constellation/internal/cloud/qemu/qemu.go

/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

/*
This package provides an interface to fake a CSP API for QEMU instances.
*/
package qemu

import (
	"context"
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"net/url"
	"strconv"

	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
	"github.com/edgelesssys/constellation/v2/internal/constants"
)

const qemuMetadataEndpoint = "10.42.0.1:8080"

// Cloud provides an interface to fake a CSP API for QEMU instances.
type Cloud struct{}

// New returns a new Cloud instance.
func New() *Cloud {
	return &Cloud{}
}

// List retrieves all instances belonging to the current constellation.
func (c *Cloud) List(ctx context.Context) ([]metadata.InstanceMetadata, error) {
	instancesRaw, err := c.retrieveMetadata(ctx, "/peers")
	if err != nil {
		return nil, err
	}

	var instances []metadata.InstanceMetadata
	err = json.Unmarshal(instancesRaw, &instances)
	return instances, err
}

// Self retrieves the current instance.
func (c *Cloud) Self(ctx context.Context) (metadata.InstanceMetadata, error) {
	instanceRaw, err := c.retrieveMetadata(ctx, "/self")
	if err != nil {
		return metadata.InstanceMetadata{}, err
	}

	var instance metadata.InstanceMetadata
	err = json.Unmarshal(instanceRaw, &instance)
	return instance, err
}

// GetLoadBalancerEndpoint returns the endpoint of the load balancer.
// For QEMU, the load balancer is the first control plane node returned by the metadata API.
func (c *Cloud) GetLoadBalancerEndpoint(ctx context.Context) (host, port string, err error) {
	host, err = c.getLoadBalancerHost(ctx)
	if err != nil {
		return "", "", fmt.Errorf("getting load balancer host: %w", err)
	}
	return host, strconv.FormatInt(constants.KubernetesPort, 10), nil
}

func (c *Cloud) getLoadBalancerHost(ctx context.Context) (string, error) {
	endpointRaw, err := c.retrieveMetadata(ctx, "/endpoint")
	if err != nil {
		return "", err
	}
	var endpoint string
	err = json.Unmarshal(endpointRaw, &endpoint)
	return endpoint, err
}

// InitSecretHash returns the hash of the init secret.
func (c *Cloud) InitSecretHash(ctx context.Context) ([]byte, error) {
	initSecretHash, err := c.retrieveMetadata(ctx, "/initsecrethash")
	if err != nil {
		return nil, fmt.Errorf("could not retrieve init secret hash: %w", err)
	}
	return initSecretHash, nil
}

// UID returns the UID of the constellation.
func (c *Cloud) UID(_ context.Context) (string, error) {
	// We expect only one constellation to be deployed in the same QEMU / libvirt environment.
	// the UID can be an empty string.
	return "", nil
}

func (c *Cloud) retrieveMetadata(ctx context.Context, uri string) ([]byte, error) {
	url := &url.URL{
		Scheme: "http",
		Host:   qemuMetadataEndpoint,
		Path:   uri,
	}

	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url.String(), nil)
	if err != nil {
		return nil, err
	}
	res, err := (&http.Client{}).Do(req)
	if err != nil {
		return nil, err
	}
	defer res.Body.Close()

	return io.ReadAll(res.Body)
}
add license headers sed -i '1i/\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w . 2022-09-05 03:06:08 -04:00			`/*`
			`Copyright (c) Edgeless Systems GmbH`

			`SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

dev-docs: Go package docs (#958) * Remove unused package * Add Go package docs to most packages Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Fabian Kammel <fk@edgeless.systems> Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Fabian Kammel <fk@edgeless.systems> 2023-01-19 09:57:50 -05:00			`/*`
			`This package provides an interface to fake a CSP API for QEMU instances.`
			`*/`
Add qemu CSP for Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-21 10:28:37 -04:00			`package qemu`

			`import (`
			`"context"`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`"encoding/json"`
initserver: add client verification 2022-11-26 13:44:34 -05:00			`"fmt"`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`"io"`
			`"net/http"`
			`"net/url"`
bootstrapper: add fallback endpoint and custom endpoint to SAN field (#2108) terraform: collect apiserver cert SANs and support custom endpoint constants: add new constants for cluster configuration and custom endpoint cloud: support apiserver cert sans and prepare for endpoint migration on AWS config: add customEndpoint field bootstrapper: use per-CSP apiserver cert SANs cli: route customEndpoint to terraform and add migration for apiserver cert SANs bootstrapper: change interface of GetLoadBalancerEndpoint to return host and port separately 2023-07-21 10:43:51 -04:00			`"strconv"`
Add qemu CSP for Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-21 10:28:37 -04:00
Upgrade go module to v2 2022-09-21 07:47:57 -04:00			`"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"`
bootstrapper: add fallback endpoint and custom endpoint to SAN field (#2108) terraform: collect apiserver cert SANs and support custom endpoint constants: add new constants for cluster configuration and custom endpoint cloud: support apiserver cert sans and prepare for endpoint migration on AWS config: add customEndpoint field bootstrapper: use per-CSP apiserver cert SANs cli: route customEndpoint to terraform and add migration for apiserver cert SANs bootstrapper: change interface of GetLoadBalancerEndpoint to return host and port separately 2023-07-21 10:43:51 -04:00			`"github.com/edgelesssys/constellation/v2/internal/constants"`
Add qemu CSP for Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-21 10:28:37 -04:00			`)`

AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`const qemuMetadataEndpoint = "10.42.0.1:8080"`

AB#2525 clean up unused code (#504) * Rename Metadata->Cloud * Remove unused methods, functions, and variables * More privacy for testing stubs Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-15 04:31:55 -05:00			`// Cloud provides an interface to fake a CSP API for QEMU instances.`
			`type Cloud struct{}`

			`// New returns a new Cloud instance.`
			`func New() *Cloud {`
			`return &Cloud{}`
			`}`
Add qemu CSP for Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-21 10:28:37 -04:00
			`// List retrieves all instances belonging to the current constellation.`
AB#2525 clean up unused code (#504) * Rename Metadata->Cloud * Remove unused methods, functions, and variables * More privacy for testing stubs Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-15 04:31:55 -05:00			`func (c *Cloud) List(ctx context.Context) ([]metadata.InstanceMetadata, error) {`
			`instancesRaw, err := c.retrieveMetadata(ctx, "/peers")`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`if err != nil {`
			`return nil, err`
			`}`

Refactor provider metadata 2022-06-28 10:08:05 -04:00			`var instances []metadata.InstanceMetadata`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`err = json.Unmarshal(instancesRaw, &instances)`
			`return instances, err`
Add qemu CSP for Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-21 10:28:37 -04:00			`}`

			`// Self retrieves the current instance.`
AB#2525 clean up unused code (#504) * Rename Metadata->Cloud * Remove unused methods, functions, and variables * More privacy for testing stubs Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-15 04:31:55 -05:00			`func (c *Cloud) Self(ctx context.Context) (metadata.InstanceMetadata, error) {`
			`instanceRaw, err := c.retrieveMetadata(ctx, "/self")`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`if err != nil {`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`return metadata.InstanceMetadata{}, err`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`}`

Refactor provider metadata 2022-06-28 10:08:05 -04:00			`var instance metadata.InstanceMetadata`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`err = json.Unmarshal(instanceRaw, &instance)`
			`return instance, err`
Add qemu CSP for Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-21 10:28:37 -04:00			`}`

Use multiple loadbalancers on GCP 2022-08-01 10:51:34 -04:00			`// GetLoadBalancerEndpoint returns the endpoint of the load balancer.`
Remove PublicIP from QEMU metadata (#396) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-02 07:56:16 -04:00			`// For QEMU, the load balancer is the first control plane node returned by the metadata API.`
bootstrapper: add fallback endpoint and custom endpoint to SAN field (#2108) terraform: collect apiserver cert SANs and support custom endpoint constants: add new constants for cluster configuration and custom endpoint cloud: support apiserver cert sans and prepare for endpoint migration on AWS config: add customEndpoint field bootstrapper: use per-CSP apiserver cert SANs cli: route customEndpoint to terraform and add migration for apiserver cert SANs bootstrapper: change interface of GetLoadBalancerEndpoint to return host and port separately 2023-07-21 10:43:51 -04:00			`func (c *Cloud) GetLoadBalancerEndpoint(ctx context.Context) (host, port string, err error) {`
			`host, err = c.getLoadBalancerHost(ctx)`
			`if err != nil {`
			`return "", "", fmt.Errorf("getting load balancer host: %w", err)`
			`}`
			`return host, strconv.FormatInt(constants.KubernetesPort, 10), nil`
			`}`

			`func (c *Cloud) getLoadBalancerHost(ctx context.Context) (string, error) {`
AB#2525 clean up unused code (#504) * Rename Metadata->Cloud * Remove unused methods, functions, and variables * More privacy for testing stubs Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-15 04:31:55 -05:00			`endpointRaw, err := c.retrieveMetadata(ctx, "/endpoint")`
Remove PublicIP from QEMU metadata (#396) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-02 07:56:16 -04:00			`if err != nil {`
			`return "", err`
			`}`
			`var endpoint string`
			`err = json.Unmarshal(endpointRaw, &endpoint)`
			`return endpoint, err`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`}`

initserver: add client verification 2022-11-26 13:44:34 -05:00			`// InitSecretHash returns the hash of the init secret.`
			`func (c *Cloud) InitSecretHash(ctx context.Context) ([]byte, error) {`
			`initSecretHash, err := c.retrieveMetadata(ctx, "/initsecrethash")`
			`if err != nil {`
			`return nil, fmt.Errorf("could not retrieve init secret hash: %w", err)`
			`}`
			`return initSecretHash, nil`
			`}`

Add constellation UID retrieval to cloudprovider metadata APIs Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-07-29 10:30:24 -04:00			`// UID returns the UID of the constellation.`
go: remove unused parameters Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-20 06:03:36 -04:00			`func (c *Cloud) UID(_ context.Context) (string, error) {`
Add constellation UID retrieval to cloudprovider metadata APIs Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-07-29 10:30:24 -04:00			`// We expect only one constellation to be deployed in the same QEMU / libvirt environment.`
			`// the UID can be an empty string.`
			`return "", nil`
			`}`

AB#2525 clean up unused code (#504) * Rename Metadata->Cloud * Remove unused methods, functions, and variables * More privacy for testing stubs Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-15 04:31:55 -05:00			`func (c *Cloud) retrieveMetadata(ctx context.Context, uri string) ([]byte, error) {`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`url := &url.URL{`
			`Scheme: "http",`
			`Host: qemuMetadataEndpoint,`
			`Path: uri,`
			`}`

			`req, err := http.NewRequestWithContext(ctx, http.MethodGet, url.String(), nil)`
			`if err != nil {`
			`return nil, err`
			`}`
			`res, err := (&http.Client{}).Do(req)`
			`if err != nil {`
			`return nil, err`
			`}`
			`defer res.Body.Close()`

			`return io.ReadAll(res.Body)`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`}`