Skip to content

Commit

Permalink
cli: add workspace-dir flag
Browse files Browse the repository at this point in the history
Signed-off-by: Paul Meyer <[email protected]>
  • Loading branch information
katexochen committed Mar 7, 2024
1 parent 7f2a0c6 commit c93bd48
Show file tree
Hide file tree
Showing 7 changed files with 60 additions and 25 deletions.
3 changes: 0 additions & 3 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@ edgcoco
result*
layers_cache
layers-cache.json
mesh-root.pem
coordinator-root.pem
workload-owner.pem
justfile.env
workspace
workspace.cache
Expand Down
24 changes: 23 additions & 1 deletion cli/cmd/generate.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,8 @@ func runGenerate(cmd *cobra.Command, args []string) error {
fmt.Fprintf(cmd.OutOrStdout(), "✔️ Updated manifest %s\n", flags.manifestPath)

if hash := getCoordinatorPolicyHash(policies, log); hash != "" {
if err := os.WriteFile(coordHashFilename, []byte(hash), 0o644); err != nil {
coordHashPath := filepath.Join(flags.workspaceDir, coordHashFilename)
if err := os.WriteFile(coordHashPath, []byte(hash), 0o644); err != nil {
return fmt.Errorf("failed to write coordinator policy hash: %w", err)
}
}
Expand Down Expand Up @@ -324,6 +325,7 @@ type generateFlags struct {
manifestPath string
workloadOwnerKeys []string
disableUpdates bool
workspaceDir string
}

func parseGenerateFlags(cmd *cobra.Command) (*generateFlags, error) {
Expand All @@ -347,13 +349,33 @@ func parseGenerateFlags(cmd *cobra.Command) (*generateFlags, error) {
if err != nil {
return nil, err
}
workspaceDir, err := cmd.Flags().GetString("workspace-dir")
if err != nil {
return nil, err
}
if workspaceDir != "" {
// Prepend default paths with workspaceDir
if !cmd.Flags().Changed("settings") {
settingsPath = filepath.Join(workspaceDir, settingsFilename)
}
if !cmd.Flags().Changed("policy") {
policyPath = filepath.Join(workspaceDir, rulesFilename)
}
if !cmd.Flags().Changed("manifest") {
manifestPath = filepath.Join(workspaceDir, manifestFilename)
}
if !cmd.Flags().Changed("workload-owner-key") {
workloadOwnerKeys = []string{filepath.Join(workspaceDir, workloadOwnerKeys[0])}
}
}

return &generateFlags{
policyPath: policyPath,
settingsPath: settingsPath,
manifestPath: manifestPath,
workloadOwnerKeys: workloadOwnerKeys,
disableUpdates: disableUpdates,
workspaceDir: workspaceDir,
}, nil
}

Expand Down
20 changes: 18 additions & 2 deletions cli/cmd/set.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"log/slog"
"net"
"os"
"path"
"slices"
"time"

Expand Down Expand Up @@ -138,8 +139,8 @@ func runSet(cmd *cobra.Command, args []string) error {
fmt.Fprintln(cmd.OutOrStdout(), "✔️ Manifest set successfully")

filelist := map[string][]byte{
coordRootPEMFilename: resp.CACert,
coordIntermPEMFilename: resp.IntermCert,
path.Join(flags.workspaceDir, coordRootPEMFilename): resp.CACert,
path.Join(flags.workspaceDir, coordIntermPEMFilename): resp.IntermCert,
}
if err := writeFilelist(".", filelist); err != nil {
return fmt.Errorf("writing filelist: %w", err)
Expand All @@ -153,6 +154,7 @@ type setFlags struct {
coordinator string
policy []byte
workloadOwnerKeyPath string
workspaceDir string
}

func parseSetFlags(cmd *cobra.Command) (*setFlags, error) {
Expand All @@ -179,6 +181,20 @@ func parseSetFlags(cmd *cobra.Command) (*setFlags, error) {
if err != nil {
return nil, fmt.Errorf("getting workload-owner-key flag: %w", err)
}
flags.workspaceDir, err = cmd.Flags().GetString("workspace-dir")
if err != nil {
return nil, fmt.Errorf("getting workspace-dir flag: %w", err)
}

if flags.workspaceDir != "" {
// Prepend default paths with workspaceDir
if !cmd.Flags().Changed("manifest") {
flags.manifestPath = path.Join(flags.workspaceDir, flags.manifestPath)
}
if !cmd.Flags().Changed("workload-owner-key") {
flags.workloadOwnerKeyPath = path.Join(flags.workspaceDir, flags.workloadOwnerKeyPath)
}
}

return flags, nil
}
Expand Down
19 changes: 10 additions & 9 deletions cli/cmd/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,8 @@ func NewVerifyCmd() *cobra.Command {
RunE: runVerify,
}

cmd.Flags().StringP("output", "o", verifyDir, "directory to write files to")
// Override persistent workspace-dir flag with a default value.
cmd.Flags().String("workspace-dir", verifyDir, "directory to write files to, if not set explicitly to another location")
cmd.Flags().StringP("coordinator", "c", "", "endpoint the coordinator can be reached at")
must(cobra.MarkFlagRequired(cmd.Flags(), "coordinator"))
cmd.Flags().String("coordinator-policy-hash", DefaultCoordinatorPolicyHash, "expected policy hash of the coordinator, will not be checked if empty")
Expand Down Expand Up @@ -98,7 +99,7 @@ func runVerify(cmd *cobra.Command, _ []string) error {
pHash := manifest.NewHexString(sha256sum[:])
filelist[fmt.Sprintf("policy.%s.rego", pHash)] = p
}
if err := writeFilelist(flags.outputDir, filelist); err != nil {
if err := writeFilelist(flags.workspaceDir, filelist); err != nil {
return fmt.Errorf("writing filelist: %w", err)
}

Expand All @@ -108,17 +109,17 @@ func runVerify(cmd *cobra.Command, _ []string) error {
}

type verifyFlags struct {
coordinator string
outputDir string
policy []byte
coordinator string
workspaceDir string
policy []byte
}

func parseVerifyFlags(cmd *cobra.Command) (*verifyFlags, error) {
coordinator, err := cmd.Flags().GetString("coordinator")
if err != nil {
return nil, err
}
outputDir, err := cmd.Flags().GetString("output")
workspaceDir, err := cmd.Flags().GetString("workspace-dir")
if err != nil {
return nil, err
}
Expand All @@ -132,9 +133,9 @@ func parseVerifyFlags(cmd *cobra.Command) (*verifyFlags, error) {
}

return &verifyFlags{
coordinator: coordinator,
outputDir: outputDir,
policy: policy,
coordinator: coordinator,
workspaceDir: workspaceDir,
policy: policy,
}, nil
}

Expand Down
1 change: 1 addition & 0 deletions cli/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ func newRootCmd() *cobra.Command {
root.SetOut(os.Stdout)

root.PersistentFlags().String("log-level", "warn", "set logging level (debug, info, warn, error, or a number)")
root.PersistentFlags().String("workspace-dir", "", "directory to write files to, if not set explicitly to another location")

root.InitDefaultVersionFlag()
root.AddCommand(
Expand Down
6 changes: 3 additions & 3 deletions e2e/openssl/openssl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,12 +71,12 @@ func TestFrontend(t *testing.T) {
require.NoError(err)
defer cancelPortForward()

output, err := os.MkdirTemp("", "nunki-verify.*")
workspaceDir, err := os.MkdirTemp("", "nunki-verify.*")
require.NoError(err)

verify := cmd.NewVerifyCmd()
verify.SetArgs([]string{
"--output", output,
"--workspace-dir", workspaceDir,
"--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking
"--coordinator", coordinator,
})
Expand All @@ -90,7 +90,7 @@ func TestFrontend(t *testing.T) {
"coordinator-root.pem",
"mesh-root.pem",
} {
pem, err := os.ReadFile(path.Join(output, certFile))
pem, err := os.ReadFile(path.Join(workspaceDir, certFile))
assert.NoError(t, err)
certs[certFile] = pem
}
Expand Down
12 changes: 5 additions & 7 deletions justfile
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,7 @@ generate target=default_deploy_target cli=default_cli:
--replace edg-default {{ target }}${namespace_suffix-}
t=$(date +%s)
nix run .#{{ cli }} -- generate \
-m ./{{ workspace_dir }}/manifest.json \
-p ./{{ workspace_dir }}/rules.rego \
-s ./{{ workspace_dir }}/genpolicy-msft.json \
--workspace-dir ./{{ workspace_dir }} \
./{{ workspace_dir }}/deployment/*.yml
duration=$(( $(date +%s) - $t ))
echo "Generated policies in $duration seconds."
Expand Down Expand Up @@ -102,10 +100,10 @@ set cli=default_cli:
PID=$!
trap "kill $PID" EXIT
nix run .#scripts.wait-for-port-listen -- 1313
policy=$(< ./coordinator-policy.sha256)
policy=$(< ./{{ workspace_dir }}/coordinator-policy.sha256)
t=$(date +%s)
nix run .#{{ cli }} -- set \
-m ./{{ workspace_dir }}/manifest.json \
--workspace-dir ./{{ workspace_dir }} \
-c localhost:1313 \
--coordinator-policy-hash "${policy}" \
./{{ workspace_dir }}/deployment/*.yml
Expand All @@ -126,8 +124,8 @@ verify cli=default_cli:
nix run .#scripts.wait-for-port-listen -- 1314
t=$(date +%s)
nix run .#{{ cli }} -- verify \
-c localhost:1314 \
-o ./{{ workspace_dir }}/verify
--workspace-dir ./{{ workspace_dir }}/verify \
-c localhost:1314
duration=$(( $(date +%s) - $t ))
echo "Verified in $duration seconds."
echo "verify $duration" >> ./{{ workspace_dir }}/just.perf
Expand Down

0 comments on commit c93bd48

Please sign in to comment.