metropolis: replace node pubkey with id in cluster directory The pubkey in the cluster directory was never used in the first place, and its presence complicates things (exposes the notion of nodes having a public key and potentially causes reliance on the public key in untrusted scenarios, eg. when the cluster directory is persisted to untrusted storage). Let's just replace that field with a string node ID instead, as that's also immediately useful in future code (persisting host name mapping between reboots). Change-Id: I9b29ee36974ef6edce6076b5df1b8b330fef8bd8 Reviewed-on: https://review.monogon.dev/c/monogon/+/2981 Tested-by: Jenkins CI Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

commit: 538292d66196e8ba1a63454c4a9e2aa547684ef3 [log] [tgz]
author: Serge Bazanski <serge@monogon.tech> Wed Apr 17 14:50:02 2024 +0200
committer: Serge Bazanski <serge@monogon.tech> Wed Apr 17 15:12:25 2024 +0000
tree: d590a37f8d29c49e041411b07d83eec84c6931f5
parent: 5ad3144690965827669ce29f71c534caae42b901 [diff]
diff --git a/metropolis/node/core/cluster/cluster_bootstrap.go b/metropolis/node/core/cluster/cluster_bootstrap.go
index 312874d..774359e 100644
--- a/metropolis/node/core/cluster/cluster_bootstrap.go
+++ b/metropolis/node/core/cluster/cluster_bootstrap.go

@@ -27,6 +27,7 @@
 	"google.golang.org/protobuf/proto"
 
 	"source.monogon.dev/metropolis/node/core/curator"
+	"source.monogon.dev/metropolis/node/core/identity"
 	"source.monogon.dev/metropolis/pkg/supervisor"
 
 	apb "source.monogon.dev/metropolis/proto/api"
@@ -101,7 +102,7 @@
 	directory := &cpb.ClusterDirectory{
 		Nodes: []*cpb.ClusterDirectory_Node{
 			{
-				PublicKey: pub,
+				Id: identity.NodeID(pub),
 				Addresses: []*cpb.ClusterDirectory_Node_Address{
 					{
 						Host: "127.0.0.1",

diff --git a/metropolis/node/core/cluster/cluster_register.go b/metropolis/node/core/cluster/cluster_register.go
index 90d48f4..bac85db 100644
--- a/metropolis/node/core/cluster/cluster_register.go
+++ b/metropolis/node/core/cluster/cluster_register.go

@@ -56,17 +56,6 @@
 				return fmt.Errorf("NodeParameters.ClusterDirectory.Nodes[%d].Addresses[%d] (%q) invalid: not a parseable address", i, j, add.Host)
 			}
 		}
-		if len(node.PublicKey) != ed25519.PublicKeySize {
-			return fmt.Errorf("NodeParameters.ClusterDirectory.Nodes[%d] invalid: PublicKey invalid length or not set", i)
-		}
-	}
-
-	// Strip the initial ClusterDirectory of any node public keys that might have
-	// been included, as it can't be relied on beyond providing cluster endpoint
-	// addresses, considering its untrusted origin (ESP). This explicitly enforces
-	// suggested usage described in ClusterDirectory's protofile.
-	for i := range register.ClusterDirectory.Nodes {
-		register.ClusterDirectory.Nodes[i].PublicKey = nil
 	}
 
 	// Validation passed, let's start working on registering us into the cluster.

diff --git a/metropolis/node/core/curator/impl_leader_management.go b/metropolis/node/core/curator/impl_leader_management.go
index 0f0bfe1..9d5b4cd 100644
--- a/metropolis/node/core/curator/impl_leader_management.go
+++ b/metropolis/node/core/curator/impl_leader_management.go

@@ -111,7 +111,7 @@
 			})
 		}
 		directory.Nodes[i] = &cpb.ClusterDirectory_Node{
-			PublicKey: node.pubkey,
+			Id:        node.ID(),
 			Addresses: addresses,
 		}
 	}

diff --git a/metropolis/proto/common/common.proto b/metropolis/proto/common/common.proto
index fc461ab..653b0d2 100644
--- a/metropolis/proto/common/common.proto
+++ b/metropolis/proto/common/common.proto

@@ -172,7 +172,8 @@
 // directory.
 message ClusterDirectory {
     message Node {
-        bytes public_key = 1;
+        string id = 3;
+        reserved 1;
         message Address {
             string host = 1;
         };

diff --git a/metropolis/test/e2e/BUILD.bazel b/metropolis/test/e2e/BUILD.bazel
index 3923c8d..812bc93 100644
--- a/metropolis/test/e2e/BUILD.bazel
+++ b/metropolis/test/e2e/BUILD.bazel

@@ -40,7 +40,6 @@
     rundir = ".",
     deps = [
         "//metropolis/node",
-        "//metropolis/node/core/identity",
         "//metropolis/node/core/rpc",
         "//metropolis/pkg/localregistry",
         "//metropolis/proto/api",

diff --git a/metropolis/test/e2e/main_test.go b/metropolis/test/e2e/main_test.go
index 7004f7b..d4b8227 100644
--- a/metropolis/test/e2e/main_test.go
+++ b/metropolis/test/e2e/main_test.go

@@ -44,7 +44,6 @@
 	apb "source.monogon.dev/metropolis/proto/api"
 
 	common "source.monogon.dev/metropolis/node"
-	"source.monogon.dev/metropolis/node/core/identity"
 	"source.monogon.dev/metropolis/node/core/rpc"
 	"source.monogon.dev/metropolis/pkg/localregistry"
 	"source.monogon.dev/metropolis/test/launch"
@@ -129,7 +128,7 @@
 		addresses := make(map[string]bool)
 		for _, n := range nodes {
 			if len(n.Addresses) != 1 {
-				return fmt.Errorf("node %s has no addresss", identity.NodeID(n.PublicKey))
+				return fmt.Errorf("node %s has no addresss", n.Id)
 			}
 			address := n.Addresses[0].Host
 			addresses[address] = true
commit	538292d66196e8ba1a63454c4a9e2aa547684ef3	[log] [tgz]
author	Serge Bazanski <serge@monogon.tech>	Wed Apr 17 14:50:02 2024 +0200
committer	Serge Bazanski <serge@monogon.tech>	Wed Apr 17 15:12:25 2024 +0000
tree	d590a37f8d29c49e041411b07d83eec84c6931f5
parent	5ad3144690965827669ce29f71c534caae42b901 [diff]