COCOS-397 - Agent certificate generation via CA service (#410)

* Initial commit, will be tested before creating a PR * Initial commit, will be tested before creating a PR * Fixed all issues * Initial commit, will be tested before creating a PR * Updated agent docs * Fixed based on comments * Fixed based on comments * Initial commit, will be tested before creating a PR * Updated agent docs * Fixed based on comments * Fixed based on comments * added certificate verification * Initial commit, will be tested before creating a PR * Fixed all issues * Initial commit, will be tested before creating a PR * Initial commit, will be tested before creating a PR * Updated agent docs * Fixed based on comments * Fixed based on comments * added certificate verification * Fixed rebase errors * Fixed proto issues * fixed proto issues * Fixed format error * Fixed based on comments * NOISSUE - Simplify local agent running in non sev-snp environment (#411) * Add vtpm attestation support to agent service and server Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Update mockery version to v2.53.2 and refactor VM factory to include logger Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Send event notification when computation is stopped in agentService Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Remove redundant assignment of Stderr in qemuVM Start method Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Rename SVM references to CVM in tracing, logging, metrics, and service layers Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Bump github.com/docker/docker (#416) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.0.1+incompatible to 28.0.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.0.1...v28.0.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#412) Bumps google.golang.org/protobuf from 1.36.5 to 1.36.6. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * COCOS-393 - Disable SSH service and update user shell in cloud config (#396) * Disable SSH service and update user shell in cloud config Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Remove SSH server and clean up dependencies in cloud config Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Add firewall configuration and ensure iptables rules persist after reboot Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Add algo_user configuration and setup script for container execution Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> * Initial commit, will be tested before creating a PR * Fixed all issues * Initial commit, will be tested before creating a PR * Initial commit, will be tested before creating a PR * Fixed based on comments * Fixed based on comments * added certificate verification * Initial commit, will be tested before creating a PR * Fixed all issues * Initial commit, will be tested before creating a PR * Initial commit, will be tested before creating a PR * Fixed based on comments * Fixed rebase errors * Fixed format error * Fixed based on comments * Fixed rebase errors --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-23 04:10:25 +00:00 · 2025-04-02 16:52:57 +02:00
parent 12a20c74f7
commit ec306c72b9
14 changed files with 412 additions and 131 deletions
@@ -5,11 +5,13 @@ package main
 import (
 	"context"
 	"encoding/pem"
+	"flag"
 	"fmt"
 	"log"
 	"log/slog"
 	"os"
 	"strconv"
+	"strings"

 	mglog "github.com/absmach/magistrala/logger"
 	"github.com/caarlos0/env/v11"
@@ -32,10 +34,14 @@ const (
 )

 var (
-	algoPath    = "./test/manual/algo/lin_reg.py"
-	dataPaths   []string
-	attestedTLS = false
-	pubKeyFile  string
+	algoPath          string
+	dataPathString    string
+	dataPaths         []string
+	attestedTLSString string
+	attestedTLS       bool
+	pubKeyFile        string
+	caUrl             string
+	cvmId             string
 )

 type svc struct {
@@ -95,19 +101,65 @@ func (s *svc) Run(ctx context.Context, ipAddress string, sendMessage cvmsgrpc.Se
 }

 func main() {
-	if len(os.Args) < 4 {
-		log.Fatalf("usage: %s <algo-path> <public-key-path> <attested-tls-bool> <data-paths>", os.Args[0])
-	}
-	algoPath = os.Args[1]
-	pubKeyFile = os.Args[2]
-	attestedTLSParam, err := strconv.ParseBool(os.Args[3])
-	if err != nil {
-		log.Fatalf("usage: %s <algo-path> <public-key-path> <attested-tls-bool> <data-paths>, <attested-tls-bool> must be a bool value", os.Args[0])
-	}
-	attestedTLS = attestedTLSParam
+	flagSet := flag.NewFlagSet("tests/cvms/main.go", flag.ContinueOnError)
+	flagSet.StringVar(&algoPath, "algo-path", "", "Path to the algorithm")
+	flagSet.StringVar(&pubKeyFile, "public-key-path", "", "Path to the public key file")
+	flagSet.StringVar(&attestedTLSString, "attested-tls-bool", "", "Should aTLS be used, must be 'true' or 'false'")
+	flagSet.StringVar(&dataPathString, "data-paths", "", "Paths to data sources, list of string separated with commas")
+	flagSet.StringVar(&caUrl, "ca-url", "", "URL for certificate authority, must be specified if aTLS is used")
+	flagSet.StringVar(&cvmId, "cvm-id", "", "UUID for a CVM, must be specified if aTLS is used")

-	for i := 4; i < len(os.Args); i++ {
-		dataPaths = append(dataPaths, os.Args[i])
+	flagSetParseError := flagSet.Parse(os.Args[1:])
+	if flagSetParseError != nil {
+		log.Fatalf("Error parsing flagas: %v", flagSetParseError)
+	}
+
+	parsingError := !flagSet.Parsed()
+	var parsingErrorString strings.Builder
+
+	parsingErrorString.WriteString("\n")
+
+	if algoPath == "" {
+		parsingErrorString.WriteString("Algorithm path is required\n")
+		parsingError = true
+	}
+
+	if pubKeyFile == "" {
+		parsingErrorString.WriteString("Public key path is required\n")
+		parsingError = true
+	}
+
+	attestedTLSBoolValue, err := strconv.ParseBool(attestedTLSString)
+	if err != nil {
+		parsingErrorString.WriteString("Attested TLS flag is required and it must be a boolean value\n")
+		parsingError = true
+		attestedTLS = false
+	} else {
+		attestedTLS = attestedTLSBoolValue
+	}
+
+	if dataPathString == "" {
+		parsingErrorString.WriteString("Date source paths are required\n")
+		parsingError = true
+	} else {
+		dataPaths = strings.Split(dataPathString, ",")
+	}
+
+	if err == nil && attestedTLS && caUrl == "" {
+		parsingErrorString.WriteString("CA URL is required if attested TLS is used\n")
+		parsingError = true
+	}
+
+	if err == nil && attestedTLS && cvmId == "" {
+		parsingErrorString.WriteString("CVM UUID is required if attested TLS is used\n")
+		parsingError = true
+	}
+
+	if parsingError {
+		parsingErrorString.WriteString("Usage :\n")
+		flagSet.SetOutput(&parsingErrorString)
+		flagSet.PrintDefaults()
+		log.Fatal(parsingErrorString.String())
 	}

 	ctx, cancel := context.WithCancel(context.Background())
@@ -139,7 +191,7 @@ func main() {
 		return
 	}

-	gs := grpcserver.New(ctx, cancel, svcName, grpcServerConfig, registerAgentServiceServer, logger, nil, nil)
+	gs := grpcserver.New(ctx, cancel, svcName, grpcServerConfig, registerAgentServiceServer, logger, nil, nil, caUrl, cvmId)

 	g.Go(func() error {
 		return gs.Start()