m/n/core/rpc: create library for common gRPC functions
This is the beginning of consolidating all gRPC-related code into a
single package.
We also run the Curator service publicly and place it behind a new
authorization permission bit. This is in preparation for Curator
followers needing access to this Service.
Some of the service split and authorization options are likely to be
changed in the future (I'm considering renaming Curator to something
else, or at least clearly stating that it's a node-to-node service).
Change-Id: I0a4a57da15b35688aefe7bf669ba6342d46aa3f5
Reviewed-on: https://review.monogon.dev/c/monogon/+/316
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
diff --git a/metropolis/test/e2e/main_test.go b/metropolis/test/e2e/main_test.go
index 0fe1378..d1102b1 100644
--- a/metropolis/test/e2e/main_test.go
+++ b/metropolis/test/e2e/main_test.go
@@ -39,6 +39,7 @@
podv1 "k8s.io/kubernetes/pkg/api/v1/pod"
common "source.monogon.dev/metropolis/node"
+ "source.monogon.dev/metropolis/node/core/rpc"
apb "source.monogon.dev/metropolis/proto/api"
"source.monogon.dev/metropolis/test/launch"
)
@@ -115,15 +116,14 @@
t.Run("RunGroup", func(t *testing.T) {
t.Run("Connect to Curator", func(t *testing.T) {
testEventual(t, "Retrieving owner credentials succesful", ctx, 60*time.Second, func(ctx context.Context) error {
- initClient, err := launch.NewInitialClient(&launch.InitialClientOptions{
- Remote: fmt.Sprintf("localhost:%v", portMap[common.CuratorServicePort]),
- Private: launch.InsecurePrivateKey,
- })
+ remote := fmt.Sprintf("localhost:%v", portMap[common.CuratorServicePort])
+ initClient, err := rpc.NewEphemeralClient(remote, launch.InsecurePrivateKey, nil)
if err != nil {
return fmt.Errorf("NewInitialClient: %w", err)
}
- cert, err := initClient.RetrieveOwnerCertificate(ctx)
+ aaa := apb.NewAAAClient(initClient)
+ cert, err := rpc.RetrieveOwnerCertificate(ctx, aaa, launch.InsecurePrivateKey)
if err != nil {
return fmt.Errorf("RetrieveOwnerCertificate: %w", err)
}