diff --git a/database/sql/instances.go b/database/sql/instances.go index a85a22e0..d5d2eb87 100644 --- a/database/sql/instances.go +++ b/database/sql/instances.go @@ -17,8 +17,10 @@ package sql import ( "context" "encoding/json" + "fmt" runnerErrors "github.com/cloudbase/garm-provider-common/errors" + "github.com/cloudbase/garm-provider-common/util" "github.com/cloudbase/garm/params" "github.com/google/uuid" @@ -42,6 +44,19 @@ func (s *sqlDatabase) CreateInstance(ctx context.Context, poolID string, param p } } + var secret []byte + if len(param.JitConfiguration) > 0 { + jitConfig, err := json.Marshal(param.JitConfiguration) + if err != nil { + return params.Instance{}, errors.Wrap(err, "marshalling jit config") + } + + secret, err = util.Seal(jitConfig, []byte(s.cfg.Passphrase)) + if err != nil { + return params.Instance{}, fmt.Errorf("failed to encrypt jitconfig: %w", err) + } + } + newInstance := Instance{ Pool: pool, Name: param.Name, @@ -52,6 +67,7 @@ func (s *sqlDatabase) CreateInstance(ctx context.Context, poolID string, param p CallbackURL: param.CallbackURL, MetadataURL: param.MetadataURL, GitHubRunnerGroup: param.GitHubRunnerGroup, + JitConfiguration: secret, AditionalLabels: labels, } q := s.conn.Create(&newInstance) diff --git a/database/sql/models.go b/database/sql/models.go index ac41f031..f33fe9c8 100644 --- a/database/sql/models.go +++ b/database/sql/models.go @@ -155,6 +155,7 @@ type Instance struct { ProviderFault []byte `gorm:"type:longblob"` CreateAttempt int TokenFetched bool + JitConfiguration []byte `gorm:"type:longblob"` GitHubRunnerGroup string AditionalLabels datatypes.JSON diff --git a/database/sql/util.go b/database/sql/util.go index 3f91c573..3930d9c4 100644 --- a/database/sql/util.go +++ b/database/sql/util.go @@ -41,6 +41,16 @@ func (s *sqlDatabase) sqlToParamsInstance(instance Instance) (params.Instance, e } } + var jitConfig map[string]string + if len(instance.JitConfiguration) > 0 { + decrypted, err := util.Unseal(instance.JitConfiguration, []byte(s.cfg.Passphrase)) + if err != nil { + return params.Instance{}, errors.Wrap(err, "decrypting jit config") + } + if err := json.Unmarshal(decrypted, &jitConfig); err != nil { + return params.Instance{}, errors.Wrap(err, "unmarshalling jit config") + } + } ret := params.Instance{ ID: instance.ID.String(), ProviderID: id, @@ -59,6 +69,7 @@ func (s *sqlDatabase) sqlToParamsInstance(instance Instance) (params.Instance, e CreateAttempt: instance.CreateAttempt, UpdatedAt: instance.UpdatedAt, TokenFetched: instance.TokenFetched, + JitConfiguration: jitConfig, GitHubRunnerGroup: instance.GitHubRunnerGroup, AditionalLabels: labels, } diff --git a/params/params.go b/params/params.go index 8844a3e5..eab4a173 100644 --- a/params/params.go +++ b/params/params.go @@ -156,11 +156,12 @@ type Instance struct { GitHubRunnerGroup string `json:"github-runner-group"` // Do not serialize sensitive info. - CallbackURL string `json:"-"` - MetadataURL string `json:"-"` - CreateAttempt int `json:"-"` - TokenFetched bool `json:"-"` - AditionalLabels []string `json:"-"` + CallbackURL string `json:"-"` + MetadataURL string `json:"-"` + CreateAttempt int `json:"-"` + TokenFetched bool `json:"-"` + AditionalLabels []string `json:"-"` + JitConfiguration map[string]string `json:"-"` } func (i Instance) GetName() string { diff --git a/params/requests.go b/params/requests.go index 8b333662..12a2acc3 100644 --- a/params/requests.go +++ b/params/requests.go @@ -138,6 +138,7 @@ type CreateInstanceParams struct { GitHubRunnerGroup string CreateAttempt int `json:"-"` AditionalLabels []string + JitConfiguration map[string]string } type CreatePoolParams struct {