Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / e4a4ce1dbbc8abc8a0817f80fcb27437a9e6ca63^! / . / metropolis / cli / metroctl
commite4a4ce1dbbc8abc8a0817f80fcb27437a9e6ca63[log] [tgz]
authorSerge Bazanski <serge@monogon.tech>Wed Mar 22 18:29:54 2023 +0100
committerSerge Bazanski <serge@monogon.tech>Mon Apr 17 09:14:54 2023 +0000
tree1d2fc878f2e74e1e077dd8848c983c00e6ffcb6d
parent5df62bae21bd89f15321a54a33a2ff59f5cbdce8 [diff]
metropolis: finish implementing TPMMode

This wraps up the implementation of TPMMode in ClusterConfiguration,
allowing operators to select whether nodes should or should not use
their TPM, based on local availability.

We keep the default behaviour to require a TPM, as we'd like to be
secure by default.

Change-Id: Ic8ac76d88ecc9de51f58ca99c92daede79d78ad7
Reviewed-on: https://review.monogon.dev/c/monogon/+/1495
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

diff --git a/metropolis/cli/metroctl/table_node.go b/metropolis/cli/metroctl/table_node.go
index e58ad32..6e74682 100644
--- a/metropolis/cli/metroctl/table_node.go
+++ b/metropolis/cli/metroctl/table_node.go

@@ -7,6 +7,7 @@
 
 	"source.monogon.dev/metropolis/node/core/identity"
 	apb "source.monogon.dev/metropolis/proto/api"
+	cpb "source.monogon.dev/metropolis/proto/common"
 )
 
 func nodeEntry(n *apb.Node) entry {
@@ -32,6 +33,17 @@
 	sort.Strings(roles)
 	res.add("roles", strings.Join(roles, ","))
 
+	tpm := "unk"
+	switch n.TpmUsage {
+	case cpb.NodeTPMUsage_NODE_TPM_PRESENT_AND_USED:
+		tpm = "yes"
+	case cpb.NodeTPMUsage_NODE_TPM_PRESENT_BUT_UNUSED:
+		tpm = "unused"
+	case cpb.NodeTPMUsage_NODE_TPM_NOT_PRESENT:
+		tpm = "no"
+	}
+	res.add("tpm", tpm)
+
 	tshs := n.TimeSinceHeartbeat.GetSeconds()
 	res.add("heartbeat", fmt.Sprintf("%ds", tshs))
 

diff --git a/metropolis/cli/metroctl/test/test.go b/metropolis/cli/metroctl/test/test.go
index 064390b..ea3bee2 100644
--- a/metropolis/cli/metroctl/test/test.go
+++ b/metropolis/cli/metroctl/test/test.go

@@ -237,10 +237,10 @@
 			line := scanner.Text()
 			t.Logf("Line: %q", line)
 
-			var onid, ostate, onaddr, onstatus, onroles string
+			var onid, ostate, onaddr, onstatus, onroles, ontpm string
 			var ontimeout int
 
-			_, err = fmt.Sscanf(line, "%s%s%s%s%s%ds", &onid, &ostate, &onaddr, &onstatus, &onroles, &ontimeout)
+			_, err = fmt.Sscanf(line, "%s%s%s%s%s%s%ds", &onid, &ostate, &onaddr, &onstatus, &onroles, &ontpm, &ontimeout)
 			if err != nil {
 				return fmt.Errorf("while parsing metroctl output: %v", err)
 			}
@@ -259,6 +259,9 @@
 			if want, got := "ConsensusMember,KubernetesController", onroles; want != got {
 				return fmt.Errorf("node role mismatch: wanted %q, got %q", want, got)
 			}
+			if want, got := "yes", ontpm; want != got {
+				return fmt.Errorf("node tpm mismatch: wanted %q, got %q", want, got)
+			}
 			if ontimeout < 0 || ontimeout > 30 {
 				return fmt.Errorf("node timeout mismatch")
 			}