mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-08-17 03:00:43 -04:00
Remove access manager (#470)
* remove access manager from code base * document new node ssh workflow * keep config backwards compatible * slow down link checking to prevent http 429 Signed-off-by: Fabian Kammel <fk@edgeless.systems>
This commit is contained in:
Fabian Kammel
GitHub
parent
b0f4a09ebe
commit
b92b3772ca
59 changed files with 251 additions and 2831 deletions
|
|
@ -17,7 +17,6 @@ import (
|
|||
"github.com/edgelesssys/constellation/v2/debugd/internal/debugd"
|
||||
pb "github.com/edgelesssys/constellation/v2/debugd/service"
|
||||
"github.com/edgelesssys/constellation/v2/internal/constants"
|
||||
"github.com/edgelesssys/constellation/v2/internal/deploy/ssh"
|
||||
"github.com/edgelesssys/constellation/v2/internal/logger"
|
||||
"go.uber.org/zap"
|
||||
"google.golang.org/grpc"
|
||||
|
|
@ -45,20 +44,20 @@ func New(log *logger.Logger, dialer NetDialer, serviceManager serviceManager, wr
|
|||
}
|
||||
|
||||
// DownloadDeployment will open a new grpc connection to another instance, attempting to download a bootstrapper from that instance.
|
||||
func (d *Download) DownloadDeployment(ctx context.Context, ip string) ([]ssh.UserKey, error) {
|
||||
func (d *Download) DownloadDeployment(ctx context.Context, ip string) error {
|
||||
log := d.log.With(zap.String("ip", ip))
|
||||
serverAddr := net.JoinHostPort(ip, strconv.Itoa(constants.DebugdPort))
|
||||
|
||||
// only retry download from same endpoint after backoff
|
||||
if lastAttempt, ok := d.attemptedDownloads[serverAddr]; ok && time.Since(lastAttempt) < debugd.BootstrapperDownloadRetryBackoff {
|
||||
return nil, fmt.Errorf("download failed too recently: %v / %v", time.Since(lastAttempt), debugd.BootstrapperDownloadRetryBackoff)
|
||||
return fmt.Errorf("download failed too recently: %v / %v", time.Since(lastAttempt), debugd.BootstrapperDownloadRetryBackoff)
|
||||
}
|
||||
|
||||
log.Infof("Connecting to server")
|
||||
d.attemptedDownloads[serverAddr] = time.Now()
|
||||
conn, err := d.dial(ctx, serverAddr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("connecting to other instance via gRPC: %w", err)
|
||||
return fmt.Errorf("connecting to other instance via gRPC: %w", err)
|
||||
}
|
||||
defer conn.Close()
|
||||
client := pb.NewDebugdClient(conn)
|
||||
|
|
@ -66,34 +65,23 @@ func (d *Download) DownloadDeployment(ctx context.Context, ip string) ([]ssh.Use
|
|||
log.Infof("Trying to download bootstrapper")
|
||||
stream, err := client.DownloadBootstrapper(ctx, &pb.DownloadBootstrapperRequest{})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("starting bootstrapper download from other instance: %w", err)
|
||||
return fmt.Errorf("starting bootstrapper download from other instance: %w", err)
|
||||
}
|
||||
if err := d.writer.WriteStream(debugd.BootstrapperDeployFilename, stream, true); err != nil {
|
||||
return nil, fmt.Errorf("streaming bootstrapper from other instance: %w", err)
|
||||
return fmt.Errorf("streaming bootstrapper from other instance: %w", err)
|
||||
}
|
||||
log.Infof("Successfully downloaded bootstrapper")
|
||||
|
||||
log.Infof("Trying to download ssh keys")
|
||||
resp, err := client.DownloadAuthorizedKeys(ctx, &pb.DownloadAuthorizedKeysRequest{})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("downloading authorized keys: %w", err)
|
||||
}
|
||||
|
||||
var keys []ssh.UserKey
|
||||
for _, key := range resp.Keys {
|
||||
keys = append(keys, ssh.UserKey{Username: key.Username, PublicKey: key.KeyValue})
|
||||
}
|
||||
|
||||
// after the upload succeeds, try to restart the bootstrapper
|
||||
restartAction := ServiceManagerRequest{
|
||||
Unit: debugd.BootstrapperSystemdUnitName,
|
||||
Action: Restart,
|
||||
}
|
||||
if err := d.serviceManager.SystemdAction(ctx, restartAction); err != nil {
|
||||
return nil, fmt.Errorf("restarting bootstrapper: %w", err)
|
||||
return fmt.Errorf("restarting bootstrapper: %w", err)
|
||||
}
|
||||
|
||||
return keys, nil
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *Download) dial(ctx context.Context, target string) (*grpc.ClientConn, error) {
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import (
|
|||
"github.com/edgelesssys/constellation/v2/debugd/internal/debugd"
|
||||
pb "github.com/edgelesssys/constellation/v2/debugd/service"
|
||||
"github.com/edgelesssys/constellation/v2/internal/constants"
|
||||
"github.com/edgelesssys/constellation/v2/internal/deploy/ssh"
|
||||
"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
|
||||
"github.com/edgelesssys/constellation/v2/internal/logger"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
|
@ -48,12 +47,10 @@ func TestDownloadBootstrapper(t *testing.T) {
|
|||
wantFile bool
|
||||
wantSystemdAction bool
|
||||
wantDeployed bool
|
||||
wantKeys []ssh.UserKey
|
||||
}{
|
||||
"download works": {
|
||||
server: fakeDownloadServer{
|
||||
chunks: [][]byte{[]byte("test")},
|
||||
keys: []*pb.AuthorizedKey{{Username: "name", KeyValue: "key"}},
|
||||
},
|
||||
attemptedDownloads: map[string]time.Time{},
|
||||
wantChunks: [][]byte{[]byte("test")},
|
||||
|
|
@ -61,7 +58,6 @@ func TestDownloadBootstrapper(t *testing.T) {
|
|||
wantFile: true,
|
||||
wantSystemdAction: true,
|
||||
wantDeployed: true,
|
||||
wantKeys: []ssh.UserKey{{Username: "name", PublicKey: "key"}},
|
||||
},
|
||||
"second download is not attempted twice": {
|
||||
server: fakeDownloadServer{chunks: [][]byte{[]byte("test")}},
|
||||
|
|
@ -73,14 +69,6 @@ func TestDownloadBootstrapper(t *testing.T) {
|
|||
attemptedDownloads: map[string]time.Time{},
|
||||
wantDownloadErr: true,
|
||||
},
|
||||
"download key error": {
|
||||
server: fakeDownloadServer{
|
||||
chunks: [][]byte{[]byte("test")},
|
||||
downloadAuthorizedKeysErr: someErr,
|
||||
},
|
||||
attemptedDownloads: map[string]time.Time{},
|
||||
wantDownloadErr: true,
|
||||
},
|
||||
"service restart error is detected": {
|
||||
server: fakeDownloadServer{chunks: [][]byte{[]byte("test")}},
|
||||
serviceManager: stubServiceManager{systemdActionErr: someErr},
|
||||
|
|
@ -115,7 +103,7 @@ func TestDownloadBootstrapper(t *testing.T) {
|
|||
attemptedDownloads: tc.attemptedDownloads,
|
||||
}
|
||||
|
||||
keys, err := download.DownloadDeployment(context.Background(), ip)
|
||||
err := download.DownloadDeployment(context.Background(), ip)
|
||||
|
||||
if tc.wantDownloadErr {
|
||||
assert.Error(err)
|
||||
|
|
@ -135,7 +123,6 @@ func TestDownloadBootstrapper(t *testing.T) {
|
|||
tc.serviceManager.requests,
|
||||
)
|
||||
}
|
||||
assert.Equal(tc.wantKeys, keys)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
@ -171,10 +158,8 @@ func (f *fakeStreamToFileWriter) WriteStream(filename string, stream bootstrappe
|
|||
|
||||
// fakeDownloadServer implements DebugdServer; only fakes DownloadBootstrapper, panics on every other rpc.
|
||||
type fakeDownloadServer struct {
|
||||
chunks [][]byte
|
||||
downladErr error
|
||||
keys []*pb.AuthorizedKey
|
||||
downloadAuthorizedKeysErr error
|
||||
chunks [][]byte
|
||||
downladErr error
|
||||
|
||||
pb.UnimplementedDebugdServer
|
||||
}
|
||||
|
|
@ -187,7 +172,3 @@ func (s *fakeDownloadServer) DownloadBootstrapper(request *pb.DownloadBootstrapp
|
|||
}
|
||||
return s.downladErr
|
||||
}
|
||||
|
||||
func (s *fakeDownloadServer) DownloadAuthorizedKeys(context.Context, *pb.DownloadAuthorizedKeysRequest) (*pb.DownloadAuthorizedKeysResponse, error) {
|
||||
return &pb.DownloadAuthorizedKeysResponse{Keys: s.keys}, s.downloadAuthorizedKeysErr
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue