Skip to content

refactor(deploy_tee): descriptor-driven, audience-grouped CLI#41

Merged
samlaf merged 1 commit into
mainfrom
deploy-tee-configure-descriptor
Jun 19, 2026
Merged

refactor(deploy_tee): descriptor-driven, audience-grouped CLI#41
samlaf merged 1 commit into
mainfrom
deploy-tee-configure-descriptor

Conversation

@samlaf

@samlaf samlaf commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Provisioning moves to Pulumi (run standalone); the seismic-tee CLI is now the config/network "stuff on top" and never shells or wraps Pulumi. The infra→config handoff is a node descriptor file ({public_ip, fqdn}, today just pulumi stack output --json), and attestation measurements are supplied by the operator — the CLI computes neither, so neither depends on implicit local state.

Commands are grouped by audience:

  • operator configure: POST the node TOML to tdx-init, then optionally verify attestation against an operator-supplied --measurements file. Node address comes from --node <descriptor.json>.
  • network genesis (was validators): the one-time genesis ceremony, decoupled from Pulumi (reads --node descriptors) and from the cloud layer (runs summit's genesis binary via subprocess directly).
  • network manifest: unchanged.

Dropped: the deploy/provision path, --delete-vm (now pulumi destroy), and artifact register/delete + local measurement computation (no more seismic-images checkout / Lima dependency).

Package flattened: genesis.py and proxy.py join configure.py and descriptor.py at top level; the deployment/ package, the provisioning entrypoint, and the Deployer are removed. The now-unreachable imperative cloud/ + config/ + measurement helpers are left for a follow-up deletion.

Provisioning moves to Pulumi (run standalone); the seismic-tee CLI is
now the config/network "stuff on top" and never shells or wraps Pulumi.
The infra→config handoff is a node descriptor file ({public_ip, fqdn},
today just `pulumi stack output --json`), and attestation measurements
are supplied by the operator — the CLI computes neither, so neither
depends on implicit local state.

Commands are grouped by audience:
- operator configure: POST the node TOML to tdx-init, then optionally
  verify attestation against an operator-supplied --measurements file.
  Node address comes from --node <descriptor.json>.
- network genesis (was `validators`): the one-time genesis ceremony,
  decoupled from Pulumi (reads --node descriptors) and from the cloud
  layer (runs summit's genesis binary via subprocess directly).
- network manifest: unchanged.

Dropped: the deploy/provision path, --delete-vm (now `pulumi destroy`),
and artifact register/delete + local measurement computation (no more
seismic-images checkout / Lima dependency).

Package flattened: genesis.py and proxy.py join configure.py and
descriptor.py at top level; the deployment/ package, the provisioning
entrypoint, and the Deployer are removed. The now-unreachable imperative
cloud/ + config/ + measurement helpers are left for a follow-up deletion.
@samlaf samlaf merged commit 34d10cd into main Jun 19, 2026
1 check passed
@samlaf samlaf deleted the deploy-tee-configure-descriptor branch June 19, 2026 16:08
samlaf added a commit that referenced this pull request Jun 19, 2026
…n verify (#42)

The imperative provisioning library is unreachable since the CLI became
descriptor-driven in #41. Remove cloud/ (Azure/GCP APIs, CloudApi ABC,
cloud_factory, base_parser), config/, the measurement helpers
(utils/artifact.py, image/measurements.py), and now-unused
utils/{metadata,confirm,paths}.py. The one live use of BuildPaths
(proxy-client path) is inlined into proxy.py.

Also gate attestation verification, which was already non-functional:
`operator configure --measurements` now refuses rather than shelling the
retired cvm-reverse-proxy client against a :7936 endpoint no node
serves. Verification will be reimplemented against attested-tls /
seismic- attestation (the protocol the enclave standardizes on).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant