cdh:golang: Enhance the client tool to support secure mount

Enhance the client tool to support secure mount.

Signed-off-by: ChengyuZhu6 <[email protected]>

confidential-data-hub/golang/cmd/grpc-client/main.go

@@ -5,8 +5,10 @@ package main
 
 import (
 	"context"
+	"encoding/json"
 	"flag"
 	"fmt"
+	"log"
 	"os"
 
 	common "github.com/confidential-containers/guest-components/confidential-data-hub/golang/pkg/core"
@@ -30,8 +32,8 @@ func main() {
 	}
 	defer c.Close()
 
-	// The client currently supports only UnsealSecret operation.
-	// We need to implement the following operations: GetResource, SecureMount, and UnwrapKey.
+	// The client currently supports only UnsealSecret and SecureMount operation.
+	// We need to implement the following operations: GetResource and UnwrapKey.
 	switch common.OperationType {
 	case "UnsealSecret":
 		if common.OperationInterface == "UnsealEnv" {
@@ -49,6 +51,26 @@ func main() {
 			}
 			fmt.Printf("unsealed value from file = %s", unsealedValue)
 		}
+	case "SecureMount":
+		input_file_path := common.OperationInput
+		jsonInput, err := os.ReadFile(input_file_path)
+
+		var storage common.Storage
+
+		// Unmarshal the JSON data into the struct
+		err = json.Unmarshal(jsonInput, &storage)
+		if err != nil {
+			log.Fatalf("Error unmarshaling JSON: %s", err)
+			os.Exit(1)
+		}
+
+		mountPath, err := common.SecureMount(context.Background(), c, storage.VolumeType, storage.Options, storage.Flags, storage.Mountpoint)
+		if err != nil {
+			fmt.Printf("failed to secure mount! err = %v", err)
+			os.Exit(1)
+		}
+		fmt.Printf("Successfully secure mount to %s", mountPath)
+
 	default:
 		fmt.Printf("The operation type %s is not support yet", common.OperationType)
 		os.Exit(1)

confidential-data-hub/golang/cmd/ttrpc-client/main.go

@@ -5,8 +5,10 @@ package main
 
 import (
 	"context"
+	"encoding/json"
 	"flag"
 	"fmt"
+	"log"
 	"os"
 
 	common "github.com/confidential-containers/guest-components/confidential-data-hub/golang/pkg/core"
@@ -31,8 +33,8 @@ func main() {
 	}
 	defer c.Close()
 
-	// The client currently supports only UnsealSecret operation.
-	// We need to implement the following operations: GetResource, SecureMount, and UnwrapKey.
+	// The client currently supports UnsealSecret and SecureMount operation.
+	// We need to implement the following operations: GetResource and UnwrapKey.
 	switch common.OperationType {
 	case "UnsealSecret":
 		if common.OperationInterface == "UnsealEnv" {
@@ -50,6 +52,25 @@ func main() {
 			}
 			fmt.Printf("unsealed value from file = %s", unsealedValue)
 		}
+	case "SecureMount":
+		input_file_path := common.OperationInput
+		jsonInput, err := os.ReadFile(input_file_path)
+
+		var storage common.Storage
+
+		// Unmarshal the JSON data into the struct
+		err = json.Unmarshal(jsonInput, &storage)
+		if err != nil {
+			log.Fatalf("Error unmarshaling JSON: %s", err)
+			os.Exit(1)
+		}
+
+		mountPath, err := common.SecureMount(context.Background(), c, storage.VolumeType, storage.Options, storage.Flags, storage.Mountpoint)
+		if err != nil {
+			fmt.Printf("failed to secure mount! err = %v", err)
+			os.Exit(1)
+		}
+		fmt.Printf("Successfully secure mount to %s", mountPath)
 	default:
 		fmt.Printf("The operation type %s is not support yet", common.OperationType)
 		os.Exit(1)

confidential-data-hub/golang/pkg/core/common.go

@@ -15,6 +15,14 @@ const (
 	SealedSecretPrefix = "sealed."
 )
 
+// Storage is derived from the Rust struct in confidential-data-hub/storage/src/volume_type/mod.rs
+type Storage struct {
+	VolumeType string            `json:"volume_type"`
+	Options    map[string]string `json:"options"`
+	Flags      []string          `json:"flags"`
+	Mountpoint string            `json:"mountpoint"`
+}
+
 // Common interface for clients that can unseal secrets
 type SecretUnsealer interface {
 	UnsealSecret(ctx context.Context, secret string) (string, error)