testnet/sgx-daemon
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: implement enclave deletion functionality

Browse Source 
refactor container handling methods
seperated utility methods
This commit is contained in:
Noor 2025-01-27 10:22:34 +00:00
parent ee31ee5e6b
commit 720fabb022
Signed by: noormohammedb
GPG Key ID: E424C39E19EFD7DF
6 changed files with 103 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@ -316,7 +316,7 @@ dependencies = [
[[package]] [[package]]
name = "detee-shared" name = "detee-shared"
version = "0.1.0" version = "0.1.0"
source = "git+ssh://git@gitea.detee.cloud/noormohammedb/detee-shared#bb553f08af6178d1b0da57234311eaf2809ca648" source = "git+ssh://git@gitea.detee.cloud/noormohammedb/detee-shared#b162dd99c0fe6f53e192eeb3576845b15d851934"
dependencies = [ dependencies = [
"base64", "base64",
"prost", "prost",

40
src/container.rs Normal file
View File

@ -0,0 +1,40 @@
use anyhow::Result;
use std::process::Command;
use crate::utils::prepare_port_map;
pub async fn deploy_enclave(
enclave_path: &str,
container_name_uuid: String,
publishing_ports: Vec<u32>,
// ...
) -> Result<Vec<(u16, u16)>> {
let port_map = prepare_port_map(publishing_ports).await;
let port_maping_string = port_map
.iter()
.map(|(host, container)| format!("-p {host}:{container}"))
.collect::<Vec<_>>()
.join(" ");
println!("Deploying enclave: {:?}", enclave_path);
let docker_deploy_str = format!(
r#"docker run --name {container_name_uuid} -v {enclave_path}/enclave_packager:/enclave_packager \
--device /dev/sgx/enclave --device /dev/sgx/provision {port_maping_string} noormohammedb/occlum-enclave:v1"#
);
let _child = Command::new("sh")
.arg("-c")
.arg(docker_deploy_str)
.spawn()?;
Ok(port_map)
}
pub fn delete_enclave(container_name_uuid: String) -> Result<()> {
println!("Deleting enclave: {:?}", &container_name_uuid);
let docker_rm_str = format!(r#"docker container rm -f {container_name_uuid}"#);
let _child = Command::new("sh").arg("-c").arg(docker_rm_str).spawn()?;
Ok(())
}

40
src/data.rs
View File

@ -1,9 +1,9 @@
use anyhow::Result; use anyhow::{anyhow, Result};
use detee_shared::pb_types::shared::Container as ContainerConfig; use detee_shared::pb_types::shared::Container as ContainerConfig;
use detee_shared::pb_types::shared::Resource as ResourceConfig; use detee_shared::pb_types::shared::Resource as ResourceConfig;
use crate::package::deploy_enclave; use crate::container::delete_enclave;
use crate::container::deploy_enclave;
#[derive(Debug, Default)] #[derive(Debug, Default)]
pub struct DaemonState { pub struct DaemonState {
@ -33,11 +33,13 @@ impl DaemonState {
) -> Result<Vec<(u16, u16)>, Box<dyn std::error::Error>> { ) -> Result<Vec<(u16, u16)>, Box<dyn std::error::Error>> {
let publishing_ports = req_data.resource.clone().unwrap().port; let publishing_ports = req_data.resource.clone().unwrap().port;
let uuid = req_data.uuid.unwrap_or_default().uuid; let uuid = req_data.uuid.unwrap_or_default().uuid;
let mapped_ports = deploy_enclave(&unarchive_dir, uuid.clone(), publishing_ports).await?; let container_name = format!("dtpm-{uuid}");
let mapped_ports =
deploy_enclave(&unarchive_dir, container_name.clone(), publishing_ports).await?;
let container = Container { let container = Container {
uuid, uuid,
name: "".to_string(), name: container_name,
package_path: unarchive_dir, package_path: unarchive_dir,
status: "running".to_string(), status: "running".to_string(),
admin: req_data.admin_pubkey, admin: req_data.admin_pubkey,
@ -49,4 +51,32 @@ impl DaemonState {
Ok(mapped_ports) Ok(mapped_ports)
} }
pub async fn delete_container(
&mut self,
admin_pubkey: String,
container_uuid: String,
) -> Result<()> {
let Some(container_position) = self
.containers
.iter()
.position(|c| c.uuid == container_uuid)
else {
println!("Container \"{container_uuid}\" not found");
return Err(anyhow!("Container not found"));
};
let container = &self.containers[container_position];
if container.admin != admin_pubkey {
return Err(anyhow!("Unauthorized"));
}
let container_name = format!("dtpm-{}", container.uuid);
delete_enclave(container_name)?;
self.containers.remove(container_position);
Ok(())
}
} }

35
src/grpc.rs
View File

@ -16,7 +16,7 @@ use detee_shared::pb::shared::Container as ContainerPB;
use detee_shared::pb_types::shared::Container as ContainerConfig; use detee_shared::pb_types::shared::Container as ContainerConfig;
use crate::package::handle_package; use crate::utils::handle_package;
use crate::DaemonState; use crate::DaemonState;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
@ -89,6 +89,29 @@ impl DaemonServicePB for DaemonServer {
})); }));
} }
async fn delete_container(
&self,
req: tonic::Request<ContainerFilters>,
) -> Result<tonic::Response<DeleteContainerRes>, tonic::Status> {
let req_data = req.into_inner();
if req_data.container_id.is_none() {
return Err(tonic::Status::data_loss("missing container id"));
}
self.data
.write()
.await
.delete_container(
req_data.admin_pubkey,
req_data.container_id.unwrap_or_default().uuid,
)
.await
.map_err(|err| tonic::Status::internal(err.to_string()))?;
return Ok(tonic::Response::new(DeleteContainerRes {
..Default::default()
}));
}
async fn inspect_container( async fn inspect_container(
&self, &self,
req: tonic::Request<detee_shared::pb::shared::Uuid>, req: tonic::Request<detee_shared::pb::shared::Uuid>,
@ -115,14 +138,4 @@ impl DaemonServicePB for DaemonServer {
..Default::default() ..Default::default()
})); }));
} }
async fn delete_container(
&self,
req: tonic::Request<detee_shared::pb::shared::Uuid>,
) -> Result<tonic::Response<DeleteContainerRes>, tonic::Status> {
dbg!(req);
return Ok(tonic::Response::new(DeleteContainerRes {
..Default::default()
}));
}
} }

3
src/main.rs
View File

@ -1,6 +1,7 @@
pub mod container;
pub mod data; pub mod data;
pub mod grpc; pub mod grpc;
pub mod package; pub mod utils;
pub use data::DaemonState; pub use data::DaemonState;
use std::sync::Arc; use std::sync::Arc;

33
src/package.rs → src/utils.rs
View File

@ -5,7 +5,6 @@ use rand::Rng;
use reqwest::Client; use reqwest::Client;
use std::io::BufReader; use std::io::BufReader;
use std::path::Path; use std::path::Path;
use std::process::Command;
use tar::Archive; use tar::Archive;
use tokio::io::AsyncWriteExt; use tokio::io::AsyncWriteExt;
use tokio::net::TcpListener; use tokio::net::TcpListener;
@ -40,36 +39,6 @@ pub async fn handle_package(package_url: String) -> Result<String> {
Ok(unarchive_dir) Ok(unarchive_dir)
} }
pub async fn deploy_enclave(
enclave_path: &str,
container_name_uuid: String,
publishing_ports: Vec<u32>,
// ...
) -> Result<Vec<(u16, u16)>, Box<dyn std::error::Error>> {
let port_map = prepare_port_map(publishing_ports).await;
let port_maping_string = port_map
.iter()
.map(|(host, container)| format!("-p {host}:{container}"))
.collect::<Vec<_>>()
.join(" ");
println!("Deploying enclave: {:?}", enclave_path);
let docker_deploy_str = format!(
r#"docker run --name dtpm-{container_name_uuid} -v {enclave_path}/enclave_packager:/enclave_packager \
--device /dev/sgx/enclave --device /dev/sgx/provision {port_maping_string} noormohammedb/occlum-enclave:v1"#
);
println!("{}", &docker_deploy_str);
let _child = Command::new("sh")
.arg("-c")
.arg(docker_deploy_str)
.spawn()?;
Ok(port_map)
}
pub async fn download_file(url: &str, file_path: &Path) -> Result<(), Box<dyn std::error::Error>> { pub async fn download_file(url: &str, file_path: &Path) -> Result<(), Box<dyn std::error::Error>> {
let client = Client::new(); let client = Client::new();
let response = client.get(url).send().await?; let response = client.get(url).send().await?;
@ -81,7 +50,7 @@ pub async fn download_file(url: &str, file_path: &Path) -> Result<(), Box<dyn st
Ok(()) Ok(())
} }
async fn prepare_port_map(mut publishing_ports: Vec<u32>) -> Vec<(u16, u16)> { pub async fn prepare_port_map(mut publishing_ports: Vec<u32>) -> Vec<(u16, u16)> {
publishing_ports.insert(0, 34500); publishing_ports.insert(0, 34500);
let mut maped_ports = vec![]; let mut maped_ports = vec![];
for port in publishing_ports { for port in publishing_ports {