From ef32e72f10ad14486c1496e929f6ca51de92dd17 Mon Sep 17 00:00:00 2001 From: Hannah Neary Date: Tue, 5 Dec 2023 10:51:31 +0000 Subject: [PATCH] Rename Cages -> Enclaves rename init flag --- .github/workflows/lint-and-test-cli.yml | 4 +- .github/workflows/release-cli-version.yml | 38 +-- Cargo.lock | 2 +- Cargo.toml | 2 +- README.md | 66 ++-- scripts/install.template | 10 +- scripts/update-versions.sh | 2 +- src/api/client.rs | 2 +- src/api/{cage.rs => enclave.rs} | 378 +++++++++++----------- src/api/mod.rs | 2 +- src/attest/error.rs | 2 +- src/attest/mod.rs | 10 +- src/build/error.rs | 6 +- src/build/mod.rs | 97 +++--- src/cert/error.rs | 2 +- src/cert/mod.rs | 82 ++--- src/cli/attest.rs | 16 +- src/cli/build.rs | 20 +- src/cli/cert.rs | 42 +-- src/cli/delete.rs | 20 +- src/cli/deploy.rs | 70 ++-- src/cli/encrypt.rs | 14 +- src/cli/env.rs | 18 +- src/cli/init.rs | 86 ++--- src/cli/list.rs | 48 +-- src/cli/logs.rs | 26 +- src/cli/restart.rs | 32 +- src/cli/scale.rs | 52 +-- src/common.rs | 16 +- src/config.rs | 100 +++--- src/delete/error.rs | 6 +- src/delete/mod.rs | 80 ++--- src/deploy/error.rs | 8 +- src/deploy/mod.rs | 189 +++++------ src/encrypt/mod.rs | 10 +- src/env/mod.rs | 43 +-- src/logs/mod.rs | 16 +- src/main.rs | 12 +- src/progress.rs | 6 +- src/restart/mod.rs | 28 +- src/test_utils.rs | 43 +-- src/version/mod.rs | 2 +- test.cage.toml | 4 +- testRepro.Dockerfile | 6 +- 44 files changed, 877 insertions(+), 841 deletions(-) rename src/api/{cage.rs => enclave.rs} (67%) diff --git a/.github/workflows/lint-and-test-cli.yml b/.github/workflows/lint-and-test-cli.yml index ee83ea7a..6618c99c 100644 --- a/.github/workflows/lint-and-test-cli.yml +++ b/.github/workflows/lint-and-test-cli.yml @@ -20,12 +20,12 @@ jobs: override: true components: rustfmt, clippy - name: Compile project - run: cargo build --all-features -p ev-cage -Z registry-auth + run: cargo build --all-features -p ev-enclave -Z registry-auth env: CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.RUST_CRYPTO_REGISTRY }} CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN: ${{ secrets.CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN }} - name: Test project - run: cargo test -p ev-cage + run: cargo test -p ev-enclave env: CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.RUST_CRYPTO_REGISTRY }} - name: Format project diff --git a/.github/workflows/release-cli-version.yml b/.github/workflows/release-cli-version.yml index 183033ab..e78e2543 100644 --- a/.github/workflows/release-cli-version.yml +++ b/.github/workflows/release-cli-version.yml @@ -1,4 +1,4 @@ -name: Release Cage CLI version +name: Release Enclave CLI version on: push: @@ -73,8 +73,8 @@ jobs: mkdir ${{ env.BIN_DIR }} mkdir ${{ env.RELEASE_DIR }} cross build --release --all-features --target ${{ env.LINUX_TARGET }} -Z registry-auth - mv ./target/${{ env.LINUX_TARGET }}/release/ev-cage ./${{ env.BIN_DIR }}/ev-cage - 7z a -ttar -so -an ./${{ env.BIN_DIR }} | 7z a -si ./${{ env.RELEASE_DIR }}/ev-cage-${{ env.LINUX_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz + mv ./target/${{ env.LINUX_TARGET }}/release/ev-enclave ./${{ env.BIN_DIR }}/ev-enclave + 7z a -ttar -so -an ./${{ env.BIN_DIR }} | 7z a -si ./${{ env.RELEASE_DIR }}/ev-enclave-${{ env.LINUX_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz env: CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.RUST_CRYPTO_REGISTRY }} CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN: ${{ secrets.CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN }} @@ -125,8 +125,8 @@ jobs: - name: Compress binary run: | - mv target/${{env.MACOS_TARGET}}/release/ev-cage ${{ env.BIN_DIR }}/ev-cage - 7z a -ttar -so -an ./${{ env.BIN_DIR }} | 7z a -si ${{ env.RELEASE_DIR }}/ev-cage-${{ env.MACOS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz + mv target/${{env.MACOS_TARGET}}/release/ev-enclave ${{ env.BIN_DIR }}/ev-enclave + 7z a -ttar -so -an ./${{ env.BIN_DIR }} | 7z a -si ${{ env.RELEASE_DIR }}/ev-enclave-${{ env.MACOS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz - name: Upload as artifact uses: actions/upload-artifact@v2 @@ -183,8 +183,8 @@ jobs: - name: Compress shell: bash run: | - mv target/${{ env.WINDOWS_TARGET }}/release/ev-cage.exe ${{ env.BIN_DIR }}/ev-cage.exe - 7z a -ttar -so -an ./${{ env.BIN_DIR }} | 7z a -si ./${{ env.RELEASE_DIR }}/ev-cage-${{ env.WINDOWS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz + mv target/${{ env.WINDOWS_TARGET }}/release/ev-enclave.exe ${{ env.BIN_DIR }}/ev-enclave.exe + 7z a -ttar -so -an ./${{ env.BIN_DIR }} | 7z a -si ./${{ env.RELEASE_DIR }}/ev-enclave-${{ env.WINDOWS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz - name: Upload as artifact uses: actions/upload-artifact@v2 @@ -227,9 +227,9 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create-release.outputs.upload_url }} - asset_path: ./linux/ev-cage-${{ env.LINUX_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz + asset_path: ./linux/ev-enclave-${{ env.LINUX_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz asset_content_type: application/gzip - asset_name: ev-cage-${{ env.LINUX_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz + asset_name: ev-enclave-${{ env.LINUX_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz - name: Upload MacOS Release uses: actions/upload-release-asset@v1 @@ -237,9 +237,9 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create-release.outputs.upload_url }} - asset_path: ./macos/ev-cage-${{ env.MACOS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz + asset_path: ./macos/ev-enclave-${{ env.MACOS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz asset_content_type: application/gzip - asset_name: ev-cage-${{ env.MACOS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz + asset_name: ev-enclave-${{ env.MACOS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz - name: Upload Windows Release uses: actions/upload-release-asset@v1 @@ -279,26 +279,26 @@ jobs: - name: Upload Windows CLI to S3 run: | - aws s3 cp ./windows/ev-cage-${{ env.WINDOWS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz s3://cage-build-assets-${{ env.STAGE }}/cli/${{ needs.get-version.outputs.major_version }}/${{ needs.get-version.outputs.full_version }}/${{ env.WINDOWS_TARGET }}/ev-cage.tar.gz + aws s3 cp ./windows/ev-enclave-${{ env.WINDOWS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz s3://enclave-build-assets-${{ env.STAGE }}/cli/${{ needs.get-version.outputs.major_version }}/${{ needs.get-version.outputs.full_version }}/${{ env.WINDOWS_TARGET }}/ev-cage.tar.gz - name: Upload MacOS CLI to S3 run: | - aws s3 cp ./macos/ev-cage-${{ env.MACOS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz s3://cage-build-assets-${{ env.STAGE }}/cli/${{ needs.get-version.outputs.major_version }}/${{ needs.get-version.outputs.full_version }}/${{ env.MACOS_TARGET }}/ev-cage.tar.gz + aws s3 cp ./macos/ev-enclave-${{ env.MACOS_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz s3://enclave-build-assets-${{ env.STAGE }}/cli/${{ needs.get-version.outputs.major_version }}/${{ needs.get-version.outputs.full_version }}/${{ env.MACOS_TARGET }}/ev-cage.tar.gz - name: Upload Ubuntu CLI to S3 run: | - aws s3 cp ./linux/ev-cage-${{ env.LINUX_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz s3://cage-build-assets-${{ env.STAGE }}/cli/${{ needs.get-version.outputs.major_version }}/${{ needs.get-version.outputs.full_version }}/${{ env.LINUX_TARGET }}/ev-cage.tar.gz + aws s3 cp ./linux/ev-enclave-${{ env.LINUX_TARGET }}-${{ needs.get-version.outputs.full_version }}.tar.gz s3://enclave-build-assets-${{ env.STAGE }}/cli/${{ needs.get-version.outputs.major_version }}/${{ needs.get-version.outputs.full_version }}/${{ env.LINUX_TARGET }}/ev-cage.tar.gz - uses: actions/checkout@v2 - name: Update install script in S3 run: | sh ./scripts/generate-installer.sh ${{ needs.get-version.outputs.full_version }} ${{ needs.get-version.outputs.major_version }} sh ./scripts/update-versions.sh ${{ needs.get-version.outputs.full_version }} - aws s3 cp scripts/install s3://cage-build-assets-${{ env.STAGE }}/cli/${{ needs.get-version.outputs.major_version }}/${{needs.get-version.outputs.full_version}}/install - aws s3 cp scripts/install s3://cage-build-assets-${{ env.STAGE }}/cli/install - aws s3 cp scripts/version s3://cage-build-assets-${{ env.STAGE }}/cli/${{needs.get-version.outputs.major_version}}/version - aws s3 cp scripts/version s3://cage-build-assets-${{ env.STAGE }}/cli/version - aws s3 cp scripts/versions s3://cage-build-assets-${{ env.STAGE }}/cli/versions + aws s3 cp scripts/install s3://enclave-build-assets-${{ env.STAGE }}/cli/${{ needs.get-version.outputs.major_version }}/${{needs.get-version.outputs.full_version}}/install + aws s3 cp scripts/install s3://enclave-build-assets-${{ env.STAGE }}/cli/install + aws s3 cp scripts/version s3://enclave-build-assets-${{ env.STAGE }}/cli/${{needs.get-version.outputs.major_version}}/version + aws s3 cp scripts/version s3://enclave-build-assets-${{ env.STAGE }}/cli/version + aws s3 cp scripts/versions s3://enclave-build-assets-${{ env.STAGE }}/cli/versions aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/cli/install" aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/cli/version" aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/cli/versions" diff --git a/Cargo.lock b/Cargo.lock index c3599e8b..0b5aa520 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -935,7 +935,7 @@ dependencies = [ ] [[package]] -name = "ev-cage" +name = "ev-enclave" version = "0.0.0-dev" dependencies = [ "async-stream", diff --git a/Cargo.toml b/Cargo.toml index 5c3f8a2f..31d29e90 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "ev-cage" +name = "ev-enclave" version = "0.0.0-dev" edition = "2021" diff --git a/README.md b/README.md index 54547ec1..60e5681e 100644 --- a/README.md +++ b/README.md @@ -1,109 +1,109 @@ -# Cages CLI +# Enclave CLI -Command Line Tool to build, deploy and manage Evervault [Cages](https://github.com/evervault/cages/) +Command Line Tool to build, deploy and manage Evervault [Enclaves](https://github.com/evervault/cages/) ## Notice on Open Source Status of this project -The Evervault Cages product is open source with the aim of providing transparency to users — this is vital given that our process runs in the enclave, and is accounted for in the attestation. +The Evervault Enclaves product is open source with the aim of providing transparency to users — this is vital given that our process runs in the enclave, and is accounted for in the attestation. -The current state of this project does not allow for self-hosting. We plan on addressing this by abstracting away the Evervault-specific elements of the Cages product. +The current state of this project does not allow for self-hosting. We plan on addressing this by abstracting away the Evervault-specific elements of the Enclaves product. ## Subcommands ### init -Initialize a Cage.toml in the current directory. Must provide a cage name. +Initialize a enclave.toml in the current directory. Must provide a enclave name. -`ev-cage init --name my-cage` +`ev-enclave init --name my-enclave` ### build -Build a Cage from a Dockerfile. Defaults to use local `cage.toml` file for configuration. See more options with `-h`. +Build an from a Dockerfile. Defaults to use local `cage.toml` file for configuration. See more options with `-h`. -`ev-cage build` +`ev-enclave build` ### deploy -Deploy a Cage from a toml file. Builds a cage from a Dockerfile and then deploys the cage. You can provide a path to an EIF which was already build. See more options with `-h`. +Deploy an Enclave from a toml file. Builds an Enclave from a Dockerfile and then deploys the Enclave. You can provide a path to an EIF which was already build. See more options with `-h`. -`ev-cage deploy` +`ev-enclave deploy` ### delete -Delete a Cage from a toml file. +Delete a Enclave from a toml file. -`ev-cage delete` +`ev-enclave delete` ### attest -Validate the attestation doc provided by a Cage. Defaults to compare against the local `cage.toml` file. +Validate the attestation doc provided by a Enclave. Defaults to compare against the local `enclave.toml` file. ### env -Manage Cage environment. Any changes to environment variables require a deployment to take effect. +Manage Enclave environment. Any changes to environment variables require a deployment to take effect. #### add -Add a Cage environment variable. Add `--secret` to encrypt the value. +Add a Enclave environment variable. Add `--secret` to encrypt the value. -`ev-cage env add --key ENV_VAR_1 --value ENV_VAR` +`ev-enclave env add --key ENV_VAR_1 --value ENV_VAR` #### get -Get Cage environment variables. +Get Enclave environment variables. -`ev-cage env get` +`ev-enclave env get` #### delete -Delete a Cage environment variable. +Delete a Enclave environment variable. -`ev-cage env delete --key ENV_VAR_1` +`ev-enclave env delete --key ENV_VAR_1` ### describe Get the PCRs of a built EIF. Defaults to `./enclave.eif` -`ev-cage describe ` +`ev-enclave describe ` ### list -List your Cages and Deployments. +List your Enclave and Deployments. -#### cages +#### enclave -List Cages +List Enclaves -`ev-cage list cages` +`ev-enclave list enclaves` #### deployments -List Deployments of a specific cage. Defaults to the local `./cage.toml` file +List Deployments of a specific enclave. Defaults to the local `./enclave.toml` file -`ev-cage list deployments` +`ev-enclave list deployments` ### cert -Create a new Cage signing certificate +Create a new Enclave signing certificate -`ev-cage cert new` +`ev-enclave cert new` ### logs -Pull the logs for a Cage into. Defaults to the local `./cage.toml` file. +Pull the logs for a Enclave into. Defaults to the local `./enclave.toml` file. -`ev-cage logs` +`ev-enclave logs` ### encrypt Encrypt a string with the CLI. -`ev-cage encrypt super-secret-value` +`ev-enclave encrypt super-secret-value` ### update Check for new versions of the CLI and install them. -`ev-cage update` +`ev-enclave update` diff --git a/scripts/install.template b/scripts/install.template index 6dde66c8..a601396f 100644 --- a/scripts/install.template +++ b/scripts/install.template @@ -1,9 +1,9 @@ #!/bin/sh set -eu -EV_DOWNLOAD_Darwin_universal="https://cage-build-assets.evervault.com/cli/{{major}}/{{version}}/x86_64-apple-darwin/ev-cage.tar.gz" -EV_DOWNLOAD_Windows_x86_64="https://cage-build-assets.evervault.com/cli/{{major}}/{{version}}/x86_64-pc-windows-msvc/ev-cage.tar.gz" -EV_DOWNLOAD_Linux_x86_64="https://cage-build-assets.evervault.com/cli/{{major}}/{{version}}/x86_64-unknown-linux-musl/ev-cage.tar.gz" +EV_DOWNLOAD_Darwin_universal="https://enclave-build-assets.evervault.com/cli/{{major}}/{{version}}/x86_64-apple-darwin/ev-cage.tar.gz" +EV_DOWNLOAD_Windows_x86_64="https://enclave-build-assets.evervault.com/cli/{{major}}/{{version}}/x86_64-pc-windows-msvc/ev-cage.tar.gz" +EV_DOWNLOAD_Linux_x86_64="https://enclave-build-assets.evervault.com/cli/{{major}}/{{version}}/x86_64-unknown-linux-musl/ev-cage.tar.gz" VERSION="{{version}}" PLATFORM=`uname -s` @@ -52,7 +52,7 @@ ensure_supported_platform() { } ensure_supported_platform -echo "This script will automatically install the Evervault Cage CLI@${VERSION} for you." +echo "This script will automatically install the Evervault Enclave CLI@${VERSION} for you." echo "Installation path: ${INSTALL_PATH}" if [ "x$(id -u)" = "x0" ]; then echo "Warning: this script is currently running as root. This is dangerous. " @@ -61,7 +61,7 @@ fi if [ -f "$INSTALL_PATH" ]; then if [ -z ${CAGE_CLI_FORCE_INSTALL+x} ]; then - echo "Looks like you already have the Evervault Cage CLI installed. You can update by running ev-cage update" + echo "Looks like you already have the Evervault Enclave CLI installed. You can update by running ev-cage update" exit 0 else echo "Proceeding with update..." diff --git a/scripts/update-versions.sh b/scripts/update-versions.sh index a9fd75a0..a4157ed9 100755 --- a/scripts/update-versions.sh +++ b/scripts/update-versions.sh @@ -25,7 +25,7 @@ major_version=$(echo "$release_version" | cut -d '.' -f 1) echo "Release major version: $major_version" -version_json=$(curl -s "https://cage-build-assets.evervault.com/cli/versions") +version_json=$(curl -s "https://enclave-build-assets.evervault.com/cli/versions") echo "Version response: $version_json" if [ $? -eq 0 ]; then diff --git a/src/api/client.rs b/src/api/client.rs index 94a7b856..47b6633a 100644 --- a/src/api/client.rs +++ b/src/api/client.rs @@ -72,7 +72,7 @@ pub trait ApiClient { } fn user_agent(&self) -> String { - format!("evervault-cage-cli/{}", env!("CARGO_PKG_VERSION")) + format!("evervault-enclave-cli/{}", env!("CARGO_PKG_VERSION")) } fn accept(&self) -> String { diff --git a/src/api/cage.rs b/src/api/enclave.rs similarity index 67% rename from src/api/cage.rs rename to src/api/enclave.rs index 8df29492..acc6de27 100644 --- a/src/api/cage.rs +++ b/src/api/enclave.rs @@ -1,4 +1,4 @@ -use crate::config::ValidatedCageBuildConfig; +use crate::config::ValidatedEnclaveBuildConfig; use super::client::{ApiClient, ApiClientError, ApiResult, GenericApiClient, HandleResponse}; use super::AuthMode; @@ -9,11 +9,11 @@ use serde::{Deserialize, Serialize}; use mockall::automock; #[derive(Clone)] -pub struct CagesClient { +pub struct EnclaveClient { inner: GenericApiClient, } -impl ApiClient for CagesClient { +impl ApiClient for EnclaveClient { fn auth(&self) -> &AuthMode { self.inner.auth() } @@ -34,56 +34,59 @@ impl ApiClient for CagesClient { #[async_trait::async_trait] #[cfg_attr(test, automock)] -pub trait CageApi { - async fn create_cage(&self, cage_create_payload: CreateCageRequest) -> ApiResult; - async fn create_cage_deployment_intent( +pub trait EnclaveApi { + async fn create_enclave( &self, - cage_uuid: &str, - payload: CreateCageDeploymentIntentRequest, - ) -> ApiResult; - async fn create_cage_signing_cert_ref( + enclave_create_payload: CreateEnclaveRequest, + ) -> ApiResult; + async fn create_enclave_deployment_intent( &self, - payload: CreateCageSigningCertRefRequest, - ) -> ApiResult; - async fn get_cages(&self) -> ApiResult; - async fn get_cage(&self, cage_uuid: &str) -> ApiResult; + enclave_uuid: &str, + payload: CreateEnclaveDeploymentIntentRequest, + ) -> ApiResult; + async fn create_enclave_signing_cert_ref( + &self, + payload: CreateEnclaveSigningCertRefRequest, + ) -> ApiResult; + async fn get_enclaves(&self) -> ApiResult; + async fn get_enclave(&self, enclave_uuid: &str) -> ApiResult; async fn get_app_keys(&self, team_uuid: &str, app_uuid: &str) -> ApiResult; - async fn add_env_var(&self, cage_uuid: String, payload: AddSecretRequest) -> ApiResult<()>; - async fn delete_env_var(&self, cage_uuid: String, name: String) -> ApiResult<()>; - async fn get_cage_env(&self, cage_uuid: String) -> ApiResult; - async fn get_cage_deployment_by_uuid( + async fn add_env_var(&self, enclave_uuid: String, payload: AddSecretRequest) -> ApiResult<()>; + async fn delete_env_var(&self, enclave_uuid: String, name: String) -> ApiResult<()>; + async fn get_enclave_env(&self, enclave_uuid: String) -> ApiResult; + async fn get_enclave_deployment_by_uuid( &self, - cage_uuid: &str, + enclave_uuid: &str, deployment_uuid: &str, - ) -> ApiResult; + ) -> ApiResult; async fn get_signing_certs(&self) -> ApiResult; - async fn update_cage_locked_signing_certs( + async fn update_enclave_locked_signing_certs( &self, - cage_uuid: &str, - payload: UpdateLockedCageSigningCertRequest, - ) -> ApiResult>; - async fn get_cage_locked_signing_certs( + enclave_uuid: &str, + payload: UpdateLockedEnclaveSigningCertRequest, + ) -> ApiResult>; + async fn get_enclave_locked_signing_certs( &self, - cage_uuid: &str, - ) -> ApiResult>; - async fn get_cage_cert_by_uuid(&self, cert_uuid: &str) -> ApiResult; - async fn get_cage_logs( + enclave_uuid: &str, + ) -> ApiResult>; + async fn get_enclave_cert_by_uuid(&self, cert_uuid: &str) -> ApiResult; + async fn get_enclave_logs( &self, - cage_uuid: &str, + enclave_uuid: &str, start_time: u128, end_time: u128, - ) -> ApiResult; - async fn delete_cage(&self, cage_uuid: &str) -> ApiResult; - async fn restart_cage(&self, cage_uuid: &str) -> ApiResult; - async fn get_scaling_config(&self, cage_uuid: &str) -> ApiResult; + ) -> ApiResult; + async fn delete_enclave(&self, enclave_uuid: &str) -> ApiResult; + async fn restart_enclave(&self, enclave_uuid: &str) -> ApiResult; + async fn get_scaling_config(&self, enclave_uuid: &str) -> ApiResult; async fn update_scaling_config( &self, - cage_uuid: &str, - update_scaling_config_request: UpdateCageScalingConfigRequest, - ) -> ApiResult; + enclave_uuid: &str, + update_scaling_config_request: UpdateEnclaveScalingConfigRequest, + ) -> ApiResult; } -impl CagesClient { +impl EnclaveClient { pub fn new(auth_mode: AuthMode) -> Self { Self { inner: GenericApiClient::from(auth_mode), @@ -92,23 +95,26 @@ impl CagesClient { } #[async_trait::async_trait] -impl CageApi for CagesClient { - async fn create_cage(&self, cage_create_payload: CreateCageRequest) -> ApiResult { - let create_cage_url = format!("{}/", self.base_url()); - self.post(&create_cage_url) - .json(&cage_create_payload) +impl EnclaveApi for EnclaveClient { + async fn create_enclave( + &self, + enclave_create_payload: CreateEnclaveRequest, + ) -> ApiResult { + let create_enclave_url = format!("{}/", self.base_url()); + self.post(&create_enclave_url) + .json(&enclave_create_payload) .send() .await .handle_json_response() .await } - async fn create_cage_deployment_intent( + async fn create_enclave_deployment_intent( &self, - cage_uuid: &str, - payload: CreateCageDeploymentIntentRequest, - ) -> ApiResult { - let deployment_intent_url = format!("{}/{}/credentials", self.base_url(), cage_uuid); + enclave_uuid: &str, + payload: CreateEnclaveDeploymentIntentRequest, + ) -> ApiResult { + let deployment_intent_url = format!("{}/{}/credentials", self.base_url(), enclave_uuid); self.post(&deployment_intent_url) .json(&payload) .send() @@ -117,10 +123,10 @@ impl CageApi for CagesClient { .await } - async fn create_cage_signing_cert_ref( + async fn create_enclave_signing_cert_ref( &self, - payload: CreateCageSigningCertRefRequest, - ) -> ApiResult { + payload: CreateEnclaveSigningCertRefRequest, + ) -> ApiResult { let signing_cert_url = format!("{}/signing/certs", self.base_url()); self.post(&signing_cert_url) .json(&payload) @@ -130,18 +136,18 @@ impl CageApi for CagesClient { .await } - async fn get_cages(&self) -> ApiResult { - let get_cages_url = format!("{}/", self.base_url()); - self.get(&get_cages_url) + async fn get_enclaves(&self) -> ApiResult { + let get_enclaves_url = format!("{}/", self.base_url()); + self.get(&get_enclaves_url) .send() .await .handle_json_response() .await } - async fn get_cage(&self, cage_uuid: &str) -> ApiResult { - let get_cage_url = format!("{}/{}", self.base_url(), cage_uuid); - self.get(&get_cage_url) + async fn get_enclave(&self, enclave_uuid: &str) -> ApiResult { + let get_enclave_url = format!("{}/{}", self.base_url(), enclave_uuid); + self.get(&get_enclave_url) .send() .await .handle_json_response() @@ -149,16 +155,16 @@ impl CageApi for CagesClient { } async fn get_app_keys(&self, team_uuid: &str, app_uuid: &str) -> ApiResult { - let get_cage_url = format!("{}/{}/apps/{}", self.keys_url(), team_uuid, app_uuid); - self.get(&get_cage_url) + let get_enclave_url = format!("{}/{}/apps/{}", self.keys_url(), team_uuid, app_uuid); + self.get(&get_enclave_url) .send() .await .handle_json_response() .await } - async fn add_env_var(&self, cage_uuid: String, payload: AddSecretRequest) -> ApiResult<()> { - let add_env_url = format!("{}/{}/secrets", self.base_url(), cage_uuid); + async fn add_env_var(&self, enclave_uuid: String, payload: AddSecretRequest) -> ApiResult<()> { + let add_env_url = format!("{}/{}/secrets", self.base_url(), enclave_uuid); self.put(&add_env_url) .json(&payload) .send() @@ -166,16 +172,16 @@ impl CageApi for CagesClient { .handle_no_op_response() } - async fn delete_env_var(&self, cage_uuid: String, name: String) -> ApiResult<()> { - let delete_env_url = format!("{}/{}/secrets/{}", self.base_url(), cage_uuid, name); + async fn delete_env_var(&self, enclave_uuid: String, name: String) -> ApiResult<()> { + let delete_env_url = format!("{}/{}/secrets/{}", self.base_url(), enclave_uuid, name); self.delete(&delete_env_url) .send() .await .handle_no_op_response() } - async fn get_cage_env(&self, cage_uuid: String) -> ApiResult { - let get_env_url = format!("{}/{}/secrets", self.base_url(), cage_uuid); + async fn get_enclave_env(&self, enclave_uuid: String) -> ApiResult { + let get_env_url = format!("{}/{}/secrets", self.base_url(), enclave_uuid); self.get(&get_env_url) .send() .await @@ -183,18 +189,18 @@ impl CageApi for CagesClient { .await } - async fn get_cage_deployment_by_uuid( + async fn get_enclave_deployment_by_uuid( &self, - cage_uuid: &str, + enclave_uuid: &str, deployment_uuid: &str, - ) -> ApiResult { - let get_cage_url = format!( + ) -> ApiResult { + let get_enclave_url = format!( "{}/{}/deployments/{}", self.base_url(), - cage_uuid, + enclave_uuid, deployment_uuid ); - self.get(&get_cage_url) + self.get(&get_enclave_url) .send() .await .handle_json_response() @@ -210,13 +216,14 @@ impl CageApi for CagesClient { .await } - async fn update_cage_locked_signing_certs( + async fn update_enclave_locked_signing_certs( &self, - cage_uuid: &str, - payload: UpdateLockedCageSigningCertRequest, - ) -> ApiResult> { - let get_cage_lock_certs_url = format!("{}/{}/signing/certs", self.base_url(), cage_uuid); - self.put(&get_cage_lock_certs_url) + enclave_uuid: &str, + payload: UpdateLockedEnclaveSigningCertRequest, + ) -> ApiResult> { + let get_enclave_lock_certs_url = + format!("{}/{}/signing/certs", self.base_url(), enclave_uuid); + self.put(&get_enclave_lock_certs_url) .json(&payload) .send() .await @@ -224,19 +231,20 @@ impl CageApi for CagesClient { .await } - async fn get_cage_locked_signing_certs( + async fn get_enclave_locked_signing_certs( &self, - cage_uuid: &str, - ) -> ApiResult> { - let get_cage_lock_certs_url = format!("{}/{}/signing/certs", self.base_url(), cage_uuid); - self.get(&get_cage_lock_certs_url) + enclave_uuid: &str, + ) -> ApiResult> { + let get_enclave_lock_certs_url = + format!("{}/{}/signing/certs", self.base_url(), enclave_uuid); + self.get(&get_enclave_lock_certs_url) .send() .await .handle_json_response() .await } - async fn get_cage_cert_by_uuid(&self, cert_uuid: &str) -> ApiResult { + async fn get_enclave_cert_by_uuid(&self, cert_uuid: &str) -> ApiResult { let get_cert_url = format!("{}/signing/certs/{}", self.base_url(), cert_uuid); self.get(&get_cert_url) .send() @@ -245,16 +253,16 @@ impl CageApi for CagesClient { .await } - async fn get_cage_logs( + async fn get_enclave_logs( &self, - cage_uuid: &str, + enclave_uuid: &str, start_time: u128, end_time: u128, - ) -> ApiResult { + ) -> ApiResult { let get_logs_url = format!( "{}/{}/logs?startTime={start_time}&endTime={end_time}", self.base_url(), - cage_uuid + enclave_uuid ); self.get(&get_logs_url) @@ -264,27 +272,27 @@ impl CageApi for CagesClient { .await } - async fn delete_cage(&self, cage_uuid: &str) -> ApiResult { - let delete_cage_url = format!("{}/{}", self.base_url(), cage_uuid); - self.delete(&delete_cage_url) + async fn delete_enclave(&self, enclave_uuid: &str) -> ApiResult { + let delete_enclave_url = format!("{}/{}", self.base_url(), enclave_uuid); + self.delete(&delete_enclave_url) .send() .await .handle_json_response() .await } - async fn restart_cage(&self, cage_uuid: &str) -> ApiResult { - let patch_cage_url = format!("{}/{}", self.base_url(), cage_uuid); - self.patch(&patch_cage_url) + async fn restart_enclave(&self, enclave_uuid: &str) -> ApiResult { + let patch_enclave_url = format!("{}/{}", self.base_url(), enclave_uuid); + self.patch(&patch_enclave_url) .send() .await .handle_json_response() .await } - async fn get_scaling_config(&self, cage_uuid: &str) -> ApiResult { - let cage_scaling_url = format!("{}/{}/scale", self.base_url(), cage_uuid); - self.get(&cage_scaling_url) + async fn get_scaling_config(&self, enclave_uuid: &str) -> ApiResult { + let enclave_scaling_url = format!("{}/{}/scale", self.base_url(), enclave_uuid); + self.get(&enclave_scaling_url) .send() .await .handle_json_response() @@ -293,11 +301,11 @@ impl CageApi for CagesClient { async fn update_scaling_config( &self, - cage_uuid: &str, - update_scaling_config_request: UpdateCageScalingConfigRequest, - ) -> ApiResult { - let cage_scaling_url = format!("{}/{}/scale", self.base_url(), cage_uuid); - self.put(&cage_scaling_url) + enclave_uuid: &str, + update_scaling_config_request: UpdateEnclaveScalingConfigRequest, + ) -> ApiResult { + let enclave_scaling_url = format!("{}/{}/scale", self.base_url(), enclave_uuid); + self.put(&enclave_scaling_url) .json(&update_scaling_config_request) .send() .await @@ -317,7 +325,7 @@ pub struct VersionMetadata { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CreateCageDeploymentIntentRequest { +pub struct CreateEnclaveDeploymentIntentRequest { #[serde(flatten)] pcrs: crate::enclave::PCRs, debug_mode: bool, @@ -334,10 +342,10 @@ pub struct CreateCageDeploymentIntentRequest { desired_replicas: u32, } -impl CreateCageDeploymentIntentRequest { +impl CreateEnclaveDeploymentIntentRequest { pub fn new( pcrs: &crate::enclave::PCRs, - config: ValidatedCageBuildConfig, + config: ValidatedEnclaveBuildConfig, eif_size_bytes: u64, data_plane_version: String, installer_version: String, @@ -367,14 +375,14 @@ impl CreateCageDeploymentIntentRequest { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CreateCageSigningCertRefRequest { +pub struct CreateEnclaveSigningCertRefRequest { cert_hash: String, name: String, not_before: String, not_after: String, } -impl CreateCageSigningCertRefRequest { +impl CreateEnclaveSigningCertRefRequest { pub fn new(cert_hash: String, name: String, not_before: String, not_after: String) -> Self { Self { cert_hash, @@ -387,11 +395,11 @@ impl CreateCageSigningCertRefRequest { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct UpdateLockedCageSigningCertRequest { +pub struct UpdateLockedEnclaveSigningCertRequest { cert_uuids: Vec, } -impl UpdateLockedCageSigningCertRequest { +impl UpdateLockedEnclaveSigningCertRequest { pub fn new(cert_uuids: Vec) -> Self { Self { cert_uuids } } @@ -399,7 +407,7 @@ impl UpdateLockedCageSigningCertRequest { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CreateCageRequest { +pub struct CreateEnclaveRequest { name: String, is_time_bound: bool, } @@ -413,13 +421,13 @@ pub struct AddSecretRequest { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CageSecrets { +pub struct EnclaveSecrets { pub name: String, pub secret: String, } #[derive(Clone, Debug, Deserialize, Serialize)] -pub struct CageEnv { +pub struct EnclaveEnv { pub secrets: Vec, } @@ -429,10 +437,10 @@ pub struct Secret { pub secret: String, } -impl CreateCageRequest { - pub fn new(cage_name: String, is_time_bound: bool) -> Self { +impl CreateEnclaveRequest { + pub fn new(enclave_name: String, is_time_bound: bool) -> Self { Self { - name: cage_name, + name: enclave_name, is_time_bound, } } @@ -440,20 +448,20 @@ impl CreateCageRequest { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CreateCageDeploymentIntentResponse { +pub struct CreateEnclaveDeploymentIntentResponse { signed_url: String, - cage_uuid: String, + enclave_uuid: String, deployment_uuid: String, version: u32, } -impl CreateCageDeploymentIntentResponse { +impl CreateEnclaveDeploymentIntentResponse { pub fn signed_url(&self) -> &str { &self.signed_url } - pub fn cage_uuid(&self) -> &str { - &self.cage_uuid + pub fn enclave_uuid(&self) -> &str { + &self.enclave_uuid } pub fn deployment_uuid(&self) -> &str { @@ -467,7 +475,7 @@ impl CreateCageDeploymentIntentResponse { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CreateCageSigningCertRefResponse { +pub struct CreateEnclaveSigningCertRefResponse { cert_hash: String, not_before: String, not_after: String, @@ -475,7 +483,7 @@ pub struct CreateCageSigningCertRefResponse { uuid: String, } -impl CreateCageSigningCertRefResponse { +impl CreateEnclaveSigningCertRefResponse { pub fn cert_hash(&self) -> &str { &self.cert_hash } @@ -499,14 +507,14 @@ impl CreateCageSigningCertRefResponse { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CageToSigningCert { - pub cage_uuid: String, +pub struct EnclaveToSigningCert { + pub enclave_uuid: String, pub signing_cert_uuid: String, } #[derive(Clone, Debug, Deserialize, Serialize, PartialEq)] #[serde(rename_all = "lowercase")] -pub enum CageState { +pub enum EnclaveState { Pending, Active, Deleting, @@ -515,18 +523,18 @@ pub enum CageState { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct Cage { +pub struct Enclave { pub uuid: String, pub name: String, pub team_uuid: String, pub app_uuid: String, pub domain: String, - pub state: CageState, + pub state: EnclaveState, pub created_at: String, pub updated_at: String, } -impl Cage { +impl Enclave { pub fn uuid(&self) -> &str { &self.uuid } @@ -546,9 +554,9 @@ impl Cage { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CageDeployment { +pub struct EnclaveDeployment { pub uuid: String, - pub cage_uuid: String, + pub enclave_uuid: String, pub version_uuid: String, pub signing_cert_uuid: String, pub debug_mode: bool, @@ -556,13 +564,13 @@ pub struct CageDeployment { pub completed_at: Option, } -impl CageDeployment { +impl EnclaveDeployment { pub fn is_finished(&self) -> bool { self.completed_at.is_some() } - pub fn cage_uuid(&self) -> &str { - &self.cage_uuid + pub fn enclave_uuid(&self) -> &str { + &self.enclave_uuid } pub fn uuid(&self) -> &str { @@ -581,7 +589,7 @@ pub enum BuildStatus { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CageVersion { +pub struct EnclaveVersion { pub uuid: String, pub version: u16, pub control_plane_img_url: Option, @@ -595,7 +603,7 @@ pub struct CageVersion { #[derive(Clone, Debug, Deserialize, Serialize, PartialEq, PartialOrd)] #[serde(rename_all = "camelCase")] -pub struct CageSigningCert { +pub struct EnclaveSigningCert { pub name: Option, pub uuid: String, pub app_uuid: String, @@ -604,7 +612,7 @@ pub struct CageSigningCert { pub not_after: Option, } -impl CageSigningCert { +impl EnclaveSigningCert { pub fn new( name: Option, uuid: String, @@ -659,7 +667,7 @@ pub enum DeployStatus { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CageRegionalDeployment { +pub struct EnclaveRegionalDeployment { pub uuid: String, pub deployment_uuid: String, pub deployment_order: u16, @@ -673,7 +681,7 @@ pub struct CageRegionalDeployment { pub detailed_status: Option, } -impl CageRegionalDeployment { +impl EnclaveRegionalDeployment { pub fn is_failed(&self) -> bool { self.deploy_status == DeployStatus::Failed } @@ -693,32 +701,32 @@ impl CageRegionalDeployment { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct GetCagesResponse { - cages: Vec, +pub struct GetEnclavesResponse { + cages: Vec, } -impl GetCagesResponse { - pub fn cages(&self) -> &Vec { +impl GetEnclavesResponse { + pub fn cages(&self) -> &Vec { self.cages.as_ref() } } #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct DeploymentsForGetCage { +pub struct DeploymentsForGetEnclave { #[serde(flatten)] - pub deployment: CageDeployment, - #[serde(rename = "teeCageVersion")] - pub version: CageVersion, + pub deployment: EnclaveDeployment, + #[serde(rename = "teeEnclaveVersion")] + pub version: EnclaveVersion, } #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct GetCageResponse { +pub struct GetEnclaveResponse { #[serde(flatten)] - pub cage: Cage, - #[serde(rename = "teeCageDeployments")] - pub deployments: Vec, + pub cage: Enclave, + #[serde(rename = "teeEnclaveDeployments")] + pub deployments: Vec, } #[derive(Clone, Debug, Deserialize, Serialize)] @@ -729,9 +737,9 @@ pub struct GetKeysResponse { pub ecdh_key: String, } -impl GetCageResponse { +impl GetEnclaveResponse { pub fn is_deleted(&self) -> bool { - self.cage.state == CageState::Deleted + self.cage.state == EnclaveState::Deleted } pub fn domain(&self) -> &str { @@ -741,17 +749,17 @@ impl GetCageResponse { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct GetCageDeploymentResponse { +pub struct GetEnclaveDeploymentResponse { #[serde(flatten)] - pub deployment: CageDeployment, - pub tee_cage_version: CageVersion, - pub tee_cage_signing_cert: CageSigningCert, - pub tee_cage_regional_deployments: Vec, + pub deployment: EnclaveDeployment, + pub tee_enclave_version: EnclaveVersion, + pub tee_enclave_signing_cert: EnclaveSigningCert, + pub tee_enclave_regional_deployments: Vec, } -impl GetCageDeploymentResponse { +impl GetEnclaveDeploymentResponse { pub fn is_built(&self) -> bool { - matches!(self.tee_cage_version.build_status, BuildStatus::Ready) + matches!(self.tee_enclave_version.build_status, BuildStatus::Ready) } pub fn is_finished(&self) -> bool { @@ -760,25 +768,25 @@ impl GetCageDeploymentResponse { //TODO: Handle multi region deployment failures pub fn is_failed(&self) -> bool { - let build_failed = matches!(self.tee_cage_version.build_status, BuildStatus::Failed); + let build_failed = matches!(self.tee_enclave_version.build_status, BuildStatus::Failed); build_failed || self - .tee_cage_regional_deployments + .tee_enclave_regional_deployments .first() .map(|depl| depl.is_failed()) .unwrap_or_default() } pub fn get_failure_reason(&self) -> Option { - self.tee_cage_version.failure_reason.clone().or_else(|| { - self.tee_cage_regional_deployments + self.tee_enclave_version.failure_reason.clone().or_else(|| { + self.tee_enclave_regional_deployments .first() .map(|depl| depl.get_failure_reason()) }) } pub fn get_detailed_status(&self) -> Option { - self.tee_cage_regional_deployments + self.tee_enclave_regional_deployments .first() .map(|depl| depl.get_detailed_status()) } @@ -787,19 +795,19 @@ impl GetCageDeploymentResponse { #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] pub struct GetSigningCertsResponse { - pub certs: Vec, + pub certs: Vec, } #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CageLogs { +pub struct EnclaveLogs { log_events: Vec, next_token: Option, start_time: String, end_time: String, } -impl CageLogs { +impl EnclaveLogs { pub fn start_time(&self) -> &str { &self.start_time } @@ -836,15 +844,15 @@ impl LogEvent { } } -pub type DeleteCageResponse = Cage; +pub type DeleteEnclaveResponse = Enclave; #[derive(Clone, Debug, Deserialize, Serialize)] -pub struct CageScalingConfig { +pub struct EnclaveScalingConfig { limits: ScalingLimits, config: ScalingConfig, } -impl CageScalingConfig { +impl EnclaveScalingConfig { pub fn max_instances(&self) -> u32 { self.limits.max_instances } @@ -879,16 +887,16 @@ impl std::convert::From for ScalingConfig { } } -pub type UpdateCageScalingConfigRequest = ScalingConfig; +pub type UpdateEnclaveScalingConfigRequest = ScalingConfig; #[cfg(test)] mod test { use super::*; - fn get_testing_deployment() -> CageDeployment { - CageDeployment { + fn get_testing_deployment() -> EnclaveDeployment { + EnclaveDeployment { uuid: "abc".to_string(), - cage_uuid: "def".to_string(), + enclave_uuid: "def".to_string(), version_uuid: "ghi".to_string(), signing_cert_uuid: "jkl".to_string(), debug_mode: false, @@ -897,8 +905,8 @@ mod test { } } - fn get_testing_version() -> CageVersion { - CageVersion { + fn get_testing_version() -> EnclaveVersion { + EnclaveVersion { uuid: "abc".to_string(), version: 1, control_plane_img_url: Some("control-plane.com".to_string()), @@ -911,8 +919,8 @@ mod test { } } - fn get_testing_cert() -> CageSigningCert { - CageSigningCert { + fn get_testing_cert() -> EnclaveSigningCert { + EnclaveSigningCert { name: Some("abc".to_string()), uuid: "abc".to_string(), app_uuid: "def".to_string(), @@ -927,11 +935,11 @@ mod test { let deployment = get_testing_deployment(); let version = get_testing_version(); let cert = get_testing_cert(); - let deployment_with_empty_regional = GetCageDeploymentResponse { + let deployment_with_empty_regional = GetEnclaveDeploymentResponse { deployment, - tee_cage_version: version, - tee_cage_signing_cert: cert, - tee_cage_regional_deployments: vec![], + tee_enclave_version: version, + tee_enclave_signing_cert: cert, + tee_enclave_regional_deployments: vec![], }; assert!(deployment_with_empty_regional @@ -951,11 +959,11 @@ mod test { let failure_reason = "An error occurred provisioning your TEE".to_string(); let detailed_failure_reason = "Insufficient capacity".to_string(); - let deployment_with_regional = GetCageDeploymentResponse { + let deployment_with_regional = GetEnclaveDeploymentResponse { deployment, - tee_cage_version: version, - tee_cage_signing_cert: cert, - tee_cage_regional_deployments: vec![CageRegionalDeployment { + tee_enclave_version: version, + tee_enclave_signing_cert: cert, + tee_enclave_regional_deployments: vec![EnclaveRegionalDeployment { uuid: "abc".to_string(), deployment_uuid: "def".to_string(), deployment_order: 1, diff --git a/src/api/mod.rs b/src/api/mod.rs index 2348ad46..00ac4cf9 100644 --- a/src/api/mod.rs +++ b/src/api/mod.rs @@ -1,6 +1,6 @@ pub mod assets; -pub mod cage; pub mod client; +pub mod enclave; pub use reqwest::Client; diff --git a/src/attest/error.rs b/src/attest/error.rs index b22c794f..808a2b5a 100644 --- a/src/attest/error.rs +++ b/src/attest/error.rs @@ -8,7 +8,7 @@ pub enum AttestCommandError { ReqwestError(#[from] reqwest::Error), #[error(transparent)] Base64DecodeError(#[from] base64::DecodeError), - #[error("Couldn't retrieve attestation document from Cage, status code: {0}")] + #[error("Couldn't retrieve attestation document from the Enclave, status code: {0}")] AttestationDocRetrievalError(String), #[error("The received certificate had no Subject Alt Name extension")] NoSubjectAltNames, diff --git a/src/attest/mod.rs b/src/attest/mod.rs index 0420933a..270971ba 100644 --- a/src/attest/mod.rs +++ b/src/attest/mod.rs @@ -59,7 +59,7 @@ impl ServerCertVerifier for SubjectAltNameAttestationValidator { } } -pub async fn attest_connection_to_cage( +pub async fn attest_connection_to_enclave( domain: &str, expected_pcrs: PCRs, ) -> Result<(), AttestCommandError> { @@ -121,14 +121,14 @@ mod attest_tests { use super::*; #[tokio::test] - async fn connection_to_synthetic_cage_in_debug_mode() { + async fn connection_to_synthetic_enclave_in_debug_mode() { let expected_pcrs = PCRs { pcr_0: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000".to_string(), pcr_1: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000".to_string(), pcr_2: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000".to_string(), pcr_8: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000".to_string(), }; - attest_connection_to_cage( + attest_connection_to_enclave( "synthetic-cage.app-f5f084041a7e.cage.evervault.com", expected_pcrs, ) @@ -137,14 +137,14 @@ mod attest_tests { } #[tokio::test] - async fn connection_to_synthetic_cage_in_debug_mode_expecting_incorrect_pcrs() { + async fn connection_to_synthetic_enclave_in_debug_mode_expecting_incorrect_pcrs() { let expected_pcrs = PCRs { pcr_0: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000".to_string(), pcr_1: "00000000000different000000000000000000000000PCRs00000000000000000000000000000000000000000000000".to_string(), pcr_2: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000".to_string(), pcr_8: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000".to_string(), }; - let err = attest_connection_to_cage( + let err = attest_connection_to_enclave( "synthetic-cage.app-f5f084041a7e.cage.evervault.com", expected_pcrs, ) diff --git a/src/build/error.rs b/src/build/error.rs index e0410e25..6436aa22 100644 --- a/src/build/error.rs +++ b/src/build/error.rs @@ -18,8 +18,8 @@ pub enum BuildError { "Failed to access dockerfile at {0}. You can specify the dockerfile using the -f flag." )] DockerfileAccessError(String), - #[error("Failed to write the Cage dockerfile to the file system - {0:?}")] - FailedToWriteCageDockerfile(std::io::Error), + #[error("Failed to write the Enclave dockerfile to the file system - {0:?}")] + FailedToWriteEnclaveDockerfile(std::io::Error), #[error("An error occurred while building your docker image — {0}")] DockerBuildError(String), #[error("An error occurred while converting your image to an enclave — {0}")] @@ -36,7 +36,7 @@ impl CliError for BuildError { Self::ContextPathDoesNotExist | Self::InvalidSigningInfo(_) | Self::DockerfileAccessError(_) => exitcode::NOINPUT, - Self::FailedToAccessOutputDir(_) | Self::FailedToWriteCageDockerfile(_) => { + Self::FailedToAccessOutputDir(_) | Self::FailedToWriteEnclaveDockerfile(_) => { exitcode::IOERR } Self::DockerError(_) | Self::DockerBuildError(_) | Self::Utf8Error(_) => { diff --git a/src/build/mod.rs b/src/build/mod.rs index dca283b3..3b4206a7 100644 --- a/src/build/mod.rs +++ b/src/build/mod.rs @@ -2,7 +2,7 @@ pub mod error; use error::BuildError; use crate::common::{resolve_output_path, OutputPath}; -use crate::config::ValidatedCageBuildConfig; +use crate::config::ValidatedEnclaveBuildConfig; use crate::docker::error::DockerError; use crate::docker::parse::{Directive, DockerfileDecoder, EnvVar, Mode}; use crate::docker::utils::verify_docker_is_running; @@ -21,7 +21,7 @@ const DATA_PLANE_SERVICE_PATH: &str = "/etc/service/data-plane"; #[allow(clippy::too_many_arguments)] pub async fn build_enclave_image_file( - cage_config: &ValidatedCageBuildConfig, + enclave_config: &ValidatedEnclaveBuildConfig, context_path: &str, output_dir: Option<&str>, verbose: bool, @@ -45,7 +45,7 @@ pub async fn build_enclave_image_file( // function so it isn't deleted until all the builds are finished. let output_path = resolve_output_path(output_dir)?; - let signing_info = enclave::EnclaveSigningInfo::try_from(cage_config.signing_info())?; + let signing_info = enclave::EnclaveSigningInfo::try_from(enclave_config.signing_info())?; match from_existing { Some(path) => { @@ -60,7 +60,7 @@ pub async fn build_enclave_image_file( } None => { build_from_scratch( - cage_config, + enclave_config, context_path, verbose, docker_build_args, @@ -87,7 +87,7 @@ pub async fn build_enclave_image_file( #[allow(clippy::too_many_arguments)] pub async fn build_from_scratch( - cage_config: &ValidatedCageBuildConfig, + enclave_config: &ValidatedEnclaveBuildConfig, context_path: &Path, verbose: bool, docker_build_args: Option>, @@ -102,19 +102,19 @@ pub async fn build_from_scratch( } // read dockerfile - let dockerfile_path = Path::new(cage_config.dockerfile()); + let dockerfile_path = Path::new(enclave_config.dockerfile()); if !dockerfile_path.exists() { return Err(BuildError::DockerfileAccessError( - cage_config.dockerfile().to_string(), + enclave_config.dockerfile().to_string(), )); } let dockerfile = File::open(dockerfile_path) .await - .map_err(|_| BuildError::DockerfileAccessError(cage_config.dockerfile().to_string()))?; + .map_err(|_| BuildError::DockerfileAccessError(enclave_config.dockerfile().to_string()))?; let processed_dockerfile = process_dockerfile( - cage_config, + enclave_config, dockerfile, data_plane_version, installer_version, @@ -126,7 +126,7 @@ pub async fn build_from_scratch( let user_dockerfile_path = output_path.join(EV_USER_DOCKERFILE_PATH); let mut ev_user_dockerfile = std::fs::File::create(&user_dockerfile_path) - .map_err(BuildError::FailedToWriteCageDockerfile)?; + .map_err(BuildError::FailedToWriteEnclaveDockerfile)?; processed_dockerfile.iter().for_each(|instruction| { writeln!(ev_user_dockerfile, "{}", instruction).unwrap(); @@ -151,7 +151,7 @@ pub async fn build_from_scratch( } async fn process_dockerfile( - build_config: &ValidatedCageBuildConfig, + build_config: &ValidatedEnclaveBuildConfig, dockerfile_src: R, data_plane_version: String, installer_version: String, @@ -208,7 +208,7 @@ async fn process_dockerfile( let wait_for_env = if build_config.disable_tls_termination { "echo TLS termination is off, not waiting for environment to be ready" } else { - r#"while ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n"# + r#"while ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n"# }; let user_service_builder = crate::docker::utils::create_combined_docker_entrypoint(last_entrypoint, last_cmd).map( @@ -218,7 +218,7 @@ async fn process_dockerfile( let ev_domain = std::env::var("EV_DOMAIN").unwrap_or_else(|_| String::from("evervault.com")); let data_plane_url = format!( - "https://cage-build-assets.{}/runtime/{}/data-plane/{}", + "https://enclave-build-assets.{}/runtime/{}/data-plane/{}", ev_domain, data_plane_version, build_config.get_dataplane_feature_label() @@ -255,7 +255,7 @@ async fn process_dockerfile( format!("{}{}{}", loopback_config, egress_config, bootstrap_script); let installer_bundle_url = format!( - "https://cage-build-assets.{}/installer/{}.tar.gz", + "https://enclave-build-assets.{}/installer/{}.tar.gz", ev_domain, installer_version ); let installer_bundle = "runtime-dependencies.tar.gz"; @@ -429,7 +429,7 @@ mod test { use crate::cert::CertValidityPeriod; use crate::config::EgressSettings; use crate::config::ScalingSettings; - use crate::config::ValidatedCageBuildConfig; + use crate::config::ValidatedEnclaveBuildConfig; use crate::config::ValidatedSigningInfo; use crate::docker; use crate::enclave; @@ -437,10 +437,10 @@ mod test { use std::iter::zip; use tempfile::TempDir; - fn get_config(egress_enabled: bool) -> ValidatedCageBuildConfig { - ValidatedCageBuildConfig { - cage_name: "test".into(), - cage_uuid: "1234".into(), + fn get_config(egress_enabled: bool) -> ValidatedEnclaveBuildConfig { + ValidatedEnclaveBuildConfig { + enclave_name: "test".into(), + enclave_uuid: "1234".into(), team_uuid: "teamid".into(), debug: false, app_uuid: "3241".into(), @@ -501,12 +501,12 @@ RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" USER root RUN mkdir -p /opt/evervault -ADD https://cage-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz +ADD https://enclave-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz RUN cd /opt/evervault ; tar -xzf runtime-dependencies.tar.gz ; sh ./installer.sh ; rm runtime-dependencies.tar.gz RUN echo {\"api_key_auth\":true,\"forward_proxy_protocol\":false,\"trusted_headers\":[\"X-Evervault-*\"],\"trx_logging_enabled\":true} > /etc/dataplane-config.json RUN mkdir -p /etc/service/user-entrypoint -RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run -ADD https://cage-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane +RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run +ADD https://enclave-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane RUN chmod +x /opt/evervault/data-plane RUN mkdir -p /etc/service/data-plane RUN printf "#!/bin/sh\necho \"Booting Evervault data plane...\"\nexec /opt/evervault/data-plane\n" > /etc/service/data-plane/run && chmod +x /etc/service/data-plane/run @@ -566,12 +566,12 @@ RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" USER root RUN mkdir -p /opt/evervault -ADD https://cage-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz +ADD https://enclave-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz RUN cd /opt/evervault ; tar -xzf runtime-dependencies.tar.gz ; sh ./installer.sh ; rm runtime-dependencies.tar.gz RUN echo {\"api_key_auth\":true,\"forward_proxy_protocol\":false,\"trusted_headers\":[\"X-Evervault-*\"],\"trx_logging_enabled\":true} > /etc/dataplane-config.json RUN mkdir -p /etc/service/user-entrypoint -RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run -ADD https://cage-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane +RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run +ADD https://enclave-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane RUN chmod +x /opt/evervault/data-plane RUN mkdir -p /etc/service/data-plane RUN printf "#!/bin/sh\necho \"Booting Evervault data plane...\"\nexec /opt/evervault/data-plane\n" > /etc/service/data-plane/run && chmod +x /etc/service/data-plane/run @@ -631,12 +631,12 @@ RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" USER root RUN mkdir -p /opt/evervault -ADD https://cage-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz +ADD https://enclave-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz RUN cd /opt/evervault ; tar -xzf runtime-dependencies.tar.gz ; sh ./installer.sh ; rm runtime-dependencies.tar.gz RUN echo {\"api_key_auth\":true,\"forward_proxy_protocol\":false,\"trusted_headers\":[\"X-Evervault-*\"],\"trx_logging_enabled\":true} > /etc/dataplane-config.json RUN mkdir -p /etc/service/user-entrypoint -RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run -ADD https://cage-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane +RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run +ADD https://enclave-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane RUN chmod +x /opt/evervault/data-plane RUN mkdir -p /etc/service/data-plane RUN printf "#!/bin/sh\necho \"Booting Evervault data plane...\"\nexec /opt/evervault/data-plane\n" > /etc/service/data-plane/run && chmod +x /etc/service/data-plane/run @@ -693,12 +693,12 @@ RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" USER root RUN mkdir -p /opt/evervault -ADD https://cage-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz +ADD https://enclave-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz RUN cd /opt/evervault ; tar -xzf runtime-dependencies.tar.gz ; sh ./installer.sh ; rm runtime-dependencies.tar.gz RUN echo {\"api_key_auth\":true,\"forward_proxy_protocol\":false,\"trusted_headers\":[\"X-Evervault-*\"],\"trx_logging_enabled\":true} > /etc/dataplane-config.json RUN mkdir -p /etc/service/user-entrypoint -RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run -ADD https://cage-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane +RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run +ADD https://enclave-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane RUN chmod +x /opt/evervault/data-plane RUN mkdir -p /etc/service/data-plane RUN printf "#!/bin/sh\necho \"Booting Evervault data plane...\"\nexec /opt/evervault/data-plane\n" > /etc/service/data-plane/run && chmod +x /etc/service/data-plane/run @@ -732,7 +732,7 @@ EXPOSE 3443 ENTRYPOINT ["sh", "/hello-script"]"#; let mut readable_contents = sample_dockerfile_contents.as_bytes(); - let mut config: ValidatedCageBuildConfig = get_config(false); + let mut config: ValidatedEnclaveBuildConfig = get_config(false); config.healthcheck = Some("/health".into()); let data_plane_version = "0.0.0".to_string(); @@ -753,12 +753,12 @@ RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" USER root RUN mkdir -p /opt/evervault -ADD https://cage-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz +ADD https://enclave-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz RUN cd /opt/evervault ; tar -xzf runtime-dependencies.tar.gz ; sh ./installer.sh ; rm runtime-dependencies.tar.gz RUN echo {\"api_key_auth\":true,\"forward_proxy_protocol\":false,\"healthcheck\":\"/health\",\"trusted_headers\":[\"X-Evervault-*\"],\"trx_logging_enabled\":true} > /etc/dataplane-config.json RUN mkdir -p /etc/service/user-entrypoint -RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run -ADD https://cage-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane +RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run +ADD https://enclave-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane RUN chmod +x /opt/evervault/data-plane RUN mkdir -p /etc/service/data-plane RUN printf "#!/bin/sh\necho \"Booting Evervault data plane...\"\nexec /opt/evervault/data-plane 3443\n" > /etc/service/data-plane/run && chmod +x /etc/service/data-plane/run @@ -814,12 +814,12 @@ RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" USER root RUN mkdir -p /opt/evervault -ADD https://cage-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz +ADD https://enclave-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz RUN cd /opt/evervault ; tar -xzf runtime-dependencies.tar.gz ; sh ./installer.sh ; rm runtime-dependencies.tar.gz RUN echo {\"api_key_auth\":true,\"forward_proxy_protocol\":false,\"trusted_headers\":[\"X-Evervault-*\"],\"trx_logging_enabled\":true} > /etc/dataplane-config.json RUN mkdir -p /etc/service/user-entrypoint -RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nsu someuser -c 'exec sh /hello-script'\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run -ADD https://cage-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane +RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nsu someuser -c 'exec sh /hello-script'\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run +ADD https://enclave-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane RUN chmod +x /opt/evervault/data-plane RUN mkdir -p /etc/service/data-plane RUN printf "#!/bin/sh\necho \"Booting Evervault data plane...\"\nexec /opt/evervault/data-plane 3443\n" > /etc/service/data-plane/run && chmod +x /etc/service/data-plane/run @@ -875,12 +875,12 @@ RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" USER root RUN mkdir -p /opt/evervault -ADD https://cage-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz +ADD https://enclave-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz RUN cd /opt/evervault ; tar -xzf runtime-dependencies.tar.gz ; sh ./installer.sh ; rm runtime-dependencies.tar.gz RUN echo {\"api_key_auth\":true,\"egress\":{\"allow_list\":\"*\"},\"forward_proxy_protocol\":false,\"trusted_headers\":[\"X-Evervault-*\"],\"trx_logging_enabled\":true} > /etc/dataplane-config.json RUN mkdir -p /etc/service/user-entrypoint -RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nsu someuser -c 'exec sh /hello-script'\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run -ADD https://cage-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-enabled/tls-termination-enabled /opt/evervault/data-plane +RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nsu someuser -c 'exec sh /hello-script'\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run +ADD https://enclave-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-enabled/tls-termination-enabled /opt/evervault/data-plane RUN chmod +x /opt/evervault/data-plane RUN mkdir -p /etc/service/data-plane RUN printf "#!/bin/sh\necho \"Booting Evervault data plane...\"\nexec /opt/evervault/data-plane 3443\n" > /etc/service/data-plane/run && chmod +x /etc/service/data-plane/run @@ -909,7 +909,7 @@ ENTRYPOINT ["/bootstrap", "1>&2"] let sample_dockerfile_contents = r#"FROM alpine ENV Hello=World Ever=Vault -ENV Cages Secure +ENV Enclaves Secure ENV CRAB="Ferris" RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" @@ -934,18 +934,18 @@ ENTRYPOINT ["sh", "/hello-script"]"#; let expected_output_contents = r##"FROM alpine ENV Hello=World Ever=Vault -ENV Cages Secure +ENV Enclaves Secure ENV CRAB="Ferris" RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" USER root RUN mkdir -p /opt/evervault -ADD https://cage-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz +ADD https://enclave-build-assets.evervault.com/installer/abcdef.tar.gz /opt/evervault/runtime-dependencies.tar.gz RUN cd /opt/evervault ; tar -xzf runtime-dependencies.tar.gz ; sh ./installer.sh ; rm runtime-dependencies.tar.gz RUN echo {\"api_key_auth\":true,\"forward_proxy_protocol\":false,\"trusted_headers\":[\"X-Evervault-*\"],\"trx_logging_enabled\":true} > /etc/dataplane-config.json RUN mkdir -p /etc/service/user-entrypoint -RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run -ADD https://cage-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane +RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run +ADD https://enclave-build-assets.evervault.com/runtime/0.0.0/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane RUN chmod +x /opt/evervault/data-plane RUN mkdir -p /etc/service/data-plane RUN printf "#!/bin/sh\necho \"Booting Evervault data plane...\"\nexec /opt/evervault/data-plane 3443\n" > /etc/service/data-plane/run && chmod +x /etc/service/data-plane/run @@ -974,8 +974,9 @@ ENTRYPOINT ["/bootstrap", "1>&2"] async fn test_choose_output_dir() { let output_dir = TempDir::new().unwrap(); - let _ = test_utils::build_test_cage(Some(output_dir.path().to_str().unwrap()), None, false) - .await; + let _ = + test_utils::build_test_enclave(Some(output_dir.path().to_str().unwrap()), None, false) + .await; let paths = std::fs::read_dir(output_dir.path().to_str().unwrap().to_string()).unwrap(); diff --git a/src/cert/error.rs b/src/cert/error.rs index 9a3ca0db..fb7b55fc 100644 --- a/src/cert/error.rs +++ b/src/cert/error.rs @@ -29,7 +29,7 @@ pub enum CertError { HashError(String), #[error("Failed to parse timestamp")] TimstampParseError(#[from] chrono::ParseError), - #[error("No certs found for the current Cage.")] + #[error("No certs found for the current Enclave.")] NoCertsFound, } diff --git a/src/cert/mod.rs b/src/cert/mod.rs index 8cb6dbb6..1692794f 100644 --- a/src/cert/mod.rs +++ b/src/cert/mod.rs @@ -10,9 +10,9 @@ use std::path::{Path, PathBuf}; use x509_parser::parse_x509_certificate; use x509_parser::prelude::{parse_x509_pem, X509Certificate}; -use crate::api::cage::{ - CageApi, CageSigningCert, CreateCageSigningCertRefRequest, CreateCageSigningCertRefResponse, - UpdateLockedCageSigningCertRequest, +use crate::api::enclave::{ + CreateEnclaveSigningCertRefRequest, CreateEnclaveSigningCertRefResponse, EnclaveApi, + EnclaveSigningCert, UpdateLockedEnclaveSigningCertRequest, }; use crate::api::{self, AuthMode}; @@ -87,22 +87,22 @@ pub async fn upload_new_cert_ref( cert_path: &str, api_key: &str, name: String, -) -> Result { +) -> Result { let path = std::path::Path::new(cert_path); let pcr8 = get_cert_pcr(path)?; let validity_period = get_cert_validity_period(path)?; - let cage_api = api::cage::CagesClient::new(AuthMode::ApiKey(api_key.to_string())); + let enclave_api = api::enclave::EnclaveClient::new(AuthMode::ApiKey(api_key.to_string())); - let payload = CreateCageSigningCertRefRequest::new( + let payload = CreateEnclaveSigningCertRefRequest::new( pcr8.clone(), name, validity_period.not_before, validity_period.not_after, ); - let cert_ref = match cage_api.create_cage_signing_cert_ref(payload).await { + let cert_ref = match enclave_api.create_enclave_signing_cert_ref(payload).await { Ok(cert_ref) => cert_ref, Err(e) => { log::error!("Error upload cage signing cert ref — {:?}", e); @@ -113,7 +113,7 @@ pub async fn upload_new_cert_ref( Ok(cert_ref) } -fn format_cert_for_multi_select(cert: &CageSigningCert) -> String { +fn format_cert_for_multi_select(cert: &EnclaveSigningCert) -> String { let name = cert.name().unwrap_or_default(); let cert_hash = cert.cert_hash(); let not_after = cert @@ -143,13 +143,13 @@ fn format_expiry_time(expiry_time: &str) -> Result { #[derive(Debug, Clone, PartialEq, PartialOrd)] struct CertWithFormattedString { - cert: CageSigningCert, + cert: EnclaveSigningCert, formatted: String, locked: bool, } impl CertWithFormattedString { - fn new(cert: &CageSigningCert, locked: bool) -> Self { + fn new(cert: &EnclaveSigningCert, locked: bool) -> Self { Self { formatted: format_cert_for_multi_select(cert), cert: cert.clone(), @@ -159,10 +159,10 @@ impl CertWithFormattedString { } async fn get_certs_for_selection( - cage_api: api::cage::CagesClient, - cage_uuid: &str, + enclave_api: api::enclave::EnclaveClient, + enclave_uuid: &str, ) -> Result, CertError> { - let available_certs = match cage_api.get_signing_certs().await { + let available_certs = match enclave_api.get_signing_certs().await { Ok(res) => res.certs, Err(e) => { log::error!("Error getting cage signing cert refs — {:?}", e); @@ -170,7 +170,10 @@ async fn get_certs_for_selection( } }; - let locked_certs = match cage_api.get_cage_locked_signing_certs(cage_uuid).await { + let locked_certs = match enclave_api + .get_enclave_locked_signing_certs(enclave_uuid) + .await + { Ok(certs) => certs, Err(e) => { log::error!("Error getting cage signing cert — {:?}", e); @@ -210,24 +213,24 @@ fn sort_certs_by_expiry( Ok(certs) } -pub async fn lock_cage_to_certs( +pub async fn lock_enclave_to_certs( api_key: &str, - cage_uuid: &str, - cage_name: &str, + enclave_uuid: &str, + enclave_name: &str, ) -> Result<(), CertError> { - let cage_api = api::cage::CagesClient::new(AuthMode::ApiKey(api_key.to_string())); + let enclave_api = api::enclave::EnclaveClient::new(AuthMode::ApiKey(api_key.to_string())); - let certs_for_select = get_certs_for_selection(cage_api.clone(), cage_uuid).await?; + let certs_for_select = get_certs_for_selection(enclave_api.clone(), enclave_uuid).await?; if certs_for_select.is_empty() { - log::error!("No certs found for the current app. You must upload a cert using the `ev cert upload` command or deployment a Cage before you can create a cert lock."); + log::error!("No certs found for the current app. You must upload a cert using the `ev cert upload` command or deployment an Enclave before you can create a cert lock."); return Err(CertError::NoCertsFound); } let sorted_certs_for_select = sort_certs_by_expiry(certs_for_select)?; let chosen: Vec = MultiSelect::new() - .with_prompt("Select Certs To Lock Cage To. Press Space To Select, Enter To Confirm.\n Cert Name | PCR8 (Hash of cert) | Cert Expiry ") + .with_prompt("Select Certs To Lock Enclave To. Press Space To Select, Enter To Confirm.\n Cert Name | PCR8 (Hash of cert) | Cert Expiry ") .report(false) .max_length(6) .items_checked( @@ -248,21 +251,21 @@ pub async fn lock_cage_to_certs( }) .collect::>(); - let payload = UpdateLockedCageSigningCertRequest::new(chosen_cert_uuids.clone()); + let payload = UpdateLockedEnclaveSigningCertRequest::new(chosen_cert_uuids.clone()); let amount_chosen = chosen_cert_uuids.len(); let msg = match amount_chosen { 0 => format!( - "No certs selected. Cage {} will not be locked to any certs.", - cage_name + "No certs selected. Enclave {} will not be locked to any certs.", + enclave_name ), 1 => format!( - "1 cert selected. Cage {} will be locked to this cert.", - cage_name + "1 cert selected. Enclave {} will be locked to this cert.", + enclave_name ), _ => format!( - "{} certs selected. Cage {} will be locked to these certs", - amount_chosen, cage_name + "{} certs selected. Enclave {} will be locked to these certs", + amount_chosen, enclave_name ), }; @@ -277,20 +280,23 @@ pub async fn lock_cage_to_certs( return Ok(()); } - if let Err(e) = cage_api - .update_cage_locked_signing_certs(cage_uuid, payload) + if let Err(e) = enclave_api + .update_enclave_locked_signing_certs(enclave_uuid, payload) .await { - log::error!("Error locking Cage to certs - {e}"); + log::error!("Error locking Enclave to certs - {e}"); return Err(CertError::ApiError(e)); }; let final_msg = match amount_chosen { - 0 => format!("Cage {} successfully unlocked from all certs!", cage_name), - 1 => format!("Cage {} successfully locked to 1 cert!", cage_name), + 0 => format!( + "Enclave {} successfully unlocked from all certs!", + enclave_name + ), + 1 => format!("Enclave {} successfully locked to 1 cert!", enclave_name), _ => format!( - "Cage {} successfully locked to {} certs!", - cage_name, amount_chosen + "Enclave {} successfully locked to {} certs!", + enclave_name, amount_chosen ), }; @@ -491,7 +497,7 @@ mod test { #[test] fn test_sort_certs_by_expiry() { - let cert1 = CageSigningCert::new( + let cert1 = EnclaveSigningCert::new( None, "uuid1".to_string(), "app_uuid1".to_string(), @@ -499,7 +505,7 @@ mod test { None, Some("2023-04-17T12:00:00Z".to_string()), ); - let cert2 = CageSigningCert::new( + let cert2 = EnclaveSigningCert::new( None, "uuid2".to_string(), "app_uuid2".to_string(), @@ -507,7 +513,7 @@ mod test { None, Some("2023-04-18T12:00:00Z".to_string()), ); - let cert3 = CageSigningCert::new( + let cert3 = EnclaveSigningCert::new( None, "uuid3".to_string(), "app_uuid3".to_string(), diff --git a/src/cli/attest.rs b/src/cli/attest.rs index 46ce10ba..a19b113a 100644 --- a/src/cli/attest.rs +++ b/src/cli/attest.rs @@ -1,19 +1,19 @@ -use crate::attest::attest_connection_to_cage; -use crate::config::CageConfig; +use crate::attest::attest_connection_to_enclave; +use crate::config::EnclaveConfig; use crate::describe::describe_eif; use crate::version::check_version; use attestation_doc_validation::attestation_doc::PCRs; use attestation_doc_validation::PCRProvider; use clap::Parser; -/// Validate the attestation doc provided by a Cage +/// Validate the attestation doc provided by an Enclave #[derive(Debug, Parser)] #[clap(name = "attest", about)] pub struct AttestArgs { /// Path to cage.toml config file #[clap(short = 'c', long = "config", default_value = "./cage.toml")] pub config: String, - /// Path to EIF file. When included, the attestation measures returned from the Cage will be compared to the measures of the EIF. + /// Path to EIF file. When included, the attestation measures returned from the Enclave will be compared to the measures of the EIF. #[clap(long = "eif-path")] pub eif_path: Option, } @@ -36,8 +36,8 @@ pub async fn run(attest_args: AttestArgs) -> i32 { return exitcode::SOFTWARE; }; - let config = unwrap_or_exit_with_error!(CageConfig::try_from_filepath(&attest_args.config)); - let domain = unwrap_or_exit_with_error!(config.get_cage_domain()); + let config = unwrap_or_exit_with_error!(EnclaveConfig::try_from_filepath(&attest_args.config)); + let domain = unwrap_or_exit_with_error!(config.get_enclave_domain()); let expected_pcrs = if let Some(eif_path) = attest_args.eif_path { let description = unwrap_or_exit_with_error!(describe_eif(&eif_path, false)); @@ -58,13 +58,13 @@ pub async fn run(attest_args: AttestArgs) -> i32 { .clone(), }; - match attest_connection_to_cage(&domain, expected_pcrs.clone()).await { + match attest_connection_to_enclave(&domain, expected_pcrs.clone()).await { Ok(_) => { log::info!("Attestation successful!\n\nhttps://{} returned a signed attestation doc which had PCRs:\n\n{}", domain, expected_pcrs.to_string()); exitcode::OK } Err(e) => { - log::error!("Failed to attest Cage - {e}"); + log::error!("Failed to attest Enclave - {e}"); exitcode::SOFTWARE } } diff --git a/src/cli/build.rs b/src/cli/build.rs index a08ed526..c4fa9a18 100644 --- a/src/cli/build.rs +++ b/src/cli/build.rs @@ -6,7 +6,7 @@ use crate::docker::command::get_source_date_epoch; use crate::version::check_version; use clap::Parser; -/// Build a Cage from a Dockerfile +/// Build an Enclave from a Dockerfile #[derive(Parser, Debug)] #[clap(name = "build", about)] pub struct BuildArgs { @@ -14,7 +14,7 @@ pub struct BuildArgs { #[clap(short = 'c', long = "config", default_value = "./cage.toml")] pub config: String, - /// Path to Dockerfile for Cage. Will override any dockerfile specified in the .toml file. + /// Path to Dockerfile for Enclave. Will override any dockerfile specified in the .toml file. #[clap(short = 'f', long = "file")] pub dockerfile: Option, @@ -79,7 +79,7 @@ pub async fn run(build_args: BuildArgs) -> exitcode::ExitCode { return exitcode::SOFTWARE; }; - let (mut cage_config, validated_config) = + let (mut enclave_config, validated_config) = match read_and_validate_config(&build_args.config, &build_args) { Ok(config) => config, Err(e) => { @@ -93,8 +93,8 @@ pub async fn run(build_args: BuildArgs) -> exitcode::ExitCode { .as_ref() .map(|args| args.iter().map(AsRef::as_ref).collect()); - let cage_build_assets_client = AssetsClient::new(); - let data_plane_version = match cage_build_assets_client.get_data_plane_version().await { + let enclave_build_assets_client = AssetsClient::new(); + let data_plane_version = match enclave_build_assets_client.get_data_plane_version().await { Ok(version) => version, Err(e) => { log::error!("Failed to retrieve the latest data plane version - {e:?}"); @@ -102,7 +102,7 @@ pub async fn run(build_args: BuildArgs) -> exitcode::ExitCode { } }; - let installer_version = match cage_build_assets_client.get_installer_version().await { + let installer_version = match enclave_build_assets_client.get_installer_version().await { Ok(version) => version, Err(e) => { log::error!("Failed to retrieve the latest installer version - {e:?}"); @@ -136,11 +136,11 @@ pub async fn run(build_args: BuildArgs) -> exitcode::ExitCode { } }; - cage_config.set_attestation(built_enclave.measurements()); - cage_config.set_runtime_info(runtime_info); - crate::common::save_cage_config(&cage_config, &build_args.config); + enclave_config.set_attestation(built_enclave.measurements()); + enclave_config.set_runtime_info(runtime_info); + crate::common::save_enclave_config(&enclave_config, &build_args.config); - if cage_config.debug { + if enclave_config.debug { crate::common::log_debug_mode_attestation_warning(); } diff --git a/src/cli/cert.rs b/src/cli/cert.rs index a49864aa..ceeb81ba 100644 --- a/src/cli/cert.rs +++ b/src/cli/cert.rs @@ -1,13 +1,13 @@ use crate::cert::{self, DistinguishedName}; use crate::common::CliError; -use crate::config::CageConfig; +use crate::config::EnclaveConfig; use crate::get_api_key; use crate::version::check_version; use atty::Stream; use clap::{Parser, Subcommand}; use exitcode::DATAERR; -/// Manage Cage signing certificates +/// Manage Enclave signing certificates #[derive(Debug, Parser)] #[clap(name = "cert", about)] pub struct CertArgs { @@ -17,13 +17,13 @@ pub struct CertArgs { #[derive(Debug, Subcommand)] pub enum CertCommands { - /// Create a new Cage signing certificate + /// Create a new Enclave signing certificate #[clap()] New(NewCertArgs), /// Upload a cage signing certificate's metadata to Evervault #[clap()] Upload(UploadCertArgs), - /// Lock a cage to specific signing certificate. Cage deployment will fail if the signing certificate is not the one specified. + /// Lock a cage to specific signing certificate. Enclave deployment will fail if the signing certificate is not the one specified. #[clap()] Lock(LockCertArgs), } @@ -35,7 +35,7 @@ pub struct NewCertArgs { #[clap(short = 'o', long = "output", default_value = ".")] pub output_dir: String, - /// Defining the certificate distinguished name e.g. "/CN=EV/C=IE/ST=LEI/L=DUB/O=Evervault/OU=Eng". If not given, a generic Cages subject will be used. + /// Defining the certificate distinguished name e.g. "/CN=EV/C=IE/ST=LEI/L=DUB/O=Evervault/OU=Eng". If not given, a generic Enclaves subject will be used. #[clap(long = "subj")] pub subject: Option, } @@ -110,8 +110,8 @@ pub async fn run(cert_args: CertArgs) -> exitcode::ExitCode { let cert_path = match upload_args.cert_path { Some(cert_path) => cert_path, - None => match CageConfig::try_from_filepath(&upload_args.config) { - Ok(cage_config) => match cage_config.signing { + None => match EnclaveConfig::try_from_filepath(&upload_args.config) { + Ok(enclave_config) => match enclave_config.signing { Some(signing_info) if signing_info.cert.is_some() => { signing_info.cert.unwrap() } @@ -152,22 +152,24 @@ pub async fn run(cert_args: CertArgs) -> exitcode::ExitCode { CertCommands::Lock(lock_cert_args) => { let api_key = get_api_key!(); - let (cage_uuid, cage_name) = match CageConfig::try_from_filepath(&lock_cert_args.config) - { - Ok(cage_config) => match (cage_config.uuid, cage_config.name) { - (Some(uuid), name) => (uuid, name), - _ => { - log::error!("No cage details found in cage.toml"); + let (enclave_uuid, enclave_name) = + match EnclaveConfig::try_from_filepath(&lock_cert_args.config) { + Ok(enclave_config) => match (enclave_config.uuid, enclave_config.name) { + (Some(uuid), name) => (uuid, name), + _ => { + log::error!("No cage details found in cage.toml"); + return DATAERR; + } + }, + Err(_) => { + log::error!("Failed to load cage configuration"); return DATAERR; } - }, - Err(_) => { - log::error!("Failed to load cage configuration"); - return DATAERR; - } - }; + }; - if let Err(e) = cert::lock_cage_to_certs(&api_key, &cage_uuid, &cage_name).await { + if let Err(e) = + cert::lock_enclave_to_certs(&api_key, &enclave_uuid, &enclave_name).await + { return e.exitcode(); } } diff --git a/src/cli/delete.rs b/src/cli/delete.rs index e609a604..7355b39b 100644 --- a/src/cli/delete.rs +++ b/src/cli/delete.rs @@ -1,10 +1,10 @@ use crate::common::CliError; -use crate::delete::delete_cage; +use crate::delete::delete_enclave; use crate::get_api_key; use crate::version::check_version; use clap::Parser; -/// Delete a Cage from a toml file. +/// Delete an Enclave from a toml file. #[derive(Debug, Parser)] #[clap(name = "delete", about)] pub struct DeleteArgs { @@ -12,15 +12,15 @@ pub struct DeleteArgs { #[clap(short = 'c', long = "config", default_value = "./cage.toml")] pub config: String, - /// Uuid of the Cage to delete + /// Uuid of the Enclave to delete #[clap(long = "cage-uuid")] - pub cage_uuid: Option, + pub enclave_uuid: Option, /// Disable verbose output #[clap(long)] pub quiet: bool, - /// Perform the Cage deletion in the background + /// Perform the Enclave deletion in the background #[clap(long)] pub background: bool, @@ -34,13 +34,13 @@ pub async fn run(delete_args: DeleteArgs) -> exitcode::ExitCode { return exitcode::SOFTWARE; }; let should_del = match dialoguer::Confirm::new() - .with_prompt("Are you sure you want to delete this Cage?") + .with_prompt("Are you sure you want to delete this Enclave?") .default(false) .interact() { Ok(should_delete) => should_delete, Err(_) => { - log::error!("An error occurred while attempting to confirm this Cage delete."); + log::error!("An error occurred while attempting to confirm this Enclave delete."); return exitcode::IOERR; } }; @@ -51,9 +51,9 @@ pub async fn run(delete_args: DeleteArgs) -> exitcode::ExitCode { } let api_key = get_api_key!(); - match delete_cage( + match delete_enclave( delete_args.config.as_str(), - delete_args.cage_uuid.as_deref(), + delete_args.enclave_uuid.as_deref(), api_key.as_str(), delete_args.background, ) @@ -61,7 +61,7 @@ pub async fn run(delete_args: DeleteArgs) -> exitcode::ExitCode { { Ok(_) => { if delete_args.background { - log::info!("Cage successfully marked for deletion."); + log::info!("Enclave successfully marked for deletion."); } else { log::info!("Deletion was successful"); } diff --git a/src/cli/deploy.rs b/src/cli/deploy.rs index aff4a498..8e5e0f37 100644 --- a/src/cli/deploy.rs +++ b/src/cli/deploy.rs @@ -1,5 +1,5 @@ use crate::api::client::ApiErrorKind; -use crate::api::{self, assets::AssetsClient, cage::CageApi, AuthMode}; +use crate::api::{self, assets::AssetsClient, enclave::EnclaveApi, AuthMode}; use crate::build::build_enclave_image_file; use crate::common::prepare_build_args; use crate::docker::command::get_source_date_epoch; @@ -7,7 +7,7 @@ use crate::get_api_key; use crate::version::check_version; use crate::{ common::{CliError, OutputPath}, - config::{read_and_validate_config, BuildTimeConfig, ValidatedCageBuildConfig}, + config::{read_and_validate_config, BuildTimeConfig, ValidatedEnclaveBuildConfig}, deploy::{deploy_eif, get_eif}, enclave::EIFMeasurements, }; @@ -15,7 +15,7 @@ use atty::Stream; use clap::Parser; use exitcode::ExitCode; -/// Deploy a Cage from a toml file. +/// Deploy an Enclave from a toml file. #[derive(Debug, Parser)] #[clap(name = "deploy", about)] pub struct DeployArgs { @@ -84,33 +84,39 @@ pub async fn run(deploy_args: DeployArgs) -> exitcode::ExitCode { return exitcode::SOFTWARE; }; let api_key = get_api_key!(); - let (mut cage_config, validated_config) = + let (mut enclave_config, validated_config) = match read_and_validate_config(&deploy_args.config, &deploy_args) { Ok(configs) => configs, Err(e) => { - log::error!("Failed to validate Cage config - {e}"); + log::error!("Failed to validate Enclave config - {e}"); return e.exitcode(); } }; - let cage_api = api::cage::CagesClient::new(AuthMode::ApiKey(api_key)); + let enclave_api = api::enclave::EnclaveClient::new(AuthMode::ApiKey(api_key)); - let cage = match cage_api.get_cage(validated_config.cage_uuid()).await { + let cage = match enclave_api + .get_enclave(validated_config.enclave_uuid()) + .await + { Ok(cage) => cage, Err(e) => { - log::error!("Failed to retrieve Cage details from Evervault API – {}", e); + log::error!( + "Failed to retrieve Enclave details from Evervault API – {}", + e + ); return e.exitcode(); } }; - let cage_scaling_config = match cage_api - .get_scaling_config(validated_config.cage_uuid()) + let enclave_scaling_config = match enclave_api + .get_scaling_config(validated_config.enclave_uuid()) .await { Ok(scaling_config) => Some(scaling_config), Err(e) if matches!(e.kind, ApiErrorKind::NotFound) => None, Err(e) => { - log::error!("Failed to load Cage scaling config - {e}"); + log::error!("Failed to load Enclave scaling config - {e}"); return e.exitcode(); } }; @@ -118,11 +124,11 @@ pub async fn run(deploy_args: DeployArgs) -> exitcode::ExitCode { let local_replicas = validated_config.scaling.desired_replicas; // Warn if local scaling config differs from remote - let has_scaling_config_drift = cage_scaling_config + let has_scaling_config_drift = enclave_scaling_config .as_ref() .is_some_and(|config| config.desired_replicas() != local_replicas); if has_scaling_config_drift { - let remote_replicas = cage_scaling_config.as_ref().unwrap().desired_replicas(); + let remote_replicas = enclave_scaling_config.as_ref().unwrap().desired_replicas(); log::warn!("Remote scaling config differs from local config. This deployment will apply the local config.\n\nCurrent remote replica count: {remote_replicas}\nLocal replica count: {local_replicas}\n"); } @@ -161,22 +167,22 @@ pub async fn run(deploy_args: DeployArgs) -> exitcode::ExitCode { Err(e) => return e, }; - if cage_config.debug { + if enclave_config.debug { crate::common::log_debug_mode_attestation_warning(); } log::info!( - "Deploying Cage with the following attestation measurements: {}", + "Deploying Enclave with the following attestation measurements: {}", serde_json::to_string_pretty(&eif_measurements) - .expect("Failed to serialize Cage attestation measures.") + .expect("Failed to serialize Enclave attestation measures.") ); - cage_config.set_attestation(&eif_measurements); - crate::common::save_cage_config(&cage_config, &deploy_args.config); + enclave_config.set_attestation(&eif_measurements); + crate::common::save_enclave_config(&enclave_config, &deploy_args.config); if let Err(e) = deploy_eif( &validated_config, - cage_api, + enclave_api, output_path, &eif_measurements, data_plane_version, @@ -189,7 +195,7 @@ pub async fn run(deploy_args: DeployArgs) -> exitcode::ExitCode { }; if atty::is(Stream::Stdout) { - log::info!("Your Cage is now available at https://{}", cage.domain()); + log::info!("Your Enclave is now available at https://{}", cage.domain()); } else { let success_msg = serde_json::json!({ "status": "success", @@ -203,7 +209,7 @@ pub async fn run(deploy_args: DeployArgs) -> exitcode::ExitCode { #[allow(clippy::too_many_arguments)] async fn resolve_eif( - validated_config: &ValidatedCageBuildConfig, + validated_config: &ValidatedEnclaveBuildConfig, context_path: &str, eif_path: Option<&str>, verbose: bool, @@ -242,20 +248,22 @@ async fn resolve_eif( } async fn get_data_plane_and_installer_version( - validated_config: &ValidatedCageBuildConfig, + validated_config: &ValidatedEnclaveBuildConfig, ) -> Result<(String, String), ExitCode> { - let cage_build_assets_client = AssetsClient::new(); + let enclave_build_assets_client = AssetsClient::new(); match validated_config.runtime.clone() { Some(config) => Ok((config.data_plane_version.clone(), config.installer_version)), None => { - let data_plane_version = match cage_build_assets_client.get_data_plane_version().await { - Ok(version) => version, - Err(e) => { - log::error!("Failed to retrieve the latest data plane version - {e:?}"); - return Err(e.exitcode()); - } - }; - let installer_version = match cage_build_assets_client.get_installer_version().await { + let data_plane_version = + match enclave_build_assets_client.get_data_plane_version().await { + Ok(version) => version, + Err(e) => { + log::error!("Failed to retrieve the latest data plane version - {e:?}"); + return Err(e.exitcode()); + } + }; + let installer_version = match enclave_build_assets_client.get_installer_version().await + { Ok(version) => version, Err(e) => { log::error!("Failed to retrieve the latest installer version - {e:?}"); diff --git a/src/cli/encrypt.rs b/src/cli/encrypt.rs index e8527569..0419cdfc 100644 --- a/src/cli/encrypt.rs +++ b/src/cli/encrypt.rs @@ -1,6 +1,6 @@ use crate::version::check_version; use crate::{ - config::CageConfig, + config::EnclaveConfig, encrypt::{self, EncryptError}, }; use clap::Parser; @@ -41,7 +41,7 @@ pub async fn run(encrypt_args: EncryptArgs) -> exitcode::ExitCode { return exitcode::SOFTWARE; }; - let (team_uuid, app_uuid) = match get_cage_details(encrypt_args.clone()) { + let (team_uuid, app_uuid) = match get_enclave_details(encrypt_args.clone()) { Ok((team_uuid, app_uuid)) => (team_uuid, app_uuid), Err(e) => { log::error!("Config error {e}"); @@ -60,16 +60,16 @@ pub async fn run(encrypt_args: EncryptArgs) -> exitcode::ExitCode { } } -fn get_cage_details(encrypt_args: EncryptArgs) -> Result<(String, String), EncryptError> { +fn get_enclave_details(encrypt_args: EncryptArgs) -> Result<(String, String), EncryptError> { if encrypt_args.team_uuid.is_none() || encrypt_args.app_uuid.is_none() { - let cage_config = CageConfig::try_from_filepath(&encrypt_args.config)?; + let enclave_config = EnclaveConfig::try_from_filepath(&encrypt_args.config)?; - if cage_config.app_uuid.is_none() || cage_config.team_uuid.is_none() { + if enclave_config.app_uuid.is_none() || enclave_config.team_uuid.is_none() { Err(EncryptError::MissingUuid) } else { Ok(( - cage_config.team_uuid.unwrap(), - cage_config.app_uuid.unwrap(), + enclave_config.team_uuid.unwrap(), + enclave_config.app_uuid.unwrap(), )) } } else { diff --git a/src/cli/env.rs b/src/cli/env.rs index 3b920fb1..75556fc1 100644 --- a/src/cli/env.rs +++ b/src/cli/env.rs @@ -2,7 +2,7 @@ use crate::version::check_version; use clap::{Parser, Subcommand}; use crate::{ - api::{cage::CagesClient, AuthMode}, + api::{enclave::EnclaveClient, AuthMode}, get_api_key, }; @@ -16,7 +16,7 @@ pub enum EnvAction { Get, } -/// Manage Cage environment +/// Manage Enclave environment #[derive(Debug, Parser)] #[clap(name = "cert", about)] pub struct EnvArgs { @@ -27,15 +27,15 @@ pub struct EnvArgs { #[derive(Debug, Subcommand)] pub enum EnvCommands { #[clap()] - /// Add Cage environment variable + /// Add Enclave environment variable Add(AddEnvArgs), - /// Delete Cage environment variable + /// Delete Enclave environment variable Delete(DeleteEnvArgs), - /// Get Cage environment variables + /// Get Enclave environment variables Get(GetEnvArgs), } -/// Add secret to Cage env +/// Add secret to Enclave env #[derive(Debug, Parser)] #[clap(name = "env", about)] pub struct AddEnvArgs { @@ -60,7 +60,7 @@ pub struct AddEnvArgs { pub config: String, } -/// Add delete secret from Cage env +/// Add delete secret from Enclave env #[derive(Debug, Parser)] #[clap(name = "env", about)] pub struct DeleteEnvArgs { @@ -73,7 +73,7 @@ pub struct DeleteEnvArgs { pub config: String, } -/// Get secrets from Cage env +/// Get secrets from Enclave env #[derive(Debug, Parser)] #[clap(name = "env", about)] pub struct GetEnvArgs { @@ -89,7 +89,7 @@ pub async fn run(env_args: EnvArgs) -> exitcode::ExitCode { }; let api_key = get_api_key!(); - let cages_client = CagesClient::new(AuthMode::ApiKey(api_key)); + let cages_client = EnclaveClient::new(AuthMode::ApiKey(api_key)); match env(cages_client, env_args.action).await { Ok(result) => match result { diff --git a/src/cli/init.rs b/src/cli/init.rs index bf60722f..2d9543f0 100644 --- a/src/cli/init.rs +++ b/src/cli/init.rs @@ -1,16 +1,18 @@ use crate::api; -use crate::api::cage::CreateCageRequest; +use crate::api::enclave::CreateEnclaveRequest; use crate::api::{ - cage::{Cage, CageApi}, + enclave::{Enclave, EnclaveApi}, AuthMode, }; use crate::common::CliError; -use crate::config::{default_dockerfile, CageConfig, EgressSettings, ScalingSettings, SigningInfo}; +use crate::config::{ + default_dockerfile, EgressSettings, EnclaveConfig, ScalingSettings, SigningInfo, +}; use crate::get_api_key; use crate::version::check_version; use clap::{ArgGroup, Parser}; -/// Initialize a Cage.toml in the current directory +/// Initialize an Enclave.toml in the current directory #[derive(Debug, Parser)] #[clap(name = "init", about)] #[clap(group( @@ -24,31 +26,31 @@ use clap::{ArgGroup, Parser}; .requires("cert-path") ))] pub struct InitArgs { - /// Directory to write the Cage toml to. Defaults to the current directory. + /// Directory to write the Enclave toml to. Defaults to the current directory. #[clap(short = 'o', long = "output", default_value = ".")] pub output_dir: String, - /// Name of Cage to deploy + /// Name of Enclave to deploy #[clap(long = "name")] - pub cage_name: String, + pub enclave_name: String, - /// Debug setting for the Cage + /// Debug setting for the Enclave #[clap(long = "debug")] pub debug: bool, - /// Flag to enable egress on your Cage + /// Flag to enable egress on your Enclave #[clap(long = "egress")] pub egress: bool, - /// Dockerfile to build the Cage + /// Dockerfile to build the Enclave #[clap(short = 'f', long = "file")] pub dockerfile: Option, - /// Path to the signing cert to use for the Cage. If provided, the private-key must also be set. + /// Path to the signing cert to use for the Enclave. If provided, the private-key must also be set. #[clap(long = "signing-cert")] pub cert_path: Option, - /// Path to the signing key to use for the Cage. If provided, the signing-cert must also be set. + /// Path to the signing key to use for the Enclave. If provided, the signing-cert must also be set. #[clap(long = "private-key")] pub key_path: Option, @@ -56,15 +58,15 @@ pub struct InitArgs { #[clap(long = "disable-tls-termination")] pub disable_tls_termination: bool, - /// Disable API key auth for your Cage + /// Disable API key auth for your Enclave #[clap(long = "disable-api-key-auth")] pub disable_api_key_auth: bool, - /// Disable transaction logging in your Cage + /// Disable transaction logging in your Enclave #[clap(long = "disable-trx-logging")] pub trx_logging_disabled: bool, - /// Flag to make your Cage delete after 6 hours + /// Flag to make your Enclave delete after 6 hours #[clap(long = "self-destruct")] pub is_time_bound: bool, @@ -76,7 +78,7 @@ pub struct InitArgs { #[clap(long = "forward-proxy-protocol")] pub forward_proxy_protocol: bool, - /// Trusted headers sent into the Cage will be persisted without redaction in the Cage's transaction logs + /// Trusted headers sent into the Enclave will be persisted without redaction in the Enclave's transaction logs #[clap(long = "trusted_headers")] pub trusted_headers: Option, @@ -84,12 +86,12 @@ pub struct InitArgs { #[clap(long = "healthcheck")] pub healthcheck: Option, - /// The desired number of instances for your cage to use. Default is 2. + /// The desired number of instances for your Enclave to use. Default is 2. #[clap(long = "desired_replicas")] pub desired_replicas: Option, } -impl std::convert::From for CageConfig { +impl std::convert::From for EnclaveConfig { fn from(val: InitArgs) -> Self { let signing_info = if val.cert_path.is_none() && val.key_path.is_none() { None @@ -100,8 +102,8 @@ impl std::convert::From for CageConfig { }) }; - CageConfig { - name: val.cage_name, + EnclaveConfig { + name: val.enclave_name, uuid: None, app_uuid: None, team_uuid: None, @@ -135,38 +137,38 @@ pub async fn run(init_args: InitArgs) -> exitcode::ExitCode { }; let api_key = get_api_key!(); - let cages_client = api::cage::CagesClient::new(AuthMode::ApiKey(api_key.clone())); + let enclave_client = api::enclave::EnclaveClient::new(AuthMode::ApiKey(api_key.clone())); - let create_cage_request = - CreateCageRequest::new(init_args.cage_name.clone(), init_args.is_time_bound); - let created_cage = match cages_client.create_cage(create_cage_request).await { - Ok(cage_ref) => cage_ref, + let create_enclave_request = + CreateEnclaveRequest::new(init_args.enclave_name.clone(), init_args.is_time_bound); + let created_enclave = match enclave_client.create_enclave(create_enclave_request).await { + Ok(enclave_ref) => enclave_ref, Err(e) => { - log::error!("Error creating Cage record — {e:?}"); + log::error!("Error creating Enclave record — {e:?}"); return e.exitcode(); } }; - init_local_config(init_args, created_cage).await + init_local_config(init_args, created_enclave).await } -async fn init_local_config(init_args: InitArgs, created_cage: Cage) -> exitcode::ExitCode { +async fn init_local_config(init_args: InitArgs, created_enclave: Enclave) -> exitcode::ExitCode { let output_dir = init_args.output_dir.clone(); let output_path = std::path::Path::new(output_dir.as_str()); - let config_path = output_path.join("cage.toml"); + let config_path = output_path.join("enclave.toml"); - let mut initial_config: CageConfig = init_args.into(); - initial_config.annotate(created_cage); + let mut initial_config: EnclaveConfig = init_args.into(); + initial_config.annotate(created_enclave); if initial_config.signing.is_none() { - log::info!("Generating signing credentials for cage"); + log::info!("Generating signing credentials for enclave"); match crate::cert::create_new_cert(output_path, crate::cert::DistinguishedName::default()) { Ok((cert_path, key_path)) => { initial_config.set_cert(format!("{}", cert_path.display())); initial_config.set_key(format!("{}", key_path.display())); } Err(e) => { - log::error!("Failed to generate cage signing credentials - {e}"); + log::error!("Failed to generate enclave signing credentials - {e}"); return e.exitcode(); } } @@ -175,16 +177,16 @@ async fn init_local_config(init_args: InitArgs, created_cage: Cage) -> exitcode: let serialized_config = match toml::ser::to_vec(&initial_config) { Ok(bytes) => bytes, Err(e) => { - log::error!("Error serializing cage.toml — {:?}", e); + log::error!("Error serializing enclave.toml — {:?}", e); return exitcode::SOFTWARE; } }; if let Err(e) = std::fs::write(config_path, serialized_config) { - log::error!("Error writing cage.toml — {:?}", e); + log::error!("Error writing enclave.toml — {:?}", e); exitcode::IOERR } else { - log::info!("Cage.toml initialized successfully. You can now deploy a Cage using the deploy command"); + log::info!("Enclave.toml initialized successfully. You can now deploy an Enclave using the deploy command"); exitcode::OK } } @@ -192,7 +194,7 @@ async fn init_local_config(init_args: InitArgs, created_cage: Cage) -> exitcode: #[cfg(test)] mod init_tests { use super::*; - use crate::api::cage::CageState; + use crate::api::enclave::EnclaveState; use std::fs::read; use tempfile::TempDir; @@ -200,19 +202,19 @@ mod init_tests { #[tokio::test] async fn init_local_config_test() { let output_dir = TempDir::new().unwrap(); - let sample_cage = Cage { + let sample_enclave = Enclave { uuid: "1234".into(), name: "hello-cage".into(), team_uuid: "1234".into(), app_uuid: "1234".into(), domain: "hello.com".into(), - state: CageState::Pending, + state: EnclaveState::Pending, created_at: "00:00:00".into(), updated_at: "00:00:00".into(), }; let init_args = InitArgs { output_dir: output_dir.path().to_str().unwrap().to_string(), - cage_name: "hello".to_string(), + enclave_name: "hello".to_string(), debug: false, egress: true, desired_replicas: Some(2), @@ -228,8 +230,8 @@ mod init_tests { trusted_headers: Some("X-Evervault-*".to_string()), healthcheck: None, }; - init_local_config(init_args, sample_cage).await; - let config_path = output_dir.path().join("cage.toml"); + init_local_config(init_args, sample_enclave).await; + let config_path = output_dir.path().join("enclave.toml"); assert!(config_path.exists()); let config_content = String::from_utf8(read(config_path).unwrap()).unwrap(); let expected_config_content = r#"name = "hello" diff --git a/src/cli/list.rs b/src/cli/list.rs index d2b9d1c2..8d13ee61 100644 --- a/src/cli/list.rs +++ b/src/cli/list.rs @@ -1,11 +1,11 @@ -use crate::api::{cage::CageApi, AuthMode}; +use crate::api::{enclave::EnclaveApi, AuthMode}; use crate::common::CliError; use crate::config::{read_and_validate_config, BuildTimeConfig}; use crate::version::check_version; use crate::{api, get_api_key}; use clap::Parser; -/// List your Cages and Deployments +/// List your Enclaves and Deployments #[derive(Debug, Parser)] #[clap(name = "list", about)] pub struct List { @@ -18,22 +18,22 @@ pub struct List { #[derive(Debug, Parser)] #[clap(name = "list", about)] pub enum ListCommands { - /// List Cages + /// List Enclaves #[clap()] - Cages, - /// List Cage Deployments + Enclaves, + /// List Enclave Deployments #[clap()] Deployments(DeploymentArgs), } #[derive(Debug, Parser)] pub struct DeploymentArgs { - /// The cage uuid to get deployments for - #[clap(long = "cage-uuid")] - cage_uuid: Option, + /// The enclave uuid to get deployments for + #[clap(long = "enclave-uuid")] + enclave_uuid: Option, - /// The file containing the Cage config - #[clap(short = 'c', long = "config", default_value = "./cage.toml")] + /// The file containing the Enclave config + #[clap(short = 'c', long = "config", default_value = "./enclave.toml")] config: String, } impl BuildTimeConfig for DeploymentArgs {} @@ -47,42 +47,42 @@ pub async fn run(list_action: List) -> exitcode::ExitCode { let api_key = get_api_key!(); let auth = AuthMode::ApiKey(api_key); - let cage_client = api::cage::CagesClient::new(auth); + let enclave_client = api::enclave::EnclaveClient::new(auth); match list_action.resource { - ListCommands::Cages => list_cages(&cage_client).await, + ListCommands::Enclaves => list_enclaves(&enclave_client).await, ListCommands::Deployments(deployment_args) => { - list_deployments(&cage_client, deployment_args).await + list_deployments(&enclave_client, deployment_args).await } } } -async fn list_cages(cage_client: &api::cage::CagesClient) -> exitcode::ExitCode { - let cages = match cage_client.get_cages().await { +async fn list_enclaves(enclave_client: &api::enclave::EnclaveClient) -> exitcode::ExitCode { + let cages = match enclave_client.get_enclaves().await { Ok(cages) => cages, Err(e) => { - log::error!("An error occurred while retrieving your Cages — {:?}", e); + log::error!("An error occurred while retrieving your Enclaves — {:?}", e); return e.exitcode(); } }; - let serialized_cages = serde_json::to_string_pretty(&cages).unwrap(); - println!("{}", serialized_cages); + let serialized_enclaves = serde_json::to_string_pretty(&cages).unwrap(); + println!("{}", serialized_enclaves); exitcode::OK } async fn list_deployments( - cage_client: &api::cage::CagesClient, + enclave_client: &api::enclave::EnclaveClient, deployment_args: DeploymentArgs, ) -> exitcode::ExitCode { - let cage_uuid = if let Some(uuid) = deployment_args.cage_uuid.clone() { + let enclave_uuid = if let Some(uuid) = deployment_args.enclave_uuid.clone() { uuid } else { match read_and_validate_config(&deployment_args.config, &deployment_args) { - Ok((_, validated_config)) => validated_config.cage_uuid().to_string(), + Ok((_, validated_config)) => validated_config.enclave_uuid().to_string(), Err(e) => { log::error!( - "No Cage uuid provided, and failed to parse the Cage config - {}", + "No Enclave uuid provided, and failed to parse the Enclave config - {}", e ); return e.exitcode(); @@ -90,10 +90,10 @@ async fn list_deployments( } }; - let cages = match cage_client.get_cage(&cage_uuid).await { + let cages = match enclave_client.get_enclave(&enclave_uuid).await { Ok(cages) => cages, Err(e) => { - log::error!("An error occurred while retrieving your Cages — {:?}", e); + log::error!("An error occurred while retrieving your Enclaves — {:?}", e); return e.exitcode(); } }; diff --git a/src/cli/logs.rs b/src/cli/logs.rs index da51a8a9..2b9c61c0 100644 --- a/src/cli/logs.rs +++ b/src/cli/logs.rs @@ -1,22 +1,22 @@ use crate::api; use crate::api::AuthMode; use crate::common::CliError; -use crate::config::CageConfig; +use crate::config::EnclaveConfig; use crate::get_api_key; use crate::logs::get_logs; use crate::version::check_version; use clap::Parser; -/// Pull the logs for a Cage +/// Pull the logs for an Enclave #[derive(Debug, Parser)] #[clap(name = "logs", about)] pub struct LogArgs { - /// Uuid of the Cage show logs for. If not supplied, the CLI will look for a local cage.toml + /// Uuid of the Enclave show logs for. If not supplied, the CLI will look for a local cage.toml #[clap(long = "cage-uuid")] - pub cage_uuid: Option, + pub enclave_uuid: Option, - /// Path to the toml file containing the Cage's config + /// Path to the toml file containing the Enclave's config #[clap(short = 'c', long = "config", default_value = "./cage.toml")] pub config: String, @@ -37,22 +37,22 @@ pub async fn run(log_args: LogArgs) -> i32 { }; let api_key = get_api_key!(); - let cages_client = api::cage::CagesClient::new(AuthMode::ApiKey(api_key)); + let cages_client = api::enclave::EnclaveClient::new(AuthMode::ApiKey(api_key)); - let cage_uuid = match log_args.cage_uuid.clone() { - Some(cage_uuid) => cage_uuid, + let enclave_uuid = match log_args.enclave_uuid.clone() { + Some(enclave_uuid) => enclave_uuid, None => { - let cage_uuid = match CageConfig::try_from_filepath(&log_args.config) { + let enclave_uuid = match EnclaveConfig::try_from_filepath(&log_args.config) { Ok(config) => config.uuid, Err(e) => { - log::error!("An error occurred while resolving your Cage toml.\n\nPlease make sure you have a cage.toml file in the current directory, or have supplied a path with the --config flag."); + log::error!("An error occurred while resolving your Enclave toml.\n\nPlease make sure you have a cage.toml file in the current directory, or have supplied a path with the --config flag."); return e.exitcode(); } }; - match cage_uuid { + match enclave_uuid { Some(uuid) => uuid, None => { - log::error!("Cage uuid is missing from toml"); + log::error!("Enclave uuid is missing from toml"); return exitcode::DATAERR; } } @@ -62,7 +62,7 @@ pub async fn run(log_args: LogArgs) -> i32 { match get_logs( log_args.start_time, log_args.end_time, - cage_uuid, + enclave_uuid, cages_client, ) .await diff --git a/src/cli/restart.rs b/src/cli/restart.rs index 9358f7a7..b2570926 100644 --- a/src/cli/restart.rs +++ b/src/cli/restart.rs @@ -1,15 +1,15 @@ use crate::version::check_version; use crate::{ - api::{cage::CagesClient, AuthMode}, + api::{enclave::EnclaveClient, AuthMode}, common::CliError, deploy::{timed_operation, watch_deployment, DEPLOY_WATCH_TIMEOUT_SECONDS}, get_api_key, progress::get_tracker, - restart::restart_cage, + restart::restart_enclave, }; use clap::Parser; -/// Restart the Cage deployment +/// Restart the Enclave deployment #[derive(Debug, Parser)] #[clap(name = "restart", about)] pub struct RestartArgs { @@ -17,11 +17,11 @@ pub struct RestartArgs { #[clap(short = 'c', long = "config", default_value = "./cage.toml")] pub config: String, - /// Uuid of the Cage who's deployment to restart + /// Uuid of the Enclave who's deployment to restart #[clap(long = "cage-uuid")] - pub cage_uuid: Option, + pub enclave_uuid: Option, - /// Perform the Cage restart in the background + /// Perform the Enclave restart in the background #[clap(long)] pub background: bool, } @@ -34,12 +34,12 @@ pub async fn run(restart_args: RestartArgs) -> i32 { let api_key = get_api_key!(); - let cage_api = CagesClient::new(AuthMode::ApiKey(api_key.to_string())); + let enclave_api = EnclaveClient::new(AuthMode::ApiKey(api_key.to_string())); - let new_deployment = match restart_cage( + let new_deployment = match restart_enclave( restart_args.config.as_str(), - restart_args.cage_uuid.as_deref(), - &cage_api, + restart_args.enclave_uuid.as_deref(), + &enclave_api, restart_args.background, ) .await @@ -52,21 +52,23 @@ pub async fn run(restart_args: RestartArgs) -> i32 { }; if restart_args.background { - println!("Cage restarting. You can observe the restart progress in the Cages Dashboard"); + println!( + "Enclave restarting. You can observe the restart progress in the Enclaves Dashboard" + ); return exitcode::OK; } let progress_bar = get_tracker( - "Deploying Cage into a Trusted Execution Environment...", + "Deploying Enclave into a Trusted Execution Environment...", None, ); match timed_operation( - "Cage Deployment", + "Enclave Deployment", DEPLOY_WATCH_TIMEOUT_SECONDS, watch_deployment( - cage_api, - new_deployment.cage_uuid(), + enclave_api, + new_deployment.enclave_uuid(), new_deployment.uuid(), progress_bar, ), diff --git a/src/cli/scale.rs b/src/cli/scale.rs index 0072c3f1..0f51b7c9 100644 --- a/src/cli/scale.rs +++ b/src/cli/scale.rs @@ -2,11 +2,11 @@ use crate::config::{self, ScalingSettings}; use crate::version::check_version; use crate::{ api::{ - cage::{CageApi, CagesClient}, + enclave::{EnclaveApi, EnclaveClient}, AuthMode, }, common::CliError, - config::CageConfig, + config::EnclaveConfig, get_api_key, }; use clap::Parser; @@ -14,10 +14,10 @@ use thiserror::Error; #[derive(Debug, Error)] pub enum ScaleError { - #[error("No Cage Uuid given. You can provide one by using either the --cage-uuid flag, or using the --config flag to point to a Cage.toml")] + #[error("No Enclave Uuid given. You can provide one by using either the --enclave-uuid flag, or using the --config flag to point to an Enclave.toml")] MissingUuid, - #[error("An error occurred parsing the Cage config - {0}")] - ConfigError(#[from] config::CageConfigError), + #[error("An error occurred parsing the Enclave config - {0}")] + ConfigError(#[from] config::EnclaveConfigError), #[error("An error occurred contacting the API — {0}")] ApiError(#[from] crate::api::client::ApiError), } @@ -32,7 +32,7 @@ impl CliError for ScaleError { } } -/// Update your Cage's Scaling config +/// Update your Enclave's Scaling config #[derive(Debug, Parser)] #[clap(name = "scale", about)] pub struct ScaleArgs { @@ -40,15 +40,15 @@ pub struct ScaleArgs { #[clap(short = 'c', long = "config", default_value = "./cage.toml")] pub config: String, - /// Uuid of the Cage to scale - #[clap(long = "cage-uuid")] - pub cage_uuid: Option, + /// Uuid of the Enclave to scale + #[clap(long = "enclave-uuid")] + pub enclave_uuid: Option, - /// Number of replicas to run for this Cage. If unset, the command will read the current scaling config from the Evervault API. + /// Number of replicas to run for this Enclave. If unset, the command will read the current scaling config from the Evervault API. #[clap(long = "desired-replicas")] pub desired_replicas: Option, - /// Sync the local Cage.toml with the latest scaling config for a Cage if they differ. + /// Sync the local Enclave.toml with the latest scaling config for an Enclave if they differ. #[clap(long = "sync")] pub sync: bool, } @@ -61,13 +61,13 @@ pub async fn run(args: ScaleArgs) -> i32 { let api_key = get_api_key!(); - let cage_api = CagesClient::new(AuthMode::ApiKey(api_key.to_string())); + let enclave_api = EnclaveClient::new(AuthMode::ApiKey(api_key.to_string())); - let cage_config = CageConfig::try_from_filepath(&args.config); - let cage_uuid = match args.cage_uuid.as_deref() { - Some(cage_uuid) => Ok(cage_uuid), - None => match cage_config.as_ref() { - Ok(cage_config) => cage_config.uuid.as_deref().ok_or(ScaleError::MissingUuid), + let enclave_config = EnclaveConfig::try_from_filepath(&args.config); + let enclave_uuid = match args.enclave_uuid.as_deref() { + Some(enclave_uuid) => Ok(enclave_uuid), + None => match enclave_config.as_ref() { + Ok(enclave_config) => enclave_config.uuid.as_deref().ok_or(ScaleError::MissingUuid), Err(e) => { log::error!("Failed to resolve cage config - {e:?}"); return e.exitcode(); @@ -75,8 +75,8 @@ pub async fn run(args: ScaleArgs) -> i32 { }, }; - let cage_uuid = match cage_uuid { - Ok(cage_uuid) => cage_uuid, + let enclave_uuid = match enclave_uuid { + Ok(enclave_uuid) => enclave_uuid, Err(e) => { log::error!("{e:?}"); return e.exitcode(); @@ -86,16 +86,16 @@ pub async fn run(args: ScaleArgs) -> i32 { let scaling_config_result = match args.desired_replicas { Some(new_desired_replicas) => { log::info!("Updating desired replicas to {new_desired_replicas}"); - cage_api - .update_scaling_config(cage_uuid, new_desired_replicas.into()) + enclave_api + .update_scaling_config(enclave_uuid, new_desired_replicas.into()) .await } - None => cage_api.get_scaling_config(cage_uuid).await, + None => enclave_api.get_scaling_config(enclave_uuid).await, }; let scaling_config = match scaling_config_result { Ok(result) if args.desired_replicas.is_some() => { - log::info!("Cage scaling config updated successfully"); + log::info!("Enclave scaling config updated successfully"); result } Ok(result) => result, @@ -105,12 +105,12 @@ pub async fn run(args: ScaleArgs) -> i32 { } else { "read" }; - log::error!("Failed to {action} the scaling config for {cage_uuid} - {e:?}"); + log::error!("Failed to {action} the scaling config for {enclave_uuid} - {e:?}"); return e.exitcode(); } }; - if let Ok(mut config) = cage_config { + if let Ok(mut config) = enclave_config { let has_scaling_drift = config .scaling .as_ref() @@ -120,7 +120,7 @@ pub async fn run(args: ScaleArgs) -> i32 { config.set_scaling_config(ScalingSettings { desired_replicas: scaling_config.desired_replicas(), }); - crate::common::save_cage_config(&config, &args.config); + crate::common::save_enclave_config(&config, &args.config); } } diff --git a/src/common.rs b/src/common.rs index abadf70f..cd189927 100644 --- a/src/common.rs +++ b/src/common.rs @@ -2,7 +2,7 @@ use std::ffi::OsStr; use std::path::PathBuf; use thiserror::Error; -use crate::config::{CageConfig, CageConfigError}; +use crate::config::{EnclaveConfig, EnclaveConfigError}; pub struct OutputPath { _tmp_dir: Option, @@ -71,10 +71,10 @@ pub fn resolve_output_path( } } -pub fn save_cage_config(cage_config: &CageConfig, config_path: &str) { - if let Ok(serialized_config) = toml::ser::to_vec(&cage_config) { +pub fn save_enclave_config(enclave_config: &EnclaveConfig, config_path: &str) { + if let Ok(serialized_config) = toml::ser::to_vec(&enclave_config) { match std::fs::write(config_path, serialized_config) { - Ok(_) => log::debug!("Cage config updated"), + Ok(_) => log::debug!("Enclave config updated"), Err(e) => log::error!("Failed to update cage config — {e:?}"), }; } else { @@ -83,7 +83,7 @@ pub fn save_cage_config(cage_config: &CageConfig, config_path: &str) { } pub fn log_debug_mode_attestation_warning() { - log::warn!("When running your Cage in debug mode, every value in the attestation document returned will be 0."); + log::warn!("When running your Enclave in debug mode, every value in the attestation document returned will be 0."); log::warn!("The measurements below will only be returned when running in non-debug mode."); } @@ -122,14 +122,14 @@ pub fn prepare_build_args(build_args: &Vec) -> Option> { Some(formatted_args) } -pub fn resolve_cage_uuid( +pub fn resolve_enclave_uuid( given_uuid: Option<&str>, config_path: &str, -) -> Result, CageConfigError> { +) -> Result, EnclaveConfigError> { if let Some(given_uuid) = given_uuid { return Ok(Some(given_uuid.to_string())); } - let config = CageConfig::try_from_filepath(config_path)?; + let config = EnclaveConfig::try_from_filepath(config_path)?; Ok(config.uuid) } diff --git a/src/config.rs b/src/config.rs index 87ed10cb..8979ebe4 100644 --- a/src/config.rs +++ b/src/config.rs @@ -188,13 +188,13 @@ impl std::convert::TryFrom<&ValidatedSigningInfo> for EnclaveSigningInfo { } #[derive(Debug, Error)] -pub enum CageConfigError { +pub enum EnclaveConfigError { #[error("Failed to find config file at {0}")] MissingConfigFile(String), #[error("Failed to read config file — {0:?}")] FailedToAccessConfig(#[from] std::io::Error), - #[error("Failed to parse Cage config")] - FailedToParseCageConfig(#[from] toml::de::Error), + #[error("Failed to parse Enclave config")] + FailedToParseEnclaveConfig(#[from] toml::de::Error), #[error("{0}. Signing credentials can be generated using the cert new command.")] MissingSigningInfo(#[from] SigningInfoError), #[error("Dockerfile is required and was not given.")] @@ -205,11 +205,11 @@ pub enum CageConfigError { LoggingEnabledWithoutTLSTermination(), } -impl CliError for CageConfigError { +impl CliError for EnclaveConfigError { fn exitcode(&self) -> exitcode::ExitCode { match self { Self::MissingConfigFile(_) | Self::FailedToAccessConfig(_) => exitcode::NOINPUT, - Self::FailedToParseCageConfig(_) + Self::FailedToParseEnclaveConfig(_) | Self::MissingDockerfile | Self::MissingField(_) | Self::LoggingEnabledWithoutTLSTermination() => exitcode::DATAERR, @@ -227,7 +227,7 @@ pub fn default_true() -> bool { } #[derive(Clone, Debug, Deserialize, Serialize)] -pub struct CageConfig { +pub struct EnclaveConfig { pub name: String, pub uuid: Option, pub app_uuid: Option, @@ -255,15 +255,15 @@ pub struct CageConfig { pub runtime: Option, } -impl CageConfig { - pub fn annotate(&mut self, cage: crate::api::cage::Cage) { - self.uuid = Some(cage.uuid().into()); - self.app_uuid = Some(cage.app_uuid().into()); - self.team_uuid = Some(cage.team_uuid().into()); +impl EnclaveConfig { + pub fn annotate(&mut self, enclave: crate::api::enclave::Enclave) { + self.uuid = Some(enclave.uuid().into()); + self.app_uuid = Some(enclave.app_uuid().into()); + self.team_uuid = Some(enclave.team_uuid().into()); } } -impl std::convert::AsRef for CageConfig { +impl std::convert::AsRef for EnclaveConfig { fn as_ref(&self) -> &Self { self } @@ -271,9 +271,9 @@ impl std::convert::AsRef for CageConfig { // Helper type to guarantee the presence of fields when combining multiple config sources #[derive(Clone, Debug)] -pub struct ValidatedCageBuildConfig { - pub cage_name: String, - pub cage_uuid: String, +pub struct ValidatedEnclaveBuildConfig { + pub enclave_name: String, + pub enclave_uuid: String, pub app_uuid: String, pub team_uuid: String, pub debug: bool, @@ -291,7 +291,7 @@ pub struct ValidatedCageBuildConfig { pub healthcheck: Option, } -impl ValidatedCageBuildConfig { +impl ValidatedEnclaveBuildConfig { pub fn signing_info(&self) -> &ValidatedSigningInfo { &self.signing } @@ -304,12 +304,12 @@ impl ValidatedCageBuildConfig { &self.egress } - pub fn cage_name(&self) -> &str { - &self.cage_name + pub fn enclave_name(&self) -> &str { + &self.enclave_name } - pub fn cage_uuid(&self) -> &str { - &self.cage_uuid + pub fn enclave_uuid(&self) -> &str { + &self.enclave_uuid } pub fn app_uuid(&self) -> &str { @@ -359,7 +359,7 @@ impl ValidatedCageBuildConfig { } } -impl CageConfig { +impl EnclaveConfig { pub fn name(&self) -> &str { &self.name } @@ -408,19 +408,19 @@ impl CageConfig { self.scaling = Some(scaling_info); } - pub fn try_from_filepath(path: &str) -> Result { + pub fn try_from_filepath(path: &str) -> Result { let config_path = std::path::Path::new(path); if !config_path.exists() { - return Err(CageConfigError::MissingConfigFile(path.to_string())); + return Err(EnclaveConfigError::MissingConfigFile(path.to_string())); } - let cage_config_content = std::fs::read(config_path)?; - Ok(toml::de::from_slice(cage_config_content.as_slice())?) + let enclave_config_content = std::fs::read(config_path)?; + Ok(toml::de::from_slice(enclave_config_content.as_slice())?) } - pub fn get_cage_domain(&self) -> Result { + pub fn get_enclave_domain(&self) -> Result { if self.uuid.is_none() { - return Err(CageConfigError::MissingField("cage_uuid".to_string())); + return Err(EnclaveConfigError::MissingField("enclave_uuid".to_string())); } Ok(format!( "{}.{}.cage.evervault.com", @@ -428,21 +428,21 @@ impl CageConfig { self.app_uuid .as_ref() .map(|uuid| uuid.replace('_', "-")) - .ok_or_else(|| CageConfigError::MissingField("app_uuid".to_string()))? + .ok_or_else(|| EnclaveConfigError::MissingField("app_uuid".to_string()))? )) } - pub fn get_attestation(&self) -> Result<&EIFMeasurements, CageConfigError> { + pub fn get_attestation(&self) -> Result<&EIFMeasurements, EnclaveConfigError> { self.attestation .as_ref() - .ok_or_else(|| CageConfigError::MissingField("attestation".to_string())) + .ok_or_else(|| EnclaveConfigError::MissingField("attestation".to_string())) } } -impl std::convert::TryFrom<&CageConfig> for ValidatedCageBuildConfig { - type Error = CageConfigError; +impl std::convert::TryFrom<&EnclaveConfig> for ValidatedEnclaveBuildConfig { + type Error = EnclaveConfigError; - fn try_from(config: &CageConfig) -> Result { + fn try_from(config: &EnclaveConfig) -> Result { let signing_info = config .signing .as_ref() @@ -451,29 +451,29 @@ impl std::convert::TryFrom<&CageConfig> for ValidatedCageBuildConfig { let app_uuid = config .app_uuid .clone() - .ok_or_else(|| CageConfigError::MissingField("App uuid".into()))?; - let cage_uuid = config + .ok_or_else(|| EnclaveConfigError::MissingField("App uuid".into()))?; + let enclave_uuid = config .uuid .clone() - .ok_or_else(|| CageConfigError::MissingField("Cage uuid".into()))?; + .ok_or_else(|| EnclaveConfigError::MissingField("Enclave uuid".into()))?; let team_uuid = config .team_uuid .clone() - .ok_or_else(|| CageConfigError::MissingField("Team uuid".into()))?; + .ok_or_else(|| EnclaveConfigError::MissingField("Team uuid".into()))?; let trx_logging_enabled = match (config.trx_logging, !config.disable_tls_termination) { (false, _) => Ok(false), // (logging disabled, _) = logging disabled - (true, false) => Err(CageConfigError::LoggingEnabledWithoutTLSTermination()), // (logging enabled, tls_termination disabled) = config error (Tls termination needed for logging) + (true, false) => Err(EnclaveConfigError::LoggingEnabledWithoutTLSTermination()), // (logging enabled, tls_termination disabled) = config error (Tls termination needed for logging) (true, true) => Ok(true), // (logging enabled, tls_termination enabled) = logging enabled }?; let scaling_settings = config.scaling.clone().unwrap_or_default(); - Ok(ValidatedCageBuildConfig { - cage_uuid, + Ok(ValidatedEnclaveBuildConfig { + enclave_uuid, app_uuid, team_uuid, - cage_name: config.name.clone(), + enclave_name: config.name.clone(), debug: config.debug, dockerfile: config.dockerfile.clone(), egress: config.egress.clone(), @@ -504,7 +504,7 @@ pub trait BuildTimeConfig { } // Return new copy of config to prevent args being written to toml file in err - fn merge_with_config(&self, config: &CageConfig) -> CageConfig { + fn merge_with_config(&self, config: &EnclaveConfig) -> EnclaveConfig { let mut merged_config = config.clone(); if let Some(cert) = self.certificate() { @@ -529,17 +529,17 @@ impl BuildTimeConfig for () {} pub fn read_and_validate_config( config_path: &str, args: &B, -) -> Result<(CageConfig, ValidatedCageBuildConfig), CageConfigError> { - let cage_config = CageConfig::try_from_filepath(config_path)?; - let merged_config = args.merge_with_config(&cage_config); - let validated_config: ValidatedCageBuildConfig = merged_config.as_ref().try_into()?; +) -> Result<(EnclaveConfig, ValidatedEnclaveBuildConfig), EnclaveConfigError> { + let enclave_config = EnclaveConfig::try_from_filepath(config_path)?; + let merged_config = args.merge_with_config(&enclave_config); + let validated_config: ValidatedEnclaveBuildConfig = merged_config.as_ref().try_into()?; - Ok((cage_config, validated_config)) + Ok((enclave_config, validated_config)) } #[cfg(test)] mod test { - use super::{BuildTimeConfig, CageConfig}; + use super::{BuildTimeConfig, EnclaveConfig}; struct ExampleArgs { cert: String, @@ -563,8 +563,8 @@ mod test { #[test] fn merge_args_with_config() { - let config = CageConfig { - name: "Cage123".to_string(), + let config = EnclaveConfig { + name: "Enclave123".to_string(), uuid: Some("abcdef123".to_string()), app_uuid: Some("abcdef321".to_string()), team_uuid: Some("team_abcdef456".to_string()), diff --git a/src/delete/error.rs b/src/delete/error.rs index 5be0bb1c..211e4960 100644 --- a/src/delete/error.rs +++ b/src/delete/error.rs @@ -4,8 +4,8 @@ use thiserror::Error; #[derive(Debug, Error)] pub enum DeleteError { #[error("An error occurred while reading the cage config — {0}")] - CageConfigError(#[from] crate::config::CageConfigError), - #[error("No Cage Uuid given. You can provide one by using either the --cage-uuid flag, or using the --config flag to point to a Cage.toml")] + EnclaveConfigError(#[from] crate::config::EnclaveConfigError), + #[error("No Enclave Uuid given. You can provide one by using either the --enclave-uuid flag, or using the --config flag to point to an Enclave.toml")] MissingUuid, #[error("An IO error occurred {0}")] IoError(#[from] std::io::Error), @@ -16,7 +16,7 @@ pub enum DeleteError { impl CliError for DeleteError { fn exitcode(&self) -> exitcode::ExitCode { match self { - Self::CageConfigError(config_err) => config_err.exitcode(), + Self::EnclaveConfigError(config_err) => config_err.exitcode(), Self::IoError(_) => exitcode::IOERR, Self::ApiError(api_err) => api_err.exitcode(), Self::MissingUuid => exitcode::DATAERR, diff --git a/src/delete/mod.rs b/src/delete/mod.rs index f93b02d4..5fde43ea 100644 --- a/src/delete/mod.rs +++ b/src/delete/mod.rs @@ -1,52 +1,52 @@ use std::sync::Arc; use crate::api; -use crate::api::cage::CageApi; +use crate::api::enclave::EnclaveApi; use crate::api::AuthMode; use crate::progress::{get_tracker, poll_fn_and_report_status, ProgressLogger, StatusReport}; mod error; use error::DeleteError; -pub async fn delete_cage( +pub async fn delete_enclave( config: &str, - cage_uuid: Option<&str>, + enclave_uuid: Option<&str>, api_key: &str, background: bool, ) -> Result<(), DeleteError> { - let maybe_cage_uuid = crate::common::resolve_cage_uuid(cage_uuid, config)?; - let cage_uuid = match maybe_cage_uuid { - Some(given_cage_uuid) => given_cage_uuid, + let maybe_enclave_uuid = crate::common::resolve_enclave_uuid(enclave_uuid, config)?; + let enclave_uuid = match maybe_enclave_uuid { + Some(given_enclave_uuid) => given_enclave_uuid, _ => return Err(DeleteError::MissingUuid), }; - let cage_api = api::cage::CagesClient::new(AuthMode::ApiKey(api_key.to_string())); + let enclave_api = api::enclave::EnclaveClient::new(AuthMode::ApiKey(api_key.to_string())); - let deleted_cage = match cage_api.delete_cage(&cage_uuid).await { - Ok(cage_ref) => cage_ref, + let deleted_enclave = match enclave_api.delete_enclave(&enclave_uuid).await { + Ok(enclave_ref) => enclave_ref, Err(e) => { return Err(DeleteError::ApiError(e)); } }; if !background { - let progress_bar = get_tracker("Deleting Cage...", None); + let progress_bar = get_tracker("Deleting Enclave...", None); - watch_deletion(cage_api, deleted_cage.uuid(), progress_bar).await?; + watch_deletion(enclave_api, deleted_enclave.uuid(), progress_bar).await?; } Ok(()) } -async fn watch_deletion( - cage_api: T, - cage_uuid: &str, +async fn watch_deletion( + enclave_api: T, + enclave_uuid: &str, progress_bar: impl ProgressLogger, ) -> Result<(), DeleteError> { - async fn check_delete_status( - cage_api: Arc, + async fn check_delete_status( + enclave_api: Arc, args: Vec, ) -> Result { - let cage_uuid = args.get(0).unwrap(); - let cage_response = match cage_api.get_cage(cage_uuid).await { + let enclave_uuid = args.get(0).unwrap(); + let enclave_response = match enclave_api.get_enclave(enclave_uuid).await { Ok(response) => response, Err(e) => { println!("error in status check"); @@ -54,16 +54,16 @@ async fn watch_deletion( return Err(e.into()); } }; - if cage_response.is_deleted() { - Ok(StatusReport::Complete("Cage deleted!".to_string())) + if enclave_response.is_deleted() { + Ok(StatusReport::Complete("Enclave deleted!".to_string())) } else { Ok(StatusReport::NoOp) } } - let check_delete_args = vec![cage_uuid.to_string()]; + let check_delete_args = vec![enclave_uuid.to_string()]; poll_fn_and_report_status( - Arc::new(cage_api), + Arc::new(enclave_api), check_delete_args, check_delete_status, progress_bar, @@ -75,24 +75,24 @@ async fn watch_deletion( #[cfg(test)] mod test { use super::*; - use crate::api::cage::{CageState, DeleteCageResponse, MockCageApi}; use crate::api::client::ApiError; + use crate::api::enclave::{DeleteEnclaveResponse, EnclaveState, MockEnclaveApi}; use crate::progress::NonTty; - use crate::test_utils::build_get_cage_response; + use crate::test_utils::build_get_enclave_response; #[tokio::test] async fn test_watch_deletion_with_healthy_responses() { - let mut mock_api = MockCageApi::new(); + let mut mock_api = MockEnclaveApi::new(); let mut responses = vec![ - build_get_cage_response(CageState::Pending, vec![]), - build_get_cage_response(CageState::Deleting, vec![]), - build_get_cage_response(CageState::Deleted, vec![]), + build_get_enclave_response(EnclaveState::Pending, vec![]), + build_get_enclave_response(EnclaveState::Deleting, vec![]), + build_get_enclave_response(EnclaveState::Deleted, vec![]), ] .into_iter(); mock_api - .expect_get_cage() + .expect_get_enclave() .times(3) .returning(move |_| Box::pin(std::future::ready(Ok(responses.next().unwrap())))); let result = watch_deletion(mock_api, "abc".into(), NonTty).await; @@ -101,7 +101,7 @@ mod test { #[tokio::test] async fn test_watch_deletion_with_errors() { - let mut mock_api = MockCageApi::new(); + let mut mock_api = MockEnclaveApi::new(); let mut responses = vec![ ApiError::new(api::client::ApiErrorKind::Internal), @@ -113,7 +113,7 @@ mod test { .into_iter(); mock_api - .expect_get_cage() + .expect_get_enclave() .times(5) .returning(move |_| Box::pin(std::future::ready(Err(responses.next().unwrap())))); let result = watch_deletion(mock_api, "abc".into(), NonTty).await; @@ -121,31 +121,31 @@ mod test { } #[tokio::test] - async fn test_delete_cage_performs_polling_cage_status() { - let mut mock_api = MockCageApi::new(); - mock_api.expect_delete_cage().returning(move |_| { - Box::pin(std::future::ready(Ok(DeleteCageResponse { + async fn test_delete_enclave_performs_polling_enclave_status() { + let mut mock_api = MockEnclaveApi::new(); + mock_api.expect_delete_enclave().returning(move |_| { + Box::pin(std::future::ready(Ok(DeleteEnclaveResponse { uuid: "abc".into(), name: "def".into(), team_uuid: "team".into(), app_uuid: "app".into(), domain: "cage.com".into(), - state: CageState::Deleting, + state: EnclaveState::Deleting, created_at: "".into(), updated_at: "".into(), }))) }); let mut responses = vec![ - Ok(build_get_cage_response(CageState::Deleting, vec![])), - Ok(build_get_cage_response(CageState::Deleting, vec![])), + Ok(build_get_enclave_response(EnclaveState::Deleting, vec![])), + Ok(build_get_enclave_response(EnclaveState::Deleting, vec![])), Err(ApiError::new(api::client::ApiErrorKind::Internal)), - Ok(build_get_cage_response(CageState::Deleted, vec![])), + Ok(build_get_enclave_response(EnclaveState::Deleted, vec![])), ] .into_iter(); mock_api - .expect_get_cage() + .expect_get_enclave() .times(4) .returning(move |_| Box::pin(std::future::ready(responses.next().unwrap()))); let result = watch_deletion(mock_api, "abc".into(), NonTty).await; diff --git a/src/deploy/error.rs b/src/deploy/error.rs index 233d63d7..e3c68e78 100644 --- a/src/deploy/error.rs +++ b/src/deploy/error.rs @@ -9,7 +9,7 @@ pub enum DeployError { #[error("Could not build eif {0}")] BuildError(#[from] crate::build::error::BuildError), #[error("An error occurred while reading the cage config — {0}")] - CageConfigError(#[from] crate::config::CageConfigError), + EnclaveConfigError(#[from] crate::config::EnclaveConfigError), #[error("Failed to access output directory — {0}")] FailedToAccessOutputDir(#[from] OutputPathError), #[error("An IO error occurred {0}")] @@ -20,9 +20,9 @@ pub enum DeployError { RequestError(#[from] reqwest::Error), #[error("An error occured contacting the API — {0}")] ApiError(#[from] crate::api::client::ApiError), - #[error("Cage failed to upload - {0}")] + #[error("Enclave failed to upload - {0}")] UploadError(String), - #[error("Could not read the size of the Cage EIF file {0}")] + #[error("Could not read the size of the Enclave EIF file {0}")] EifSizeReadError(std::io::Error), #[error("Could not deploy cage to Evervault Infrastructure")] DeploymentError, @@ -35,7 +35,7 @@ impl CliError for DeployError { match self { Self::DescribeError(describe_err) => describe_err.exitcode(), Self::BuildError(build_err) => build_err.exitcode(), - Self::CageConfigError(config_err) => config_err.exitcode(), + Self::EnclaveConfigError(config_err) => config_err.exitcode(), Self::FailedToAccessOutputDir(output_err) => output_err.exitcode(), Self::IoError(_) | Self::ZipError(_) | Self::EifSizeReadError(_) => exitcode::IOERR, Self::RequestError(_) diff --git a/src/deploy/mod.rs b/src/deploy/mod.rs index 4edba4b1..4693c1c8 100644 --- a/src/deploy/mod.rs +++ b/src/deploy/mod.rs @@ -1,7 +1,7 @@ use crate::api; -use crate::api::{cage::CageApi, cage::CreateCageDeploymentIntentRequest}; +use crate::api::{enclave::CreateEnclaveDeploymentIntentRequest, enclave::EnclaveApi}; use crate::common::{resolve_output_path, OutputPath}; -use crate::config::ValidatedCageBuildConfig; +use crate::config::ValidatedEnclaveBuildConfig; use crate::describe::describe_eif; use crate::enclave::{EIFMeasurements, ENCLAVE_FILENAME}; use crate::progress::{get_tracker, poll_fn_and_report_status, ProgressLogger, StatusReport}; @@ -22,17 +22,17 @@ use tokio_util::codec::{BytesCodec, FramedRead}; const ENCLAVE_ZIP_FILENAME: &str = "enclave.zip"; pub const DEPLOY_WATCH_TIMEOUT_SECONDS: u64 = 1200; //15 minutes -pub async fn deploy_eif( - validated_config: &ValidatedCageBuildConfig, - cage_api: T, +pub async fn deploy_eif( + validated_config: &ValidatedEnclaveBuildConfig, + enclave_api: T, output_path: OutputPath, eif_measurements: &EIFMeasurements, data_plane_version: String, installer_version: String, ) -> Result<(), DeployError> { - let progress_bar = get_tracker("Zipping Cage...", None); + let progress_bar = get_tracker("Zipping Enclave...", None); create_zip_archive_for_eif(output_path.path())?; - progress_bar.finish_with_message("Cage zipped."); + progress_bar.finish_with_message("Enclave zipped."); let zip_path = output_path.path().join(ENCLAVE_ZIP_FILENAME); let zip_file = File::open(&zip_path).await?; @@ -41,7 +41,7 @@ pub async fn deploy_eif( let eif_size_bytes = get_eif_size_bytes(output_path.path()).await?; - let cage_deployment_intent_payload = CreateCageDeploymentIntentRequest::new( + let enclave_deployment_intent_payload = CreateEnclaveDeploymentIntentRequest::new( eif_measurements.pcrs(), validated_config.clone(), eif_size_bytes, @@ -51,8 +51,11 @@ pub async fn deploy_eif( get_git_hash(), ); - let deployment_intent = cage_api - .create_cage_deployment_intent(validated_config.cage_uuid(), cage_deployment_intent_payload) + let deployment_intent = enclave_api + .create_enclave_deployment_intent( + validated_config.enclave_uuid(), + enclave_deployment_intent_payload, + ) .await?; let s3_upload_url = deployment_intent.signed_url(); @@ -68,17 +71,17 @@ pub async fn deploy_eif( tokio::fs::remove_file(zip_path).await?; if s3_response.status().is_success() { - log::info!("Cage uploaded to Evervault."); + log::info!("Enclave uploaded to Evervault."); } else { return Err(DeployError::UploadError(s3_response.text().await?)); }; let progress_bar_for_build = - get_tracker("Building Cage Docker Image on Evervault Infra...", None); + get_tracker("Building Enclave Docker Image on Evervault Infra...", None); let build_complete = watch_build( - cage_api.clone(), - deployment_intent.cage_uuid(), + enclave_api.clone(), + deployment_intent.enclave_uuid(), deployment_intent.deployment_uuid(), progress_bar_for_build, ) @@ -89,16 +92,16 @@ pub async fn deploy_eif( } let progress_bar_for_deploy = get_tracker( - "Deploying Cage into a Trusted Execution Environment...", + "Deploying Enclave into a Trusted Execution Environment...", None, ); let deployment_complete = timed_operation( - "Cage Deployment", + "Enclave Deployment", DEPLOY_WATCH_TIMEOUT_SECONDS, watch_deployment( - cage_api, - deployment_intent.cage_uuid(), + enclave_api, + deployment_intent.enclave_uuid(), deployment_intent.deployment_uuid(), progress_bar_for_deploy, ), @@ -112,40 +115,40 @@ pub async fn deploy_eif( Ok(()) } -async fn watch_build( - cage_api: T, - cage_uuid: &str, +async fn watch_build( + enclave_api: T, + enclave_uuid: &str, deployment_uuid: &str, progress_bar: impl ProgressLogger, ) -> Result { - async fn check_build_status( - cage_api: Arc, + async fn check_build_status( + enclave_api: Arc, args: Vec, ) -> Result { - let cage_uuid = args.get(0).unwrap(); + let enclave_uuid = args.get(0).unwrap(); let deployment_uuid = args.get(1).unwrap(); - let deployment_response = cage_api - .get_cage_deployment_by_uuid(cage_uuid, deployment_uuid) + let deployment_response = enclave_api + .get_enclave_deployment_by_uuid(enclave_uuid, deployment_uuid) .await?; if deployment_response.is_built() { Ok(StatusReport::complete( - "Cage built on Evervault!".to_string(), + "Enclave built on Evervault!".to_string(), )) } else if deployment_response.is_failed() { let failure_msg = deployment_response .get_failure_reason() .unwrap_or_else(|| "An unknown error occurred".into()); Ok(StatusReport::Failed(format!( - "Cage build failed - {failure_msg}" + "Enclave build failed - {failure_msg}" ))) } else { Ok(StatusReport::no_op()) } } - let get_deployment_args = vec![cage_uuid.to_string(), deployment_uuid.to_string()]; + let get_deployment_args = vec![enclave_uuid.to_string(), deployment_uuid.to_string()]; poll_fn_and_report_status( - Arc::new(cage_api), + Arc::new(enclave_api), get_deployment_args, check_build_status, progress_bar, @@ -153,30 +156,30 @@ async fn watch_build( .await } -pub async fn watch_deployment( - cage_api: T, - cage_uuid: &str, +pub async fn watch_deployment( + enclave_api: T, + enclave_uuid: &str, deployment_uuid: &str, progress_bar: impl ProgressLogger, ) -> Result { - async fn check_deployment_status( - cage_api: Arc, + async fn check_deployment_status( + enclave_api: Arc, args: Vec, ) -> Result { - let cage_uuid = args.get(0).unwrap(); + let enclave_uuid = args.get(0).unwrap(); let deployment_uuid = args.get(1).unwrap(); - let deployment_response = cage_api - .get_cage_deployment_by_uuid(cage_uuid, deployment_uuid) + let deployment_response = enclave_api + .get_enclave_deployment_by_uuid(enclave_uuid, deployment_uuid) .await?; if deployment_response.is_finished() { - Ok(StatusReport::complete("Cage deployed!".to_string())) + Ok(StatusReport::complete("Enclave deployed!".to_string())) } else if deployment_response.is_failed() { let failure_msg = deployment_response .get_failure_reason() .unwrap_or_else(|| "An unknown error occurred".into()); Ok(StatusReport::Failed(format!( - "Cage deployment failed - {failure_msg}" + "Enclave deployment failed - {failure_msg}" ))) } else { let status_report = match deployment_response.get_detailed_status() { @@ -187,9 +190,9 @@ pub async fn watch_deployment( } } - let get_deployment_args = vec![cage_uuid.to_string(), deployment_uuid.to_string()]; + let get_deployment_args = vec![enclave_uuid.to_string(), deployment_uuid.to_string()]; poll_fn_and_report_status( - Arc::new(cage_api), + Arc::new(enclave_api), get_deployment_args, check_deployment_status, progress_bar, @@ -228,7 +231,7 @@ fn create_zip_upload_stream( zip_len_bytes: u64, ) -> AsyncStream, impl core::future::Future> { let mut stream = FramedRead::new(zip_file, BytesCodec::new()); - let progress_bar = get_tracker("Uploading Cage to Evervault", Some(zip_len_bytes)); + let progress_bar = get_tracker("Uploading Enclave to Evervault", Some(zip_len_bytes)); async_stream::stream! { let mut bytes_sent = 0; while let Some(bytes) = stream.next().await { @@ -279,7 +282,7 @@ pub async fn timed_operation( #[cfg(test)] mod tests { use super::*; - use crate::api::cage::MockCageApi; + use crate::api::enclave::MockEnclaveApi; use crate::enclave::PCRs; use crate::progress::NonTty; use crate::test_utils; @@ -287,7 +290,7 @@ mod tests { #[tokio::test] async fn test_get_eif_size() { - let (_, output_path) = test_utils::build_test_cage(None, None, false) + let (_, output_path) = test_utils::build_test_enclave(None, None, false) .await .unwrap(); let output_path_as_string = output_path.path().to_str().unwrap().to_string(); @@ -298,9 +301,9 @@ mod tests { #[tokio::test] #[serial_test::serial] - async fn test_reproducible_cage_builds_with_pinned_version() { + async fn test_reproducible_enclave_builds_with_pinned_version() { let current_dir = std::env::current_dir().unwrap(); - let (build_output, output_path) = test_utils::build_test_cage( + let (build_output, output_path) = test_utils::build_test_enclave( None, Some(format!("{}/testRepro.Dockerfile", current_dir.to_str().unwrap()).to_string()), true, @@ -311,9 +314,9 @@ mod tests { // Compare build measures as certs are generated on the fly to prevent expiry let expected_pcrs: PCRs = serde_json::from_str(r#"{ - "PCR0": "4d99ce0096bffeea435c41016e9d64aa51caae95d7846fb7c8708f590d31be1fc704adc13bedabbcb2980d6612dde6e9", + "PCR0": "1cd2135a6358458e390904fac3568eff4e6c7882c22e7925a830c8ba6b9b1ae117dd714cad64b1001475923a242fc887", "PCR1": "bcdf05fefccaa8e55bf2c8d6dee9e79bbff31e34bf28a99aa19e6b29c37ee80b214a414b7607236edf26fcb78654e63f", - "PCR2": "42997b22af1f96a6b32372402af03a5d16e47316e7990314bdb01c0759fa11a7ae88e3ae2f3628b1c1ab734ea2f2ba34" + "PCR2": "322796b3255e4ac2b1cde136b7ee7b9344fbf44740cf5fd9f6d5d4726f434266b7fdf1ddbe3f293e2014c5eec5aa63e6" }"#).unwrap(); assert_eq!(&eif_pcrs.pcr0, &expected_pcrs.pcr0); assert_eq!(&eif_pcrs.pcr1, &expected_pcrs.pcr1); @@ -355,24 +358,24 @@ mod tests { #[tokio::test] async fn test_watch_build() { - let mut mock_api = MockCageApi::new(); + let mut mock_api = MockEnclaveApi::new(); let start_time = Some(format!("{:?}", std::time::SystemTime::now())); let mut responses = vec![ - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Building, - api::cage::DeployStatus::Pending, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Building, + api::enclave::DeployStatus::Pending, start_time.clone(), None, ), - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Building, - api::cage::DeployStatus::Pending, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Building, + api::enclave::DeployStatus::Pending, start_time.clone(), None, ), - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Ready, - api::cage::DeployStatus::Pending, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Ready, + api::enclave::DeployStatus::Pending, start_time, None, ), @@ -380,7 +383,7 @@ mod tests { .into_iter(); mock_api - .expect_get_cage_deployment_by_uuid() + .expect_get_enclave_deployment_by_uuid() .times(3) .returning(move |_, _| Box::pin(std::future::ready(Ok(responses.next().unwrap())))); @@ -392,24 +395,24 @@ mod tests { #[tokio::test] async fn test_watch_failed_build() { - let mut mock_api = MockCageApi::new(); + let mut mock_api = MockEnclaveApi::new(); let start_time = Some(format!("{:?}", std::time::SystemTime::now())); let mut responses = vec![ - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Building, - api::cage::DeployStatus::Pending, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Building, + api::enclave::DeployStatus::Pending, start_time.clone(), None, ), - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Building, - api::cage::DeployStatus::Pending, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Building, + api::enclave::DeployStatus::Pending, start_time.clone(), None, ), - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Failed, - api::cage::DeployStatus::Pending, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Failed, + api::enclave::DeployStatus::Pending, start_time, None, ), @@ -417,7 +420,7 @@ mod tests { .into_iter(); mock_api - .expect_get_cage_deployment_by_uuid() + .expect_get_enclave_deployment_by_uuid() .times(3) .returning(move |_, _| Box::pin(std::future::ready(Ok(responses.next().unwrap())))); @@ -429,24 +432,24 @@ mod tests { #[tokio::test] async fn test_watch_deploy() { - let mut mock_api = MockCageApi::new(); + let mut mock_api = MockEnclaveApi::new(); let start_time = Some(format!("{:?}", std::time::SystemTime::now())); let mut responses = vec![ - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Ready, - api::cage::DeployStatus::Pending, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Ready, + api::enclave::DeployStatus::Pending, start_time.clone(), None, ), - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Ready, - api::cage::DeployStatus::Deploying, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Ready, + api::enclave::DeployStatus::Deploying, start_time.clone(), None, ), - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Ready, - api::cage::DeployStatus::Ready, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Ready, + api::enclave::DeployStatus::Ready, start_time, Some("".into()), ), @@ -454,7 +457,7 @@ mod tests { .into_iter(); mock_api - .expect_get_cage_deployment_by_uuid() + .expect_get_enclave_deployment_by_uuid() .times(3) .returning(move |_, _| Box::pin(std::future::ready(Ok(responses.next().unwrap())))); @@ -466,24 +469,24 @@ mod tests { #[tokio::test] async fn test_watch_failed_deploy() { - let mut mock_api = MockCageApi::new(); + let mut mock_api = MockEnclaveApi::new(); let start_time = Some(format!("{:?}", std::time::SystemTime::now())); let mut responses = vec![ - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Ready, - api::cage::DeployStatus::Pending, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Ready, + api::enclave::DeployStatus::Pending, start_time.clone(), None, ), - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Ready, - api::cage::DeployStatus::Deploying, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Ready, + api::enclave::DeployStatus::Deploying, start_time.clone(), None, ), - test_utils::build_get_cage_deployment( - api::cage::BuildStatus::Ready, - api::cage::DeployStatus::Failed, + test_utils::build_get_enclave_deployment( + api::enclave::BuildStatus::Ready, + api::enclave::DeployStatus::Failed, start_time, None, ), @@ -491,7 +494,7 @@ mod tests { .into_iter(); mock_api - .expect_get_cage_deployment_by_uuid() + .expect_get_enclave_deployment_by_uuid() .times(3) .returning(move |_, _| Box::pin(std::future::ready(Ok(responses.next().unwrap())))); diff --git a/src/encrypt/mod.rs b/src/encrypt/mod.rs index 1ed1c1ae..1e518a97 100644 --- a/src/encrypt/mod.rs +++ b/src/encrypt/mod.rs @@ -1,7 +1,7 @@ -use crate::config::CageConfigError; +use crate::config::EnclaveConfigError; use crate::{ api::{ - cage::{CageApi, CagesClient}, + enclave::{EnclaveApi, EnclaveClient}, AuthMode, }, cli::encrypt::CurveName, @@ -23,7 +23,7 @@ pub enum EncryptError { #[error("An error occurred during decryption — {0}")] EvervaultCryptoError(#[from] EvervaultCryptoError), #[error("An error occured reading cage.toml — {0}")] - CageConfigError(#[from] CageConfigError), + EnclaveConfigError(#[from] EnclaveConfigError), } pub async fn encrypt( @@ -32,8 +32,8 @@ pub async fn encrypt( app_uuid: String, curve: CurveName, ) -> Result { - let cage_api = CagesClient::new(AuthMode::NoAuth); - let keys = cage_api.get_app_keys(&team_uuid, &app_uuid).await?; + let enclave_api = EnclaveClient::new(AuthMode::NoAuth); + let keys = enclave_api.get_app_keys(&team_uuid, &app_uuid).await?; let result = match curve { CurveName::Nist | CurveName::Secp256r1 => { diff --git a/src/env/mod.rs b/src/env/mod.rs index ed9fb3cb..0503833b 100644 --- a/src/env/mod.rs +++ b/src/env/mod.rs @@ -1,6 +1,6 @@ -use crate::api::cage::{AddSecretRequest, CageApi, CageEnv, CagesClient}; +use crate::api::enclave::{AddSecretRequest, EnclaveApi, EnclaveClient, EnclaveEnv}; use crate::cli::env::EnvCommands; -use crate::config::{CageConfig, CageConfigError}; +use crate::config::{EnclaveConfig, EnclaveConfigError}; use crate::encrypt::{self, encrypt}; #[cfg(feature = "internal_dependency")] use rust_crypto::EvervaultCryptoError; @@ -14,18 +14,21 @@ pub enum EnvError { Base64DecodeError(#[from] base64::DecodeError), #[error("An error occurred during decryption — {0}")] EvervaultCryptoError(#[from] EvervaultCryptoError), - #[error("App and team uuid need to be provided in cage.toml or as args")] + #[error("App and team uuid need to be provided in enclave.toml or as args")] MissingAppInfo, #[error("An error occured during encryption — {0}")] EncryptError(#[from] encrypt::EncryptError), - #[error("An error occured reading cage.toml — {0}")] - CageConfigError(#[from] CageConfigError), + #[error("An error occured reading enclave.toml — {0}")] + EnclaveConfigError(#[from] EnclaveConfigError), } -pub async fn env(client: CagesClient, action: EnvCommands) -> Result, EnvError> { +pub async fn env( + client: EnclaveClient, + action: EnvCommands, +) -> Result, EnvError> { match action { EnvCommands::Add(command) => { - let details = get_cage_details(command.config)?; + let details = get_enclave_details(command.config)?; let env_secret = if command.is_secret { encrypt( command.secret, @@ -46,36 +49,36 @@ pub async fn env(client: CagesClient, action: EnvCommands) -> Result { - let details = get_cage_details(command.config)?; + let details = get_enclave_details(command.config)?; client.delete_env_var(details.uuid, command.name).await?; Ok(None) } EnvCommands::Get(command) => { - let details = get_cage_details(command.config)?; - Ok(Some(client.get_cage_env(details.uuid).await?)) + let details = get_enclave_details(command.config)?; + Ok(Some(client.get_enclave_env(details.uuid).await?)) } } } -pub struct CageInfo { +pub struct EnclaveInfo { pub uuid: String, pub team_uuid: String, pub app_uuid: String, } -fn get_cage_details(config_path: String) -> Result { - let cage_config = CageConfig::try_from_filepath(&config_path)?; +fn get_enclave_details(config_path: String) -> Result { + let enclave_config = EnclaveConfig::try_from_filepath(&config_path)?; - if cage_config.app_uuid.is_none() - || cage_config.team_uuid.is_none() - || cage_config.uuid.is_none() + if enclave_config.app_uuid.is_none() + || enclave_config.team_uuid.is_none() + || enclave_config.uuid.is_none() { Err(EnvError::MissingAppInfo) } else { - Ok(CageInfo { - app_uuid: cage_config.app_uuid.unwrap(), - team_uuid: cage_config.team_uuid.unwrap(), - uuid: cage_config.uuid.unwrap(), + Ok(EnclaveInfo { + app_uuid: enclave_config.app_uuid.unwrap(), + team_uuid: enclave_config.team_uuid.unwrap(), + uuid: enclave_config.uuid.unwrap(), }) } } diff --git a/src/logs/mod.rs b/src/logs/mod.rs index b629fbee..7d8df772 100644 --- a/src/logs/mod.rs +++ b/src/logs/mod.rs @@ -3,7 +3,7 @@ use std::fmt::Write; use thiserror::Error; use crate::{ - api::cage::{CageApi, CagesClient}, + api::enclave::{EnclaveApi, EnclaveClient}, common::CliError, }; @@ -37,8 +37,8 @@ impl CliError for LogsError { pub async fn get_logs( start_time: Option, end_time: Option, - cage_uuid: String, - cages_client: CagesClient, + enclave_uuid: String, + enclave_client: EnclaveClient, ) -> Result<(), LogsError> { let now = std::time::SystemTime::now(); let log_end_time = match end_time { @@ -55,11 +55,11 @@ pub async fn get_logs( .as_millis(), }; - let cage_logs = cages_client - .get_cage_logs(cage_uuid.as_str(), log_start_time, log_end_time) + let enclave_logs = enclave_client + .get_enclave_logs(enclave_uuid.as_str(), log_start_time, log_end_time) .await?; - if cage_logs.log_events().is_empty() { + if enclave_logs.log_events().is_empty() { return Err(LogsError::NoLogsFound(format!( "No logs found between {log_start_time} and {log_end_time}" ))); @@ -69,10 +69,10 @@ pub async fn get_logs( output.set_prompt(format!( "Retrieved {} logs from {log_start_time} to {log_end_time}", - cage_logs.log_events().len() + enclave_logs.log_events().len() ))?; - cage_logs + enclave_logs .log_events() .iter() .filter_map(|event| { diff --git a/src/main.rs b/src/main.rs index 6f644f84..792ea548 100644 --- a/src/main.rs +++ b/src/main.rs @@ -3,20 +3,20 @@ use clap::{AppSettings, Parser}; use env_logger::fmt::Formatter; use env_logger::{Builder, Env}; #[cfg(not(target_os = "windows"))] -use ev_cage::cli::attest; -use ev_cage::cli::{ +use ev_enclave::cli::attest; +use ev_enclave::cli::{ build, cert, delete, deploy, describe, init, list, logs, restart, scale, update, Command, }; #[cfg(feature = "internal_dependency")] -use ev_cage::cli::{dev, encrypt, env}; +use ev_enclave::cli::{dev, encrypt, env}; use human_panic::setup_panic; use log::Record; use std::io::Write; #[derive(Debug, Parser)] #[clap( - name = "Evervault Cage CLI", + name = "Evervault Enclave CLI", author = "engineering@evervault.com", version, setting = AppSettings::ArgRequiredElseHelp, @@ -103,9 +103,9 @@ fn setup_logger(verbose_logging: bool) { .format_module_path(false) .format_target(false); if verbose_logging { - builder.filter(Some("ev-cage"), log::LevelFilter::Debug); + builder.filter(Some("ev-enclave"), log::LevelFilter::Debug); } else { - builder.filter(Some("ev-cage"), log::LevelFilter::Info); + builder.filter(Some("ev-enclave"), log::LevelFilter::Info); } builder.format(log_formatter).init(); } diff --git a/src/progress.rs b/src/progress.rs index b47b6c0b..674e168c 100644 --- a/src/progress.rs +++ b/src/progress.rs @@ -1,7 +1,7 @@ use atty::Stream; use indicatif::{ProgressBar, ProgressStyle}; -use crate::api::cage::CageApi; +use crate::api::enclave::EnclaveApi; use crate::common::CliError; const MAX_SUCCESSIVE_POLLING_ERRORS: i32 = 5; // # attempts allowed at 6s intervals @@ -11,7 +11,7 @@ fn get_progress_bar(start_msg: &str, upload_len: Option) -> ProgressBar { Some(len) => { let progress_bar = ProgressBar::new(len); progress_bar.set_style(ProgressStyle::default_bar() - .template("Uploading Cage to Evervault {bar:40.green/blue} {bytes} ({percent}%) [{elapsed_precise}]") + .template("Uploading Enclave to Evervault {bar:40.green/blue} {bytes} ({percent}%) [{elapsed_precise}]") .expect("Failed to create progress bar template from hardcoded template") .progress_chars("##-")); progress_bar @@ -141,7 +141,7 @@ impl StatusReport { } // It should be possible to resolve the lifetimes to allow this work over borrows for every value instead of cloning/heap allocating -pub async fn poll_fn_and_report_status( +pub async fn poll_fn_and_report_status( api_client: std::sync::Arc, poll_args: Vec, poll_fn: F, diff --git a/src/restart/mod.rs b/src/restart/mod.rs index bf45f98e..9bb714d3 100644 --- a/src/restart/mod.rs +++ b/src/restart/mod.rs @@ -1,14 +1,14 @@ use crate::{ - api::cage::{CageApi, CageDeployment, CagesClient}, + api::enclave::{EnclaveApi, EnclaveClient, EnclaveDeployment}, common::CliError, }; use thiserror::Error; #[derive(Debug, Error)] pub enum RestartError { - #[error("An error occurred while reading the cage config — {0}")] - CageConfigError(#[from] crate::config::CageConfigError), - #[error("No Cage Uuid given. You can provide one by using either the --cage-uuid flag, or using the --config flag to point to a Cage.toml")] + #[error("An error occurred while reading the enclave config — {0}")] + EnclaveConfigError(#[from] crate::config::EnclaveConfigError), + #[error("No Enclave Uuid given. You can provide one by using either the --enclave-uuid flag, or using the --config flag to point to an Enclave.toml")] MissingUuid, #[error("An IO error occurred {0}")] IoError(#[from] std::io::Error), @@ -19,7 +19,7 @@ pub enum RestartError { impl CliError for RestartError { fn exitcode(&self) -> exitcode::ExitCode { match self { - Self::CageConfigError(config_err) => config_err.exitcode(), + Self::EnclaveConfigError(config_err) => config_err.exitcode(), Self::IoError(_) => exitcode::IOERR, Self::ApiError(api_err) => api_err.exitcode(), Self::MissingUuid => exitcode::DATAERR, @@ -27,19 +27,19 @@ impl CliError for RestartError { } } -pub async fn restart_cage( +pub async fn restart_enclave( config: &str, - cage_uuid: Option<&str>, - cage_api: &CagesClient, + enclave_uuid: Option<&str>, + enclave_api: &EnclaveClient, _background: bool, -) -> Result { - let maybe_cage_uuid = crate::common::resolve_cage_uuid(cage_uuid, config)?; - let cage_uuid = match maybe_cage_uuid { - Some(given_cage_uuid) => given_cage_uuid, +) -> Result { + let maybe_enclave_uuid = crate::common::resolve_enclave_uuid(enclave_uuid, config)?; + let enclave_uuid = match maybe_enclave_uuid { + Some(given_enclave_uuid) => given_enclave_uuid, _ => return Err(RestartError::MissingUuid), }; - println!("Restarting cage {}...", cage_uuid); + println!("Restarting enclave {}...", enclave_uuid); - Ok(cage_api.restart_cage(&cage_uuid).await?) + Ok(enclave_api.restart_enclave(&enclave_uuid).await?) } diff --git a/src/test_utils.rs b/src/test_utils.rs index 14139a33..78ae8ca5 100644 --- a/src/test_utils.rs +++ b/src/test_utils.rs @@ -1,15 +1,16 @@ use crate::api::assets::AssetsClient; -use crate::api::cage::{ - BuildStatus, Cage, CageDeployment, CageRegionalDeployment, CageSigningCert, CageState, - CageVersion, DeployStatus, DeploymentsForGetCage, GetCageDeploymentResponse, GetCageResponse, +use crate::api::enclave::{ + BuildStatus, DeployStatus, DeploymentsForGetEnclave, Enclave, EnclaveDeployment, + EnclaveRegionalDeployment, EnclaveSigningCert, EnclaveState, EnclaveVersion, + GetEnclaveDeploymentResponse, GetEnclaveResponse, }; use crate::build::build_enclave_image_file; use crate::build::error::BuildError; use crate::common::OutputPath; -use crate::config::{read_and_validate_config, ValidatedCageBuildConfig}; +use crate::config::{read_and_validate_config, ValidatedEnclaveBuildConfig}; use crate::enclave::BuiltEnclave; -pub async fn build_test_cage( +pub async fn build_test_enclave( output_dir: Option<&str>, from_existing: Option, reproducible: bool, @@ -39,18 +40,18 @@ pub async fn build_test_cage( .await } -fn get_test_build_args() -> ValidatedCageBuildConfig { - let (_cage_config, validated_config) = read_and_validate_config("./test.cage.toml", &()) +fn get_test_build_args() -> ValidatedEnclaveBuildConfig { + let (_enclave_config, validated_config) = read_and_validate_config("./test.cage.toml", &()) .expect("Testing config failed to validate"); validated_config } -pub fn build_get_cage_response( - state: CageState, - deployments: Vec, -) -> GetCageResponse { - GetCageResponse { - cage: Cage { +pub fn build_get_enclave_response( + state: EnclaveState, + deployments: Vec, +) -> GetEnclaveResponse { + GetEnclaveResponse { + cage: Enclave { uuid: "abc".into(), name: "def".into(), team_uuid: "team_123".into(), @@ -64,23 +65,23 @@ pub fn build_get_cage_response( } } -pub fn build_get_cage_deployment( +pub fn build_get_enclave_deployment( build_status: BuildStatus, deploy_status: DeployStatus, started_at: Option, completed_at: Option, -) -> GetCageDeploymentResponse { - GetCageDeploymentResponse { - deployment: CageDeployment { +) -> GetEnclaveDeploymentResponse { + GetEnclaveDeploymentResponse { + deployment: EnclaveDeployment { uuid: "".into(), - cage_uuid: "".into(), + enclave_uuid: "".into(), version_uuid: "".into(), signing_cert_uuid: "".into(), debug_mode: true, started_at: started_at.clone(), completed_at: completed_at.clone(), }, - tee_cage_version: CageVersion { + tee_enclave_version: EnclaveVersion { uuid: "".into(), version: 0, control_plane_img_url: Some("".into()), @@ -91,7 +92,7 @@ pub fn build_get_cage_deployment( started_at: started_at.clone(), healthcheck: None, }, - tee_cage_signing_cert: CageSigningCert { + tee_enclave_signing_cert: EnclaveSigningCert { name: Some("".into()), uuid: "".into(), app_uuid: "".into(), @@ -99,7 +100,7 @@ pub fn build_get_cage_deployment( not_before: None, not_after: None, }, - tee_cage_regional_deployments: vec![CageRegionalDeployment { + tee_enclave_regional_deployments: vec![EnclaveRegionalDeployment { uuid: "".into(), deployment_uuid: "".into(), deployment_order: 0, diff --git a/src/version/mod.rs b/src/version/mod.rs index fcb30275..f05c8dab 100644 --- a/src/version/mod.rs +++ b/src/version/mod.rs @@ -13,7 +13,7 @@ pub enum VersionError { SemVerError(#[from] semver::Error), #[error("Couldn't parse env string as int - {0}")] ParseIntError(#[from] std::num::ParseIntError), - #[error("This version is deprecated, please run ev-cage update to continue")] + #[error("This version is deprecated, please run ev-enclave update to continue")] DeprecatedVersion, #[error("Couldn't check version against latest")] FailedVersionCheck, diff --git a/test.cage.toml b/test.cage.toml index e4627ee1..bebaa723 100644 --- a/test.cage.toml +++ b/test.cage.toml @@ -1,4 +1,4 @@ -name = "test-cage" +name = "test-enclave" uuid = "1234" app_uuid = "4321" team_uuid = "teamid" @@ -19,7 +19,7 @@ keyPath = "./key.pem" [attestation] HashAlgorithm = "Sha384 { ... }" -PCR0 = "4d99ce0096bffeea435c41016e9d64aa51caae95d7846fb7c8708f590d31be1fc704adc13bedabbcb2980d6612dde6e9" +PCR0 = "1cd2135a6358458e390904fac3568eff4e6c7882c22e7925a830c8ba6b9b1ae117dd714cad64b1001475923a242fc887" PCR1 = "bcdf05fefccaa8e55bf2c8d6dee9e79bbff31e34bf28a99aa19e6b29c37ee80b214a414b7607236edf26fcb78654e63f" PCR2 = "42997b22af1f96a6b32372402af03a5d16e47316e7990314bdb01c0759fa11a7ae88e3ae2f3628b1c1ab734ea2f2ba34" PCR8 = "a94237284c822603176cfe5abbf62664a786b8eef7c5ead7ff725fc2750f06520ce775fec55405ac1837cf2c42e1443a" diff --git a/testRepro.Dockerfile b/testRepro.Dockerfile index daa7b05b..1cb446bc 100644 --- a/testRepro.Dockerfile +++ b/testRepro.Dockerfile @@ -2,12 +2,12 @@ FROM alpine@sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc023 RUN touch /hello-script;\ /bin/sh -c "echo -e '"'#!/bin/sh\nwhile true; do echo "hello"; sleep 2; done;\n'"' > /hello-script" RUN mkdir -p /opt/evervault -ADD https://cage-build-assets.evervault.com/installer/b8073166b7c5bc8fe2abf192f66e1106f2d4be547b1841be69f95ff2c4ea578c.tar.gz /opt/evervault/runtime-dependencies.tar.gz +ADD https://enclave-build-assets.evervault.com/installer/b8073166b7c5bc8fe2abf192f66e1106f2d4be547b1841be69f95ff2c4ea578c.tar.gz /opt/evervault/runtime-dependencies.tar.gz RUN cd /opt/evervault ; tar -xzf runtime-dependencies.tar.gz ; sh ./installer.sh ; rm runtime-dependencies.tar.gz RUN echo {\"api_key_auth\":true,\"trx_logging_enabled\":true} > /etc/dataplane-config.json RUN mkdir -p /etc/service/user-entrypoint -RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_CAGE_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run -ADD https://cage-build-assets.evervault.com/runtime/0.0.31/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane +RUN printf "#!/bin/sh\nsleep 5\necho \"Checking status of data-plane\"\nSVDIR=/etc/service sv check data-plane || exit 1\necho \"Data-plane up and running\"\nwhile ! grep -q \"EV_INITIALIZED\" /etc/customer-env\n do echo \"Env not ready, sleeping user process for one second\"\n sleep 1\n done \n . /etc/customer-env\n\necho \"Booting user service...\"\ncd %s\nexec sh /hello-script\n" "$PWD" > /etc/service/user-entrypoint/run && chmod +x /etc/service/user-entrypoint/run +ADD https://enclave-build-assets.evervault.com/runtime/0.0.31/data-plane/egress-disabled/tls-termination-enabled /opt/evervault/data-plane RUN chmod +x /opt/evervault/data-plane RUN mkdir -p /etc/service/data-plane RUN printf "#!/bin/sh\necho \"Booting Evervault data plane...\"\nexec /opt/evervault/data-plane 80\n" > /etc/service/data-plane/run && chmod +x /etc/service/data-plane/run