Commit b964aea0 authored by t.schirmer's avatar t.schirmer Committed by pfandzelter
Browse files

Alexandra Init

parent 1dfe5985
......@@ -5,5 +5,6 @@
!go.sum
!tests/3NodeTest/cmd
!tests/3NodeTest/pkg/
!tests/AlexandraTest/
!proto
!nase
\ No newline at end of file
......@@ -537,7 +537,7 @@ This is part of a TDD approach where tests can be defined first and the software
The "3 node test" starts a FReD deployment of three FReD nodes and runs a client against the FReD cluster that validates different functionalities.
It can be found in `./tests/3NodeTest`.
It uses Docker compose and can thus easily be started with `make test`.
It uses Docker compose and can thus easily be started with `make 3nodetest`.
The deployment comprises a single `etcd` Docker container as a NaSe, a simple trigger node, two FReD nodes that each comprise only a single machine (node _B_ and _C_) with a storage server, and a distributed FReD node _A_ that comprises three individual FReD machines behind a `haproxy` sharing a single storage server.
All machines are connected over a Docker network.
......
# building the binary
FROM golang:1.15-alpine as golang
LABEL maintainer="tp@mcc.tu-berlin.de"
WORKDIR /go/src/git.tu-berlin.de/mcc-fred/fred/
RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
COPY nase/tls/ca.crt /usr/local/share/ca-certificates/ca.crt
RUN update-ca-certificates
# Make an extra layer for the installed packages so that they dont have to be downloaded everytime
COPY go.mod .
COPY go.sum .
RUN go mod download
COPY pkg pkg
COPY cmd cmd
COPY proto proto
RUN CGO_ENABLED=0 go install ./cmd/alexandra/
# actual Docker image
FROM scratch
WORKDIR /
COPY --from=golang /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=golang /go/bin/alexandra alexandra
EXPOSE 443
EXPOSE 10000
ENV PATH=.
ENTRYPOINT ["alexandra"]
\ No newline at end of file
package main
import (
"flag"
"os"
"os/signal"
"syscall"
"git.tu-berlin.de/mcc-fred/fred/pkg/alexandra"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
)
type config struct {
lightHouse string
caCert string
alexandraCert string
alexandraKey string
nodesCert string
nodesKey string
loglevel string
logHandler string
isProxied bool
proxyHost string
address string
}
func parseArgs() (c config) {
flag.StringVar(&(c.lightHouse), "lighthouse", "", "ip of the first fred node to connect to")
flag.StringVar(&(c.caCert), "ca-cert", "", "certificate of the ca")
flag.StringVar(&(c.alexandraCert), "alexandra-cert", "", "Certificate to check clients")
flag.StringVar(&(c.alexandraKey), "alexandra-key", "", "key to show clients")
flag.StringVar(&(c.nodesCert), "clients-cert", "", "Certificate to check fred nodes")
flag.StringVar(&(c.nodesKey), "clients-key", "", "key to show fred nodes")
flag.StringVar(&(c.loglevel), "log-level", "debug", "Log level, can be \"debug\", \"info\" ,\"warn\", \"error\", \"fatal\", \"panic\".")
flag.StringVar(&(c.logHandler), "log-handler", "dev", "dev or prod")
flag.BoolVar(&(c.isProxied), "is-proxy", false, "Is this behind a proxy?")
flag.StringVar(&(c.proxyHost), "proxy-host", "", "Proxy host if this is proxied")
flag.StringVar(&(c.address), "address", "172.26.4.1:10000", "where to start the server")
flag.Parse()
return
}
func main() {
c := parseArgs()
log.Info().Msgf("%#v", c)
// Setup Logging as always
if c.logHandler == "dev" {
log.Logger = log.Output(
zerolog.ConsoleWriter{
Out: os.Stderr,
NoColor: false,
},
)
} else if c.logHandler != "prod" {
log.Fatal().Msg("Log Handler has to be either dev or prod")
}
switch c.loglevel {
case "debug":
zerolog.SetGlobalLevel(zerolog.DebugLevel)
case "info":
zerolog.SetGlobalLevel(zerolog.InfoLevel)
case "warn":
zerolog.SetGlobalLevel(zerolog.WarnLevel)
case "error":
zerolog.SetGlobalLevel(zerolog.ErrorLevel)
case "fatal":
zerolog.SetGlobalLevel(zerolog.FatalLevel)
case "panic":
zerolog.SetGlobalLevel(zerolog.PanicLevel)
default:
zerolog.SetGlobalLevel(zerolog.DebugLevel)
log.Info().Msg("No Loglevel specified, using 'debug'")
}
// Setup alexandra
server := alexandra.NewServer(c.address, c.caCert, c.alexandraCert, c.alexandraKey, c.nodesCert, c.nodesKey, c.lightHouse, c.isProxied, c.proxyHost)
// Quitting stuff
quit := make(chan os.Signal, 1)
signal.Notify(quit,
syscall.SIGINT,
syscall.SIGTERM,
syscall.SIGQUIT)
go func() {
<-quit
server.Stop()
}()
server.ServeBlocking()
}
......@@ -5,7 +5,9 @@ github.com/DataDog/zstd v1.4.1 h1:3oxKN3wbHibqx897utPC2LTQU4J+IHWWJO+glkAkpFM=
github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/allegro/bigcache v1.2.1 h1:hg1sY1raCwic3Vnsvje6TT7/pnZba83LeFck5NrFKSc=
github.com/allegro/bigcache v1.2.1/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM=
......@@ -319,8 +321,6 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
......
-----BEGIN CERTIFICATE-----
MIIDgzCCAmugAwIBAgIJAOB/wjlunWX3MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV
BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEMMAoGA1UE
CgwDTUNDMQ0wCwYDVQQLDARGUkVEMQ0wCwYDVQQDDARldGNkMB4XDTIxMDEyNjA5
NDM0OFoXDTI2MDEyNTA5NDM0OFowYDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJl
cmxpbjEPMA0GA1UEBwwGQmVybGluMQwwCgYDVQQKDANNQ0MxDTALBgNVBAsMBEZS
RUQxEjAQBgNVBAMMCWFsZXhhbmRyYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMQ9FI+YOOkjqH0dQzAtm1NX18Jq10XO9JDoY2amd6V+MxOZ7WPolTIm
qvP8HEl0p77MM/qcZT7iHc/2xHIUc05SYmFJkNCcL7/RcPJC6YViaGIjyQ6gbOrY
+ETWMB5JRhHBTD2zOpMy4cyBfSdNWi4CA4JKGj6JKEDyvKsTHOd99A/rgz2OHkDn
o9GyXS6RKsvbSXzvb6u0azCctoWDqT6kBdV5Pjbnw27UOAbdDdY0lX2xRMkwCXna
3HJrXDDKFvlkxuesbCL7GogTbVE1oJWB4tYaRbk6K3apDwlVKeQ2j0wnBaSKsCs0
SQ06ZzHrfnrG5mUyBAHE+G23J5f+1X0CAwEAAaNFMEMwCwYDVR0PBAQDAgQwMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAVBgNVHREEDjAMhwR/AAABhwSs
GgQBMA0GCSqGSIb3DQEBCwUAA4IBAQBvWhdOl3YgmPSBY2Shu1EZI/wDWADna1OL
XacnZA77dp9cJwlXIwab6sihIdCGXZpZk3iMbFWclIjaaw/n43TaauQRLSc6Kfeo
Inby8RaY9Rc1Q224G+wX0gRTpqwwQpEZItlv/LsFK1e39BVfO5DFT9BqfPqqnify
ujm903lGoRGZA1J3njNbQ+1IVaS8JbeW1Tk6NFGmjUmrIcYMMvo0gKwwjjtoB6sL
8YZab0DUEU+28evr7vxpJ0FHejz6jJe4RNS+wyI0IFtcFrUAzcMM9a8XYAPRzVcb
+3YO3VVNIwzFkoZKxV8CXuKN+L20Jn2s0NZZBAjUvlYk/LULvLIp
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAxD0Uj5g46SOofR1DMC2bU1fXwmrXRc70kOhjZqZ3pX4zE5nt
Y+iVMiaq8/wcSXSnvswz+pxlPuIdz/bEchRzTlJiYUmQ0Jwvv9Fw8kLphWJoYiPJ
DqBs6tj4RNYwHklGEcFMPbM6kzLhzIF9J01aLgIDgkoaPokoQPK8qxMc5330D+uD
PY4eQOej0bJdLpEqy9tJfO9vq7RrMJy2hYOpPqQF1Xk+NufDbtQ4Bt0N1jSVfbFE
yTAJedrccmtcMMoW+WTG56xsIvsaiBNtUTWglYHi1hpFuTordqkPCVUp5DaPTCcF
pIqwKzRJDTpnMet+esbmZTIEAcT4bbcnl/7VfQIDAQABAoIBAQCqYG2tjng60p7C
odlnxvEIl0fYoHJvRZPJDDrhML7IjJ1D82zMRW7jr/bVBpp4nDPXz+uBNrAgvKkt
mg5NDbxez+Bin0CAHlrGq8zoSXf+OsZuDqvNazOlYuOKwHvej7eqSq0rFKVSj+bD
a9mBegNF1rG9OSE4ElVErntn/Jwnzwg57E/RIfbjc0Ar14JKCpb9yTAWNyjfS1oS
z487KBRrd7ynMsptR+2FUHH11oxZbO2KehLeFJN9cWuLkC5kQ9pOqFUnJ0Zpo/7m
cYDTl8vgHatSu39GPrWcrSIJkDSIMBtl5NwJKse7fuXjzixEbp60uF1idK0f8WkV
YTDNaloBAoGBAPcx+aeybqxu66+nvRP/wFq2nLOx65aIEuF5ciaqn3KYCOl/9Vvs
9qEmt7bKL2ymEX9B6A456rvNKEiyiZ5yOkWGPESstvzMtz4Xn5f0RqYUoxC8u6hf
guv5W0RovLiwHFBKKJHBtx9VKe0ZYDaZmGBvZz7tx3/5yfk8WkiFCmOdAoGBAMs6
dlcCxgCCDVuqb74LieJPzeH5jq1cVkCj2UM7VnUCuq0Mbxc3V0mP+v+m7V0EeMpv
XZsoyII7tidsnQD6LI5UY+8X5k+RrbtjAd1wQklh5DjgDlv6uLA44wrKaMKU9Oxb
4p8WI8WlQhaLwqZsncCuf3sAoUfrjXcy5nZy4UNhAoGAFHZVlTUnBi0UY3D+LNah
5KBzLkjPGKHg9jsoYN0E3+aH7lRCSj6+V66tzHrGHDdPAXrCK9NNhAhCimoFDFGm
UzT+bizh5OFJVeF8u4ZkBsF0kiEdY52sZ743eN02qg8h+N96pj4j23sgQlk0ZrCm
NW1jXYkvV3+k4XXGf3RL3N0CgYEAqItDucXDEIjLK0qega5wHBCzXsXpXj1GCzXX
6bo8aa5pwzqcp1RuP8P5Fi0Kjio3Qyw5JYUdRWTgHLInQ7g3W5MBjjjz+OmIe/AQ
i+WeE93ruH+ZaQ72PK/xG/HiD/4ZYiySNf3WjQQRW0FtnThXXIVblFdhapQgLss3
9uQvjgECgYEAmQK0uBOdnBZ/YYcRtgo92AoxUsBbY0mKZdOnpLjGBt7BxKlsm7Xf
Y3SDygyJaw5bUMJSHNzy32IOYnQ8e9Jy9srFJsHLgYFnsSxPfMFMAl2mh8Waoydh
Ezz54FYf6twX/lhLEI8S/qDUT6SeXVhR+RZDV38Rl02KV/Ts3FS9MUM=
-----END RSA PRIVATE KEY-----
E07FC2396E9D65F3
E07FC2396E9D65F7
package alexandra
import (
"crypto/tls"
alexandraProto "git.tu-berlin.de/mcc-fred/fred/proto/middleware"
"github.com/rs/zerolog/log"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
)
type ClientsMgr struct {
clients map[string]*Client
clientsCert, clientsKey string
}
type Client struct {
client alexandraProto.ClientClient
conn *grpc.ClientConn
}
func newClientsManager(clientsCert, clientsKey string) *ClientsMgr {
return &ClientsMgr{
clients: make(map[string]*Client),
clientsCert: clientsCert,
clientsKey: clientsKey,
}
}
func (m *ClientsMgr) GetClientTo(host string) (client *Client) {
client = m.clients[host]
if client != nil {
return
}
client = newClient(host, m.clientsCert, m.clientsKey)
m.clients[host] = client
return
}
func newClient(host, certFile, keyFile string) *Client {
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
log.Fatal().Err(err).Str("certFile", certFile).Str("keyFile", keyFile).Msg("Cannot load certificates for new FredClient")
return nil
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
}
tc := credentials.NewTLS(tlsConfig)
conn, err := grpc.Dial(host, grpc.WithTransportCredentials(tc))
if err != nil {
log.Fatal().Err(err).Msgf("Cannot create Grpc connection to client %s", host)
return &Client{client: alexandraProto.NewClientClient(conn)}
}
log.Info().Msgf("Creating a connection to fred node: %s", host)
return &Client{client: alexandraProto.NewClientClient(conn), conn: conn}
}
package alexandra
import (
"context"
alexandraProto "git.tu-berlin.de/mcc-fred/fred/proto/middleware"
)
func (s *Server) Read(ctx context.Context, request *alexandraProto.ReadRequest) (*alexandraProto.ReadResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.Read(ctx, request)
}
func (s *Server) Update(ctx context.Context, request *alexandraProto.UpdateRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.Update(ctx, request)
}
func (s *Server) Delete(ctx context.Context, request *alexandraProto.DeleteRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.Delete(ctx, request)
}
func (s *Server) Append(ctx context.Context, request *alexandraProto.AppendRequest) (*alexandraProto.AppendResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.Append(ctx, request)
}
package alexandra
import (
"context"
alexandraProto "git.tu-berlin.de/mcc-fred/fred/proto/middleware"
)
func (s *Server) CreateKeygroup(ctx context.Context, request *alexandraProto.CreateKeygroupRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.CreateKeygroup(ctx, request)
}
func (s *Server) DeleteKeygroup(ctx context.Context, request *alexandraProto.DeleteKeygroupRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.DeleteKeygroup(ctx, request)
}
package alexandra
import (
"context"
alexandraProto "git.tu-berlin.de/mcc-fred/fred/proto/middleware"
)
func (s *Server) AddReplica(ctx context.Context, request *alexandraProto.AddReplicaRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.AddReplica(ctx, request)
}
func (s *Server) RemoveReplica(ctx context.Context, request *alexandraProto.RemoveReplicaRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.RemoveReplica(ctx, request)
}
func (s *Server) GetReplica(ctx context.Context, request *alexandraProto.GetReplicaRequest) (*alexandraProto.GetReplicaResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.GetReplica(ctx, request)
}
func (s *Server) GetAllReplica(ctx context.Context, request *alexandraProto.GetAllReplicaRequest) (*alexandraProto.GetAllReplicaResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.GetAllReplica(ctx, request)
}
func (s *Server) GetKeygroupReplica(ctx context.Context, request *alexandraProto.GetKeygroupReplicaRequest) (*alexandraProto.GetKeygroupReplicaResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.GetKeygroupReplica(ctx, request)
}
package alexandra
import (
"context"
"crypto/tls"
"crypto/x509"
"io/ioutil"
"net"
"time"
alexandraProto "git.tu-berlin.de/mcc-fred/fred/proto/middleware"
"github.com/go-errors/errors"
"github.com/rs/zerolog/log"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/peer"
)
// Server listens to GRPC requests from clients (and sends them to the relevant Fred Node etc.)
// The implementation is split up into different files in this folder.
type Server struct {
roots *x509.CertPool
isProxied bool
proxyHost string
clientsMgr *ClientsMgr
lighthouse string
lis net.Listener
*grpc.Server
}
// NewServer creates a new Server for requests from Fred Clients
func NewServer(host string, caCert string, serverCert string, serverKey string, nodesCert string, nodesKey string, lighthouse string, isProxied bool, proxyHost string) *Server {
// Load server's certificate and private key
loadedServerCert, err := tls.LoadX509KeyPair(serverCert, serverKey)
if err != nil {
log.Fatal().Msgf("could not load key pair: %v", err)
return nil
}
// Create a new cert pool and add our own CA certificate
rootCAs := x509.NewCertPool()
loaded, err := ioutil.ReadFile(caCert)
if err != nil {
log.Fatal().Msgf("unexpected missing certfile: %v", err)
}
rootCAs.AppendCertsFromPEM(loaded)
// Create the credentials and return it
config := &tls.Config{
Certificates: []tls.Certificate{loadedServerCert},
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: rootCAs,
MinVersion: tls.VersionTLS12,
}
lis, err := net.Listen("tcp", host)
if err != nil {
log.Fatal().Err(err).Msg("Failed to listen")
return nil
}
s := &Server{
rootCAs,
isProxied,
proxyHost,
newClientsManager(nodesCert, nodesKey),
lighthouse,
lis,
grpc.NewServer(
grpc.Creds(credentials.NewTLS(config)),
),
}
alexandraProto.RegisterClientServer(s.Server, s)
log.Debug().Msgf("Alexandra Server is listening on %s", host)
return s
}
func (s *Server) ServeBlocking() {
log.Fatal().Err(s.Server.Serve(s.lis)).Msg("Alexandra Server")
}
// CheckCert checks the certificate from the given gRPC context for validity and returns the Common Name
func (s *Server) CheckCert(ctx context.Context) (name string, err error) {
// get peer information
p, ok := peer.FromContext(ctx)
if !ok {
return name, errors.Errorf("no peer found")
}
// get TLS credential information for this connection
tlsAuth, ok := p.AuthInfo.(credentials.TLSInfo)
if !ok {
return name, errors.Errorf("unexpected peer transport credentials")
}
// check that the certificate exists
if len(tlsAuth.State.VerifiedChains) == 0 || len(tlsAuth.State.VerifiedChains[0]) == 0 {
return name, errors.Errorf("could not verify peer certificate: %v", tlsAuth.State)
}
host, _, err := net.SplitHostPort(p.Addr.String())
if err != nil {
return name, errors.New(err)
}
// verify the certificate:
// IF we are not proxied and communicate with the client directly:
// 1) it should be issued by a CA in our root CA pool
// 2) any intermediates are valid for us
// 3) the certificate should be valid for client authentication
// 4) the certificate should have the clients address as a SAN
if !s.isProxied {
_, err = tlsAuth.State.VerifiedChains[0][0].Verify(x509.VerifyOptions{
Roots: s.roots,
CurrentTime: time.Now(),
Intermediates: x509.NewCertPool(),
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
DNSName: host,
})
if err != nil {
return name, errors.New(err)
}
} else {
// ELSE we sit behind a proxy and the proxy should be the one tunneling the gRPC connection to us
// hence if we can ensure that it is indeed the proxy that is talking to us and not someone who has found
// their way into the network, we can be sure that the proxy/LB has checked the certificate
_, err = tlsAuth.State.VerifiedChains[0][0].Verify(x509.VerifyOptions{
Roots: s.roots,
CurrentTime: time.Now(),
Intermediates: x509.NewCertPool(),
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
})
if err != nil {
return name, errors.New(err)
}
}
// Check subject common name exists and return it as the user name for that client
if name = tlsAuth.State.VerifiedChains[0][0].Subject.CommonName; name == "" {
return name, errors.Errorf("invalid subject common name")
}
log.Debug().Msgf("CheckCert: GRPC Context Certificate Name: %s", name)
return name, nil
}
package alexandra
import (
"context"
alexandraProto "git.tu-berlin.de/mcc-fred/fred/proto/middleware"
)
func (s *Server) GetKeygroupTriggers(ctx context.Context, request *alexandraProto.GetKeygroupTriggerRequest) (*alexandraProto.GetKeygroupTriggerResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.GetKeygroupTriggers(ctx, request)
}
func (s *Server) AddTrigger(ctx context.Context, request *alexandraProto.AddTriggerRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.AddTrigger(ctx, request)
}
func (s *Server) RemoveTrigger(ctx context.Context, request *alexandraProto.RemoveTriggerRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.RemoveTrigger(ctx, request)
}
package alexandra
import (
"context"
alexandraProto "git.tu-berlin.de/mcc-fred/fred/proto/middleware"
)
// the roles map the internal grpc representation of rbac roles to the representation within fred
//var (
// roles = map[alexandraProto.UserRole]fred.Role{
// alexandraProto.UserRole_ReadKeygroup: fred.ReadKeygroup,
// alexandraProto.UserRole_WriteKeygroup: fred.WriteKeygroup,
// alexandraProto.UserRole_ConfigureReplica: fred.ConfigureReplica,
// alexandraProto.UserRole_ConfigureTrigger: fred.ConfigureTrigger,
// alexandraProto.UserRole_ConfigureKeygroups: fred.ConfigureKeygroups,
// }
//)
func (s *Server) AddUser(ctx context.Context, request *alexandraProto.UserRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.AddUser(ctx, request)
}
func (s *Server) RemoveUser(ctx context.Context, request *alexandraProto.UserRequest) (*alexandraProto.StatusResponse, error) {
return s.clientsMgr.GetClientTo(s.lighthouse).client.RemoveUser(ctx, request)
}
......@@ -26,9 +26,9 @@ type Server struct {
*grpc.Server
}
// the roles map the internal grpc representation of rbac roles to the representation within fred
// the Roles map the internal grpc representation of rbac Roles to the representation within fred
var (
roles = map[client.UserRole]fred.Role{
Roles = map[client.UserRole]fred.Role{
client.UserRole_ReadKeygroup: fred.ReadKeygroup,
client.UserRole_WriteKeygroup: fred.WriteKeygroup,
client.UserRole_ConfigureReplica: fred.ConfigureReplica,
......@@ -37,8 +37,8 @@ var (
}
)
// checkCert checks the certificate from the given gRPC context for validity and returns the Common Name
func (s *Server) checkCert(ctx context.Context) (name string, err error) {
// CheckCert checks the certificate from the given gRPC context for validity and returns the Common Name
func (s *Server) CheckCert(ctx context.Context) (name string, err error) {
// get peer information
p, ok := peer.FromContext(ctx)
......@@ -103,7 +103,7 @@ func (s *Server) checkCert(ctx context.Context) (name string, err error) {
return name, errors.Errorf("invalid subject common name")
}
log.Debug().Msgf("checkCert: GRPC Context Certificate Name: %s", name)
log.Debug().Msgf("CheckCert: GRPC Context Certificate Name: %s", name)
return name, nil
}
......@@ -186,7 +186,7 @@ func (s *Server) CreateKeygroup(ctx context.Context, request *client.CreateKeygr
log.Info().Msgf("ExtServer has rcvd CreateKeygroup. In: %#v", request)
user, err := s.checkCert(ctx)
user, err := s.CheckCert(ctx)
if err != nil {
return statusResponseFromError(err)
......@@ -202,7 +202,7 @@ func (s *Server) DeleteKeygroup(ctx context.Context, request *client.DeleteKeygr
log.Info().Msgf("ExtServer has rcvd DeleteKeygroup. In: %#v", request)
user, err := s.checkCert(ctx)
user, err := s.CheckCert(ctx)