Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert moving KMS into CDH #928

Merged
merged 1 commit into from
Mar 7, 2025
Merged

Revert moving KMS into CDH #928

merged 1 commit into from
Mar 7, 2025

Conversation

fitzthum
Copy link
Member

See discussion here

I also included a commit from #922 so that I could successfully rebuild the lock file. I will drop that soon.

I had to massage a few things with the hub Cargo.toml.

I am open to other approaches here, but I am going to use this locally at least to keep moving on the multi-device work, which requires me to bump guest-components in Trustee.

@fitzthum fitzthum requested a review from a team as a code owner February 25, 2025 19:44
@fitzthum fitzthum changed the title Revert moving KBS into CDH Revert moving KMS into CDH Feb 25, 2025
@mythi
Copy link
Contributor

mythi commented Feb 26, 2025

I am open to other approaches here,

This is probably the best approach. I hacked confidential-data-hub a bit to get the dependencies cleaned up for Trustee update but could not get that to work easily. That could be an alternative.

In addition to the revert, we could think about dropping ehsm since the upstream is no longer maintained.

@fitzthum
Copy link
Member Author

cc @mkulke

@fitzthum fitzthum force-pushed the revert-kms branch 2 times, most recently from a7f9fa4 to 96aff63 Compare February 27, 2025 18:27
portersrc
portersrc approved these changes Mar 7, 2025
View reviewed changes
Copy link
Member

@portersrc portersrc left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm for now
I had to rebase the mesh PR on this in order to move forward

mkulke
mkulke approved these changes Mar 7, 2025
View reviewed changes
Copy link
Contributor

@mkulke mkulke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. retriggered the failing s390x job

@fitzthum
Copy link
Member Author

fitzthum commented Mar 7, 2025

Rebasing

@fitzthum
Revert "cdh: move kms crate to cdh module"
b33bec6 
We use the KMS crate outside of the guest-components. Specifically, we
use some of this functionality in Trustee as part of resource backends
that use KMSes.

We could potentially adjust Trustee to import the CDH and use the KMSes
from there, but Trustee doesn't need anything else from the CDH.

It probably does make sense to have the KMS logic in its own crate,
hence revert the change that brough it into the CDH.

This reverts commit 3ab8129.

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
@fitzthum fitzthum merged commit 4b8d0d8 into confidential-containers:main Mar 7, 2025
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkulke mkulke mkulke approved these changes

@portersrc portersrc portersrc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fitzthum @mythi @mkulke @portersrc