edgelesssys · katexochen · Jul 10, 2024 · Jul 5, 2024
diff --git a/cli/cmd/generate.go b/cli/cmd/generate.go
@@ -24,6 +24,7 @@ import (
 	"github.com/edgelesssys/contrast/internal/embedbin"
 	"github.com/edgelesssys/contrast/internal/kuberesource"
 	"github.com/edgelesssys/contrast/internal/manifest"
+	"github.com/edgelesssys/contrast/node-installer/platforms"
 	applyappsv1 "k8s.io/client-go/applyconfigurations/apps/v1"
 	applycorev1 "k8s.io/client-go/applyconfigurations/core/v1"
 
@@ -62,7 +63,11 @@ subcommands.`,
 	cmd.Flags().StringP("settings", "s", settingsFilename, "path to settings (.json) file")
 	cmd.Flags().StringP("genpolicy-cache-path", "c", layersCacheFilename, "path to cache for the cache (.json) file containing the image layers")
 	cmd.Flags().StringP("manifest", "m", manifestFilename, "path to manifest (.json) file")
-	cmd.Flags().String("reference-values", "", "set the default reference values used for attestation (one of: aks)")
+	cmd.Flags().String("reference-values", "",
+		fmt.Sprintf("set the default reference values used for attestation (one of: %s)",
+			strings.Join(platforms.AllStrings(), ", "),
+		),
+	)
 	cmd.Flags().StringArrayP("add-workload-owner-key", "w", []string{workloadOwnerPEM},
 		"add a workload owner key from a PEM file to the manifest (pass more than once to add multiple keys)")
 	cmd.Flags().StringArray("add-seedshare-owner-key", []string{seedshareOwnerPEM},
@@ -121,9 +126,11 @@ func runGenerate(cmd *cobra.Command, args []string) error {
 	}
 
 	defaultManifest := manifest.Default()
-	if flags.referenceValues == "aks" {
+	switch flags.referenceValuesPlatform {
+	case platforms.AKSCloudHypervisorSNP:
 		defaultManifest = manifest.DefaultAKS()
 	}
+
 	defaultManifestData, err := json.MarshalIndent(&defaultManifest, "", "  ")
 	if err != nil {
 		return fmt.Errorf("marshaling default manifest: %w", err)
@@ -523,17 +530,17 @@ func generateSeedshareOwnerKey(flags *generateFlags) error {
 }
 
 type generateFlags struct {
-	policyPath            string
-	settingsPath          string
-	manifestPath          string
-	genpolicyCachePath    string
-	referenceValues       string
-	workloadOwnerKeys     []string
-	seedshareOwnerKeys    []string
-	disableUpdates        bool
-	workspaceDir          string
-	imageReplacementsFile string
-	skipInitializer       bool
+	policyPath              string
+	settingsPath            string
+	manifestPath            string
+	genpolicyCachePath      string
+	referenceValuesPlatform platforms.Platform
+	workloadOwnerKeys       []string
+	seedshareOwnerKeys      []string
+	disableUpdates          bool
+	workspaceDir            string
+	imageReplacementsFile   string
+	skipInitializer         bool
 }
 
 func parseGenerateFlags(cmd *cobra.Command) (*generateFlags, error) {
@@ -557,8 +564,9 @@ func parseGenerateFlags(cmd *cobra.Command) (*generateFlags, error) {
 	if err != nil {
 		return nil, err
 	}
-	if !slices.Contains([]string{"", "aks"}, referenceValues) {
-		return nil, fmt.Errorf("unknown reference values")
+	referenceValuesPlatform, err := platforms.FromString(referenceValues)
+	if err != nil {
+		return nil, fmt.Errorf("invalid reference-values platform: %w", err)
 	}
 	workloadOwnerKeys, err := cmd.Flags().GetStringArray("add-workload-owner-key")
 	if err != nil {
@@ -609,17 +617,17 @@ func parseGenerateFlags(cmd *cobra.Command) (*generateFlags, error) {
 	}
 
 	return &generateFlags{
-		policyPath:            policyPath,
-		settingsPath:          settingsPath,
-		genpolicyCachePath:    genpolicyCachePath,
-		manifestPath:          manifestPath,
-		referenceValues:       referenceValues,
-		workloadOwnerKeys:     workloadOwnerKeys,
-		seedshareOwnerKeys:    seedshareOwnerKeys,
-		disableUpdates:        disableUpdates,
-		workspaceDir:          workspaceDir,
-		imageReplacementsFile: imageReplacementsFile,
-		skipInitializer:       skipInitializer,
+		policyPath:              policyPath,
+		settingsPath:            settingsPath,
+		genpolicyCachePath:      genpolicyCachePath,
+		manifestPath:            manifestPath,
+		referenceValuesPlatform: referenceValuesPlatform,
+		workloadOwnerKeys:       workloadOwnerKeys,
+		seedshareOwnerKeys:      seedshareOwnerKeys,
+		disableUpdates:          disableUpdates,
+		workspaceDir:            workspaceDir,
+		imageReplacementsFile:   imageReplacementsFile,
+		skipInitializer:         skipInitializer,
 	}, nil
 }
 

diff --git a/docs/docs/deployment.md b/docs/docs/deployment.md
@@ -159,7 +159,7 @@ After that, it will generate the execution policies and add them as annotations
 A `manifest.json` with the reference values of your deployment will be created.
 
 ```sh
-contrast generate --reference-values aks resources/
+contrast generate --reference-values aks-clh-snp resources/
 ```
 
 :::warning
@@ -177,7 +177,7 @@ You can disable the Initializer injection completely by specifying the
 `--skip-initializer` flag in the `generate` command.
 
 ```sh
-contrast generate --reference-values aks --skip-initializer resources/
+contrast generate --reference-values aks-clh-snp --skip-initializer resources/
 ```
 
 </TabItem>

diff --git a/docs/docs/examples/emojivoto.md b/docs/docs/examples/emojivoto.md
@@ -70,7 +70,7 @@ annotations to your deployment files. A `manifest.json` file with the reference
 of your deployment will be created:
 
 ```sh
-contrast generate --reference-values aks deployment/
+contrast generate --reference-values aks-clh-snp deployment/
 ```
 
 :::note[Runtime class and Initializer]

@@ -41,7 +41,7 @@ func TestGenpolicy(t *testing.T) {
 				require := require.New(t)
 				args := []string{
 					"--workspace-dir", ct.WorkDir,
-					"--reference-values", "aks",
+					"--reference-values", "aks-clh-snp",
 					"--skip-initializer",
 					path.Join(ct.WorkDir, "resources.yaml"),
 				}

@@ -44,7 +44,7 @@ func TestGetDEnts(t *testing.T) {
 		require := require.New(t)
 		args := []string{
 			"--workspace-dir", ct.WorkDir,
-			"--reference-values", "aks",
+			"--reference-values", "aks-clh-snp",
 			"--skip-initializer",
 			path.Join(ct.WorkDir, "resources.yaml"),
 		}

@@ -138,7 +138,7 @@ func (ct *ContrastTest) Generate(t *testing.T) {
 	args := append(
 		ct.commonArgs(),
 		"--image-replacements", ct.ImageReplacementsFile,
-		"--reference-values", "aks",
+		"--reference-values", "aks-clh-snp",
 		path.Join(ct.WorkDir, "resources.yaml"),
 	)
 

diff --git a/justfile b/justfile
@@ -83,7 +83,7 @@ generate cli=default_cli:
     nix run .#{{ cli }} -- generate \
         --workspace-dir ./{{ workspace_dir }} \
         --image-replacements ./{{ workspace_dir }}/just.containerlookup \
-        --reference-values aks \
+        --reference-values aks-clh-snp \
         ./{{ workspace_dir }}/deployment/*.yml
     duration=$(( $(date +%s) - $t ))
     echo "Generated policies in $duration seconds."

diff --git a/node-installer/platforms/platforms.go b/node-installer/platforms/platforms.go
@@ -5,7 +5,10 @@
 // of Contrast.
 package platforms
 
-import "fmt"
+import (
+	"fmt"
+	"strings"
+)
 
 // Platform is a type that represents a deployment platform of Contrast.
 type Platform int
@@ -21,6 +24,20 @@ const (
 	RKE2QEMUTDX
 )
 
+// All returns a list of all available platforms.
+func All() []Platform {
+	return []Platform{AKSCloudHypervisorSNP, K3sQEMUTDX, RKE2QEMUTDX}
+}
+
+// AllStrings returns a list of all available platforms as strings.
+func AllStrings() []string {
+	platformStrings := make([]string, 0, len(All()))
+	for _, p := range All() {
+		platformStrings = append(platformStrings, p.String())
+	}
+	return platformStrings
+}
+
 // String returns the string representation of the Platform type.
 func (p Platform) String() string {
 	switch p {
@@ -37,12 +54,12 @@ func (p Platform) String() string {
 
 // FromString returns the Platform type corresponding to the given string.
 func FromString(s string) (Platform, error) {
-	switch s {
-	case "AKS-CLH-SNP":
+	switch strings.ToLower(s) {
+	case "aks-clh-snp":
 		return AKSCloudHypervisorSNP, nil
-	case "K3s-QEMU-TDX":
+	case "k3s-qemu-tdx":
 		return K3sQEMUTDX, nil
-	case "RKE2-QEMU-TDX":
+	case "rke2-qemu-tdx":
 		return RKE2QEMUTDX, nil
 	default:
 		return Unknown, fmt.Errorf("unknown platform: %s", s)