Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / d5f851bb477638436826adec756fe562db526865 / . / metropolis / cli / metroctl / rpc.go
blob: 06008e30dc6028f6d203e1cd8e3902e0d0f1e3cc [file] [log] [blame]
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]1package main
2
3import (
4 "context"
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]5 "crypto/tls"
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]6 "crypto/x509"
Tim Windelschmidtd5f851b2024-04-23 14:59:37 +0200[diff] [blame^]7 "errors"
Mateusz Zalegab2cac082022-07-14 14:55:43 +0200[diff] [blame]8 "log"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]9
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]10 "google.golang.org/grpc"
11
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]12 "source.monogon.dev/metropolis/cli/metroctl/core"
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]13 "source.monogon.dev/metropolis/node/core/rpc"
14 "source.monogon.dev/metropolis/node/core/rpc/resolver"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]15)
16
Mateusz Zalegadb75e212022-08-04 17:31:34 +0200[diff] [blame]17func dialAuthenticated(ctx context.Context) *grpc.ClientConn {
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]18 // Collect credentials, validate command parameters, and try dialing the
19 // cluster.
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]20 ocert, opkey, err := core.GetOwnerCredentials(flags.configPath)
Tim Windelschmidtd5f851b2024-04-23 14:59:37 +0200[diff] [blame^]21 if errors.Is(err, core.NoCredentialsError) {
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]22 log.Fatalf("You have to take ownership of the cluster first: %v", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]23 }
Mateusz Zalegadb75e212022-08-04 17:31:34 +0200[diff] [blame]24 if len(flags.clusterEndpoints) == 0 {
25 log.Fatal("Please provide at least one cluster endpoint using the --endpoint parameter.")
26 }
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]27
28 ca, err := core.GetClusterCAWithTOFU(ctx, connectOptions())
29 if err != nil {
30 log.Fatalf("Failed to get cluster CA: %v", err)
31 }
32
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]33 tlsc := tls.Certificate{
34 Certificate: [][]byte{ocert.Raw},
35 PrivateKey: opkey,
36 }
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]37 creds := rpc.NewAuthenticatedCredentials(tlsc, rpc.WantRemoteCluster(ca))
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]38 opts, err := core.DialOpts(ctx, connectOptions())
39 if err != nil {
40 log.Fatalf("While configuring dial options: %v", err)
41 }
42 opts = append(opts, grpc.WithTransportCredentials(creds))
43
44 cc, err := grpc.Dial(resolver.MetropolisControlAddress, opts...)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]45 if err != nil {
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]46 log.Fatalf("While dialing cluster: %v", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]47 }
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]48 return cc
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]49}
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]50
51func dialAuthenticatedNode(ctx context.Context, id, address string, cacert *x509.Certificate) *grpc.ClientConn {
52 // Collect credentials, validate command parameters, and try dialing the
53 // cluster.
54 ocert, opkey, err := core.GetOwnerCredentials(flags.configPath)
Tim Windelschmidtd5f851b2024-04-23 14:59:37 +0200[diff] [blame^]55 if errors.Is(err, core.NoCredentialsError) {
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]56 log.Fatalf("You have to take ownership of the cluster first: %v", err)
57 }
58 cc, err := core.DialNode(ctx, opkey, ocert, cacert, flags.proxyAddr, id, address)
59 if err != nil {
60 log.Fatalf("While dialing node: %v", err)
61 }
62 return cc
63}