-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.go
104 lines (88 loc) · 2.71 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package main
import (
"context"
"encoding/json"
"flag"
"fmt"
"log"
"log/slog"
"net"
"os"
"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/logging"
keyproviderpb "github.com/hown3d/kms-ocicrypt/gen/go/utils/keyprovider"
"github.com/hown3d/kms-ocicrypt/kms"
"github.com/hown3d/kms-ocicrypt/service"
"google.golang.org/grpc"
)
var (
port = flag.Int("port", 9666, "port to bind grpc server to")
keyProviderName *string = flag.String("keyprovider-name", "kms-crypt", "name of the keyprovider in ocicrypt config")
kmsProviderName *string = flag.String("kms-provider", "aws", "which kms provider to use. Implemented providers: aws")
)
// InterceptorLogger adapts slog logger to interceptor logger.
// This code is simple enough to be copied and not imported.
func InterceptorLogger(l *slog.Logger) logging.Logger {
return logging.LoggerFunc(func(ctx context.Context, lvl logging.Level, msg string, fields ...any) {
l.Log(ctx, slog.Level(lvl), msg, fields...)
})
}
func main() {
flag.Parse()
err := createOcicryptKeyproviderConfig()
if err != nil {
log.Fatalf("error creating ocicrypt keyprovider config: %s", err)
}
lis, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", *port))
if err != nil {
log.Fatalf("Failed to listen on port %v: %v", *port, err)
}
grpcServer := grpc.NewServer(
grpc.ChainUnaryInterceptor(
logging.UnaryServerInterceptor(InterceptorLogger(slog.Default())),
),
grpc.ChainStreamInterceptor(
logging.StreamServerInterceptor(InterceptorLogger(slog.Default())),
),
)
kmsProvider, ok := kms.Providers[*kmsProviderName]
if !ok {
log.Fatalf("specified kms provider %v is not registered", *kmsProviderName)
}
keyproviderpb.RegisterKeyProviderServiceServer(grpcServer, service.NewKeyProviderService(kmsProvider, *keyProviderName))
slog.Info(fmt.Sprintf("serving grpc server on :%d", *port))
if err := grpcServer.Serve(lis); err != nil {
log.Fatalf("Failed to serve grpc server: %s", err)
}
}
type OcicryptKeyproviderConfig struct {
KeyProviders map[string]struct {
GRPC string `json:"grpc"`
} `json:"key-providers"`
}
const keyproviderFilepath = "/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"
func createOcicryptKeyproviderConfig() error {
ip := os.Getenv("POD_IP")
cfg := OcicryptKeyproviderConfig{
KeyProviders: map[string]struct {
GRPC string `json:"grpc"`
}{
*keyProviderName: {
GRPC: fmt.Sprintf("%v:%d", ip, *port),
},
},
}
slog.Info("generateOcicryptKeyproviderConfig", "config", cfg)
cfgBytes, err := json.MarshalIndent(cfg, "", "\t")
if err != nil {
return err
}
f, err := os.Create(keyproviderFilepath)
if err != nil {
return err
}
_, err = f.Write(cfgBytes)
if err != nil {
return err
}
return nil
}