ipc_server.rs: extract the logic that creates services to a function.

Our orchestrator creates another service to our workload. We are exporting the service on the same UDS socket. Rust doesn't allow us to reuse the UDS after binding. We will call create_services(), and add it to the same server exporting our service. Also, give visiblity to oak_proto_rust/grpc as we need to use: oak_grpc::oak::containers::orchestrator_server::OrchestratorServer; use oak_grpc::oak::containers::v1::orchestrator_crypto_server::OrchestratorCryptoServer; Bug: b/344012112 Change-Id: I3b7842a23d9fa4a18aed58e5cad0f0f6bd1ff257
project-oak · Oct 18, 2024 · 209bc17 · 209bc17
1 parent 5bbf058
commit 209bc17
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 10 deletions.
diff --git a/oak_containers/orchestrator/src/ipc_server.rs b/oak_containers/orchestrator/src/ipc_server.rs
@@ -164,15 +164,14 @@ pub async fn create<P>(
 where
     P: AsRef<std::path::Path> + Clone,
 {
-    let service_instance = ServiceImplementation {
-        // TODO(#4442): Remove once apps use the new crypto service.
-        application_config,
-        launcher_client,
+    let (service_instance, crypto_service_instance) = create_services(
         evidence,
         endorsements,
-    };
-    let crypto_service_instance = CryptoService::new(instance_keys, group_keys);
-
+        instance_keys,
+        group_keys,
+        application_config,
+        launcher_client,
+    );
     let uds = UnixListener::bind(socket_address.clone())
         .context("could not bind to the supplied address")?;
     let uds_stream = UnixListenerStream::new(uds);
@@ -182,10 +181,32 @@ where
     set_permissions(socket_address, Permissions::from_mode(0o666)).await?;
 
     Server::builder()
-        .add_service(OrchestratorServer::new(service_instance))
-        .add_service(OrchestratorCryptoServer::new(crypto_service_instance))
+        .add_service(service_instance)
+        .add_service(crypto_service_instance)
         .serve_with_incoming_shutdown(uds_stream, cancellation_token.cancelled())
         .await?;
 
     Ok(())
 }
+
+pub fn create_services(
+    evidence: Evidence,
+    endorsements: Endorsements,
+    instance_keys: InstanceKeys,
+    group_keys: Arc<GroupKeys>,
+    application_config: Vec<u8>,
+    launcher_client: Arc<LauncherClient>,
+) -> (OrchestratorServer<ServiceImplementation>, OrchestratorCryptoServer<CryptoService>) {
+    let service_instance = ServiceImplementation {
+        // TODO(#4442): Remove once apps use the new crypto service.
+        application_config,
+        launcher_client,
+        evidence,
+        endorsements,
+    };
+    let crypto_service_instance = CryptoService::new(instance_keys, group_keys);
+    (
+        OrchestratorServer::new(service_instance),
+        OrchestratorCryptoServer::new(crypto_service_instance),
+    )
+}
diff --git a/oak_proto_rust/grpc/BUILD b/oak_proto_rust/grpc/BUILD
@@ -18,7 +18,7 @@ load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
 load("@rules_rust//rust:defs.bzl", "rust_library")
 
 package(
-    default_visibility = ["//:internal"],
+    default_visibility = ["//:default_visibility"],
     licenses = ["notice"],
 )