From a7fc9f95216e1d24ac2b6060479dd17b1039966c Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Thu, 12 Sep 2024 23:34:21 -0400
Subject: [PATCH 1/3] mantle/platform/gcloud: fix confidential compute check

In db803c3 we add support for ConfidentialType but we made it so
that we always execute this code where we don't want to do that if
the user didn't specify any ConfidentialType for GCP.

The way the code is now we can't run any GCP tests on non confidential
instances.

```
failed to create instance "kola-dd144aac7413f66c85e9":
    Does not support confidential type , should be: sev, sev_snp
```
---
 mantle/platform/api/gcloud/compute.go | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/mantle/platform/api/gcloud/compute.go b/mantle/platform/api/gcloud/compute.go
index baa86ff6c1..9daef94f28 100644
--- a/mantle/platform/api/gcloud/compute.go
+++ b/mantle/platform/api/gcloud/compute.go
@@ -147,18 +147,20 @@ func (a *API) mkinstance(userdata, name string, keys []*agent.Key, opts platform
 		})
 	}
 	// create confidential instance
-	ConfidentialType := strings.ToUpper(a.options.ConfidentialType)
-	ConfidentialType = strings.Replace(ConfidentialType, "-", "_", -1)
-	if ConfidentialType == "SEV" || ConfidentialType == "SEV_SNP" {
-		fmt.Printf("Using confidential type for confidential computing %s\n", ConfidentialType)
-		instance.ConfidentialInstanceConfig = &compute.ConfidentialInstanceConfig{
-			ConfidentialInstanceType: ConfidentialType,
-		}
-		instance.Scheduling = &compute.Scheduling{
-			OnHostMaintenance: "TERMINATE",
+	if a.options.ConfidentialType != "" {
+		ConfidentialType := strings.ToUpper(a.options.ConfidentialType)
+		ConfidentialType = strings.Replace(ConfidentialType, "-", "_", -1)
+		if ConfidentialType == "SEV" || ConfidentialType == "SEV_SNP" {
+			fmt.Printf("Using confidential type for confidential computing %s\n", ConfidentialType)
+			instance.ConfidentialInstanceConfig = &compute.ConfidentialInstanceConfig{
+				ConfidentialInstanceType: ConfidentialType,
+			}
+			instance.Scheduling = &compute.Scheduling{
+				OnHostMaintenance: "TERMINATE",
+			}
+		} else {
+			return nil, fmt.Errorf("Does not support confidential type %s, should be: sev, sev_snp\n", a.options.ConfidentialType)
 		}
-	} else {
-		return nil, fmt.Errorf("Does not support confidential type %s, should be: sev, sev_snp\n", a.options.ConfidentialType)
 	}
 	// attach aditional disk
 	for _, spec := range opts.AdditionalDisks {

From 6c022c4daea933c544177b427cb734f976560c89 Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Fri, 13 Sep 2024 00:10:46 -0400
Subject: [PATCH 2/3] mantle/kola: remove rand.Seed()

This is to appease golangci-lint:

```
Error: SA1019: rand.Seed has been deprecated since Go 1.20 and an alternative
has been available since Go 1.0: As of Go 1.20 there is no reason to call Seed
with a random value. Programs that call Seed with a known value to get a
specific sequence of results should use New(NewSource(seed)) to obtain a local
random generator.  (staticcheck)
```

According to https://pkg.go.dev/math/rand#Seed "If Seed is not called, the
generator is seeded randomly at program startup." so I think it's safe to
just drop it.
---
 mantle/cmd/kola/kola.go | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/mantle/cmd/kola/kola.go b/mantle/cmd/kola/kola.go
index 44341a1295..fc8a4066e9 100644
--- a/mantle/cmd/kola/kola.go
+++ b/mantle/cmd/kola/kola.go
@@ -17,7 +17,6 @@ package main
 import (
 	"encoding/json"
 	"fmt"
-	"math/rand"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -25,7 +24,6 @@ import (
 	"sort"
 	"strings"
 	"text/tabwriter"
-	"time"
 
 	"github.com/coreos/pkg/capnslog"
 	"github.com/pkg/errors"
@@ -160,8 +158,6 @@ func init() {
 }
 
 func main() {
-	// initialize global state
-	rand.Seed(time.Now().UnixNano())
 	cli.Execute(root)
 }
 

From 8af0e65c304486fc2fd66edc44c8e420ecc6cd35 Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Fri, 13 Sep 2024 00:13:48 -0400
Subject: [PATCH 3/3] mantle: math/rand -> crypto/rand

To appease golangci-lint:

```
Error: SA1019: rand.Read has been deprecated since Go 1.20 because
it shouldn't be used: For almost all use cases, [crypto/rand.Read]
is more appropriate.
```
---
 mantle/platform/api/azure/api.go         | 9 +++++++--
 mantle/platform/machine/azure/cluster.go | 6 ++++--
 mantle/platform/machine/esx/cluster.go   | 6 ++++--
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/mantle/platform/api/azure/api.go b/mantle/platform/api/azure/api.go
index e09ede8b9a..26be6dcaad 100644
--- a/mantle/platform/api/azure/api.go
+++ b/mantle/platform/api/azure/api.go
@@ -16,8 +16,8 @@
 package azure
 
 import (
+	"crypto/rand"
 	"fmt"
-	"math/rand"
 	"os"
 	"strings"
 	"time"
@@ -27,10 +27,13 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
+	"github.com/coreos/pkg/capnslog"
 
 	"github.com/coreos/coreos-assembler/mantle/auth"
 )
 
+var plog = capnslog.NewPackageLogger("github.com/coreos/coreos-assembler/mantle", "platform/api/azure")
+
 type API struct {
 	azIdCred   *azidentity.DefaultAzureCredential
 	rgClient   *armresources.ResourceGroupsClient
@@ -116,7 +119,9 @@ func (a *API) SetupClients() error {
 
 func randomName(prefix string) string {
 	b := make([]byte, 5)
-	rand.Read(b)
+	if _, err := rand.Read(b); err != nil {
+		plog.Errorf("randomName: failed to generate a random name: %v", err)
+	}
 	return fmt.Sprintf("%s-%x", prefix, b)
 }
 
diff --git a/mantle/platform/machine/azure/cluster.go b/mantle/platform/machine/azure/cluster.go
index 68eeda5be4..87d3d78a0c 100644
--- a/mantle/platform/machine/azure/cluster.go
+++ b/mantle/platform/machine/azure/cluster.go
@@ -15,9 +15,9 @@
 package azure
 
 import (
+	"crypto/rand"
 	"errors"
 	"fmt"
-	"math/rand"
 	"os"
 	"path/filepath"
 
@@ -35,7 +35,9 @@ type cluster struct {
 
 func (ac *cluster) vmname() string {
 	b := make([]byte, 5)
-	rand.Read(b)
+	if _, err := rand.Read(b); err != nil {
+		plog.Errorf("failed to generate a random vmname: %v", err)
+	}
 	return fmt.Sprintf("%s-%x", ac.Name()[0:13], b)
 }
 
diff --git a/mantle/platform/machine/esx/cluster.go b/mantle/platform/machine/esx/cluster.go
index 13478dbfb9..2a7c7f6838 100644
--- a/mantle/platform/machine/esx/cluster.go
+++ b/mantle/platform/machine/esx/cluster.go
@@ -15,9 +15,9 @@
 package esx
 
 import (
+	"crypto/rand"
 	"errors"
 	"fmt"
-	"math/rand"
 	"os"
 	"path/filepath"
 
@@ -32,7 +32,9 @@ type cluster struct {
 
 func (ec *cluster) vmname() string {
 	b := make([]byte, 5)
-	rand.Read(b)
+	if _, err := rand.Read(b); err != nil {
+		plog.Errorf("failed to generate a random vmname: %v", err)
+	}
 	return fmt.Sprintf("%s-%x", ec.Name(), b)
 }