You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2020/03/24 23:22:15 UTC
[incubator-teaclave] branch develop updated (3106a26 -> 0a0480c)
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a change to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git.
from 3106a26 [utils] Introduce macros to simplify fn impl
new efe7690 [services] Use create_trusted_*_endpoint utility functions to simply creating an trusted service endpoint
new 0a0480c [types] Impl Function in builder pattern
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
services/frontend/enclave/src/lib.rs | 50 ++++------
services/management/enclave/src/lib.rs | 25 ++---
services/management/enclave/src/service.rs | 148 +++++++++++++----------------
services/management/enclave/src/task.rs | 8 +-
types/src/function.rs | 67 +++++++++++--
utils/service_enclave_utils/src/lib.rs | 8 ++
6 files changed, 161 insertions(+), 145 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org
[incubator-teaclave] 02/02: [types] Impl Function in builder pattern
Posted by ms...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
commit 0a0480cb9c8faae3f41c1561be2a4705c8fda34a
Author: Mingshen Sun <bo...@mssun.me>
AuthorDate: Tue Mar 24 16:05:48 2020 -0700
[types] Impl Function in builder pattern
---
services/management/enclave/src/service.rs | 148 +++++++++++++----------------
services/management/enclave/src/task.rs | 8 +-
types/src/function.rs | 67 +++++++++++--
3 files changed, 128 insertions(+), 95 deletions(-)
diff --git a/services/management/enclave/src/service.rs b/services/management/enclave/src/service.rs
index ee490a0..5a61b04 100644
--- a/services/management/enclave/src/service.rs
+++ b/services/management/enclave/src/service.rs
@@ -256,19 +256,16 @@ impl TeaclaveManagement for TeaclaveManagementService {
.to_string();
let request = request.message;
- let function_id = Uuid::new_v4();
- let function = Function {
- function_id,
- name: request.name,
- description: request.description,
- payload: request.payload,
- is_public: request.is_public,
- arg_list: request.arg_list,
- input_list: request.input_list,
- output_list: request.output_list,
- owner: user_id,
- is_native: false,
- };
+ let function = Function::new()
+ .id(Uuid::new_v4())
+ .name(request.name)
+ .description(request.description)
+ .payload(request.payload)
+ .public(request.is_public)
+ .arguments(request.arg_list)
+ .inputs(request.input_list)
+ .outputs(request.output_list)
+ .owner(user_id);
self.write_to_db(&function)
.map_err(|_| TeaclaveManagementError::StorageError)?;
@@ -278,7 +275,7 @@ impl TeaclaveManagement for TeaclaveManagementService {
Ok(response)
}
- // access control: function.is_public || function.owner == user_id
+ // access control: function.public || function.owner == user_id
fn get_function(
&self,
request: Request<GetFunctionRequest>,
@@ -295,7 +292,7 @@ impl TeaclaveManagement for TeaclaveManagementService {
let function: Function = self
.read_from_db(request.message.function_id.as_bytes())
.map_err(|_| TeaclaveManagementError::PermissionDenied)?;
- if !(function.is_public || function.owner == user_id) {
+ if !(function.public || function.owner == user_id) {
return Err(TeaclaveManagementError::PermissionDenied.into());
}
let response = GetFunctionResponse {
@@ -303,10 +300,10 @@ impl TeaclaveManagement for TeaclaveManagementService {
description: function.description,
owner: function.owner,
payload: function.payload,
- is_public: function.is_public,
- arg_list: function.arg_list,
- input_list: function.input_list,
- output_list: function.output_list,
+ is_public: function.public,
+ arg_list: function.arguments,
+ input_list: function.inputs,
+ output_list: function.outputs,
};
Ok(response)
}
@@ -543,7 +540,7 @@ impl TeaclaveManagement for TeaclaveManagementService {
let staged_task = StagedTask::new()
.task_id(task.task_id)
- .function_id(function.function_id)
+ .function_id(function.id)
.function_name(&function.name)
.function_payload(function.payload)
.function_arguments(function_arguments)
@@ -584,35 +581,31 @@ impl TeaclaveManagementService {
let function_input2 = FunctionInput::new("input2", "input_desc");
let function_output2 = FunctionOutput::new("output2", "output_desc");
- let native_function = Function {
- function_id: Uuid::parse_str("00000000-0000-0000-0000-000000000001")?,
- name: "mock-native-func".to_string(),
- description: "mock-desc".to_string(),
- payload: b"mock-payload".to_vec(),
- is_public: true,
- arg_list: vec!["arg1".to_string(), "arg2".to_string()],
- input_list: vec![function_input, function_input2],
- output_list: vec![function_output, function_output2],
- owner: "teaclave".to_string(),
- is_native: true,
- };
+ let function = Function::new()
+ .id(Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap())
+ .name("mock-func-1")
+ .description("mock-desc")
+ .payload(b"mock-payload".to_vec())
+ .public(true)
+ .arguments(vec!["arg1".to_string(), "arg2".to_string()])
+ .inputs(vec![function_input, function_input2])
+ .outputs(vec![function_output, function_output2])
+ .owner("teaclave".to_string());
- self.write_to_db(&native_function)?;
+ self.write_to_db(&function)?;
let function_output = FunctionOutput::new("output", "output_desc");
- let native_function = Function {
- function_id: Uuid::parse_str("00000000-0000-0000-0000-000000000002")?,
- name: "mock-native-func".to_string(),
- description: "mock-desc".to_string(),
- payload: b"mock-payload".to_vec(),
- is_public: true,
- arg_list: vec!["arg1".to_string()],
- input_list: vec![],
- output_list: vec![function_output],
- owner: "teaclave".to_string(),
- is_native: true,
- };
- self.write_to_db(&native_function)?;
+ let function = Function::new()
+ .id(Uuid::parse_str("00000000-0000-0000-0000-000000000002").unwrap())
+ .name("mock-func-2")
+ .description("mock-desc")
+ .payload(b"mock-payload".to_vec())
+ .public(true)
+ .arguments(vec!["arg1".to_string()])
+ .outputs(vec![function_output])
+ .owner("teaclave".to_string());
+
+ self.write_to_db(&function)?;
Ok(())
}
@@ -717,18 +710,16 @@ pub mod tests {
pub fn handle_function() {
let function_input = FunctionInput::new("input", "input_desc");
let function_output = FunctionOutput::new("output", "output_desc");
- let function = Function {
- function_id: Uuid::new_v4(),
- name: "mock_function".to_string(),
- description: "mock function".to_string(),
- payload: b"python script".to_vec(),
- is_public: true,
- arg_list: vec!["arg".to_string()],
- input_list: vec![function_input],
- output_list: vec![function_output],
- owner: "mock_user".to_string(),
- is_native: false,
- };
+ let function = Function::new()
+ .id(Uuid::new_v4())
+ .name("mock_function")
+ .description("mock function")
+ .payload(b"python script".to_vec())
+ .arguments(vec!["arg".to_string()])
+ .inputs(vec![function_input])
+ .outputs(vec![function_output])
+ .public(true)
+ .owner("mock_user");
assert!(Function::match_prefix(&function.key_string()));
let value = function.to_vec().unwrap();
let deserialized_function = Function::from_slice(&value).unwrap();
@@ -736,18 +727,14 @@ pub mod tests {
}
pub fn handle_task() {
- let function = Function {
- function_id: Uuid::new_v4(),
- name: "mock_function".to_string(),
- description: "mock function".to_string(),
- payload: b"python script".to_vec(),
- is_public: true,
- arg_list: vec!["arg".to_string()],
- input_list: vec![],
- output_list: vec![],
- owner: "mock_user".to_string(),
- is_native: false,
- };
+ let function = Function::new()
+ .id(Uuid::new_v4())
+ .name("mock_function")
+ .description("mock function")
+ .payload(b"python script".to_vec())
+ .arguments(vec!["arg".to_string()])
+ .public(true)
+ .owner("mock_user");
let function_arguments = FunctionArguments::new(hashmap!("arg" => "data"));
let task = crate::task::create_task(
@@ -766,18 +753,13 @@ pub mod tests {
}
pub fn handle_staged_task() {
- let function = Function {
- function_id: Uuid::new_v4(),
- name: "mock".to_string(),
- description: "".to_string(),
- payload: b"python script".to_vec(),
- is_public: false,
- arg_list: vec![],
- input_list: vec![],
- output_list: vec![],
- owner: "mock_user".to_string(),
- is_native: true,
- };
+ let function = Function::new()
+ .id(Uuid::new_v4())
+ .name("mock_function")
+ .description("mock function")
+ .payload(b"python script".to_vec())
+ .public(true)
+ .owner("mock_user");
let mut arg_list = HashMap::new();
arg_list.insert("arg".to_string(), "data".to_string());
let function_arguments = arg_list.into();
@@ -796,7 +778,7 @@ pub mod tests {
let staged_task = StagedTask::new()
.task_id(Uuid::new_v4())
- .function_id(function.function_id)
+ .function_id(function.id)
.function_name(&function.name)
.function_payload(function.payload)
.function_arguments(function_arguments)
diff --git a/services/management/enclave/src/task.rs b/services/management/enclave/src/task.rs
index 0222958..e7291b4 100644
--- a/services/management/enclave/src/task.rs
+++ b/services/management/enclave/src/task.rs
@@ -34,7 +34,7 @@ pub(crate) fn create_task(
) -> Result<Task> {
let task_id = Uuid::new_v4();
let mut participants = HashSet::new();
- if !function.is_public {
+ if !function.public {
participants.insert(function.owner.clone());
}
participants.insert(creator.clone());
@@ -65,19 +65,19 @@ pub(crate) fn create_task(
status: TaskStatus::Created,
};
// check arguments
- let function_arguments: HashSet<String> = function.arg_list.into_iter().collect();
+ let function_arguments: HashSet<String> = function.arguments.into_iter().collect();
let provide_args: HashSet<String> = task.function_arguments.inner().keys().cloned().collect();
let diff: HashSet<_> = function_arguments.difference(&provide_args).collect();
ensure!(diff.is_empty(), "bad arguments");
// check input
- let input_args: HashSet<String> = function.input_list.into_iter().map(|f| f.name).collect();
+ let input_args: HashSet<String> = function.inputs.into_iter().map(|f| f.name).collect();
let provide_args: HashSet<String> = task.input_data_owner_list.keys().cloned().collect();
let diff: HashSet<_> = input_args.difference(&provide_args).collect();
ensure!(diff.is_empty(), "bad input");
// check output
- let output_args: HashSet<String> = function.output_list.into_iter().map(|f| f.name).collect();
+ let output_args: HashSet<String> = function.outputs.into_iter().map(|f| f.name).collect();
let provide_args: HashSet<String> = task.output_data_owner_list.keys().cloned().collect();
let diff: HashSet<_> = output_args.difference(&provide_args).collect();
ensure!(diff.is_empty(), "bad output");
diff --git a/types/src/function.rs b/types/src/function.rs
index 94ca8f7..ad7e299 100644
--- a/types/src/function.rs
+++ b/types/src/function.rs
@@ -51,18 +51,69 @@ impl FunctionOutput {
}
const FUNCION_PREFIX: &str = "function";
-#[derive(Debug, Deserialize, Serialize)]
+
+#[derive(Default, Debug, Deserialize, Serialize)]
pub struct Function {
- pub function_id: Uuid,
+ pub id: Uuid,
pub name: String,
pub description: String,
pub payload: Vec<u8>,
- pub is_public: bool,
- pub arg_list: Vec<String>,
- pub input_list: Vec<FunctionInput>,
- pub output_list: Vec<FunctionOutput>,
+ pub public: bool,
+ pub arguments: Vec<String>,
+ pub inputs: Vec<FunctionInput>,
+ pub outputs: Vec<FunctionOutput>,
pub owner: String,
- pub is_native: bool,
+}
+
+impl Function {
+ pub fn new() -> Self {
+ Self::default()
+ }
+
+ pub fn id(self, id: Uuid) -> Self {
+ Self { id, ..self }
+ }
+
+ pub fn name(self, name: impl ToString) -> Self {
+ Self {
+ name: name.to_string(),
+ ..self
+ }
+ }
+
+ pub fn description(self, description: impl ToString) -> Self {
+ Self {
+ description: description.to_string(),
+ ..self
+ }
+ }
+
+ pub fn payload(self, payload: Vec<u8>) -> Self {
+ Self { payload, ..self }
+ }
+
+ pub fn public(self, public: bool) -> Self {
+ Self { public, ..self }
+ }
+
+ pub fn arguments(self, arguments: Vec<String>) -> Self {
+ Self { arguments, ..self }
+ }
+
+ pub fn inputs(self, inputs: Vec<FunctionInput>) -> Self {
+ Self { inputs, ..self }
+ }
+
+ pub fn outputs(self, outputs: Vec<FunctionOutput>) -> Self {
+ Self { outputs, ..self }
+ }
+
+ pub fn owner(self, owner: impl ToString) -> Self {
+ Self {
+ owner: owner.to_string(),
+ ..self
+ }
+ }
}
impl Storable for Function {
@@ -71,6 +122,6 @@ impl Storable for Function {
}
fn uuid(&self) -> Uuid {
- self.function_id
+ self.id
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org
[incubator-teaclave] 01/02: [services] Use
create_trusted_*_endpoint utility functions to simply creating an trusted
service endpoint
Posted by ms...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
commit efe76904edc79bcfeef9cb3c999eb17c08ed4f71
Author: Mingshen Sun <bo...@mssun.me>
AuthorDate: Tue Mar 24 14:42:25 2020 -0700
[services] Use create_trusted_*_endpoint utility functions to simply creating an trusted service endpoint
---
services/frontend/enclave/src/lib.rs | 50 ++++++++++++----------------------
services/management/enclave/src/lib.rs | 25 ++++++-----------
utils/service_enclave_utils/src/lib.rs | 8 ++++++
3 files changed, 33 insertions(+), 50 deletions(-)
diff --git a/services/frontend/enclave/src/lib.rs b/services/frontend/enclave/src/lib.rs
index 3961927..1a0bad4 100644
--- a/services/frontend/enclave/src/lib.rs
+++ b/services/frontend/enclave/src/lib.rs
@@ -35,11 +35,11 @@ use teaclave_config::{RuntimeConfig, BUILD_CONFIG};
use teaclave_proto::teaclave_frontend_service::{
TeaclaveFrontendRequest, TeaclaveFrontendResponse,
};
-use teaclave_rpc::config::SgxTrustedTlsClientConfig;
use teaclave_rpc::config::SgxTrustedTlsServerConfig;
-use teaclave_rpc::endpoint::Endpoint;
use teaclave_rpc::server::SgxTrustedTlsServer;
-use teaclave_service_enclave_utils::ServiceEnclave;
+use teaclave_service_enclave_utils::{
+ create_trusted_authentication_endpoint, create_trusted_management_endpoint, ServiceEnclave,
+};
use teaclave_types::{TeeServiceError, TeeServiceResult};
mod service;
@@ -62,7 +62,7 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
.attested_tls_config()
.unwrap();
let server_config =
- SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config.clone()).unwrap();
+ SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config).unwrap();
let mut server = SgxTrustedTlsServer::<TeaclaveFrontendResponse, TeaclaveFrontendRequest>::new(
listen_address,
@@ -71,35 +71,19 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
let enclave_info =
teaclave_types::EnclaveInfo::from_bytes(&config.audit.enclave_info_bytes.as_ref().unwrap());
- let enclave_attr = enclave_info
- .get_enclave_attr("teaclave_authentication_service")
- .expect("authentication");
- let client_config =
- SgxTrustedTlsClientConfig::from_attested_tls_config(attested_tls_config.clone())
- .unwrap()
- .attestation_report_verifier(
- vec![enclave_attr],
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- );
- let authentication_service_address =
- &config.internal_endpoints.authentication.advertised_address;
- let authentication_service_endpoint =
- Endpoint::new(authentication_service_address).config(client_config);
-
- let enclave_attr = enclave_info
- .get_enclave_attr("teaclave_management_service")
- .expect("management");
- let client_config = SgxTrustedTlsClientConfig::from_attested_tls_config(attested_tls_config)
- .unwrap()
- .attestation_report_verifier(
- vec![enclave_attr],
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- );
- let management_service_address = &config.internal_endpoints.management.advertised_address;
- let management_service_endpoint =
- Endpoint::new(management_service_address).config(client_config);
+ let authentication_service_endpoint = create_trusted_authentication_endpoint(
+ &config.internal_endpoints.authentication.advertised_address,
+ &enclave_info,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ );
+
+ let management_service_endpoint = create_trusted_management_endpoint(
+ &config.internal_endpoints.management.advertised_address,
+ &enclave_info,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ );
let service = service::TeaclaveFrontendService::new(
authentication_service_endpoint,
diff --git a/services/management/enclave/src/lib.rs b/services/management/enclave/src/lib.rs
index afbc615..a80e569 100644
--- a/services/management/enclave/src/lib.rs
+++ b/services/management/enclave/src/lib.rs
@@ -35,10 +35,9 @@ use teaclave_config::{RuntimeConfig, BUILD_CONFIG};
use teaclave_proto::teaclave_management_service::{
TeaclaveManagementRequest, TeaclaveManagementResponse,
};
-use teaclave_rpc::config::{SgxTrustedTlsClientConfig, SgxTrustedTlsServerConfig};
-use teaclave_rpc::endpoint::Endpoint;
+use teaclave_rpc::config::SgxTrustedTlsServerConfig;
use teaclave_rpc::server::SgxTrustedTlsServer;
-use teaclave_service_enclave_utils::ServiceEnclave;
+use teaclave_service_enclave_utils::{create_trusted_storage_endpoint, ServiceEnclave};
use teaclave_types::{EnclaveInfo, TeeServiceError, TeeServiceResult};
mod service;
@@ -100,20 +99,12 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
server_config,
);
- let storage_service_enclave_attrs = enclave_info
- .get_enclave_attr("teaclave_storage_service")
- .expect("enclave_info");
- let storage_service_client_config = SgxTrustedTlsClientConfig::new()
- .attestation_report_verifier(
- vec![storage_service_enclave_attrs],
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- );
-
- let storage_service_address = &config.internal_endpoints.storage.advertised_address;
-
- let storage_service_endpoint =
- Endpoint::new(storage_service_address).config(storage_service_client_config);
+ let storage_service_endpoint = create_trusted_storage_endpoint(
+ &config.internal_endpoints.storage.advertised_address,
+ &enclave_info,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ );
let service = service::TeaclaveManagementService::new(storage_service_endpoint)?;
match server.start(service) {
diff --git a/utils/service_enclave_utils/src/lib.rs b/utils/service_enclave_utils/src/lib.rs
index a25d56c..b014a55 100644
--- a/utils/service_enclave_utils/src/lib.rs
+++ b/utils/service_enclave_utils/src/lib.rs
@@ -94,6 +94,14 @@ macro_rules! impl_create_trusted_endpoint_fn {
impl_create_trusted_endpoint_fn!(create_trusted_storage_endpoint, "teaclave_storage_service");
impl_create_trusted_endpoint_fn!(
+ create_trusted_authentication_endpoint,
+ "teaclave_authentication_service"
+);
+impl_create_trusted_endpoint_fn!(
+ create_trusted_management_endpoint,
+ "teaclave_management_service"
+);
+impl_create_trusted_endpoint_fn!(
create_trusted_scheduler_endpoint,
"teaclave_scheduler_service"
);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org