Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 0b4fb8c4987b6ce0c8d33d9b643e0bcee5bfabe5 / . / metropolis / cli / metroctl / rpc.go
blob: cfe1b411ccc71135624e3b88d75e613be54674c9 [file] [log] [blame]
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]1package main
2
3import (
4 "context"
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]5 "crypto/tls"
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]6 "crypto/x509"
Tim Windelschmidtd5f851b2024-04-23 14:59:37 +0200[diff] [blame]7 "errors"
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]8 "fmt"
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]9 "net"
10 "net/http"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]11
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]12 "golang.org/x/net/proxy"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]13 "google.golang.org/grpc"
14
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]15 "source.monogon.dev/metropolis/cli/metroctl/core"
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]16 "source.monogon.dev/metropolis/node/core/rpc"
17 "source.monogon.dev/metropolis/node/core/rpc/resolver"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]18)
19
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]20func dialAuthenticated(ctx context.Context) (*grpc.ClientConn, error) {
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]21 // Collect credentials, validate command parameters, and try dialing the
22 // cluster.
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]23 ocert, opkey, err := core.GetOwnerCredentials(flags.configPath)
Tim Windelschmidt513df182024-04-18 23:44:50 +0200[diff] [blame]24 if errors.Is(err, core.ErrNoCredentials) {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]25 return nil, fmt.Errorf("you have to take ownership of the cluster first: %w", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]26 }
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]27 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]28 return nil, fmt.Errorf("failed to get owner credentials: %w", err)
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]29 }
Mateusz Zalegadb75e212022-08-04 17:31:34 +0200[diff] [blame]30 if len(flags.clusterEndpoints) == 0 {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]31 return nil, fmt.Errorf("please provide at least one cluster endpoint using the --endpoint parameter")
Mateusz Zalegadb75e212022-08-04 17:31:34 +0200[diff] [blame]32 }
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]33
34 ca, err := core.GetClusterCAWithTOFU(ctx, connectOptions())
35 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]36 return nil, fmt.Errorf("failed to get cluster CA: %w", err)
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]37 }
38
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]39 tlsc := tls.Certificate{
40 Certificate: [][]byte{ocert.Raw},
41 PrivateKey: opkey,
42 }
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]43 creds := rpc.NewAuthenticatedCredentials(tlsc, rpc.WantRemoteCluster(ca))
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]44 opts, err := core.DialOpts(ctx, connectOptions())
45 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]46 return nil, fmt.Errorf("while configuring dial options: %w", err)
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]47 }
48 opts = append(opts, grpc.WithTransportCredentials(creds))
49
50 cc, err := grpc.Dial(resolver.MetropolisControlAddress, opts...)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]51 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]52 return nil, fmt.Errorf("while dialing cluster: %w", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]53 }
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]54 return cc, nil
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]55}
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]56
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]57func dialAuthenticatedNode(ctx context.Context, id, address string, cacert *x509.Certificate) (*grpc.ClientConn, error) {
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]58 // Collect credentials, validate command parameters, and try dialing the
59 // cluster.
60 ocert, opkey, err := core.GetOwnerCredentials(flags.configPath)
Tim Windelschmidt513df182024-04-18 23:44:50 +0200[diff] [blame]61 if errors.Is(err, core.ErrNoCredentials) {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]62 return nil, fmt.Errorf("you have to take ownership of the cluster first: %w", err)
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]63 }
64 cc, err := core.DialNode(ctx, opkey, ocert, cacert, flags.proxyAddr, id, address)
65 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]66 return nil, fmt.Errorf("while dialing node: %w", err)
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]67 }
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]68 return cc, nil
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]69}
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]70
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]71func newAuthenticatedNodeHTTPTransport(ctx context.Context, id string) (*http.Transport, error) {
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]72 cacert, err := core.GetClusterCAWithTOFU(ctx, connectOptions())
73 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]74 return nil, fmt.Errorf("could not get CA certificate: %w", err)
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]75 }
76 ocert, opkey, err := core.GetOwnerCredentials(flags.configPath)
77 if errors.Is(err, core.ErrNoCredentials) {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]78 return nil, fmt.Errorf("you have to take ownership of the cluster first: %w", err)
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]79 }
80 tlsc := tls.Certificate{
81 Certificate: [][]byte{ocert.Raw},
82 PrivateKey: opkey,
83 }
84 tlsconf := rpc.NewAuthenticatedTLSConfig(tlsc, rpc.WantRemoteCluster(cacert), rpc.WantRemoteNode(id))
85 transport := &http.Transport{
86 TLSClientConfig: tlsconf,
87 }
88 if flags.proxyAddr != "" {
89 dialer, err := proxy.SOCKS5("tcp", flags.proxyAddr, nil, proxy.Direct)
90 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]91 return nil, fmt.Errorf("failed to create proxy dialer: %w", err)
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]92 }
93 transport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
94 // TODO(q3k): handle context
95 return dialer.Dial(network, addr)
96 }
97 }
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame^]98 return transport, nil
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]99}