Change runtime-handler naming scheme

The Contrast runtime handlers are now named in the format `contrast-cc-<version>-<platform>`, where `version` and `platform` are lowercase variants of the Contrast version and the deployed platform, dots being replaced with dashes for improved handling in the terminal.

cli/cmd/generate.go

@@ -26,6 +26,7 @@ import (
 	"github.com/edgelesssys/contrast/internal/kuberesource"
 	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/node-installer/platforms"
+	"github.com/edgelesssys/contrast/node-installer/runtimehandler"
 	applyappsv1 "k8s.io/client-go/applyconfigurations/apps/v1"
 	applycorev1 "k8s.io/client-go/applyconfigurations/core/v1"
 
@@ -121,7 +122,7 @@ func runGenerate(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	runtimeHandler, err := mnf.RuntimeHandler(flags.referenceValuesPlatform)
+	runtimeHandler, err := runtimehandler.Name(flags.referenceValuesPlatform)
 	if err != nil {
 		return fmt.Errorf("get runtime handler: %w", err)
 	}

cli/main.go

@@ -13,7 +13,7 @@ import (
 	"text/tabwriter"
 
 	"github.com/edgelesssys/contrast/cli/cmd"
-	"github.com/edgelesssys/contrast/cli/constants"
+	"github.com/edgelesssys/contrast/internal/constants"
 	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/spf13/cobra"
 )

cli/telemetry/telemetry.go

@@ -12,7 +12,7 @@ import (
 	"net/url"
 	"runtime"
 
-	"github.com/edgelesssys/contrast/cli/constants"
+	"github.com/edgelesssys/contrast/internal/constants"
 	"github.com/spf13/cobra"
 )
 

e2e/genpolicy/genpolicy_test.go

@@ -19,8 +19,8 @@ import (
 	"github.com/edgelesssys/contrast/e2e/internal/contrasttest"
 	"github.com/edgelesssys/contrast/e2e/internal/kubeclient"
 	"github.com/edgelesssys/contrast/internal/kuberesource"
-	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/node-installer/platforms"
+	"github.com/edgelesssys/contrast/node-installer/runtimehandler"
 	"github.com/stretchr/testify/require"
 )
 
@@ -36,7 +36,7 @@ func TestGenpolicy(t *testing.T) {
 
 	testCases := kuberesource.GenpolicyRegressionTests()
 
-	runtimeHandler, err := manifest.DefaultPlatformHandler(platform)
+	runtimeHandler, err := runtimehandler.Name(platform)
 	require.NoError(t, err)
 
 	for name, deploy := range testCases {

e2e/getdents/getdents_test.go

@@ -19,8 +19,8 @@ import (
 	"github.com/edgelesssys/contrast/e2e/internal/contrasttest"
 	"github.com/edgelesssys/contrast/e2e/internal/kubeclient"
 	"github.com/edgelesssys/contrast/internal/kuberesource"
-	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/node-installer/platforms"
+	"github.com/edgelesssys/contrast/node-installer/runtimehandler"
 	"github.com/stretchr/testify/require"
 )
 
@@ -39,7 +39,7 @@ func TestGetDEnts(t *testing.T) {
 	// TODO(msanft): Make this configurable
 	platform := platforms.AKSCloudHypervisorSNP
 
-	runtimeHandler, err := manifest.DefaultPlatformHandler(platform)
+	runtimeHandler, err := runtimehandler.Name(platform)
 	require.NoError(t, err)
 
 	resources := kuberesource.GetDEnts()

e2e/openssl/openssl_test.go

@@ -22,6 +22,7 @@ import (
 	"github.com/edgelesssys/contrast/internal/kuberesource"
 	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/node-installer/platforms"
+	"github.com/edgelesssys/contrast/node-installer/runtimehandler"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -47,7 +48,7 @@ func TestOpenSSL(t *testing.T) {
 	// TODO(msanft): Make this configurable
 	platform := platforms.AKSCloudHypervisorSNP
 
-	runtimeHandler, err := manifest.DefaultPlatformHandler(platform)
+	runtimeHandler, err := runtimehandler.Name(platform)
 	require.NoError(t, err)
 
 	resources := kuberesource.OpenSSL()

e2e/policy/policy_test.go

@@ -22,6 +22,7 @@ import (
 	"github.com/edgelesssys/contrast/internal/kuberesource"
 	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/node-installer/platforms"
+	"github.com/edgelesssys/contrast/node-installer/runtimehandler"
 	"github.com/prometheus/common/expfmt"
 	"github.com/stretchr/testify/require"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -44,7 +45,7 @@ func TestPolicy(t *testing.T) {
 	// TODO(msanft): Make this configurable
 	platform := platforms.AKSCloudHypervisorSNP
 
-	runtimeHandler, err := manifest.DefaultPlatformHandler(platform)
+	runtimeHandler, err := runtimehandler.Name(platform)
 	require.NoError(t, err)
 
 	resources := kuberesource.OpenSSL()

e2e/servicemesh/servicemesh_test.go

@@ -20,8 +20,8 @@ import (
 	"github.com/edgelesssys/contrast/e2e/internal/contrasttest"
 	"github.com/edgelesssys/contrast/e2e/internal/kubeclient"
 	"github.com/edgelesssys/contrast/internal/kuberesource"
-	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/node-installer/platforms"
+	"github.com/edgelesssys/contrast/node-installer/runtimehandler"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -38,7 +38,7 @@ func TestIngressEgress(t *testing.T) {
 	// TODO(msanft): Make this configurable
 	platform := platforms.AKSCloudHypervisorSNP
 
-	runtimeHandler, err := manifest.DefaultPlatformHandler(platform)
+	runtimeHandler, err := runtimehandler.Name(platform)
 	require.NoError(t, err)
 
 	resources := kuberesource.Emojivoto(kuberesource.ServiceMeshIngressEgress)

go.mod

@@ -72,6 +72,7 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect

go.sum

@@ -101,6 +101,8 @@ github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE=
 github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
@@ -123,10 +125,12 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

internal/kuberesource/parts.go

@@ -7,8 +7,8 @@ import (
 	"fmt"
 	"strconv"
 
-	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/node-installer/platforms"
+	"github.com/edgelesssys/contrast/node-installer/runtimehandler"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -19,7 +19,7 @@ import (
 
 // ContrastRuntimeClass creates a new RuntimeClassConfig.
 func ContrastRuntimeClass(platform platforms.Platform) (*RuntimeClassConfig, error) {
-	runtimeHandler, err := manifest.DefaultPlatformHandler(platform)
+	runtimeHandler, err := runtimehandler.Name(platform)
 	if err != nil {
 		return nil, fmt.Errorf("getting default runtime handler: %w", err)
 	}
@@ -45,7 +45,7 @@ type NodeInstallerConfig struct {
 func NodeInstaller(namespace string, platform platforms.Platform) (*NodeInstallerConfig, error) {
 	name := "contrast-node-installer"
 
-	runtimeHandler, err := manifest.DefaultPlatformHandler(platform)
+	runtimeHandler, err := runtimehandler.Name(platform)
 	if err != nil {
 		return nil, fmt.Errorf("getting default runtime handler: %w", err)
 	}

internal/kuberesource/resourcegen/main.go

@@ -10,8 +10,8 @@ import (
 	"os"
 
 	"github.com/edgelesssys/contrast/internal/kuberesource"
-	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/node-installer/platforms"
+	"github.com/edgelesssys/contrast/node-installer/runtimehandler"
 )
 
 func main() {
@@ -37,7 +37,7 @@ func main() {
 			log.Fatalf("Error parsing platform: %v", err)
 		}
 
-		runtimeHandler, err = manifest.DefaultPlatformHandler(platform)
+		runtimeHandler, err = runtimehandler.Name(platform)
 		if err != nil {
 			log.Fatalf("Error getting default runtime handler: %v", err)
 		}

internal/manifest/constants.go

@@ -32,15 +32,6 @@ func Default(platform platforms.Platform) (*Manifest, error) {
 	return &mnfst, nil
 }
 
-// DefaultPlatformHandler is a short-hand for getting the default runtime handler for a platform.
-func DefaultPlatformHandler(platform platforms.Platform) (string, error) {
-	mnf, err := Default(platform)
-	if err != nil {
-		return "", fmt.Errorf("generating manifest: %w", err)
-	}
-	return mnf.RuntimeHandler(platform)
-}
-
 // EmbeddedReferenceValues returns the reference values embedded in the binary.
 func EmbeddedReferenceValues() ReferenceValues {
 	return setReferenceValuesIfUninitialized()

internal/manifest/manifest.go

@@ -8,7 +8,6 @@ import (
 	"encoding/base64"
 	"fmt"
 
-	"github.com/edgelesssys/contrast/node-installer/platforms"
 	"github.com/google/go-sev-guest/abi"
 	"github.com/google/go-sev-guest/kds"
 	"github.com/google/go-sev-guest/validate"
@@ -172,15 +171,3 @@ func (m *Manifest) AKSValidateOpts() (*validate.Options, error) {
 		PermitProvisionalFirmware: true,
 	}, nil
 }
-
-// RuntimeHandler returns the runtime handler for the given platform.
-func (m *Manifest) RuntimeHandler(platform platforms.Platform) (string, error) {
-	switch platform {
-	case platforms.AKSCloudHypervisorSNP:
-		return fmt.Sprintf("contrast-cc-%s", m.ReferenceValues.AKS.TrustedMeasurement[:32]), nil
-	case platforms.K3sQEMUTDX, platforms.RKE2QEMUTDX:
-		return fmt.Sprintf("contrast-cc-%s", m.ReferenceValues.BareMetalTDX.TrustedMeasurement[:32]), nil
-	default:
-		return "", fmt.Errorf("unsupported platform %s", platform)
-	}
-}

node-installer/internal/config/config.go

@@ -8,15 +8,12 @@ import (
 	"errors"
 	"net/url"
 	"path/filepath"
-	"regexp"
 )
 
 // Config is the configuration for the node-installer.
 type Config struct {
 	// Files is a list of files to download.
 	Files []File `json:"files"`
-	// RuntimeHandlerName is the name of the runtime handler (containerd runtime) to create.
-	RuntimeHandlerName string `json:"runtimeHandlerName"`
 	// DebugRuntime enables the debug mode of the runtime.
 	// This only works if the igvm file has shell access enabled
 	// and has no effect on production images.
@@ -25,19 +22,6 @@ type Config struct {
 
 // Validate validates the configuration.
 func (c Config) Validate() error {
-	if c.RuntimeHandlerName == "" {
-		return errors.New("runtimeHandlerName is required")
-	}
-	if len(c.RuntimeHandlerName) > 63 {
-		return errors.New("runtimeHandlerName must be 63 characters or fewer")
-	}
-	matched, err := regexp.Match(`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`, []byte(c.RuntimeHandlerName))
-	if err != nil {
-		return err
-	}
-	if !matched {
-		return errors.New("runtimeHandlerName must be a lowercase RFC 1123 subdomain")
-	}
 	for _, file := range c.Files {
 		if err := file.Validate(); err != nil {
 			return err

node-installer/internal/config/config_test.go

@@ -23,7 +23,6 @@ func TestValidate(t *testing.T) {
 		{
 			name: "valid http File",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					URL:       "https://example.com/file1",
 					Path:      "/path/to/file1",
@@ -35,7 +34,6 @@ func TestValidate(t *testing.T) {
 		{
 			name: "valid file File",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					URL:       "file:////example.com/file1",
 					Path:      "/path/to/file1",
@@ -44,42 +42,9 @@ func TestValidate(t *testing.T) {
 			},
 			valid: true,
 		},
-		{
-			name: "missing RuntimeHandlerName",
-			config: Config{
-				Files: []File{{
-					URL:       "https://example.com/file1",
-					Path:      "/path/to/file1",
-					Integrity: "sha256-abcdef123456",
-				}},
-			},
-		},
-		{
-			name: "RuntimeHandlerName too long",
-			config: Config{
-				RuntimeHandlerName: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-				Files: []File{{
-					URL:       "https://example.com/file1",
-					Path:      "/path/to/file1",
-					Integrity: "sha256-abcdef123456",
-				}},
-			},
-		},
-		{
-			name: "RuntimeHandlerName has invalid characters",
-			config: Config{
-				RuntimeHandlerName: "invalid name=",
-				Files: []File{{
-					URL:       "https://example.com/file1",
-					Path:      "/path/to/file1",
-					Integrity: "sha256-abcdef123456",
-				}},
-			},
-		},
 		{
 			name: "missing URL",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					Path:      "/path/to/file1",
 					Integrity: "sha256-abcdef123456",
@@ -89,7 +54,6 @@ func TestValidate(t *testing.T) {
 		{
 			name: "missing Path",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					URL:       "https://example.com/file1",
 					Integrity: "sha256-abcdef123456",
@@ -99,7 +63,6 @@ func TestValidate(t *testing.T) {
 		{
 			name: "missing relative path",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					URL:       "https://example.com/file1",
 					Path:      "path/to/file1",
@@ -110,7 +73,6 @@ func TestValidate(t *testing.T) {
 		{
 			name: "missing Integrity",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					URL:  "https://example.com/file1",
 					Path: "/path/to/file1",
@@ -120,7 +82,6 @@ func TestValidate(t *testing.T) {
 		{
 			name: "invalid URL",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					URL:       "invalid\x00url",
 					Path:      "/path/to/file1",
@@ -131,7 +92,6 @@ func TestValidate(t *testing.T) {
 		{
 			name: "invalid scheme",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					URL:       "ftp://example.com/file1",
 					Path:      "/path/to/file1",
@@ -142,7 +102,6 @@ func TestValidate(t *testing.T) {
 		{
 			name: "invalid Integrity algorithm",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					URL:       "https://example.com/file1",
 					Path:      "/path/to/file1",
@@ -153,7 +112,6 @@ func TestValidate(t *testing.T) {
 		{
 			name: "invalid Integrity value",
 			config: Config{
-				RuntimeHandlerName: "contrast-cc",
 				Files: []File{{
 					URL:       "https://example.com/file1",
 					Path:      "/path/to/file1",