Merge pull request #13 from enclaive/backend-did-build

Backend did build

.dockerignore

@@ -4,3 +4,4 @@
 !build
 !metadata.json
 !docker-extension/build
+!confidential-templates.json

.vscode.example/settings.json

@@ -2,7 +2,8 @@
   "go.lintTool": "golangci-lint",
   "go.lintFlags": ["--fast", "-E", "exportloopref"],
   "gopls": {
-    "build.expandWorkspaceToModule": false
+    "build.expandWorkspaceToModule": false,
+    "importShortcut": "Definition"
   },
   "gitlens.advanced.blame.customArguments": ["--ignore-revs-file", ".git-blame-ignore-revs"]
 }

Dockerfile.graminehello

@@ -0,0 +1,21 @@
+FROM ubuntu:20.04
+RUN apt-get update
+RUN apt-get install curl gnupg git -y
+RUN curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
+RUN echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ focal main' | tee /etc/apt/sources.list.d/gramine.list
+RUN curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -
+RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list
+RUN apt-get update
+RUN apt-get install gramine -y
+
+RUN gramine-sgx-gen-private-key
+
+RUN git clone --depth 1 --branch v1.3.1 https://github.com/gramineproject/gramine.git
+
+RUN apt-get install gcc make -y
+
+WORKDIR gramine/CI-Examples/helloworld
+
+RUN ls
+
+RUN make SGX=1

Dockerfile.marialable

@@ -0,0 +1,2 @@
+FROM sgxdcaprastuff/gramine-mariadb
+LABEL pcc.mrenclave=e556b1f4a686be466b24c8d13df07705d5c1b9c8441281b84aec16c3d778521b pcc.mrsigner=idkidkidk

Dockerfile.test

@@ -0,0 +1,2 @@
+FROM scratch
+LABEL pcc.mrenclave=TEST2 pcc.mrsigner=test2

api/confidential-templates.json

@@ -0,0 +1,40 @@
+[
+    {
+        "ImageName": "sgxdcaprastuff/gramine-mariadb",
+        "LogoURL": "https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_blue-transparent.png",
+        "TemplateName": "mariatemplate",
+        "Inputs": [
+            "username",
+            "password"
+        ],
+        "Secrets": {
+            "init": "CREATE OR REPLACE USER $$$username$$$ IDENTIFIED BY '$$$password$$$';\n GRANT ALL PRIVILEGES ON *.* TO  $$$username$$$ ;"
+        },
+        "ManifestBoilerplate": {
+            "ManifestParameters": {
+                "Files": {
+                    "/app/init.sql": {
+                        "Data": "{{ raw .Secrets.init.Private }}",
+                        "Encoding": "string",
+                        "NoTemplates": false
+                    },
+                    "/dev/attestation/keys/default": {
+                        "Data": "{{ raw .Secrets.app_defaultkey.Private }}",
+                        "Encoding": "string",
+                        "NoTemplates": false
+                    }
+                },
+                "Argv": [
+                    "/app/mariadbd",
+                    "--init-file=/app/init.sql"
+                ]
+            },
+            "ManifestSecrets": {
+                "init": {
+                    "type": "plain",
+                    "UserDefined": true
+                }
+            }
+        }
+    }
+]

api/dataservices/confidentialtemplate/confidentialtemplate.go

@@ -0,0 +1,77 @@
+package confidentialtemplate
+
+import (
+	"fmt"
+
+	"github.com/rs/zerolog/log"
+
+	portainer "github.com/portainer/portainer/api"
+)
+
+const (
+	BucketName = "confidentialtemplates"
+)
+
+type Service struct {
+	connection portainer.Connection
+}
+
+func (service *Service) BucketName() string {
+	return BucketName
+}
+
+// NewService creates a new instance of this conf. compute service.
+func NewService(connection portainer.Connection) (*Service, error) {
+	err := connection.SetServiceName(BucketName)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Service{
+		connection: connection,
+	}, nil
+}
+
+func (service *Service) Create(conftemplateObject *portainer.ConfidentialTemplate) error {
+
+	return service.connection.CreateObject(
+		BucketName,
+		func(id uint64) (int, interface{}) {
+			conftemplateObject.ID = portainer.ConfidentialTemplateId(id)
+			return int(id), conftemplateObject
+		},
+	)
+}
+
+func (service *Service) ConfidentialTemplate(ID portainer.ConfidentialTemplateId) (*portainer.ConfidentialTemplate, error) {
+	var template portainer.ConfidentialTemplate
+	identifier := service.connection.ConvertToKey(int(ID))
+
+	err := service.connection.GetObject(BucketName, identifier, &template)
+	if err != nil {
+		return nil, err
+	}
+
+	return &template, nil
+}
+
+func (service *Service) ConfidentialTemplates() ([]portainer.ConfidentialTemplate, error) {
+	var templates = make([]portainer.ConfidentialTemplate, 0)
+
+	err := service.connection.GetAll(
+		BucketName,
+		&portainer.ConfidentialTemplate{},
+		func(obj interface{}) (interface{}, error) {
+			template, ok := obj.(*portainer.ConfidentialTemplate)
+			if !ok {
+				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to confidential image object")
+				return nil, fmt.Errorf("Failed to convert to confidential image object: %s", obj)
+			}
+
+			templates = append(templates, *template)
+
+			return &portainer.ConfidentialTemplate{}, nil
+		})
+
+	return templates, err
+}

api/dataservices/interface.go

@@ -53,6 +53,7 @@ type (
 		Webhook() WebhookService
 		Key() KeyService
 		SecureImage() SecureImageService
+		ConfidentialTemplate() ConfidentialTemplateService
 	}
 
 	// CoordinatorService for managing coordinators
@@ -355,6 +356,13 @@ type (
 		SecureImages() ([]portainer.SecureImage, error)
 		BucketName() string
 	}
+
+	ConfidentialTemplateService interface {
+		ConfidentialTemplate(ID portainer.ConfidentialTemplateId) (*portainer.ConfidentialTemplate, error)
+		ConfidentialTemplates() ([]portainer.ConfidentialTemplate, error)
+		Create(conftemplateObject *portainer.ConfidentialTemplate) error
+		BucketName() string
+	}
 )
 
 func IsErrObjectNotFound(e error) bool {

api/datastore/services.go

@@ -9,6 +9,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/dataservices/apikeyrepository"
+	"github.com/portainer/portainer/api/dataservices/confidentialtemplate"
 	"github.com/portainer/portainer/api/dataservices/coordinator"
 	coordoinatordeployment "github.com/portainer/portainer/api/dataservices/coordinatordeployment"
 	"github.com/portainer/portainer/api/dataservices/customtemplate"
@@ -82,6 +83,7 @@ type Store struct {
 	WebhookService               *webhook.Service
 	KeyService                   *key.Service
 	SecureImageService           *secureimage.Service
+	ConfidentialTemplateService  *confidentialtemplate.Service
 }
 
 func (store *Store) initServices() error {
@@ -277,6 +279,12 @@ func (store *Store) initServices() error {
 	}
 	store.SecureImageService = secureImageService
 
+	confidentialTemplateService, err := confidentialtemplate.NewService(store.connection)
+	if err != nil {
+		return err
+	}
+	store.ConfidentialTemplateService = confidentialTemplateService
+
 	return nil
 }
 
@@ -421,6 +429,10 @@ func (store *Store) SecureImage() dataservices.SecureImageService {
 	return store.SecureImageService
 }
 
+func (store *Store) ConfidentialTemplate() dataservices.ConfidentialTemplateService {
+	return store.ConfidentialTemplateService
+}
+
 type storeExport struct {
 	CustomTemplate     []portainer.CustomTemplate     `json:"customtemplates,omitempty"`
 	EdgeGroup          []portainer.EdgeGroup          `json:"edgegroups,omitempty"`

api/http/handler/portainercc/confidential_templates_create.go

@@ -0,0 +1,51 @@
+package portainercc
+
+import (
+	"encoding/json"
+	"net/http"
+
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/response"
+	portainer "github.com/portainer/portainer/api"
+)
+
+type ConfTempParams struct {
+	ImageName           string
+	LogoURL             string
+	TemplateName        string
+	Inputs              []portainer.Input
+	Secrets             map[string]string
+	ManifestBoilerplate struct {
+		ManifestParameters portainer.Parameters
+		ManifestSecrets    map[string]portainer.Secret
+	}
+}
+
+func (handler *Handler) createConfidentialTemplate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var params ConfTempParams
+	err := json.NewDecoder(r.Body).Decode(&params)
+
+	if err != nil {
+		return httperror.BadRequest("request body malefomred", err)
+	}
+
+	templateObject := &portainer.ConfidentialTemplate{
+		ImageName:    params.ImageName,
+		LogoURL:      params.LogoURL,
+		TemplateName: params.TemplateName,
+		Inputs:       params.Inputs,
+		Secrets:      params.Secrets,
+		ManifestBoilerplate: struct {
+			ManifestParameters portainer.Parameters        "json:\"ManifestParameters\""
+			ManifestSecrets    map[string]portainer.Secret "json:\"ManifestSecrets\""
+		}(params.ManifestBoilerplate),
+	}
+
+	err = handler.DataStore.ConfidentialTemplate().Create(templateObject)
+
+	if err != nil {
+		return httperror.InternalServerError("could not save template in db", err)
+	}
+
+	return response.JSON(w, templateObject)
+}