Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / ffd8c7bb37da9b72eb66a0555e319ca2290ea761 / . / metropolis / cli / metroctl / rpc.go
blob: ec3a4e4d482fd09db90e5f5153779a04bbcbde86 [file] [log] [blame]
Tim Windelschmidt6d33a432025-02-04 14:34:25 +0100[diff] [blame]1// Copyright The Monogon Project Authors.
2// SPDX-License-Identifier: Apache-2.0
3
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]4package main
5
6import (
7 "context"
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]8 "crypto/tls"
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]9 "crypto/x509"
Tim Windelschmidtd5f851b2024-04-23 14:59:37 +0200[diff] [blame]10 "errors"
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]11 "fmt"
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]12 "net"
13 "net/http"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]14
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]15 "golang.org/x/net/proxy"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]16 "google.golang.org/grpc"
17
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]18 "source.monogon.dev/metropolis/cli/metroctl/core"
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]19 "source.monogon.dev/metropolis/node/core/rpc"
20 "source.monogon.dev/metropolis/node/core/rpc/resolver"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]21)
22
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]23func dialAuthenticated(ctx context.Context) (*grpc.ClientConn, error) {
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]24 // Collect credentials, validate command parameters, and try dialing the
25 // cluster.
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]26 ocert, opkey, err := core.GetOwnerCredentials(flags.configPath)
Tim Windelschmidt513df182024-04-18 23:44:50 +0200[diff] [blame]27 if errors.Is(err, core.ErrNoCredentials) {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]28 return nil, fmt.Errorf("you have to take ownership of the cluster first: %w", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]29 }
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]30 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]31 return nil, fmt.Errorf("failed to get owner credentials: %w", err)
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]32 }
Mateusz Zalegadb75e212022-08-04 17:31:34 +0200[diff] [blame]33 if len(flags.clusterEndpoints) == 0 {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]34 return nil, fmt.Errorf("please provide at least one cluster endpoint using the --endpoint parameter")
Mateusz Zalegadb75e212022-08-04 17:31:34 +0200[diff] [blame]35 }
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]36
37 ca, err := core.GetClusterCAWithTOFU(ctx, connectOptions())
38 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]39 return nil, fmt.Errorf("failed to get cluster CA: %w", err)
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]40 }
41
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]42 tlsc := tls.Certificate{
43 Certificate: [][]byte{ocert.Raw},
44 PrivateKey: opkey,
45 }
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]46 creds := rpc.NewAuthenticatedCredentials(tlsc, rpc.WantRemoteCluster(ca))
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]47 opts, err := core.DialOpts(ctx, connectOptions())
48 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]49 return nil, fmt.Errorf("while configuring dial options: %w", err)
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]50 }
51 opts = append(opts, grpc.WithTransportCredentials(creds))
52
53 cc, err := grpc.Dial(resolver.MetropolisControlAddress, opts...)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]54 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]55 return nil, fmt.Errorf("while dialing cluster: %w", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]56 }
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]57 return cc, nil
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]58}
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]59
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]60func dialAuthenticatedNode(ctx context.Context, id, address string, cacert *x509.Certificate) (*grpc.ClientConn, error) {
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]61 // Collect credentials, validate command parameters, and try dialing the
62 // cluster.
63 ocert, opkey, err := core.GetOwnerCredentials(flags.configPath)
Tim Windelschmidt513df182024-04-18 23:44:50 +0200[diff] [blame]64 if errors.Is(err, core.ErrNoCredentials) {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]65 return nil, fmt.Errorf("you have to take ownership of the cluster first: %w", err)
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]66 }
67 cc, err := core.DialNode(ctx, opkey, ocert, cacert, flags.proxyAddr, id, address)
68 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]69 return nil, fmt.Errorf("while dialing node: %w", err)
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]70 }
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]71 return cc, nil
Serge Bazanskib91938f2023-03-29 14:31:22 +0200[diff] [blame]72}
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]73
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]74func newAuthenticatedNodeHTTPTransport(ctx context.Context, id string) (*http.Transport, error) {
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]75 cacert, err := core.GetClusterCAWithTOFU(ctx, connectOptions())
76 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]77 return nil, fmt.Errorf("could not get CA certificate: %w", err)
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]78 }
79 ocert, opkey, err := core.GetOwnerCredentials(flags.configPath)
80 if errors.Is(err, core.ErrNoCredentials) {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]81 return nil, fmt.Errorf("you have to take ownership of the cluster first: %w", err)
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]82 }
83 tlsc := tls.Certificate{
84 Certificate: [][]byte{ocert.Raw},
85 PrivateKey: opkey,
86 }
87 tlsconf := rpc.NewAuthenticatedTLSConfig(tlsc, rpc.WantRemoteCluster(cacert), rpc.WantRemoteNode(id))
88 transport := &http.Transport{
89 TLSClientConfig: tlsconf,
90 }
91 if flags.proxyAddr != "" {
92 dialer, err := proxy.SOCKS5("tcp", flags.proxyAddr, nil, proxy.Direct)
93 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]94 return nil, fmt.Errorf("failed to create proxy dialer: %w", err)
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]95 }
96 transport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
97 // TODO(q3k): handle context
98 return dialer.Dial(network, addr)
99 }
100 }
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]101 return transport, nil
Serge Bazanskia3e38cf2024-07-31 14:40:04 +0000[diff] [blame]102}