bootstrapper: add fallback endpoint and custom endpoint to SAN field (#2108)

terraform: collect apiserver cert SANs and support custom endpoint constants: add new constants for cluster configuration and custom endpoint cloud: support apiserver cert sans and prepare for endpoint migration on AWS config: add customEndpoint field bootstrapper: use per-CSP apiserver cert SANs cli: route customEndpoint to terraform and add migration for apiserver cert SANs bootstrapper: change interface of GetLoadBalancerEndpoint to return host and port separately
2025-08-09 15:32:46 -04:00 · 2023-07-21 16:43:51 +02:00 · 2023-07-21 16:43:51 +02:00 · 8da6a23aa5
commit 8da6a23aa5
parent 3324a4eba2
64 changed files with 724 additions and 301 deletions
--- a/debugd/internal/debugd/metadata/cloudprovider/cloudprovider.go
+++ b/debugd/internal/debugd/metadata/cloudprovider/cloudprovider.go
@ -10,7 +10,6 @@ package cloudprovider
 import (
 	"context"
 	"fmt"
-	"net"

 	"github.com/edgelesssys/constellation/v2/internal/cloud/metadata"
 	"github.com/edgelesssys/constellation/v2/internal/role"
@ -22,7 +21,7 @@ type providerMetadata interface {
 	// Self retrieves the current instance.
 	Self(ctx context.Context) (metadata.InstanceMetadata, error)
 	// GetLoadBalancerEndpoint returns the endpoint of the load balancer.
-	GetLoadBalancerEndpoint(ctx context.Context) (string, error)
+	GetLoadBalancerEndpoint(ctx context.Context) (host, port string, err error)
 	// UID returns the UID of the current instance.
 	UID(ctx context.Context) (string, error)
 }
@ -91,16 +90,10 @@ func (f *Fetcher) DiscoverDebugdIPs(ctx context.Context) ([]string, error) {

 // DiscoverLoadbalancerIP gets load balancer IP from metadata API.
 func (f *Fetcher) DiscoverLoadbalancerIP(ctx context.Context) (string, error) {
-	lbEndpoint, err := f.metaAPI.GetLoadBalancerEndpoint(ctx)
+	lbHost, _, err := f.metaAPI.GetLoadBalancerEndpoint(ctx)
 	if err != nil {
 		return "", fmt.Errorf("retrieving load balancer endpoint: %w", err)
 	}

-	// The port of the endpoint is not the port we need. We need to strip it off.
-	lbIP, _, err := net.SplitHostPort(lbEndpoint)
-	if err != nil {
-		return "", fmt.Errorf("parsing load balancer endpoint: %w", err)
-	}
-
-	return lbIP, nil
+	return lbHost, nil
 }
--- a/debugd/internal/debugd/metadata/cloudprovider/cloudprovider_test.go
+++ b/debugd/internal/debugd/metadata/cloudprovider/cloudprovider_test.go
@ -123,7 +123,6 @@ func TestDiscoverDebugIPs(t *testing.T) {

 func TestDiscoverLoadbalancerIP(t *testing.T) {
 	ip := "192.0.2.1"
-	endpoint := ip + ":1234"
 	someErr := errors.New("failed")

 	testCases := map[string]struct {
@ -132,17 +131,13 @@ func TestDiscoverLoadbalancerIP(t *testing.T) {
 		wantErr bool
 	}{
 		"discovery works": {
-			metaAPI: &stubMetadata{getLBEndpointRes: endpoint},
+			metaAPI: &stubMetadata{getLBHostRes: ip},
 			wantIP:  ip,
 		},
 		"get endpoint fails": {
 			metaAPI: &stubMetadata{getLBEndpointErr: someErr},
 			wantErr: true,
 		},
-		"invalid endpoint": {
-			metaAPI: &stubMetadata{getLBEndpointRes: "invalid"},
-			wantErr: true,
-		},
 	}

 	for name, tc := range testCases {
@ -166,14 +161,14 @@ func TestDiscoverLoadbalancerIP(t *testing.T) {
 }

 type stubMetadata struct {
-	listRes          []metadata.InstanceMetadata
-	listErr          error
-	selfRes          metadata.InstanceMetadata
-	selfErr          error
-	getLBEndpointRes string
-	getLBEndpointErr error
-	uid              string
-	uidErr           error
+	listRes                    []metadata.InstanceMetadata
+	listErr                    error
+	selfRes                    metadata.InstanceMetadata
+	selfErr                    error
+	getLBHostRes, getLBPortRes string
+	getLBEndpointErr           error
+	uid                        string
+	uidErr                     error
 }

 func (m *stubMetadata) List(_ context.Context) ([]metadata.InstanceMetadata, error) {
@ -184,8 +179,8 @@ func (m *stubMetadata) Self(_ context.Context) (metadata.InstanceMetadata, error
 	return m.selfRes, m.selfErr
 }

-func (m *stubMetadata) GetLoadBalancerEndpoint(_ context.Context) (string, error) {
-	return m.getLBEndpointRes, m.getLBEndpointErr
+func (m *stubMetadata) GetLoadBalancerEndpoint(_ context.Context) (string, string, error) {
+	return m.getLBHostRes, m.getLBPortRes, m.getLBEndpointErr
 }

 func (m *stubMetadata) UID(_ context.Context) (string, error) {
--- a/debugd/internal/debugd/metadata/fallback/fallback.go
+++ b/debugd/internal/debugd/metadata/fallback/fallback.go
@ -32,8 +32,8 @@ func (fallbackMetadata) Self(context.Context) (metadata.InstanceMetadata, error)
 }

 // GetLoadBalancerEndpoint returns the endpoint of the load balancer.
-func (fallbackMetadata) GetLoadBalancerEndpoint(context.Context) (string, error) {
-	return "", nil
+func (fallbackMetadata) GetLoadBalancerEndpoint(context.Context) (string, string, error) {
+	return "", "", nil
 }

 // UID returns the UID of the current instance.