Commit b70cddf5 authored by Robert Schambach's avatar Robert Schambach
Browse files

Rename db simpleclient vars to fastapi vars

parent d2b0be96
......@@ -5,7 +5,7 @@ This repository contains the following SCONE session templates for MariaDB:
* MariaDB server (`db_session.yml`): deploy a MariaDB server with full data-at-rest encryption and filesystem authentication, including dynamic libraries. Bootstrap of the database (e.g. creation of the root user and mysql database) is also attested, allowing the bootstrap to be performed in untrusted environments.
* MariaDB simple client (`db_simpleclient.yml`): a simple SCONE application to test your MariaDB setup. Creates a database and a few records. Used as a test in [our MariaDB helm chart](https://sconedocs.github.io/helm_mariadb/).
* MariaDB simple client (`fastapi_session.yml`): a simple SCONE application to test your MariaDB setup. Creates a database and a few records. Used as a test in [our MariaDB helm chart](https://sconedocs.github.io/helm_mariadb/).
Submit policies
---
......
......@@ -159,14 +159,14 @@ secrets:
- name: MARIADB_CLIENT_KEY
kind: private-key
export:
- session: $DB_SIMPLECLIENT
- session: $FASTAPI_SESSION
- name: MARIADB_CLIENT_CERT # automatically generate client certificate
private_key: MARIADB_CLIENT_KEY
issuer: MARIADB_CA_CERT
common_name: MARIADB_CLIENT_CERT
kind: x509
export:
- session: $DB_SIMPLECLIENT # export client cert/key to upload session
- session: $FASTAPI_SESSION # export client cert/key to upload session
- name: MARIADB_CA_KEY # export session CA certificate as MariaDB CA certificate
kind: private-key
- name: MARIADB_CA_CERT # export session CA certificate as MariaDB CA certificate
......@@ -174,7 +174,7 @@ secrets:
common_name: MariaDB_CA
private_key: MARIADB_CA_KEY
export:
- session: $DB_SIMPLECLIENT # export the session CA certificate to upload session
- session: $FASTAPI_SESSION # export the session CA certificate to upload session
volumes:
# No fspf key and tag: an encrypted volume will be automatically generated
......
name: $DB_SIMPLECLIENT
name: $FASTAPI_SESSION
version: "0.3"
# Access control:
......
......@@ -57,14 +57,14 @@ secrets:
- name: MEMCACHED_CLIENT_KEY
kind: private-key
export:
- session: $DB_SIMPLECLIENT
- session: $FASTAPI_SESSION
- name: MEMCACHED_CLIENT_CERT # automatically generate client certificate
private_key: MEMCACHED_CLIENT_KEY
issuer: MEMCACHED_CA_CERT
common_name: MEMCACHED_CLIENT_CERT
kind: x509
export:
- session: $DB_SIMPLECLIENT # export client cert/key to upload session
- session: $FASTAPI_SESSION # export client cert/key to upload session
- name: MEMCACHED_CA_KEY # export session CA certificate as MEMCACHED CA certificate
kind: private-key
- name: MEMCACHED_CA_CERT # export session CA certificate as MEMCACHED CA certificate
......@@ -72,6 +72,6 @@ secrets:
common_name: MEMCACHED_CA
private_key: MEMCACHED_CA_KEY
export:
- session: $DB_SIMPLECLIENT # export the session CA certificate to upload session
- session: $FASTAPI_SESSION # export the session CA certificate to upload session
......@@ -48,11 +48,11 @@ secrets:
# nginx - fastapi tls
- name: FASTAPI_CLIENT_CERT
import:
session: $DB_SIMPLECLIENT
session: $FASTAPI_SESSION
secret: FASTAPI_CLIENT_CERT
- name: FASTAPI_CA_CERT
import:
session: $DB_SIMPLECLIENT
session: $FASTAPI_SESSION
secret: FASTAPI_CA_CERT
# specific for nginx - client tls
- name: server-key # automatically generate SERVER server certificate
......
......@@ -9,7 +9,7 @@ POSTFIX=$RANDOM-$RANDOM-$RANDOM
# Define policy names, used in templates.
# Set name to "" to avoid the session submission.
export DB_SESSION="database_policy_$POSTFIX"
export DB_SIMPLECLIENT="database_simpleclient_$POSTFIX"
export FASTAPI_SESSION="fastapi_policy_$POSTFIX"
export MEMCACHED_SESSION="memcached_policy_$POSTFIX"
export NGINX_SESSION="nginx_policy_$POSTFIX"
......@@ -46,7 +46,7 @@ scone cas attest -G -C --only_for_testing-debug --only_for_testing-ignore-signer
# environment (the variables exported in the lines above).
# That means that you can also customize such policies by exporting
# extra variables and referencing them on the templates.
if [ ! -z "$DB_SIMPLECLIENT" ]; then
if [ ! -z "$FASTAPI_SESSION" ]; then
# Simple client parameters.
export DB_USER="scontain"
export DB_HOST="${RELEASE_NAME:-mariadb}-mariadb-scone" # Accepts names or IP addresses
......@@ -54,10 +54,10 @@ if [ ! -z "$DB_SIMPLECLIENT" ]; then
export DB_DATABASE="test_db"
export TABLE="test_table"
echo "Uploading policy $DB_SIMPLECLIENT (MariaDB simple client)..."
scone session create --use-env "${BASH_SOURCE%/*}/db_simpleclient.yml"
echo "Uploading policy $FASTAPI_SESSION (MariaDB simple client)..."
scone session create --use-env "${BASH_SOURCE%/*}/fastapi_session.yml"
echo ""
echo "export SIMPLE_CLIENT_CONFIG_ID="$DB_SIMPLECLIENT"" > "${BASH_SOURCE%/*}/myenv"
echo "export SIMPLE_CLIENT_CONFIG_ID="$FASTAPI_SESSION"" > "${BASH_SOURCE%/*}/myenv"
unset DB_USER
fi
......@@ -95,6 +95,6 @@ echo "export SCONE_CAS_ADDR="$SCONE_CAS_ADDR"" >> "${BASH_SOURCE%/*}/myenv"
# Uncomment to double check submitted policies.
#scone session read $DB_SESSION
#scone session read $DB_SIMPLECLIENT
#scone session read $FASTAPI_SESSION
#scone session read $MEMCACHED_SESSION
#scone session read $NGINX_SESSION
......@@ -25,7 +25,7 @@ scone:
lasUseHostIP: true
#las: 172.17.0.1
cas: 5-0-0.scone-cas.cf
FASTAPIConfigID: db_simpleclient_config/serve
FASTAPIConfigID: fastapi_config/serve
# Define any SCONE-related variables.
env:
......
......@@ -153,7 +153,7 @@ A complete list of parameters this chart supports.
`scone.attestation.bootstrapConfigID`|MariaDB SCONE bootstrap session, which runs when the database is installed. To be exported as `BOOTSTRAP_CONFIG_ID`|`database_policy/bootstrap`
`scone.attestation.createUserConfigID`|MariaDB SCONE custom bootstrap session, which runs when the database is installed. To be exported as `CREATEUSER_CONFIG_ID`|`database_policy/create_user`
`scone.attestation.env`|SCONE environment variables to be exported into the container|`SCONE_HEAP=2G,SCONE_ALLOW_DLOPEN=1,SCONE_MODE=hw,SCONE_SYSLIBS=1,SCONE_FSPF_MUTABLE=1`
`scone.attestation.testCreateDBConfigID`|`SCONE_CONFIG_ID` for the create database test|`database_simpleclient/create_db`
`scone.attestation.testCreateDBConfigID`|`SCONE_CONFIG_ID` for the create database test|`fastapi_policy/create_db`
`scone.attestaton.testQueriesConfigID`|`SCONE_CONFIG_ID` for the query database test|`database_policy/queries`
`configuration`|If defined, the contents of `configuration` will be injected into MariaDB's containers as /etc/my.cnf through a ConfigMap|`nil`
`persistence.enabled`|If enabled, use a PVC. If not, use `emptyDir`|`false`
......
......@@ -32,8 +32,8 @@ scone:
createUserConfigID: database_policy/create_user
# Enable attestation for tests.
testCreateDBConfigID: database_simpleclient/create_db
testQueriesConfigID: database_simpleclient/queries
testCreateDBConfigID: fastapi_policy/create_db
testQueriesConfigID: fastapi_policy/queries
# Define any SCONE-related variables.
env:
......
......@@ -23,7 +23,7 @@ fastapi-scone:
tag: "fastapi-server-protected"
scone:
attestation:
FASTAPIConfigID: db_simpleclient_config/serve
FASTAPIConfigID: fastapi_config/serve
env:
- name: SCONE_HEAP
value: 2G
......@@ -44,8 +44,8 @@ mariadb-scone:
createUserConfigID: database_policy/create_user
# Enable attestation for tests.
testCreateDBConfigID: database_simpleclient/create_db
testQueriesConfigID: database_simpleclient/queries
testCreateDBConfigID: fastapi_policy/create_db
testQueriesConfigID: fastapi_policy/queries
# Define any SCONE-related variables.
env:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment