
- '"'
199199
- ', "service_instances": 6'

scripts/aws/conf/integ-euid-config.json renamed to scripts/aws/conf/euid-integ-config.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,4 @@
1212
"optout_api_uri": "https://optout.integ.euid.eu/optout/replicate",
1313
"optout_s3_folder": "optout/",
1414
"allow_legacy_api": false
15-
}
15+
}

scripts/aws/conf/prod-euid-config.json renamed to scripts/aws/conf/euid-prod-config.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,4 +28,4 @@
2828
"enable_phone_support": true,
2929
"enable_v1_phone_support": false,
3030
"enable_v2_encryption": true
31-
}
31+
}

scripts/aws/conf/integ-uid2-config.json renamed to scripts/aws/conf/uid2-integ-config.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,4 @@
1212
"optout_api_uri": "https://optout-integ.uidapi.com/optout/replicate",
1313
"optout_s3_folder": "uid-optout-integ/",
1414
"allow_legacy_api": false
15-
}
15+
}

scripts/aws/conf/prod-uid2-config.json renamed to scripts/aws/conf/uid2-prod-config.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,4 +23,4 @@
2323
"refresh_token_expires_after_seconds": 2592000,
2424
"refresh_identity_token_after_seconds": 3600,
2525
"allow_legacy_api": false
26-
}
26+
}

scripts/aws/config-server/app.py

Lines changed: 0 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -10,25 +10,6 @@ def get_config():
1010
with open('/etc/secret/secret-value/config', 'r') as secret_file:
1111
secret_value = secret_file.read().strip()
1212
secret_value_json = json.loads(secret_value)
13-
secret_value_json["environment"] = secret_value_json["environment"].lower()
14-
if "core_base_url" in secret_value_json:
15-
secret_value_json["core_base_url"] = secret_value_json["core_base_url"].lower()
16-
if "optout_base_url" in secret_value_json:
17-
secret_value_json["optout_base_url"] = secret_value_json["optout_base_url"].lower()
18-
if "operator_type" in secret_value_json and secret_value_json["operator_type"].lower() == "public":
19-
mount_path = '/etc/config/config-values'
20-
if os.path.exists(mount_path):
21-
config_keys = [f for f in os.listdir(mount_path) if os.path.isfile(os.path.join(mount_path, f))]
22-
config = {}
23-
for k in config_keys:
24-
with open(os.path.join(mount_path, k), 'r') as value:
25-
config[k] = value.read()
26-
try:
27-
json.loads(config[k])
28-
config[k] = json.loads(config[k])
29-
except Exception:
30-
pass
31-
secret_value_json.update(config)
3213
return json.dumps(secret_value_json)
3314
except Exception as e:
3415
return str(e), 500

scripts/aws/ec2.py

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@
2121
class AWSConfidentialComputeConfig(ConfidentialComputeConfig):
2222
enclave_memory_mb: int
2323
enclave_cpu_count: int
24+
core_api_token: str
25+
optout_api_token: str
2426

2527
class AuxiliaryConfig:
2628
FLASK_PORT: str = "27015"
@@ -51,7 +53,7 @@ def get_meta_url(cls) -> str:
5153
class EC2EntryPoint(ConfidentialCompute):
5254

5355
def __init__(self):
54-
self.configs: AWSConfidentialComputeConfig = {}
56+
super().__init__()
5557

5658
def __get_aws_token(self) -> str:
5759
"""Fetches a temporary AWS EC2 metadata token."""
@@ -87,18 +89,21 @@ def __validate_aws_specific_config(self):
8789
def _set_confidential_config(self, secret_identifier: str) -> None:
8890
"""Fetches a secret value from AWS Secrets Manager and adds defaults"""
8991

90-
def add_defaults(configs: Dict[str, any]) -> None:
92+
def add_defaults(configs: Dict[str, any]) -> AWSConfidentialComputeConfig:
9193
"""Adds default values to configuration if missing."""
9294
default_capacity = self.__get_max_capacity()
9395
configs.setdefault("enclave_memory_mb", default_capacity["enclave_memory_mb"])
9496
configs.setdefault("enclave_cpu_count", default_capacity["enclave_cpu_count"])
9597
configs.setdefault("debug_mode", False)
98+
configs.setdefault("core_api_token", configs.get("api_token", ""))
99+
configs.setdefault("optout_api_token", configs.get("api_token", ""))
100+
return configs
96101

97102
region = self.__get_current_region()
98103
print(f"Running in {region}")
99104
client = boto3.client("secretsmanager", region_name=region)
100105
try:
101-
add_defaults(json.loads(client.get_secret_value(SecretId=secret_identifier)["SecretString"]))
106+
self.configs = add_defaults(json.loads(client.get_secret_value(SecretId=secret_identifier)["SecretString"]))
102107
self.__validate_aws_specific_config()
103108
except NoCredentialsError as _:
104109
raise MissingInstanceProfile(self.__class__.__name__)
@@ -203,7 +208,7 @@ def __run_nitro_enclave(self):
203208
if self.configs.get('debug_mode', False):
204209
print("Running in debug_mode")
205210
command += ["--debug-mode", "--attach-console"]
206-
self.run_command(command, separate_process=True)
211+
self.run_command(command, separate_process=False)
207212

208213
def run_compute(self) -> None:
209214
"""Main execution flow for confidential compute."""

0 commit comments

Comments
 (0)