From d4bc8348b7b7bb56297714b2bba722b455e8650b Mon Sep 17 00:00:00 2001 From: Ettore Di Giacinto Date: Wed, 6 Nov 2024 16:20:27 +0100 Subject: [PATCH] chore: Add Documentation to be able to get started (#6) Signed-off-by: mudler --- DEVELOPMENT.md | 52 ++++++++++++++++++++++++++++++++ README.md | 82 +++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 DEVELOPMENT.md diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md new file mode 100644 index 0000000..4c2450e --- /dev/null +++ b/DEVELOPMENT.md @@ -0,0 +1,52 @@ +# Development + +## Requirements + +- Linux box +- OpenSSL +- Docker +- make + + +## Build + +To build it is reccomended to use Docker. + +### Building the container image + +To build the container image, use the appropriate Make targets: + +```bash +make docker-build +``` + +This will generate a container image with a signed binary, and if there isn't a key available in `tee/private.pem` it will generate a new one. + +## Running tests + +A test suite is available, running inside container images with the appropriate environment and dependencies available (ego). + +```bash +make test +``` + +## Running the container for development + +To run the container, use the appropriate Make target(below), or you can use the container images published in [dockerhub](https://hub.docker.com/r/masaengineering/tee-worker/tags): + +```bash +## Run without an Intel SGX hardware +docker run --net host -e OE_SIMULATION=1 --rm -v $(PWD)/.masa:/home/masa -ti masaengineering/tee-worker:main +``` + +### If you have an Intel-SGX capable machine + +```bash +make run-sgx +``` + +### If you don't have an Intel-SGX capable machine + +```bash +make run-simulate +``` diff --git a/README.md b/README.md index 22f252d..760ae7d 100644 --- a/README.md +++ b/README.md @@ -1 +1,81 @@ -# tee-worker \ No newline at end of file +# tee-worker + +Tee-worker is the Masa component to scrape data from a secure TEE enclave. It uses the [ego](https://github.com/edgelesssys/ego) framework to build, run and sign the binary. + +Want to help in development? check the [DEVELOPMENT.md](DEVELOPMENT.md) file. + +## Requirements + +- Docker + +## Run + +To run the tee-worker, use docker with our images. Our images have signed binaries which are allowed to be part of the network: + +```bash +docker run --device /dev/sgx_enclave --device /dev/sgx_provision --net host --rm -v $(PWD)/.masa:/home/masa -ti masaengineering/tee-worker:main +``` + +## Container images + +All tagged images are available here: https://hub.docker.com/r/masaengineering/tee-worker/tags + +- Images with `latest` tag are the latest releases +- Every branch has a corresponding image with the branch name (e.g. `main`) + +### Docker compose + +There is an example docker compose file to run the container with the appropriate environment variables. + +```bash +docker-compose up +``` + +## API + +The tee-worker exposes a simple http API to submit jobs, retrieve results, and decrypt the results. + +```bash + +### Submitting jobs +curl localhost:8080/job -H "Content-Type: application/json" -d '{ "type": "webscraper", "arguments": { "url": "google" } }' + +### Jobs results +curl localhost:8080/job/b678ff77-118d-4a7a-a6ea-190eb850c28a + +### Decode job results +curl localhost:8080/decrypt -H "Content-Type: application/json" -d '{ "encrypted_result": "'$result'" }' + +``` + +### Golang client + +It is available a simple golang client to interact with the API: + +```golang +import( + . "github.com/masa-finance/tee-worker/pkg/client" + "github.com/masa-finance/tee-worker/api/types" +) + +func main() { + clientInstance := NewClient(server.URL) + + // Step 1: Create the job request + job := types.Job{ + Type: "web-scraper", + Arguments: map[string]interface{}{ + "url": "google", + }, + } + + // Step 2: Submit the job + jobID, err := clientInstance.SubmitJob(job) + + // Step 3: Wait for the job result + encryptedResult, err := clientInstance.WaitForResult(jobID, 10, time.Second) + + // Step 4: Decrypt the result + decryptedResult, err := clientInstance.DecryptResult(encryptedResult) +} +```