secure-exec-sidecar 0.3.1-rc.3

Native Secure Exec sidecar runtime
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

use secure_exec_kernel::mount_plugin::{
    FileSystemPluginFactory, OpenFileSystemPluginRequest, PluginError,
};
use secure_exec_kernel::mount_table::MountedFileSystem;
use secure_exec_vfs::{FileBlockStore, SqliteMetadataStore};
use serde::Deserialize;
use vfs::adapter::MountedEngineFileSystem;
use vfs::engine::engines::{ChunkedFs, ChunkedFsOptions};
use vfs::engine::CachedMetadataStore;

const DEFAULT_METADATA_CACHE_ENTRIES: usize = 4096;

#[derive(Debug, Clone, Deserialize)]
#[serde(rename_all = "camelCase")]
struct ChunkedLocalMountConfig {
    metadata_path: String,
    block_root: String,
    chunk_size: Option<u32>,
    inline_threshold: Option<usize>,
    uid: Option<u32>,
    gid: Option<u32>,
    file_mode: Option<u32>,
    dir_mode: Option<u32>,
    metadata_cache_entries: Option<usize>,
}

#[derive(Debug)]
pub(crate) struct ChunkedLocalMountPlugin;

impl<Context> FileSystemPluginFactory<Context> for ChunkedLocalMountPlugin {
    fn plugin_id(&self) -> &'static str {
        "chunked_local"
    }

    fn open(
        &self,
        request: OpenFileSystemPluginRequest<'_, Context>,
    ) -> Result<Box<dyn MountedFileSystem>, PluginError> {
        let config: ChunkedLocalMountConfig = serde_json::from_value(request.config.clone())
            .map_err(|error| PluginError::invalid_input(error.to_string()))?;
        if config.metadata_path.trim().is_empty() {
            return Err(PluginError::invalid_input(
                "chunked_local mount requires metadataPath",
            ));
        }
        if config.block_root.trim().is_empty() {
            return Err(PluginError::invalid_input(
                "chunked_local mount requires blockRoot",
            ));
        }

        let chunk_size = config.chunk_size.unwrap_or(vfs::engine::DEFAULT_CHUNK_SIZE);
        if chunk_size == 0 {
            return Err(PluginError::invalid_input(
                "chunked_local mount requires chunkSize to be greater than zero",
            ));
        }
        let inline_threshold = config
            .inline_threshold
            .unwrap_or(vfs::engine::DEFAULT_INLINE_THRESHOLD);
        if inline_threshold > chunk_size as usize {
            return Err(PluginError::invalid_input(
                "chunked_local mount requires inlineThreshold to be less than or equal to chunkSize",
            ));
        }

        let metadata = SqliteMetadataStore::open(config.metadata_path)
            .map_err(|error| PluginError::new(error.code(), error.message().to_owned()))?;
        let metadata = CachedMetadataStore::new(
            metadata,
            config
                .metadata_cache_entries
                .unwrap_or(DEFAULT_METADATA_CACHE_ENTRIES),
        );
        let blocks = FileBlockStore::new(config.block_root)
            .map_err(|error| PluginError::new(error.code(), error.message().to_owned()))?;
        let fs = ChunkedFs::with_options(
            metadata,
            blocks,
            ChunkedFsOptions {
                inline_threshold,
                chunk_size,
                uid: config.uid.unwrap_or(0),
                gid: config.gid.unwrap_or(0),
                file_mode: config.file_mode.unwrap_or(0o644),
                dir_mode: config.dir_mode.unwrap_or(0o755),
            },
        );
        Ok(Box::new(MountedEngineFileSystem::new(fs)?))
    }
}