forked from confidential-containers/guest-components
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cdh:golang: Add README for cdh go client
Add README for cdh go client. Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
- Loading branch information
Showing
1 changed file
with
63 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| # Confidential Data Hub Golang Client | ||
|
|
||
| ## Overview | ||
| This offers a streamlined client interface for engaging with Confidential Data Hub (`CDH`) through both gRPC and TTRPC protocols. Used for integration into Go-based projects, it’s ideal for applications like the Node Resource Interface (`NRI`) or image verifiers plugins in containerd. Furthermore, it can be compiled into a client binary for direct interaction with `CDH`. | ||
|
|
||
| ## Getting Started | ||
|
|
||
| ### Usage as library | ||
|
|
||
| Import the package into your Go project: | ||
|
|
||
| ```go | ||
| //common interface | ||
| import common "github.com/confidential-containers/guest-components/confidential-data-hub/golang/pkg/core" | ||
|
|
||
| //grpc package | ||
| import cdhgrpcapi "github.com/confidential-containers/guest-components/confidential-data-hub/golang/pkg/grpc" | ||
| //ttrpc package | ||
| import cdhttrpcapi "github.com/confidential-containers/guest-components/confidential-data-hub/golang/pkg/ttrpc" | ||
| ``` | ||
|
|
||
| Create a new client instance: | ||
|
|
||
| ```go | ||
| //cdh grpc client | ||
| c, err := cdhgrpcapi.CreateCDHGrpcClient("127.0.0.1:8043") | ||
|
|
||
| //cdh ttrpc client | ||
| c, err := cdhttrpcapi.CreateCDHTtrpcClient("/run/confidential-containers/cdh.sock") | ||
| ``` | ||
|
|
||
| Interact with `CDH` using the client, for example : | ||
| ```go | ||
| unsealedValue, err := common.UnsealEnv(ctx, c, sealedSecret) | ||
| ``` | ||
|
|
||
| ### Usage as binary | ||
|
|
||
| Build and Install the binary, such as: | ||
| ```bash | ||
| $ make RPC=grpc | ||
| Building Go binaries... | ||
| GOARCH=amd64 go build -o bin/cdh-go-client ./cmd/grpc-client | ||
| $ sudo make install | ||
| Installing binaries... | ||
| install -D -m0755 bin/cdh-go-client /usr/local/bin | ||
| ``` | ||
|
|
||
| Interact with CDH using the binary, such as get sealed secret: | ||
| ```bash | ||
| $ cdh-go-client -o UnsealSecret -I UnsealEnv -socket "127.0.0.1:8043" -i sealed.fakeheader.ewogICJ2ZXJzaW9uIjogIjAuMS4wIiwKICAidHlwZSI6ICJ2YXVsdCIsCiAgIm5hbWUiOiAia2JzOi8vL2RlZmF1bHQvdHlwZS90YWciLAogICJwcm92aWRlciI6ICJrYnMiLAogICJwcm92aWRlcl9zZXR0aW5ncyI6IHt9LAogICJhbm5vdGF0aW9ucyI6IHt9Cn0K.fakesignature | ||
| Client rpc type: grpc | ||
| unsealed value from env = that's the unsealed secret | ||
| ``` | ||
| or get sealed secret from file: | ||
| ```bash | ||
| $ cat <<EOF > sealedsecretfile | ||
| sealed.fakeheader.ewogICJ2ZXJzaW9uIjogIjAuMS4wIiwKICAidHlwZSI6ICJ2YXVsdCIsCiAgIm5hbWUiOiAia2JzOi8vL2RlZmF1bHQvdHlwZS90YWciLAogICJwcm92aWRlciI6ICJrYnMiLAogICJwcm92aWRlcl9zZXR0aW5ncyI6IHt9LAogICJhbm5vdGF0aW9ucyI6IHt9Cn0K.fakesignature | ||
| EOF | ||
| $ cdh-go-client -o UnsealSecret -I UnsealFile -socket "127.0.0.1:8043" -i sealedsecretfile | ||
| Client rpc type: grpc | ||
| unsealed value from file = that's the unsealed secret | ||
| ``` |