Skip to content

Commit

Permalink
refine policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@yishi-ttd
yishi-ttd committed Oct 13, 2023
1 parent ab050fd commit a462820
Show file tree
Hide file tree
Showing 5 changed files with 68 additions and 26 deletions.
7 changes: 4 additions & 3 deletions e2e/e2e.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ set -x
# to facilitate local test

# common configs for all enclaves
NGROK_TOKEN=
NGROK_TOKEN=2U9hyPLFDbc8nTny7woMOudqAAN_7HiFVXjjcNiVYcXBD1k5w
CORE_VERSION=2.14.5-SNAPSHOT-default
OPTOUT_VERSION=2.6.18-60727cf243-default

Expand All @@ -12,15 +12,16 @@ TEST_GCP_OIDC=false
IMAGE_HASH=

# Azure CC enclave configs
TEST_AZURE_CC=false
TEST_AZURE_CC=true
# TODO(lun.wang) eventually digest may be derived via IMAGE_HASH, and no need to be explicitly set
AZURE_CC_POLICY_DIGEST=
AZURE_CC_POLICY_DIGEST=3e1f6eb87bd7b73c618cd1522abbb2d3a8a1baf50c10c78a186db347b962e331

# replace below with your local repo root of uid2-core and uid2-optout
CORE_ROOT="../../uid2-core"
OPTOUT_ROOT="../../uid2-optout"

# copy to a different folder in local to avoid data pollution
rm -rf "./e2e-target"
cp -rf "./e2e/" "./e2e-target"

cd ./e2e-target
Expand Down
15 changes: 13 additions & 2 deletions scripts/azure-cc/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,18 @@
# UID2 Operator - Azure Confidential Container package

## Generate deployment ARM
## Generate CCE policy

Note: only `deploymentEnvironment` and `image` need to be specified. Other empty parameters are wildcards.

```
az confcom acipolicygen -a arm-template.json -p template-policy.parameters.json --approve-wildcards -y --debug-mode
```

## Deploy

```
az confcom acipolicygen -a .\arm-template.json -p .\template.parameters.json --debug-mode
RESOURCE_GROUP=uid-enclave-test
az deployment group create --resource-group $RESOURCE_GROUP --name rollout \
--template-file arm-template.json \
--parameters @template.parameters.json
```
26 changes: 13 additions & 13 deletions scripts/azure-cc/arm-template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"containerGroupName": {
"type": "string",
"defaultValue": "uid2-operator",
"metadata": {
Expand All @@ -22,31 +22,31 @@
"description": "ManagedIdentity to launch the container"
}
},
"vault-name": {
"vaultName": {
"type": "string",
"metadata": {
"description": "Vault name"
}
},
"operator-key-secret-name": {
"operatorKeySecretName": {
"type": "string",
"metadata": {
"description": "Operator key secret name"
}
},
"deployment-environment": {
"deploymentEnvironment": {
"type": "string",
"metadata": {
"description": "Deployment environment"
}
},
"core-base-url": {
"coreBaseUrl": {
"type": "string",
"metadata": {
"description": "UID2 core base url override"
}
},
"optout-base-url": {
"optoutBaseUrl": {
"type": "string",
"metadata": {
"description": "UID2 optout base url override"
Expand All @@ -57,7 +57,7 @@
{
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2023-05-01",
"name": "[parameters('name')]",
"name": "[parameters('containerGroupName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "userAssigned",
Expand Down Expand Up @@ -115,23 +115,23 @@
"environmentVariables": [
{
"name": "VAULT_NAME",
"value": "[parameters('vault-name')]"
"value": "[parameters('vaultName')]"
},
{
"name": "OPERATOR_KEY_SECRET_NAME",
"value": "[parameters('operator-key-secret-name')]"
"value": "[parameters('operatorKeySecretName')]"
},
{
"name": "DEPLOYMENT_ENVIRONMENT",
"value": "[parameters('deployment-environment')]"
"value": "[parameters('deploymentEnvironment')]"
},
{
"name": "CORE_BASE_URL",
"value": "[parameters('core-base-url')]"
"value": "[parameters('coreBaseUrl')]"
},
{
"name": "OPTOUT_BASE_URL",
"value": "[parameters('optout-base-url')]"
"value": "[parameters('optoutBaseUrl')]"
}
]
}
Expand All @@ -155,7 +155,7 @@
"outputs": {
"containerIPv4Address": {
"type": "string",
"value": "[reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('name'))).ipAddress.ip]"
"value": "[reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('containerGroupName'))).ipAddress.ip]"
}
}
}
30 changes: 30 additions & 0 deletions scripts/azure-cc/template-policy.parameters.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"containerGroupName": {
"value": ""
},
"image": {
"value": "ghcr.io/iabtechlab/uid2-operator:5.17.12-SNAPSHOT-azure-cc"
},
"identity": {
"value": ""
},
"vaultName": {
"value": ""
},
"operatorKeySecretName": {
"value": ""
},
"deploymentEnvironment": {
"value": "integ"
},
"coreBaseUrl": {
"value": ""
},
"optoutBaseUrl": {
"value": ""
}
}
}
16 changes: 8 additions & 8 deletions scripts/azure-cc/template.parameters.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"containerGroupName": {
"value": "ysh-uid2-operator"
},
"image": {
Expand All @@ -11,20 +11,20 @@
"identity": {
"value": "uid-operator"
},
"vault-name": {
"vaultName": {
"value": "uid-operator"
},
"operator-key-secret-name": {
"operatorKeySecretName": {
"value": "operator-key"
},
"deployment-environment": {
"deploymentEnvironment": {
"value": "integ"
},
"core-base-url": {
"value": "<>"
"coreBaseUrl": {
"value": "https://943b-58-246-6-18.ngrok-free.app"
},
"optout-base-url": {
"value": "<>"
"optoutBaseUrl": {
"value": "https://3272-58-246-6-18.ngrok-free.app"
}
}
}

0 comments on commit a462820

Please sign in to comment.