Add Rust client for Trusted Information Retrieval

docs/programming-oak.md

@@ -269,7 +269,7 @@ All these steps are implemented as a part of the
 The Oak Application is then loaded using the Oak Runner:
 
 ```bash
-./scripts/run_server -a "${PWD}/config.bin"
+./scripts/run_server -f "${PWD}/config.bin"
 ```
 
 The Oak Runner will launch an [Oak Runtime](concepts.md#oak-runtime), and this

examples/Cargo.toml

@@ -11,6 +11,7 @@ members = [
   "chat/module/rust",
   "hello_world/module/rust",
   "machine_learning/module/rust",
+  "trusted_information_retrieval/client/rust",
   "trusted_information_retrieval/module/rust",
   "private_set_intersection/module/rust",
   "running_average/module/rust",

examples/trusted_information_retrieval/client/rust/Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+name = "trusted_information_retrieval_client"
+version = "0.1.0"
+authors = ["Ivan Petrov <[email protected]>"]
+edition = "2018"
+license = "Apache-2.0"
+
+[dependencies]
+anyhow = "*"
+env_logger = "*"
+log = "*"
+oak_abi = "=0.1.0"
+prost = "*"
+structopt = "*"
+tokio = { version = "*", features = ["fs", "macros", "sync", "stream"] }
+tonic = { version = "*", features = ["tls"] }
+
+[build-dependencies]
+oak_utils = "*"
+tonic-build = "*"

examples/trusted_information_retrieval/client/rust/build.rs

@@ -0,0 +1,32 @@
+//
+// Copyright 2020 The Project Oak Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+use std::path::Path;
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let proto_path = Path::new("../../../../examples/trusted_information_retrieval/proto");
+    let file_path = proto_path.join("trusted_information_retrieval.proto");
+
+    // Tell cargo to rerun this build script if the proto file has changed.
+    // https://doc.rust-lang.org/cargo/reference/build-scripts.html#cargorerun-if-changedpath
+    println!("cargo:rerun-if-changed={}", file_path.display());
+
+    tonic_build::configure()
+        .build_client(true)
+        .build_server(false)
+        .compile(&[file_path.as_path()], &[proto_path])?;
+    Ok(())
+}

examples/trusted_information_retrieval/client/rust/src/main.rs

@@ -0,0 +1,116 @@
+//
+// Copyright 2020 The Project Oak Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+//! Client for the Trusted Information Retrieval example.
+
+pub mod proto {
+    tonic::include_proto!("oak.examples.trusted_information_retrieval");
+}
+
+use anyhow::anyhow;
+use log::info;
+use oak_abi::label::Label;
+use prost::Message;
+use proto::{
+    trusted_information_retrieval_client::TrustedInformationRetrievalClient,
+    ListPointsOfInterestRequest, Location,
+};
+use structopt::StructOpt;
+use tonic::{
+    metadata::MetadataValue,
+    transport::{Certificate, Channel, ClientTlsConfig},
+    Request,
+};
+
+#[derive(StructOpt, Clone)]
+#[structopt(about = "Trusted Information Retrieval Client")]
+pub struct Opt {
+    #[structopt(
+        long,
+        help = "URI of the Oak application to connect to",
+        default_value = "https://localhost:8080"
+    )]
+    uri: String,
+    #[structopt(
+        long,
+        help = "PEM encoded X.509 TLS root certificate file used by gRPC client",
+        default_value = ""
+    )]
+    grpc_client_root_tls_certificate: String,
+    #[structopt(
+        long,
+        help = "Requested location (latitude and longitude separated by space)",
+        default_value = ""
+    )]
+    location: Vec<f32>,
+}
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    env_logger::init();
+    let opt = Opt::from_args();
+
+    let uri = opt.uri.parse().expect("Error parsing URI");
+    let root_certificate = tokio::fs::read(&opt.grpc_client_root_tls_certificate)
+        .await
+        .expect("Could load certificate file");
+    if opt.location.len() != 2 {
+        return Err(anyhow!(
+            "Incorrect number of coordinates: {} (expected 2)",
+            &opt.location.len()
+        ));
+    }
+    let latitude = opt.location[0];
+    let longitude = opt.location[1];
+
+    info!("Connecting to Oak Application: {:?}", uri);
+    let tls_config = ClientTlsConfig::new().ca_certificate(Certificate::from_pem(root_certificate));
+    let channel = Channel::builder(uri)
+        .tls_config(tls_config)
+        .connect()
+        .await
+        .expect("Could not connect to Oak Application");
+
+    let mut label = Vec::new();
+    Label::public_untrusted()
+        .encode(&mut label)
+        .expect("Error encoding label");
+    let mut client = TrustedInformationRetrievalClient::with_interceptor(
+        channel,
+        move |mut request: Request<()>| {
+            request
+                .metadata_mut()
+                .insert_bin("x-oak-label-bin", MetadataValue::from_bytes(label.as_ref()));
+            Ok(request)
+        },
+    );
+
+    let request = Request::new(ListPointsOfInterestRequest {
+        location: Some(Location {
+            latitude,
+            longitude,
+        }),
+    });
+    info!("Sending request: {:?}", request);
+
+    let response = client
+        .list_points_of_interest(request)
+        .await
+        .expect("Could not receive response");
+    info!("Received response: {:?}", response);
+
+    Ok(())
+}

scripts/build_example

@@ -4,21 +4,25 @@ readonly SCRIPTS_DIR="$(dirname "$0")"
 # shellcheck source=scripts/common
 source "${SCRIPTS_DIR}/common"
 
-language="rust"
+application="rust"
+client="cpp"
 compilation_mode='fastbuild'
 docker_config=''
-while getopts "e:l:di:h" opt; do
+while getopts "e:a:c:di:h" opt; do
   case "${opt}" in
     h)
-      echo -e "Usage: ${0} [-h] [-l rust|cpp] [-i base|logless] [-d] -e EXAMPLE
+      echo -e "Usage: ${0} [-h] [-a rust|cpp] [-c rust|cpp] [-i base|logless] [-d] -e EXAMPLE
 
 Build the given example Oak Application and client.
 
 Options:
   -e    Example application name (required)
-  -l    Example application variant:
+  -a    Example application variant:
           - rust (used by default)
           - cpp
+  -c    Example client variant:
+          - rust
+          - cpp (used by default)
   -d    Build C++ code for example using debug mode
   -i    This flag enables packaging the application into a Docker image,
         and specifies the version of the Oak server, used by the application:
@@ -28,8 +32,10 @@ Options:
       exit 0;;
     e)
       readonly EXAMPLE="${OPTARG}";;
-    l)
-      language="${OPTARG}";;
+    a)
+      application="${OPTARG}";;
+    c)
+      client="${OPTARG}";;
     d)
       compilation_mode='dbg';;
     i)
@@ -45,7 +51,7 @@ if [[ -z "${EXAMPLE+z}" ]]; then
   exit 1
 fi
 
-case "${language}" in
+case "${application}" in
   rust)
     for module in examples/"${EXAMPLE}"/module*/rust/Cargo.toml; do
       # Use a separate target dir for Wasm build artifacts. The precise name is not relevant, but it
@@ -96,11 +102,18 @@ if [[ -n "${docker_config}" ]]; then
   fi
 fi
 
-bazel_build_flags+=(
-  '--symlink_prefix=bazel-client-'
-  "--compilation_mode=${compilation_mode}"
-)
+case "${client}" in
+  rust)
+    cargo build --release "--manifest-path=./examples/${EXAMPLE}/client/rust/Cargo.toml"
+    ;;
+  cpp)
+    bazel_build_flags+=(
+      '--symlink_prefix=bazel-client-'
+      "--compilation_mode=${compilation_mode}"
+    )
 
-# Build the client with a different output_base so that we don't lose incremental state.
-# See https://docs.bazel.build/versions/master/command-line-reference.html#flag--output_base.
-bazel --output_base="${CACHE_DIR}/client" build "${bazel_build_flags[@]}" "//examples/${EXAMPLE}/client:all"
+    # Build the client with a different output_base so that we don't lose incremental state.
+    # See https://docs.bazel.build/versions/master/command-line-reference.html#flag--output_base.
+    bazel --output_base="${CACHE_DIR}/client" build "${bazel_build_flags[@]}" "//examples/${EXAMPLE}/client:all"
+    ;;
+esac

scripts/run_example

@@ -4,14 +4,15 @@ readonly SCRIPTS_DIR="$(dirname "$0")"
 # shellcheck source=scripts/common
 source "${SCRIPTS_DIR}/common"
 
-language="rust"
 server="base"
+application="rust"
+client="cpp"
 buildargs=""
 serverargs=""
-while getopts "s:l:de:vh" opt; do
+while getopts "s:a:c:de:vh" opt; do
   case "${opt}" in
     h)
-      echo -e "Usage: ${0} [-h] [-s base|logless|none] [-l rust|cpp] [-d] [-v] -e EXAMPLE [-- CLIENT_ARGS]
+      echo -e "Usage: ${0} [-h] [-s base|logless|none] [-a rust|cpp] [-c rust|cpp] [-d] [-v] -e EXAMPLE [-- CLIENT_ARGS]
 
 Build and run the given example Oak Application and client.
 
@@ -22,15 +23,20 @@ Options:
           - logless: base version of the server with debug logging compiled out
           - none: run an application client without a server
   -d    Build C++ code for example using debug mode
-  -l    Example application variant:
+  -a    Example application variant:
           - rust (used by default)
           - cpp
+  -c    Example client variant:
+          - rust
+          - cpp (used by default)
   -v    Enable verbose/debug output for the server
   -h    Print Help (this message) and exit
 Options after -- will be passed to the example client program."
       exit 0;;
-    l)
+    a)
       language="${OPTARG}";;
+    c)
+      client="${OPTARG}";;
     s)
       case "${OPTARG}" in
         base|logless|none)
@@ -59,13 +65,13 @@ fi
 
 
 if [[ "${server}" != "none" ]]; then
-  "${SCRIPTS_DIR}/build_example" ${buildargs} -l "${language}" -e "${EXAMPLE}"
+  "${SCRIPTS_DIR}/build_example" ${buildargs} -a "${application}" -e "${EXAMPLE}"
 
   # Run a server in the background.
   # The server is being built before running, so the build process will not happen in the
   # background.
   "${SCRIPTS_DIR}/build_server" -s "${server}"
-  "${SCRIPTS_DIR}/run_server" ${serverargs} -s "${server}" -l "${language}" -e "${EXAMPLE}" &
+  "${SCRIPTS_DIR}/run_server" ${serverargs} -s "${server}" -a "${application}" -e "${EXAMPLE}" &
   readonly SERVER_PID=$!
   to_kill+=("${SERVER_PID}")
 
@@ -76,11 +82,6 @@ if [[ "${EXAMPLE}" == 'abitest' ]]; then
   # TODO(#1040): reinstate storage tests when Rust runtime supports them.
   # TODO(#953): reinstate gRPC server server-streaming tests when Rust runtime supports them.
   readonly ADDITIONAL_ARGS=('--test_exclude=(Storage|GrpcServerServerStreamingMethod)')
-elif [[ "${EXAMPLE}" == 'aggregator' ]]; then
-  readonly ADDITIONAL_ARGS=(
-    '--bucket=test'
-    '--data=1:10,2:20,3:30'
-  )
 else
   readonly ADDITIONAL_ARGS=()
 fi
@@ -94,12 +95,19 @@ else
   readonly TLS_ARGS=("--ca_cert=${SCRIPTS_DIR}/../examples/certs/local/ca.pem")
 fi
 
+readonly CLIENT_ARGS=("${@}")  # Choose client args provided after '--'.
+
 # Run the application client.
-if [ $# -eq 0 ]; then
-  "./bazel-client-bin/examples/${EXAMPLE}/client/client" "${TLS_ARGS[@]}" "${ADDITIONAL_ARGS[@]-}"
-else
-  readonly CLIENT_ARGS=("${@}")  # Choose client args provided after '--'.
-  "./bazel-client-bin/examples/${EXAMPLE}/client/client" "${TLS_ARGS[@]}" "${ADDITIONAL_ARGS[@]-}" "${CLIENT_ARGS[@]-}"
-fi
+case "${client}" in
+  rust)
+    # Rust example parameters only support `-` as a delimeter, and C++ ones only `_`.
+    cargo run --release --target=x86_64-unknown-linux-musl --manifest-path="${SCRIPTS_DIR}/../examples/${EXAMPLE}/client/rust/Cargo.toml" -- \
+      "--grpc-client-root-tls-certificate=${SCRIPTS_DIR}/../examples/certs/local/ca.pem" \
+      "${CLIENT_ARGS[@]-}"
+    ;;
+  cpp)
+    "./bazel-client-bin/examples/${EXAMPLE}/client/client" "${TLS_ARGS[@]}" "${ADDITIONAL_ARGS[@]-}" "${CLIENT_ARGS[@]-}"
+    ;;
+esac
 
 kill_bg_pids