m/cli/metroctl: clean up RPC API
This removes a bunch of logic from the metroctl core RPC functions,
forcing users (currently only other metroctl code) to use grpc.Dial and
the metropolis RPC library directly.
We also make the core functions take ConnectOptions structures where
appropriate instead of passing around tons of arguments.
Change-Id: I4d7aa232a659097da35027dfb9b87c58cbb4ab84
Reviewed-on: https://review.monogon.dev/c/monogon/+/2742
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
diff --git a/metropolis/cli/metroctl/core/config.go b/metropolis/cli/metroctl/core/config.go
index 9714421..1307d61 100644
--- a/metropolis/cli/metroctl/core/config.go
+++ b/metropolis/cli/metroctl/core/config.go
@@ -219,6 +219,9 @@
// instances that metroctl should use to establish connectivity to a cluster.
// These instances should have the ControlPlane role set.
Endpoints []string
+ // ResolverLogger can be set to enable verbose logging of the Metropolis RPC
+ // resolver layer.
+ ResolverLogger ResolverLogger
}
// ToFlags returns the metroctl flags corresponding to the options described by
diff --git a/metropolis/cli/metroctl/core/rpc.go b/metropolis/cli/metroctl/core/rpc.go
index e519906..1c4fa4f 100644
--- a/metropolis/cli/metroctl/core/rpc.go
+++ b/metropolis/cli/metroctl/core/rpc.go
@@ -20,65 +20,36 @@
type ResolverLogger func(format string, args ...interface{})
-// DialCluster dials the cluster control address. The owner certificate, and
-// proxy address parameters are optional and can be left nil, and empty,
-// respectively. At least one cluster endpoint must be provided. A missing
-// owner certificate will result in a connection that is authenticated with
-// ephemeral credentials, restricting the available API surface. proxyAddr
-// must point at a SOCKS5 endpoint.
-func DialCluster(ctx context.Context, opkey ed25519.PrivateKey, ocert *x509.Certificate, proxyAddr string, clusterEndpoints []string, rlf ResolverLogger) (*grpc.ClientConn, error) {
- var dialOpts []grpc.DialOption
-
- if opkey == nil {
- return nil, fmt.Errorf("an owner's private key must be provided")
- }
- if len(clusterEndpoints) == 0 {
- return nil, fmt.Errorf("at least one cluster endpoint must be provided")
- }
-
- if proxyAddr != "" {
- socksDialer, err := proxy.SOCKS5("tcp", proxyAddr, nil, proxy.Direct)
+func DialOpts(ctx context.Context, c *ConnectOptions) ([]grpc.DialOption, error) {
+ var opts []grpc.DialOption
+ if c.ProxyServer != "" {
+ socksDialer, err := proxy.SOCKS5("tcp", c.ProxyServer, nil, proxy.Direct)
if err != nil {
return nil, fmt.Errorf("failed to build a SOCKS dialer: %v", err)
}
grpcd := func(_ context.Context, addr string) (net.Conn, error) {
return socksDialer.Dial("tcp", addr)
}
- dialOpts = append(dialOpts, grpc.WithContextDialer(grpcd))
- }
-
- if ocert == nil {
- creds, err := rpc.NewEphemeralCredentials(opkey, rpc.WantInsecure())
- if err != nil {
- return nil, fmt.Errorf("while building ephemeral credentials: %v", err)
- }
- dialOpts = append(dialOpts, grpc.WithTransportCredentials(creds))
- } else {
- tlsc := tls.Certificate{
- Certificate: [][]byte{ocert.Raw},
- PrivateKey: opkey,
- }
- creds := rpc.NewAuthenticatedCredentials(tlsc, rpc.WantInsecure())
- dialOpts = append(dialOpts, grpc.WithTransportCredentials(creds))
+ opts = append(opts, grpc.WithContextDialer(grpcd))
}
var resolverOpts []resolver.ResolverOption
- if rlf != nil {
- resolverOpts = append(resolverOpts, resolver.WithLogger(rlf))
+ if c.ResolverLogger != nil {
+ resolverOpts = append(resolverOpts, resolver.WithLogger(c.ResolverLogger))
}
+
r := resolver.New(ctx, resolverOpts...)
- for _, eps := range clusterEndpoints {
+ if len(c.Endpoints) == 0 {
+ return nil, fmt.Errorf("no cluster endpoints specified")
+ }
+ for _, eps := range c.Endpoints {
ep := resolver.NodeByHostPort(eps, uint16(node.CuratorServicePort))
r.AddEndpoint(ep)
}
- dialOpts = append(dialOpts, grpc.WithResolvers(r))
+ opts = append(opts, grpc.WithResolvers(r))
- c, err := grpc.Dial(resolver.MetropolisControlAddress, dialOpts...)
- if err != nil {
- return nil, fmt.Errorf("could not dial: %v", err)
- }
- return c, nil
+ return opts, nil
}
func DialNode(ctx context.Context, opkey ed25519.PrivateKey, ocert, ca *x509.Certificate, proxyAddr, nodeId, nodeAddr string) (*grpc.ClientConn, error) {