Skip to content

Commit

Permalink
feat: add ability to distribute witness through archivista
Browse files Browse the repository at this point in the history 
Support use case of private archivista deployments where getting witness
may be difficult. Also support use case of folks having custom builds of
witness to distribute.

Signed-off-by: Mikhail Swift <[email protected]>
  • Loading branch information
@mikhailswift
mikhailswift committed Feb 7, 2024
1 parent c7fbca6 commit 4c90d90
Show file tree
Hide file tree
Showing 10 changed files with 945 additions and 20 deletions.
4 changes: 3 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ Archivista is configured through environment variables currently.
| ARCHIVISTA_SQL_STORE_CONNECTION_STRING | root:example@tcp(db)/testify | SQL store connection string |
| ARCHIVISTA_STORAGE_BACKEND | | Backend to use for attestation storage. Options are FILE, BLOB, or empty string for disabled. |
| ARCHIVISTA_FILE_SERVE_ON | | What address to serve files on. Only valid when using FILE storage backend. |
| ARCHIVISTA_FILE_DIR | /tmp/archivista/ | Directory to store and serve files. Only valid when using FILE storage backend. |
| ARCHIVISTA_FILE_DIR | /tmp/archivista/ | Directory to store and serve files. Only valid when using FILE storage backend. |
| ARCHIVISTA_BLOB_STORE_ENDPOINT | 127.0.0.1:9000 | URL endpoint for blob storage. Only valid when using BLOB storage backend. |
| ARCHIVISTA_BLOB_STORE_CREDENTIAL_TYPE | | Blob store credential type. Options are IAM or ACCESS_KEY. |
| ARCHIVISTA_BLOB_STORE_ACCESS_KEY_ID | | Blob store access key id. Only valid when using BLOB storage backend. |
Expand All @@ -89,6 +89,8 @@ Archivista is configured through environment variables currently.
| ARCHIVISTA_BLOB_STORE_BUCKET_NAME | | Bucket to use for storage. Only valid when using BLOB storage backend. |
| ARCHIVISTA_ENABLE_GRAPHQL | TRUE | Enable GraphQL Endpoint |
| ARCHIVISTA_GRAPHQL_WEB_CLIENT_ENABLE | TRUE | Enable GraphiQL, the GraphQL web client |
| ARCHIVISTA_ENABLE_WITNESS_DISTRO | FALSE | Enable Witness Distribution Endpoints |
| ARCHIVISTA_WITNESS_DISTRO_CONFIG | /tmp/witness/config.yaml | Location of the config describing available versions of witness |


## Using Archivista
Expand Down
20 changes: 19 additions & 1 deletion cmd/archivista/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ import (
"github.com/in-toto/archivista/internal/objectstorage/blobstore"
"github.com/in-toto/archivista/internal/objectstorage/filestore"
"github.com/in-toto/archivista/internal/server"
"github.com/in-toto/archivista/internal/witnessdistro"
"github.com/minio/minio-go/v7/pkg/credentials"
"github.com/sirupsen/logrus"
)
Expand All @@ -56,6 +57,7 @@ func main() {
defer cancel()

startTime := time.Now()
serverOpts := make([]server.Option, 0)

logrus.Infof("executing phase 1: get config from environment (time since start: %s)", time.Since(startTime))
now := time.Now()
Expand All @@ -81,6 +83,7 @@ func main() {
if err != nil {
logrus.Fatalf("error initializing storage clients: %+v", err)
}
serverOpts = append(serverOpts, server.WithObjectStore(fileStore))

entClient, err := sqlstore.NewEntClient(
cfg.SQLStoreBackend,
Expand All @@ -96,6 +99,7 @@ func main() {
if err != nil {
logrus.Fatalf("error initializing mysql client: %+v", err)
}
serverOpts = append(serverOpts, server.WithMetadataStore(sqlStore))

logrus.WithField("duration", time.Since(now)).Infof("completed phase 3: initializing storage clients")

Expand All @@ -104,9 +108,23 @@ func main() {
// ********************************************************************************
now = time.Now()

// initialize witness distro store
if cfg.EnableWitnessDistro {
wds, err := witnessdistro.New(witnessdistro.WithConfigFile(cfg.WitnessDistroConfig))
if err != nil {
logrus.Fatalf("could not load witness distro store: %+v", err)
}

serverOpts = append(serverOpts, server.WithWitnessDistroStore(wds))
}

// initialize the server
sqlClient := sqlStore.GetClient()
server := server.New(sqlStore, fileStore, cfg, sqlClient)
serverOpts = append(serverOpts, server.WithEntSqlClient(sqlClient))
server, err := server.New(cfg, serverOpts...)
if err != nil {
logrus.Fatalf("could not create archivista server: %+v", err)
}

listenAddress := cfg.ListenOn
listenAddress = strings.ToLower(strings.TrimSpace(listenAddress))
Expand Down
143 changes: 143 additions & 0 deletions docs/docs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,127 @@ const docTemplate = `{
}
}
}
},
"/v1/witness/": {
"get": {
"description": "retrieves details about all available versions of witness",
"produces": [
"application/json"
],
"summary": "Witness List Versions",
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "object",
"additionalProperties": {
"$ref": "#/definitions/witnessdistro.Version"
}
}
},
"400": {
"description": "Bad Request",
"schema": {
"type": "string"
}
},
"500": {
"description": "Internal Server Error",
"schema": {
"type": "string"
}
}
}
}
},
"/v1/witness/{version}": {
"get": {
"description": "retrieves details about a specified version of witness",
"produces": [
"application/json"
],
"summary": "Witness Version Details",
"parameters": [
{
"type": "string",
"description": "version of witness",
"name": "version",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/witnessdistro.Version"
}
},
"400": {
"description": "Bad Request",
"schema": {
"type": "string"
}
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error",
"schema": {
"type": "string"
}
}
}
}
},
"/v1/witness/{version}/{distribution}": {
"get": {
"description": "downloads a specified distribution of witness",
"produces": [
"application/octet-stream"
],
"summary": "Download Witness",
"parameters": [
{
"type": "string",
"description": "version of witness to download",
"name": "version",
"in": "path",
"required": true
},
{
"type": "string",
"description": "distribution of witness to download",
"name": "distribution",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "file"
}
},
"400": {
"description": "Bad Request",
"schema": {
"type": "string"
}
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error",
"schema": {
"type": "string"
}
}
}
}
}
},
"definitions": {
Expand Down Expand Up @@ -255,6 +376,28 @@ const docTemplate = `{
"x-enum-varnames": [
"TimestampRFC3161"
]
},
"witnessdistro.Distribution": {
"type": "object",
"properties": {
"sha256digest": {
"type": "string"
}
}
},
"witnessdistro.Version": {
"type": "object",
"properties": {
"description": {
"type": "string"
},
"distributions": {
"type": "object",
"additionalProperties": {
"$ref": "#/definitions/witnessdistro.Distribution"
}
}
}
}
}
}`
Expand Down
145 changes: 144 additions & 1 deletion docs/swagger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,127 @@
}
}
}
},
"/v1/witness/": {
"get": {
"description": "retrieves details about all available versions of witness",
"produces": [
"application/json"
],
"summary": "Witness List Versions",
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "object",
"additionalProperties": {
"$ref": "#/definitions/witnessdistro.Version"
}
}
},
"400": {
"description": "Bad Request",
"schema": {
"type": "string"
}
},
"500": {
"description": "Internal Server Error",
"schema": {
"type": "string"
}
}
}
}
},
"/v1/witness/{version}": {
"get": {
"description": "retrieves details about a specified version of witness",
"produces": [
"application/json"
],
"summary": "Witness Version Details",
"parameters": [
{
"type": "string",
"description": "version of witness",
"name": "version",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/witnessdistro.Version"
}
},
"400": {
"description": "Bad Request",
"schema": {
"type": "string"
}
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error",
"schema": {
"type": "string"
}
}
}
}
},
"/v1/witness/{version}/{distribution}": {
"get": {
"description": "downloads a specified distribution of witness",
"produces": [
"application/octet-stream"
],
"summary": "Download Witness",
"parameters": [
{
"type": "string",
"description": "version of witness to download",
"name": "version",
"in": "path",
"required": true
},
{
"type": "string",
"description": "distribution of witness to download",
"name": "distribution",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "file"
}
},
"400": {
"description": "Bad Request",
"schema": {
"type": "string"
}
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error",
"schema": {
"type": "string"
}
}
}
}
}
},
"definitions": {
Expand Down Expand Up @@ -247,6 +368,28 @@
"x-enum-varnames": [
"TimestampRFC3161"
]
},
"witnessdistro.Distribution": {
"type": "object",
"properties": {
"sha256digest": {
"type": "string"
}
}
},
"witnessdistro.Version": {
"type": "object",
"properties": {
"description": {
"type": "string"
},
"distributions": {
"type": "object",
"additionalProperties": {
"$ref": "#/definitions/witnessdistro.Distribution"
}
}
}
}
}
}
}
Loading

0 comments on commit 4c90d90

Please sign in to comment.