| Serge Bazanski | fe3d8fd | 2023-05-30 20:50:09 +0200 | [diff] [blame] | 1 | package roleserve |
| 2 | |
| 3 | import ( |
| 4 | "crypto/ed25519" |
| 5 | |
| 6 | "google.golang.org/grpc" |
| 7 | |
| 8 | "source.monogon.dev/metropolis/node/core/consensus" |
| 9 | "source.monogon.dev/metropolis/node/core/curator" |
| 10 | "source.monogon.dev/metropolis/node/core/identity" |
| 11 | "source.monogon.dev/metropolis/node/core/rpc" |
| 12 | "source.monogon.dev/metropolis/node/core/rpc/resolver" |
| 13 | "source.monogon.dev/metropolis/node/kubernetes" |
| 14 | |
| 15 | cpb "source.monogon.dev/metropolis/proto/common" |
| 16 | ) |
| 17 | |
| 18 | // bootstrapData is an internal EventValue structure which is populated by the |
| 19 | // Cluster Enrolment logic via ProvideBootstrapData. It contains data needed by |
| 20 | // the control plane logic to go into bootstrap mode and bring up a control |
| 21 | // plane from scratch. |
| 22 | type bootstrapData struct { |
| 23 | nodePrivateKey ed25519.PrivateKey |
| 24 | clusterUnlockKey []byte |
| 25 | nodeUnlockKey []byte |
| 26 | initialOwnerKey []byte |
| 27 | nodePrivateJoinKey ed25519.PrivateKey |
| 28 | initialClusterConfiguration *curator.Cluster |
| 29 | nodeTPMUsage cpb.NodeTPMUsage |
| 30 | } |
| 31 | |
| 32 | // localControlPlane is an internal EventValue structure which carries |
| 33 | // information about whether the node has a locally running consensus and curator |
| 34 | // service. When it does, the structure pointer inside the EventValue will be |
| 35 | // non-nil and its consensus and curator members will also be non-nil. If it |
| 36 | // doesn't, either the pointer inside the EventValue will be nil, or will carry |
| 37 | // nil pointers. Because of this, it is recommended to use the exists() method to |
| 38 | // check for consensus/curator presence. |
| 39 | type localControlPlane struct { |
| 40 | consensus *consensus.Service |
| 41 | curator *curator.Service |
| 42 | } |
| 43 | |
| 44 | func (l *localControlPlane) exists() bool { |
| 45 | if l == nil { |
| 46 | return false |
| 47 | } |
| 48 | if l.consensus == nil || l.curator == nil { |
| 49 | return false |
| 50 | } |
| 51 | return true |
| 52 | } |
| 53 | |
| 54 | // CuratorConnection carries information about the node having successfully |
| 55 | // established connectivity to its cluster's control plane. |
| 56 | // |
| 57 | // It carries inside it a single gRPC client connection which is built using the |
| 58 | // main roleserver resolver. This connection will automatically use any available |
| 59 | // curator, whether running locally or remotely. |
| 60 | // |
| 61 | // This structure should also be used by roleserver runnables that simply wish to |
| 62 | // access the node's credentials. |
| 63 | type curatorConnection struct { |
| 64 | credentials *identity.NodeCredentials |
| 65 | resolver *resolver.Resolver |
| 66 | conn *grpc.ClientConn |
| 67 | } |
| 68 | |
| 69 | func newCuratorConnection(creds *identity.NodeCredentials, res *resolver.Resolver) *curatorConnection { |
| 70 | c := rpc.NewAuthenticatedCredentials(creds.TLSCredentials(), rpc.WantRemoteCluster(creds.ClusterCA())) |
| 71 | conn, err := grpc.Dial(resolver.MetropolisControlAddress, grpc.WithTransportCredentials(c), grpc.WithResolvers(res)) |
| 72 | if err != nil { |
| 73 | // TOOD(q3k): triple check that Dial will not fail |
| 74 | panic(err) |
| 75 | } |
| 76 | return &curatorConnection{ |
| 77 | credentials: creds, |
| 78 | resolver: res, |
| 79 | conn: conn, |
| 80 | } |
| 81 | } |
| 82 | |
| 83 | func (c *curatorConnection) nodeID() string { |
| 84 | return identity.NodeID(c.credentials.PublicKey()) |
| 85 | } |
| 86 | |
| 87 | // KubernetesStatus is an Event Value structure populated by a running |
| 88 | // Kubernetes instance. It allows external services to access the Kubernetes |
| 89 | // Service whenever available (ie. enabled and started by the Role Server). |
| 90 | type KubernetesStatus struct { |
| 91 | Controller *kubernetes.Controller |
| 92 | } |