trustee Extend KBS to provide the resources required to create an encrypted overlay network

Extend KBS to provide the resources required to create an encrypted overlay network

Open cclaudio opened this issue 6 months ago • 3 comments

This PR requires https://github.com/confidential-containers/guest-components/pull/634 to be merged first.

This PR resolves #396 by adding the following changes:

Add plugin interface
Add nebula-plugin

Steps to test it

enable nebula in the kbs-config.toml: enabled_plugins = ["nebula"]
Generate User authentication key pair as in quickstart guide
docker compose build
docker compose up
build kbs client: cd kbs && ATTESTER=snp-attester make cli && sudo make install-cli
kbs-client --url http://127.0.0.1:8080 config --auth-private-key kbs/config/private.key set-resource-policy --policy-file kbs/sample_policies/allow_all.rego
kbs-client --url http://127.0.0.1:8080 get-resource --path 'plugin/nebula/credential?ip[ip]=10.11.12.13&ip[netbits]=21&name=pod1' | base64 -d

The last command should return the credential requested, e.g.:

{
"node_crt":[45,45,45,45,45,66,69,71,73,78,32,78,69,66,85,76,65,32,67,69,82,84,73,70,73,67,65,84,69,45,45,45,45,45,10,67,109,69,75,66,72,66,118,90,68,69,83,67,89,50,89,114,70,67,65,56,80,47,47,68,121,106,83,117,113,83,49,66,106,67,97,49,113,88,69,66,106,111,103,83,85,66,117,100,74,104,101,84,75,105,49,122,50,86,66,77,102,112,66,10,68,103,105,120,77,56,87,81,90,55,97,81,109,99,114,68,114,53,52,53,47,50,74,75,73,68,116,87,73,57,109,43,70,98,120,80,119,107,52,54,122,71,90,88,116,56,70,103,112,74,52,71,52,120,88,57,76,97,108,56,78,55,98,116,10,120,65,43,68,69,107,65,76,110,114,80,88,87,88,116,51,113,102,77,109,87,48,102,110,68,88,97,111,48,90,104,112,108,54,65,104,49,115,82,47,115,115,120,120,80,56,109,99,108,99,78,87,101,110,47,76,82,84,68,48,112,101,122,68,10,105,101,76,82,75,79,70,109,121,104,111,74,107,118,66,73,86,109,53,82,104,54,43,56,68,89,115,68,10,45,45,45,45,45,69,78,68,32,78,69,66,85,76,65,32,67,69,82,84,73,70,73,67,65,84,69,45,45,45,45,45,10],
"node_key":[45,45,45,45,45,66,69,71,73,78,32,78,69,66,85,76,65,32,88,50,53,53,49,57,32,80,82,73,86,65,84,69,32,75,69,89,45,45,45,45,45,10,79,69,103,121,70,88,106,101,107,97,78,115,50,98,111,122,56,80,101,68,69,112,51,113,82,51,47,114,89,120,67,82,79,79,57,89,70,49,103,109,118,102,69,61,10,45,45,45,45,45,69,78,68,32,78,69,66,85,76,65,32,88,50,53,53,49,57,32,80,82,73,86,65,84,69,32,75,69,89,45,45,45,45,45,10],
"ca_crt":[45,45,45,45,45,66,69,71,73,78,32,78,69,66,85,76,65,32,67,69,82,84,73,70,73,67,65,84,69,45,45,45,45,45,10,67,107,115,75,71,85,53,108,89,110,86,115,89,83,66,68,81,83,66,109,98,51,73,103,86,72,74,49,99,51,82,108,90,83,66,76,81,108,77,111,109,43,43,103,116,81,89,119,109,57,97,108,120,65,89,54,73,76,54,55,105,73,115,79,10,51,83,68,71,76,67,49,84,121,54,78,82,77,121,48,57,56,56,84,110,53,51,77,47,71,88,112,80,77,84,99,57,66,43,85,73,81,65,69,83,81,80,75,67,107,97,99,72,79,89,86,121,66,104,57,69,102,106,74,107,65,110,48,72,10,81,73,72,102,114,106,51,83,76,48,67,118,49,77,81,109,81,98,107,55,99,89,116,81,70,82,114,111,104,57,51,104,121,55,99,81,55,112,51,99,56,105,86,110,67,56,109,80,97,107,113,70,47,101,66,84,48,82,111,67,69,119,111,61,10,45,45,45,45,45,69,78,68,32,78,69,66,85,76,65,32,67,69,82,84,73,70,73,67,65,84,69,45,45,45,45,45,10]
}

Jul 31 '24 04:07 cclaudio

trustee trustee copied to clipboard

Extend KBS to provide the resources required to create an encrypted overlay network

Steps to test it

trustee
trustee copied to clipboard