Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve RVPS storage config #633

Merged
merged 4 commits into from
Dec 18, 2024

Conversation

fitzthum
Copy link
Member

@fitzthum fitzthum commented Dec 16, 2024

Improves the RVPS config in two ways

  1. Change the storage config to follow the pattern we are using across Trustee where we use an enum to contain the module type and the variant contains the appropriate config struct. Previously we were using two fields; one for the type and one for an opaque JSON structure.

  2. Get rid of the server config. Previously we had a separate config struct for when the RVPS runs as a server. This duplicated a lot of config values and only added one more field, the address for the RVPS to server. To simplify things, I moved this to be a CLI arg and got rid of this extra config completely. There is a case to be made for keeping the server config, but I think the cli arg makes more sense and is similar to what we do with some other components.

I know there is a bit of overhead when changing the config, but I think this was somewhat inevitable as we begin to refine the RVPS. cc @confidential-containers/kbs-operator-maintainers

Fixes #629

@fitzthum fitzthum requested a review from a team as a code owner December 16, 2024 22:42
Copy link
Member

@Xynnn007 Xynnn007 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the refactoring. Looks like the change upon ReferenceValueStorageConfig would make AS/KBS 's config have another subfield

[rvps.storage]
type = "..."
...

Could you help to add the sections to AS config doc and KBS config doc? Also, if an unit test with explicit rvps section (e.g. here) would be perfect.

rvps/src/bin/rvps.rs Outdated Show resolved Hide resolved
@@ -52,6 +52,11 @@ services:
volumes:
- ./kbs/data/reference-values:/opt/confidential-containers/attestation-service/reference_values:rw
- ./kbs/config/rvps.json:/etc/rvps.json:rw
command: [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure other verifier, I think SE does have something related document here https://github.com/confidential-containers/trustee/blob/main/deps/verifier/src/se/README.md need be revised accordingly, maybe need a new PR to address this change in SE doc. CC @stevenhorsman @bpradipt

Copy link
Member

@stevenhorsman stevenhorsman Dec 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the notice - cc @gauravkuredhat

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh yeah I didn't update any of the docs. I will add a commit to do that

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

Update the configuration for RVPS store (and rename it to storage).
Previously we were using a type field and an opaque json config field.
Combine them into one enum that contains a config struct following the
format that we have started to use elsewhere in Trustee.

Also, change the configuration of the RVPS server binary.
Previously the RVPS server had a separate config file that duplicated
the options in the main config but added one additional parameter to set
the address of the server.

Instead, take the address of the server as a CLI argument and use the
same config struct as the rest of the crate.

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
We can just use the default config for most of the tests.

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
Adjust various configs to match the new RVPS config

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
Update all our configuration descriptions and examples to match the
changes to the RVPS config.

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
Copy link
Contributor

@huoqifeng huoqifeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks! @fitzthum

@huoqifeng huoqifeng merged commit ad12cdb into confidential-containers:main Dec 18, 2024
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Rework RVPS store config
4 participants