Introduce config map format and parsing logic #1004
Conversation
tiziano88
force-pushed
the
tzn_config_map_parse
branch
from
b2a1e20
to
1078a29
Compare
| @@ -13,9 +13,13 @@ oak_debug = [] | |||
| default = ["oak_debug"] | |||
|
|
|||
| [dependencies] | |||
| anyhow = "*" | |||
There was a problem hiding this comment.
I think this should also be added to oak/server/rust/oak_loader/BUILD
tiziano88
force-pushed
the
tzn_config_map_parse
branch
from
1078a29
to
ebf9e88
Compare
| impl FromStr for ConfigEntry { | ||
| type Err = anyhow::Error; | ||
| fn from_str(v: &str) -> Result<Self, Self::Err> { | ||
| let parts = v.split("=").collect::<Vec<_>>(); |
There was a problem hiding this comment.
This seems quite brittle. It might be nice in future to have some better defined parsing.
There was a problem hiding this comment.
I think this is fine for the foreseeable future, we fully control the file names anyways, so there is no risk that we end up with = in the file name itself. But sure, if it does happen we can extend it.
There was a problem hiding this comment.
Seeing that this is also intended for sensitive data, is there a plan to add labels or some other mechanism to protect the data from untrusted nodes?
| // We only log the keys here, since the values may be secret. | ||
| debug!("parsed config map entries: {:?}", config_map.items.keys()); | ||
| // TODO(#689): Pass the `config_map` object to the Runtime instance, and make it available to | ||
| // the running Oak Application. |
There was a problem hiding this comment.
I am not clear on how this will be used. Is the intention to make this available to wasm nodes? Or to dynamically replace tokens in the application configuration?
There was a problem hiding this comment.
The intention is to make it available to the first node of an Oak application, which can then take it apart and distribute it to further nodes if it needs to. It will be easier after #917 is merged, so I'll wait for that before doing the rest of the work.
| let mut file_map = HashMap::new(); | ||
| for config_entry in config_entries { | ||
| let file_content = read_file(&config_entry.filename)?; | ||
| file_map.insert(config_entry.key.to_string(), file_content); |
There was a problem hiding this comment.
Perhaps log a warning if the key already exists and the value is being overwritten?
There was a problem hiding this comment.
Good point, done and added a test.
tiziano88
force-pushed
the
tzn_config_map_parse
branch
from
ebf9e88
to
a47ca7d
Compare
| impl FromStr for ConfigEntry { | ||
| type Err = anyhow::Error; | ||
| fn from_str(v: &str) -> Result<Self, Self::Err> { | ||
| let parts = v.split("=").collect::<Vec<_>>(); |
There was a problem hiding this comment.
I think this is fine for the foreseeable future, we fully control the file names anyways, so there is no risk that we end up with = in the file name itself. But sure, if it does happen we can extend it.
| let mut file_map = HashMap::new(); | ||
| for config_entry in config_entries { | ||
| let file_content = read_file(&config_entry.filename)?; | ||
| file_map.insert(config_entry.key.to_string(), file_content); |
There was a problem hiding this comment.
Good point, done and added a test.
| // We only log the keys here, since the values may be secret. | ||
| debug!("parsed config map entries: {:?}", config_map.items.keys()); | ||
| // TODO(#689): Pass the `config_map` object to the Runtime instance, and make it available to | ||
| // the running Oak Application. |
There was a problem hiding this comment.
The intention is to make it available to the first node of an Oak application, which can then take it apart and distribute it to further nodes if it needs to. It will be easier after #917 is merged, so I'll wait for that before doing the rest of the work.
tiziano88
force-pushed
the
tzn_config_map_parse
branch
from
a47ca7d
to
8dcf10d
Compare
This will be used to pass configuration files and secrets to Oak Applications, by specifying them via command line flags to the `oak_loader` binary. Also switch the top-level `oak_loader` error handling to the `anyhow` crate. Ref project-oak#689
tiziano88
force-pushed
the
tzn_config_map_parse
branch
from
8dcf10d
to
ba4affb
Compare
|
Reproducibility index: |
This will be used to pass configuration files and secrets to Oak
Applications, by specifying them via command line flags to the
oak_loaderbinary.Also switch the top-level
oak_loadererror handling to theanyhowcrate.
Ref #689
Checklist