feat: firecracker mmds identity

2026-04-15 09:01:12 +00:00 · 2026-04-10 00:53:47 +00:00 · 2026-04-10 00:53:47 +00:00 · 3eb610b703
commit 3eb610b703
parent 500354cd9b
23 changed files with 1813 additions and 263 deletions
--- a/internal/daemon/guest_metadata.go
+++ b/internal/daemon/guest_metadata.go
@ -0,0 +1,80 @@
+package daemon
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/getcompanion-ai/computer-host/internal/firecracker"
+	contracthost "github.com/getcompanion-ai/computer-host/contract"
+)
+
+const (
+	defaultMMDSIPv4Address    = "169.254.170.2"
+	defaultMMDSPayloadVersion = "v1"
+)
+
+type guestMetadataEnvelope struct {
+	Latest guestMetadataRoot `json:"latest"`
+}
+
+type guestMetadataRoot struct {
+	MetaData guestMetadataPayload `json:"meta-data"`
+}
+
+type guestMetadataPayload struct {
+	Version           string                          `json:"version"`
+	MachineID         string                          `json:"machine_id"`
+	Hostname          string                          `json:"hostname"`
+	AuthorizedKeys    []string                        `json:"authorized_keys,omitempty"`
+	TrustedUserCAKeys []string                        `json:"trusted_user_ca_keys,omitempty"`
+	LoginWebhook      *contracthost.GuestLoginWebhook `json:"login_webhook,omitempty"`
+}
+
+func cloneGuestConfig(config *contracthost.GuestConfig) *contracthost.GuestConfig {
+	if config == nil {
+		return nil
+	}
+	cloned := &contracthost.GuestConfig{
+		AuthorizedKeys:    append([]string(nil), config.AuthorizedKeys...),
+		TrustedUserCAKeys: append([]string(nil), config.TrustedUserCAKeys...),
+	}
+	if config.LoginWebhook != nil {
+		copy := *config.LoginWebhook
+		cloned.LoginWebhook = &copy
+	}
+	return cloned
+}
+
+func (d *Daemon) guestMetadataSpec(machineID contracthost.MachineID, guestConfig *contracthost.GuestConfig) (*firecracker.MMDSSpec, error) {
+	name := strings.TrimSpace(string(machineID))
+	if name == "" {
+		return nil, fmt.Errorf("machine id is required")
+	}
+
+	payload := guestMetadataEnvelope{
+		Latest: guestMetadataRoot{
+			MetaData: guestMetadataPayload{
+				Version:           defaultMMDSPayloadVersion,
+				MachineID:         name,
+				Hostname:          name,
+				AuthorizedKeys:    nil,
+				TrustedUserCAKeys: nil,
+			},
+		},
+	}
+	if guestConfig != nil {
+		payload.Latest.MetaData.AuthorizedKeys = append([]string(nil), guestConfig.AuthorizedKeys...)
+		payload.Latest.MetaData.TrustedUserCAKeys = append([]string(nil), guestConfig.TrustedUserCAKeys...)
+		if guestConfig.LoginWebhook != nil {
+			loginWebhook := *guestConfig.LoginWebhook
+			payload.Latest.MetaData.LoginWebhook = &loginWebhook
+		}
+	}
+
+	return &firecracker.MMDSSpec{
+		NetworkInterfaces: []string{"net0"},
+		Version:           firecracker.MMDSVersionV2,
+		IPv4Address:       defaultMMDSIPv4Address,
+		Data:              payload,
+	}, nil
+}