Merge branch 'main' into pr/acond/mount-fstab

intel · Jun 28, 2024 · 7ded835 · 7ded835
2 parents da35cd9 + 2305b50
commit 7ded835
Show file tree

Hide file tree

Showing 26 changed files with 2,354 additions and 509 deletions.
diff --git a/aconcli/cmd/common.go b/aconcli/cmd/common.go
@@ -19,6 +19,7 @@ var (
 	env              []string
 	cid              uint32
 	timeout          uint64
+	nologin          bool
 	supportHashAlgo  = []string{"sha384", "sha512"}
 	errorNoRepoFound = errors.New("No ACON repository found. May use 'aconcli init' to create one")
 	errorRepoExists  = errors.New("ACON repository already exists")

diff --git a/aconcli/cmd/invoke.go b/aconcli/cmd/invoke.go
@@ -39,9 +39,12 @@ capital letter.
 }
 
 func invoke(args []string) error {
-	c, err := service.NewAconHttpConnWithOpts(vmConnTarget,
-		service.OptDialTLSContextInsecure(),
-		service.OptTimeout(service.DefaultServiceTimeout+time.Duration(timeout)*time.Second))
+	opts := []service.Opt{service.OptDialTLSContextInsecure(),
+		service.OptTimeout(service.DefaultServiceTimeout + time.Duration(timeout)*time.Second)}
+	if nologin {
+		opts = append(opts, service.OptNoAuth())
+	}
+	c, err := service.NewAconHttpConnWithOpts(vmConnTarget, opts...)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Invoke: cannot connect to %s: %v\n", vmConnTarget, err)
 		return err

diff --git a/aconcli/cmd/kill.go b/aconcli/cmd/kill.go
@@ -40,7 +40,11 @@ func kill(args []string) error {
 		fmt.Fprintf(os.Stderr, "Kill: cannot get signal number from %s: %v\n", args[0], err)
 		return err
 	}
-	c, err := service.NewAconHttpConnWithOpts(vmConnTarget, service.OptDialTLSContextInsecure())
+	opts := []service.Opt{service.OptDialTLSContextInsecure()}
+	if nologin {
+		opts = append(opts, service.OptNoAuth())
+	}
+	c, err := service.NewAconHttpConnWithOpts(vmConnTarget, opts...)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Kill: cannot connect to %s: %v\n", vmConnTarget, err)
 		return err

diff --git a/aconcli/cmd/login.go b/aconcli/cmd/login.go
@@ -0,0 +1,45 @@
+// Copyright © 2023 Intel Corporation
+
+package cmd
+
+import (
+	"fmt"
+	"os/user"
+
+	"aconcli/service"
+	"github.com/spf13/cobra"
+)
+
+var loginCmd = &cobra.Command{
+	Use:     "login",
+	Short:   "log in the ACON TD/VM",
+	GroupID: "runtime",
+	Long: `
+Log in the specified ACON TD/VM for the current user.
+`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return login()
+	},
+}
+
+func login() error {
+	c, err := service.NewAconHttpConnWithOpts(vmConnTarget, service.OptDialTLSContextInsecure())
+	if err != nil {
+		return fmt.Errorf("Login: cannot connect to %s: %v", vmConnTarget, err)
+	}
+	user, err := user.Current()
+	if err != nil {
+		return fmt.Errorf("Login: cannot get the current user: %v", err)
+	}
+	if err := c.Login(user.Uid); err != nil {
+		return fmt.Errorf("Login: cannot call 'login' service: %v", err)
+	}
+	return nil
+}
+
+func init() {
+	rootCmd.AddCommand(loginCmd)
+	loginCmd.Flags().StringVarP(&vmConnTarget, "connect", "c", "",
+		"protocol/address of the ACON TD/VM")
+	loginCmd.MarkFlagRequired("connect")
+}
diff --git a/aconcli/cmd/logout.go b/aconcli/cmd/logout.go
@@ -0,0 +1,46 @@
+// Copyright © 2023 Intel Corporation
+
+package cmd
+
+import (
+	"fmt"
+	"os/user"
+
+	"aconcli/service"
+	"github.com/spf13/cobra"
+)
+
+var logoutCmd = &cobra.Command{
+	Use:     "logout",
+	Short:   "log out the ACON TD/VM",
+	GroupID: "runtime",
+	Long: `
+Log out the specified ACON TD/VM for the current user. If not logged in,
+this command has no effect.
+`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return logout()
+	},
+}
+
+func logout() error {
+	c, err := service.NewAconHttpConnWithOpts(vmConnTarget, service.OptDialTLSContextInsecure())
+	if err != nil {
+		return fmt.Errorf("Logout: cannot connect to %s: %v", vmConnTarget, err)
+	}
+	user, err := user.Current()
+	if err != nil {
+		return fmt.Errorf("Logout: cannot get the current user: %v", err)
+	}
+	if err := c.Logout(user.Uid); err != nil {
+		return fmt.Errorf("Logout: cannot call 'logout' service: %v", err)
+	}
+	return nil
+}
+
+func init() {
+	rootCmd.AddCommand(logoutCmd)
+	logoutCmd.Flags().StringVarP(&vmConnTarget, "connect", "c", "",
+		"protocol/address of the ACON TD/VM")
+	logoutCmd.MarkFlagRequired("connect")
+}
diff --git a/aconcli/cmd/report.go b/aconcli/cmd/report.go
@@ -97,7 +97,11 @@ ACON TDs/VMs and ACON containers running in them.
 }
 
 func getReport(args []string) error {
-	c, err := service.NewAconHttpConnWithOpts(vmConnTarget, service.OptDialTLSContextInsecure())
+	opts := []service.Opt{service.OptDialTLSContextInsecure()}
+	if nologin {
+		opts = append(opts, service.OptNoAuth())
+	}
+	c, err := service.NewAconHttpConnWithOpts(vmConnTarget, opts...)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Report: cannot connect to %s: %v\n", vmConnTarget, err)
 		return err

diff --git a/aconcli/cmd/restart.go b/aconcli/cmd/restart.go
@@ -32,9 +32,12 @@ ACON containers running in them.
 }
 
 func restart(args []string) error {
-	c, err := service.NewAconHttpConnWithOpts(vmConnTarget,
-		service.OptDialTLSContextInsecure(),
-		service.OptTimeout(service.DefaultServiceTimeout+time.Duration(timeout)*time.Second))
+	opts := []service.Opt{service.OptDialTLSContextInsecure(),
+		service.OptTimeout(service.DefaultServiceTimeout + time.Duration(timeout)*time.Second)}
+	if nologin {
+		opts = append(opts, service.OptNoAuth())
+	}
+	c, err := service.NewAconHttpConnWithOpts(vmConnTarget, opts...)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Restart: cannot connect to %s: %v\n", vmConnTarget, err)
 		return err

diff --git a/aconcli/cmd/root.go b/aconcli/cmd/root.go
@@ -23,4 +23,5 @@ func init() {
 		&cobra.Group{"image", "ACON Image and Image Repo Commands:"},
 		&cobra.Group{"runtime", "ACON TD/VM and Container Commands:"})
 	rootCmd.PersistentFlags().StringVarP(&targetDir, "directory", "C", "", "change working directory before performing any operations")
+	rootCmd.PersistentFlags().BoolVar(&nologin, "nologin", false, "if set, login as an anonymous user")
 }
diff --git a/aconcli/cmd/run.go b/aconcli/cmd/run.go
@@ -9,6 +9,7 @@ import (
 	"log"
 	"os"
 	"os/exec"
+	"os/user"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -31,6 +32,8 @@ var (
 	startfile    string
 	vmConnTarget string
 	finalize     bool
+	vmuser       string
+	httpsProxy   string
 )
 
 var runCmd = &cobra.Command{
@@ -151,7 +154,12 @@ func loadAll(c service.AconClient, r *repo.Repo,
 
 // caller needs to close the connection
 func connect(conn string) (*service.AconClientHttp, error) {
-	return service.NewAconHttpConnWithOpts(conn, service.OptDialTLSContextInsecure())
+	if vmuser != "" {
+		return service.NewAconHttpConnWithOpts(conn, service.OptDialTLSContextInsecure())
+	} else {
+		return service.NewAconHttpConnWithOpts(conn, service.OptDialTLSContextInsecure(),
+			service.OptNoAuth())
+	}
 }
 
 func prepareEnvVsock() string {
@@ -194,6 +202,14 @@ func run(args []string) error {
 			prepareEnvTcp(string(vmConnTarget[1:]))
 		}
 
+		if vmuser != "" {
+			os.Setenv("ATD_KPARAMS",
+				strings.TrimSpace(os.Getenv("ATD_KPARAMS")+" acond.openid_user="+vmuser))
+		}
+		if httpsProxy != "" {
+			os.Setenv("ATD_KPARAMS",
+				strings.TrimSpace(os.Getenv("ATD_KPARAMS")+" acond.https_proxy="+httpsProxy))
+		}
 		var err error
 		cmd, err = vm.StartVM(startfile, debug, append(os.Environ(), config.AconVmEnvTag+vmConnTarget))
 		if err != nil {
@@ -223,6 +239,17 @@ func run(args []string) error {
 			return err
 		}
 
+		if vmuser != "" {
+			user, err := user.Current()
+			if err != nil {
+				return fmt.Errorf("Run: cannot get the current user: %v", err)
+			}
+			if err := c.Login(user.Uid); err != nil {
+				return fmt.Errorf("Run: cannot login as user %s: %v", user.Uid, err)
+			} else {
+				log.Println("Successfully login")
+			}
+		}
 		var bundles []*repo.Bundle
 		if len(manifests) > 0 {
 			// specific manifests
@@ -283,4 +310,11 @@ func init() {
 
 	runCmd.Flags().BoolVar(&finalize, "finalize", true,
 		"finalize the process of loading images to ACON TD/VM")
+
+	runCmd.Flags().StringVarP(&vmuser, "user", "u", "",
+		"user ID for OpenID authentication")
+
+	runCmd.Flags().StringVarP(&httpsProxy, "proxy", "p", "",
+		"http proxy for ACON VM")
+
 }
diff --git a/aconcli/cmd/shutdown.go b/aconcli/cmd/shutdown.go
@@ -53,7 +53,11 @@ func stopAcon(c service.AconClient, id uint32) error {
 }
 
 func stopAconInVM(conn string, ids []uint32) error {
-	c, err := service.NewAconHttpConnWithOpts(conn, service.OptDialTLSContextInsecure())
+	opts := []service.Opt{service.OptDialTLSContextInsecure()}
+	if nologin {
+		opts = append(opts, service.OptNoAuth())
+	}
+	c, err := service.NewAconHttpConnWithOpts(conn, opts...)
 	if err != nil {
 		return fmt.Errorf("cannot connect to %s: %v\n", conn, err)
 	}

diff --git a/aconcli/cmd/status.go b/aconcli/cmd/status.go
@@ -33,7 +33,11 @@ them.
 }
 
 func getAllStatus(target string) ([]service.AconStatus, error) {
-	c, err := service.NewAconHttpConnWithOpts(target, service.OptDialTLSContextInsecure())
+	opts := []service.Opt{service.OptDialTLSContextInsecure()}
+	if nologin {
+		opts = append(opts, service.OptNoAuth())
+	}
+	c, err := service.NewAconHttpConnWithOpts(target, opts...)
 	if err != nil {
 		return nil, err
 	}

diff --git a/aconcli/service/aconclient_grpc.go b/aconcli/service/aconclient_grpc.go
@@ -15,7 +15,7 @@ import (
 )
 
 const (
-	DefaultServiceTimeout = 10 * time.Second
+	DefaultServiceTimeout = 60 * time.Second
 )
 
 type AconClientGrpc struct {
-Original file line number
+Diff line change
@@ Expand Up / @@ -15,7 +15,7 @@ import ( @@
     )
     const (
-    	DefaultServiceTimeout = 10 * time.Second
+    	DefaultServiceTimeout = 60 * time.Second
     )
     type AconClientGrpc struct {
@@ Expand Down @@