Documentation
¶
Index ¶
- Constants
- Variables
- func EncryptSecret(name string, value []byte, sek x25519.PublicKey) (string, error)
- func ManifestExists() bool
- func PrepareSecrets(cfg []*SecretConfig) map[string][]byte
- type ArtifactsConfig
- type ContainerArtifactsConfig
- type Deployment
- type Manifest
- type ResourcesConfig
- type SecretConfig
- type SecretEnvelope
- type StorageConfig
- type TrustRootConfig
Constants ¶
const ( AppKindRaw = "raw" AppKindContainer = "container" )
Supported ROFL app kinds.
const ( TEETypeSGX = "sgx" TEETypeTDX = "tdx" )
Supported TEE types.
const ( ScriptBuildPre = "build-pre" ScriptBuildPost = "build-post" ScriptBundlePost = "bundle-post" )
Well-known scripts.
const ( StorageKindNone = "none" StorageKindDiskEphemeral = "disk-ephemeral" StorageKindDiskPersistent = "disk-persistent" StorageKindRAM = "ram" )
Supported storage kinds.
const DefaultDeploymentName = "default"
DefaultDeploymentName is the name of the default deployment that must always be defined and is used in case no deployment is passed.
Variables ¶
var LatestBasicArtifacts = ArtifactsConfig{
Firmware: "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.0/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f",
Kernel: "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.0/stage1.bin#06e12cba9b2423b4dd5916f4d84bf9c043f30041ab03aa74006f46ef9c129d22",
Stage2: "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.0/stage2-basic.tar.bz2#72c84d2566959799fdd98fae08c143a8572a5a09ee426be376f9a8bbd1675f2b",
}
LatestBasicArtifacts are the latest TDX ROFL basic app artifacts.
var LatestContainerArtifacts = ArtifactsConfig{ Firmware: "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.0/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f", Kernel: "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.0/stage1.bin#06e12cba9b2423b4dd5916f4d84bf9c043f30041ab03aa74006f46ef9c129d22", Stage2: "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.0/stage2-podman.tar.bz2#827531546f3db6b0945ece7ddab4e10d648eaa3ba1c146b7889d7cb9cbf0b507", Container: ContainerArtifactsConfig{ Runtime: "https://github.com/oasisprotocol/oasis-sdk/releases/download/rofl-containers%2Fv0.4.1/rofl-containers#bdd2735af9ff10c9b1c1e8db535f4751739bd3707600c57b81e80195e6207673", Compose: "compose.yaml", }, }
LatestContainerArtifacts are the latest TDX container app artifacts.
var ManifestFileNames = []string{
"rofl.yaml",
"rofl.yml",
}
ManifestFileNames are the manifest file names that are tried when loading the manifest.
Functions ¶
func EncryptSecret ¶
EncryptSecret encrypts the given secret given its plain-text name and value together with the secrets encryption key (SEK) obtained for the given application. Returns the Base64-encoded value that can be used in the configuration.
func ManifestExists ¶
func ManifestExists() bool
ManifestExists checks whether a manifest file exist. No attempt is made to load, parse or validate any of the found manifest files.
func PrepareSecrets ¶
func PrepareSecrets(cfg []*SecretConfig) map[string][]byte
PrepareSecrets transforms the secrets configuration into a format suitable for updating the ROFL app configuration.
Panics in case the configuration is malformed.
Types ¶
type ArtifactsConfig ¶
type ArtifactsConfig struct {
// Firmware is the URI/path to the firmware artifact (empty to use default).
Firmware string `yaml:"firmware,omitempty" json:"firmware,omitempty"`
// Kernel is the URI/path to the kernel artifact (empty to use default).
Kernel string `yaml:"kernel,omitempty" json:"kernel,omitempty"`
// Stage2 is the URI/path to the stage 2 disk artifact (empty to use default).
Stage2 string `yaml:"stage2,omitempty" json:"stage2,omitempty"`
// Container is the container artifacts configuration.
Container ContainerArtifactsConfig `yaml:"container,omitempty" json:"container,omitempty"`
}
ArtifactsConfig is the artifact location override configuration.
type ContainerArtifactsConfig ¶
type ContainerArtifactsConfig struct {
// Runtime is the URI/path to the container runtime artifact (empty to use default).
Runtime string `yaml:"runtime,omitempty" json:"runtime,omitempty"`
// Compose is the URI/path to the docker-compose.yaml artifact (empty to use default).
Compose string `yaml:"compose,omitempty" json:"compose,omitempty"`
}
ContainerArtifactsConfig is the container artifacts configuration.
type Deployment ¶
type Deployment struct {
// AppID is the Bech32-encoded ROFL app ID.
AppID string `yaml:"app_id,omitempty" json:"app_id,omitempty"`
// Network is the identifier of the network to deploy to.
Network string `yaml:"network" json:"network"`
// ParaTime is the identifier of the paratime to deploy to.
ParaTime string `yaml:"paratime" json:"paratime"`
// Admin is the identifier of the admin account.
Admin string `yaml:"admin,omitempty" json:"admin,omitempty"`
// Debug is a flag denoting whether this is a debuggable deployment.
Debug bool `yaml:"debug,omitempty" json:"debug,omitempty"`
// TrustRoot is the optional trust root configuration.
TrustRoot *TrustRootConfig `yaml:"trust_root,omitempty" json:"trust_root,omitempty"`
// Policy is the ROFL app policy.
Policy *rofl.AppAuthPolicy `yaml:"policy,omitempty" json:"policy,omitempty"`
// Metadata contains custom metadata.
Metadata map[string]string `yaml:"metadata,omitempty" json:"metadata,omitempty"`
// Secrets contains encrypted secrets.
Secrets []*SecretConfig `yaml:"secrets,omitempty" json:"secrets,omitempty"`
}
Deployment describes a single ROFL app deployment.
func (*Deployment) HasAppID ¶
func (d *Deployment) HasAppID() bool
HasAppID returns true iff the deployment has an application identifier set.
func (*Deployment) Validate ¶
func (d *Deployment) Validate() error
Validate validates the manifest for correctness.
type Manifest ¶
type Manifest struct {
// Name is the human readable ROFL app name.
Name string `yaml:"name" json:"name"`
// Version is the ROFL app version.
Version string `yaml:"version" json:"version"`
// TEE is the type of TEE to build for.
TEE string `yaml:"tee" json:"tee"`
// Kind is the kind of ROFL app to build.
Kind string `yaml:"kind" json:"kind"`
// Resources are the requested ROFL app resources.
Resources ResourcesConfig `yaml:"resources" json:"resources"`
// Artifacts are the optional artifact location overrides.
Artifacts *ArtifactsConfig `yaml:"artifacts,omitempty" json:"artifacts,omitempty"`
// Deployments are the ROFL app deployments.
Deployments map[string]*Deployment `yaml:"deployments" json:"deployments"`
// Scripts are custom scripts that are executed by the build system at specific stages.
Scripts map[string]string `yaml:"scripts,omitempty" json:"scripts,omitempty"`
// contains filtered or unexported fields
}
Manifest is the ROFL app manifest that configures various aspects of the app in a single place.
func LoadManifest ¶
LoadManifest attempts to find and load the ROFL app manifest from a local file.
func (*Manifest) Save ¶
Save serializes the manifest and writes it to the file returned by `SourceFileName`, overwriting any previous manifest.
If no previous source filename is available, a default one is set.
func (*Manifest) SourceFileName ¶
SourceFileName returns the filename of the manifest file from which the manifest was loaded or an empty string in case the filename is not available.
type ResourcesConfig ¶
type ResourcesConfig struct {
// Memory is the amount of memory needed by the app in megabytes.
Memory uint64 `yaml:"memory" json:"memory"`
// CPUCount is the number of vCPUs needed by the app.
CPUCount uint8 `yaml:"cpus" json:"cpus"`
// Storage is the storage configuration.
Storage *StorageConfig `yaml:"storage,omitempty" json:"storage,omitempty"`
}
ResourcesConfig is the resources configuration.
func (*ResourcesConfig) Validate ¶
func (r *ResourcesConfig) Validate() error
Validate validates the resources configuration for correctness.
type SecretConfig ¶
type SecretConfig struct {
// Name is the name of the secret.
Name string `yaml:"name" json:"name"`
// PublicName is the public name of the secret. It will be visible to everyone on-chain, but is
// otherwise ignored.
PublicName string `yaml:"public_name,omitempty" json:"public_name,omitempty"`
// Value is the Base64-encoded encrypted value.
Value string `yaml:"value" json:"value"`
}
SecretConfig is the configuration of a given secret.
func (*SecretConfig) Validate ¶
func (s *SecretConfig) Validate() error
Validate validates the secret configuration for correctness.
type SecretEnvelope ¶
type SecretEnvelope struct {
// Pk is the ephemeral public key used for X25519.
Pk x25519.PublicKey `json:"pk"`
// Nonce.
Nonce [deoxysii.NonceSize]byte `json:"nonce"`
// Name is the encrypted secret name.
Name []byte `json:"name"`
// Value is the encrypted secret value.
Value []byte `json:"value"`
}
SecretEnvelope is the envelope used for storing encrypted secrets.
type StorageConfig ¶
type StorageConfig struct {
// Kind is the storage kind.
Kind string `yaml:"kind" json:"kind"`
// Size is the amount of storage in megabytes.
Size uint64 `yaml:"size" json:"size"`
}
StorageConfig is the storage configuration.
func (*StorageConfig) Validate ¶
func (e *StorageConfig) Validate() error
Validate validates the storage configuration for correctness.
type TrustRootConfig ¶
type TrustRootConfig struct {
// Height is the consensus layer block height where to take the trust root.
Height uint64 `yaml:"height,omitempty" json:"height,omitempty"`
// Hash is the consensus layer block header hash corresponding to the passed height.
Hash string `yaml:"hash,omitempty" json:"hash,omitempty"`
}
TrustRootConfig is the trust root configuration.
Source Files