Skip to content

Commit

Permalink
PR comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@otherview
otherview committed Nov 30, 2023
1 parent 2a206b1 commit 7544d42
Show file tree
Hide file tree
Showing 11 changed files with 368 additions and 381 deletions.
2 changes: 1 addition & 1 deletion dockerfiles/enclave.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ FROM build-enclave as build-enclave-testmode-true
RUN ego sign enclave-test.json

# Tag the restricted mode as the current build
FROM build-enclave-restrictedmode-${RESTRICTEDMODE} as build-enclave
FROM build-enclave-testmode-${TESTMODE} as build-enclave

# Trigger a new build stage and use the smaller ego version:
FROM ghcr.io/edgelesssys/ego-deploy:v1.3.0
Expand Down
215 changes: 85 additions & 130 deletions go/common/flag/flag.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,166 +3,121 @@ package flag
import (
"flag"
"fmt"
"os"
"strconv"
"strings"
)

// WrappedFlag is a construct that allows to have go flags while obeying to a new set of restrictiveness rules
type WrappedFlag struct {
flagType string
ptr any
defaultValue any
description string
type TenFlag struct {
Name string
Value any
FlagType string
Description string
DefaultValue any
}

// GetString returns the flag current value cast to string
func (f WrappedFlag) GetString() string {
return *f.ptr.(*string)
}

// GetInt64 returns the flag current value cast to int64
func (f WrappedFlag) GetInt64() int64 {
return *f.ptr.(*int64)
}

// GetBool returns the flag current value cast to bool
func (f WrappedFlag) GetBool() bool {
return *f.ptr.(*bool)
}

// singletonFlagger is the singleton instance of the loaded flags
var singletonFlagger = map[string]*WrappedFlag{}

// String directly uses the go flag package
func String(flagName, defaultValue, description string) *string {
return flag.String(flagName, defaultValue, description)
}

// RestrictedString wraps the go flag package depending on the restriction mode
func RestrictedString(flagName, defaultValue, description string) *WrappedFlag {
prtVal := new(string)
singletonFlagger[flagName] = &WrappedFlag{
flagType: "string",
ptr: prtVal,
defaultValue: defaultValue,
description: description,
func NewStringFlag(name, defaultValue, description string) *TenFlag {
return &TenFlag{
Name: name,
Value: "",
FlagType: "string",
Description: description,
DefaultValue: defaultValue,
}
return singletonFlagger[flagName]
}

// Int64 directly uses the go flag package
func Int64(flagName string, defaultValue int64, description string) *int64 {
return flag.Int64(flagName, defaultValue, description)
}

// RestrictedInt64 wraps the go flag package depending on the restriction mode
func RestrictedInt64(flagName string, defaultValue int64, description string) *WrappedFlag {
prtVal := new(int64)
singletonFlagger[flagName] = &WrappedFlag{
flagType: "int64",
ptr: prtVal,
defaultValue: defaultValue,
description: description,
func NewIntFlag(name string, defaultValue int, description string) *TenFlag {
return &TenFlag{
Name: name,
Value: 0,
FlagType: "int",
Description: description,
DefaultValue: defaultValue,
}
return singletonFlagger[flagName]
}

// Bool directly uses the go flag package
func Bool(flagName string, defaultValue bool, description string) *bool {
return flag.Bool(flagName, defaultValue, description)
func NewBoolFlag(name string, defaultValue bool, description string) *TenFlag {
return &TenFlag{
Name: name,
Value: false,
FlagType: "bool",
Description: description,
DefaultValue: defaultValue,
}
}

// RestrictedBool wraps the go flag package depending on the restriction mode
func RestrictedBool(flagName string, defaultValue bool, description string) *WrappedFlag {
prtVal := new(bool)
singletonFlagger[flagName] = &WrappedFlag{
flagType: "bool",
ptr: prtVal,
defaultValue: defaultValue,
description: description,
func NewInt64Flag(name string, defaultValue int64, description string) *TenFlag {
return &TenFlag{
Name: name,
Value: false,
FlagType: "int64",
Description: description,
DefaultValue: defaultValue,
}
return singletonFlagger[flagName]
}

// Int directly uses the go flag package
func Int(flagName string, defaultValue int, description string) *int {
return flag.Int(flagName, defaultValue, description)
func NewUint64Flag(name string, defaultValue uint64, description string) *TenFlag {
return &TenFlag{
Name: name,
Value: false,
FlagType: "uint64",
Description: description,
DefaultValue: defaultValue,
}
}

// Uint64 directly uses the go flag package
func Uint64(flagName string, defaultValue uint64, description string) *uint64 {
return flag.Uint64(flagName, defaultValue, description)
func (f TenFlag) String() string {
if ptrVal, ok := f.Value.(*string); ok {
return *ptrVal
}
return f.Value.(string)
}

// Parse ensures the restricted mode is applied only to restricted flags
// Restricted Mode - Flags can only be inputted via ENV Vars via the enclave.json
// Non-Restricted Mode - Flags can only be inputted via normal CLI command line
func Parse() error {
mandatoryEnvFlags := false
val := os.Getenv("EDG_RESTRICTED")
if val == "true" {
fmt.Println("Using mandatory signed configurations.")
mandatoryEnvFlags = true
func (f TenFlag) Int() int {
if ptrVal, ok := f.Value.(*int); ok {
return *ptrVal
}
return f.Value.(int)
}

for flagName, wflag := range singletonFlagger {
// parse restricted flags if in restricted mode
if mandatoryEnvFlags {
err := parseMandatoryFlags(flagName, wflag)
if err != nil {
return fmt.Errorf("unable to parse mandatory flag: %s - %w", flagName, err)
}
} else {
err := parseNonMandatoryFlag(flagName, wflag)
if err != nil {
return fmt.Errorf("unable to parse flag: %s - %w", flagName, err)
}
}
func (f TenFlag) Int64() int64 {
if ptrVal, ok := f.Value.(*int64); ok {
return *ptrVal
}

// parse all remaining flags
flag.Parse()
return nil
return f.Value.(int64)
}

func parseNonMandatoryFlag(flagName string, wflag *WrappedFlag) error {
switch wflag.flagType {
case "string":
wflag.ptr = flag.String(flagName, wflag.defaultValue.(string), wflag.description)
case "int64":
wflag.ptr = flag.Int64(flagName, wflag.defaultValue.(int64), wflag.description)
case "bool":
wflag.ptr = flag.Bool(flagName, wflag.defaultValue.(bool), wflag.description)
default:
return fmt.Errorf("unexpected type: %s", wflag.flagType)
func (f TenFlag) Uint64() uint64 {
if ptrVal, ok := f.Value.(*uint64); ok {
return *ptrVal
}
return nil
return f.Value.(uint64)
}

func parseMandatoryFlags(flagName string, wflag *WrappedFlag) error {
val := os.Getenv("EDG_" + strings.ToUpper(flagName))
if val == "" {
return fmt.Errorf("mandatory restricted flag not available - %s", flagName)
func (f TenFlag) Bool() bool {
if ptrVal, ok := f.Value.(*bool); ok {
return *ptrVal
}
return f.Value.(bool)
}

switch wflag.flagType {
case "string":
wflag.ptr = &val
case "int64":
i, err := strconv.ParseInt(val, 10, 64)
if err != nil {
return fmt.Errorf("unable to parse flag %s - %w", flagName, err)
}
wflag.ptr = &i
case "bool":
b, err := strconv.ParseBool(val)
if err != nil {
return fmt.Errorf("unable to parse flag %s - %w", flagName, err)
func CreateCLIFlags(flags map[string]*TenFlag) error {
for _, tflag := range flags {
switch tflag.FlagType {
case "string":
tflag.Value = flag.String(tflag.Name, tflag.DefaultValue.(string), tflag.Description)
case "bool":
tflag.Value = flag.Bool(tflag.Name, tflag.DefaultValue.(bool), tflag.Description)
case "int":
tflag.Value = flag.Int(tflag.Name, tflag.DefaultValue.(int), tflag.Description)
case "int64":
tflag.Value = flag.Int64(tflag.Name, tflag.DefaultValue.(int64), tflag.Description)
case "uint64":
tflag.Value = flag.Uint64(tflag.Name, tflag.DefaultValue.(uint64), tflag.Description)
default:
return fmt.Errorf("unexpected flag type %s", tflag.FlagType)
}
wflag.ptr = &b
default:
return fmt.Errorf("unexpected mandatory type: %s", wflag.flagType)
}
return nil
}

func Parse() {
flag.Parse()
}
68 changes: 0 additions & 68 deletions go/common/flag/flag_test.go
View file

This file was deleted.

Loading

0 comments on commit 7544d42

Please sign in to comment.