m/cli/metroctl: clean up RPC API
This removes a bunch of logic from the metroctl core RPC functions,
forcing users (currently only other metroctl code) to use grpc.Dial and
the metropolis RPC library directly.
We also make the core functions take ConnectOptions structures where
appropriate instead of passing around tons of arguments.
Change-Id: I4d7aa232a659097da35027dfb9b87c58cbb4ab84
Reviewed-on: https://review.monogon.dev/c/monogon/+/2742
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
diff --git a/metropolis/cli/metroctl/rpc.go b/metropolis/cli/metroctl/rpc.go
index 6d7beab..f1c27e6 100644
--- a/metropolis/cli/metroctl/rpc.go
+++ b/metropolis/cli/metroctl/rpc.go
@@ -2,12 +2,15 @@
import (
"context"
+ "crypto/tls"
"crypto/x509"
"log"
"google.golang.org/grpc"
"source.monogon.dev/metropolis/cli/metroctl/core"
+ "source.monogon.dev/metropolis/node/core/rpc"
+ "source.monogon.dev/metropolis/node/core/rpc/resolver"
)
func dialAuthenticated(ctx context.Context) *grpc.ClientConn {
@@ -20,7 +23,19 @@
if len(flags.clusterEndpoints) == 0 {
log.Fatal("Please provide at least one cluster endpoint using the --endpoint parameter.")
}
- cc, err := core.DialCluster(ctx, opkey, ocert, flags.proxyAddr, flags.clusterEndpoints, rpcLogger)
+ tlsc := tls.Certificate{
+ Certificate: [][]byte{ocert.Raw},
+ PrivateKey: opkey,
+ }
+ // TODO(q3k): check remote CA
+ creds := rpc.NewAuthenticatedCredentials(tlsc, rpc.WantInsecure())
+ opts, err := core.DialOpts(ctx, connectOptions())
+ if err != nil {
+ log.Fatalf("While configuring dial options: %v", err)
+ }
+ opts = append(opts, grpc.WithTransportCredentials(creds))
+
+ cc, err := grpc.Dial(resolver.MetropolisControlAddress, opts...)
if err != nil {
log.Fatalf("While dialing the cluster: %v", err)
}