Skip to content

Commit

Permalink
cli: install embedded genpolicy tool at runtime
Browse files Browse the repository at this point in the history
  • Loading branch information
@malt3
malt3 committed Feb 1, 2024
1 parent f1951f1 commit 7fe118d
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 11 deletions.
1 change: 1 addition & 0 deletions cli/assets/genpolicy
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# THIS FILE IS REPLACED DURING BUILD AND ONLY HERE TO SATISFY GO TOOLING
2 changes: 2 additions & 0 deletions cli/constants.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ const (
)

var (
//go:embed assets/genpolicy
genpolicyBin []byte
//go:embed assets/genpolicy-settings.json
defaultGenpolicySettings []byte
//go:embed assets/genpolicy-rules.rego
Expand Down
26 changes: 24 additions & 2 deletions cli/generate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"path/filepath"
"strings"

"github.com/edgelesssys/nunki/internal/embedbin"
"github.com/edgelesssys/nunki/internal/manifest"
"github.com/spf13/cobra"
)
Expand Down Expand Up @@ -154,8 +155,21 @@ func generatePolicies(ctx context.Context, regoPath, policyPath string, yamlPath
if err := createFileWithDefault(filepath.Join(regoPath, rulesFilename), defaultRules); err != nil {
return fmt.Errorf("creating default policy.rego file: %w", err)
}
binaryInstallDir, err := installDir()
if err != nil {
return fmt.Errorf("failed to get install dir: %w", err)
}
genpolicyInstall, err := embedbin.Install(binaryInstallDir, genpolicyBin)
if err != nil {
return fmt.Errorf("failed to install genpolicy: %w", err)
}
defer func() {
if err := genpolicyInstall.Uninstall(); err != nil {
logger.Warn("Failed to uninstall genpolicy tool", "err", err)
}
}()
for _, yamlPath := range yamlPaths {
policyHash, err := generatePolicyForFile(ctx, regoPath, policyPath, yamlPath, logger)
policyHash, err := generatePolicyForFile(ctx, genpolicyInstall.Path(), regoPath, policyPath, yamlPath, logger)
if err != nil {
return fmt.Errorf("failed to generate policy for %s: %w", yamlPath, err)
}
Expand All @@ -167,7 +181,7 @@ func generatePolicies(ctx context.Context, regoPath, policyPath string, yamlPath
return nil
}

func generatePolicyForFile(ctx context.Context, regoPath, policyPath, yamlPath string, logger *slog.Logger) ([32]byte, error) {
func generatePolicyForFile(ctx context.Context, genpolicyPath, regoPath, policyPath, yamlPath string, logger *slog.Logger) ([32]byte, error) {
args := []string{
"--raw-out",
"--use-cached-files",
Expand Down Expand Up @@ -248,3 +262,11 @@ func createFileWithDefault(path string, deflt []byte) error {
_, err = file.Write(deflt)
return err
}

func installDir() (string, error) {
home, err := os.UserHomeDir()
if err != nil {
return "", err
}
return filepath.Join(home, ".nunki"), nil
}
12 changes: 4 additions & 8 deletions cli/runtime.go
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
package main

var (
genpolicyPath = "genpolicy"

// DefaultCoordinatorPolicyHash is derived from the coordinator release candidate and injected at release build time.
//
// It is intentionally left empty for dev builds.
DefaultCoordinatorPolicyHash = "" // TODO(burgerdev): actually inject something at build time.
)
// DefaultCoordinatorPolicyHash is derived from the coordinator release candidate and injected at release build time.
//
// It is intentionally left empty for dev builds.
var DefaultCoordinatorPolicyHash = "" // TODO(burgerdev): actually inject something at build time.
2 changes: 1 addition & 1 deletion packages/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ rec {
vendorHash = "sha256-dkFAlqAzVD82yWrrdscZumY4hP/XP3hn8CuZ0tkZuhg=";

prePatch = ''
install -D ${lib.getExe genpolicy} cli/assets/genpolicy
install -D ${genpolicy.settings-dev}/genpolicy-settings.json cli/assets/genpolicy-settings.json
install -D ${genpolicy.rules}/genpolicy-rules.rego cli/assets/genpolicy-rules.rego
'';
Expand All @@ -53,7 +54,6 @@ rec {
ldflags = [
"-s"
"-w"
"-X main.genpolicyPath=${genpolicy}/bin/genpolicy"
];

preCheck = ''
Expand Down

0 comments on commit 7fe118d

Please sign in to comment.