From de764c330e3a3f0306d47f7a1b5b3138e9106a06 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Thu, 1 Jun 2023 09:58:56 -0300 Subject: [PATCH 2/2] templates: Fix mapping and adjust for Rust agent The Rust Keylime agent does not set take ownership or set the TPM owner password. For this reason, the default value for tpm_ownerpassword should be the empty string "". Also, the agent does not support lists in the format specified for the Python agent (i.e. a Python list such as ["string_a", "string_b"]. For this reason, the adjust script should instead remove the square brackets and make the strings to be separated with a comma. Signed-off-by: Anderson Toshiyuki Sasaki --- templates/2.0/adjust.py | 49 ++++++++++++++++++++++++++++++++++---- templates/2.0/mapping.json | 4 ++-- 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/templates/2.0/adjust.py b/templates/2.0/adjust.py index c1e582a..1aa5702 100644 --- a/templates/2.0/adjust.py +++ b/templates/2.0/adjust.py @@ -62,10 +62,6 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u # Dictionary defining values to convert to lists tolist = { - "agent": [ - "trusted_client_ca", - "revocation_actions", - ], "verifier": [ "trusted_server_ca", "severity_labels", @@ -84,6 +80,12 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u "registrar": ["trusted_client_ca"], } + mergelist = { + "agent": [ + "revocation_actions", + ] + } + for section in config: try: config_version = str_to_version(config[section].get("version", "1.0")) @@ -151,6 +153,45 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u print(f"[{section}] For option '{option}', converted '{value}' to " f"'{config[section][option]}'") + # This is a special treatment to make lists compatible with the Rust agent + if section in mergelist: + for option in mergelist[section]: + if section in config and option in config[section]: + # Get raw string value + value = config[section][option].strip(' "') + + if value == "default": + continue + + l = [] + try: + v = ast.literal_eval(value) + # If the value in the config was already a list, continue + if isinstance(v, list): + l = v + # If the value in the config was tuple + elif isinstance(v, tuple): + l = list(v) + + except Exception as e: + print( + f"[{section}] In option '{option}', failed to parse " + f"'{value}' as python type, trying manual splitting" + ) + + # Eliminate surrounding spaces and brackets, if present + v = value.strip("[ ]").split(",") + + # Eliminate surrounding quotes and blank spaces from each element + v = map(lambda x: x.strip(' "'), v) + + # Remove empty strings + l = list(filter(lambda x: (x != ""), v)) + + config[section][option] = ",".join(l) + + print(f"[{section}] For option '{option}', converted '{value}' to '{config[section][option]}'") + # Other special adjustments # Convert agent boolean values to lower case (for TOML output) diff --git a/templates/2.0/mapping.json b/templates/2.0/mapping.json index 62e8538..fd8519e 100644 --- a/templates/2.0/mapping.json +++ b/templates/2.0/mapping.json @@ -100,7 +100,7 @@ "tpm_ownerpassword": { "section": "cloud_agent", "option": "tpm_ownerpassword", - "default": "keylime" + "default": "" }, "extract_payload_zip": { "section": "cloud_agent", @@ -120,7 +120,7 @@ "revocation_actions": { "section": "cloud_agent", "option": "revocation_actions", - "default": "[]" + "default": "" }, "payload_script": { "section": "cloud_agent", -- 2.39.2