Skip to content

Commit

Permalink
new issue spiffe#522 potential solutions
Browse files Browse the repository at this point in the history
  • Loading branch information
@DashLHall
DashLHall committed Oct 25, 2024
1 parent d0c7a70 commit a9fa6be
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 169 deletions.
131 changes: 48 additions & 83 deletions api/agent/spire_apis.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,7 @@ import (
"context"
"errors"

"github.com/google/uuid"

tornjakTypes "github.com/spiffe/tornjak/pkg/agent/types"
grpc "google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"

Expand All @@ -21,8 +20,8 @@ import (
type HealthcheckRequest grpc_health_v1.HealthCheckRequest
type HealthcheckResponse grpc_health_v1.HealthCheckResponse

func (s *Server) SPIREHealthcheck(inp HealthcheckRequest) (*HealthcheckResponse, error) { //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
inpReq := grpc_health_v1.HealthCheckRequest(inp) //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
func (s *Server) SPIREHealthcheck(inp HealthcheckRequest) (*HealthcheckResponse, error) {
inpReq := grpc_health_v1.HealthCheckRequest(inp)
var conn *grpc.ClientConn
conn, err := grpc.Dial(s.SpireServerAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
if err != nil {
Expand All @@ -39,130 +38,96 @@ func (s *Server) SPIREHealthcheck(inp HealthcheckRequest) (*HealthcheckResponse,
return (*HealthcheckResponse)(resp), nil
}

type DebugServerRequest debugServer.GetInfoRequest
type DebugServerResponse debugServer.GetInfoResponse

func (s *Server) DebugServer(inp DebugServerRequest) (*DebugServerResponse, error) { //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
inpReq := debugServer.GetInfoRequest(inp) //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
var conn *grpc.ClientConn
conn, err := grpc.Dial(s.SpireServerAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
if err != nil {
return nil, err
}
defer conn.Close()
client := debugServer.NewDebugClient(conn)
type ListSelectorsRequest struct{}
type ListSelectorsResponse tornjakTypes.AgentInfoList

resp, err := client.GetInfo(context.Background(), &inpReq)
// ListSelectors returns a list of selectors from the local DB
func (s *Server) ListSelectors(inp ListSelectorsRequest) (*ListSelectorsResponse, error) {
resp, err := s.Db.GetAgentSelectors()
if err != nil {
return nil, err
}

return (*DebugServerResponse)(resp), nil
return (*ListSelectorsResponse)(&resp), nil
}

type ListAgentsRequest agent.ListAgentsRequest
type ListAgentsResponse agent.ListAgentsResponse
type RegisterSelectorRequest tornjakTypes.AgentInfo

func (s *Server) ListAgents(inp ListAgentsRequest) (*ListAgentsResponse, error) { //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
inpReq := agent.ListAgentsRequest(inp) //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
var conn *grpc.ClientConn
conn, err := grpc.Dial(s.SpireServerAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
if err != nil {
return nil, err
// DefineSelectors registers an agent to the local DB
func (s *Server) DefineSelectors(inp RegisterSelectorRequest) error {
sinfo := tornjakTypes.AgentInfo(inp)
if len(sinfo.Spiffeid) == 0 {
return errors.New("agent's info missing mandatory field - Spiffeid")
}
defer conn.Close()
client := agent.NewAgentClient(conn)

resp, err := client.ListAgents(context.Background(), &inpReq)
if err != nil {
return nil, err
}

return (*ListAgentsResponse)(resp), nil
return s.Db.CreateAgentEntry(sinfo)
}

type BanAgentRequest agent.BanAgentRequest
type UpdateSelectorRequest tornjakTypes.AgentInfo

func (s *Server) BanAgent(inp BanAgentRequest) error { //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
inpReq := agent.BanAgentRequest(inp) //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
var conn *grpc.ClientConn
conn, err := grpc.Dial(s.SpireServerAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
if err != nil {
return err
}
defer conn.Close()
client := agent.NewAgentClient(conn)

_, err = client.BanAgent(context.Background(), &inpReq)
if err != nil {
return err
// UpdateSelectors updates an existing selector
func (s *Server) UpdateSelectors(inp UpdateSelectorRequest) error {
sinfo := tornjakTypes.AgentInfo(inp)
if len(sinfo.Spiffeid) == 0 {
return errors.New("agent's info missing mandatory field - Spiffeid")
}

return nil
return s.Db.UpdateAgentEntry(sinfo)
}

type DeleteAgentRequest agent.DeleteAgentRequest

func (s *Server) DeleteAgent(inp DeleteAgentRequest) error { //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
inpReq := agent.DeleteAgentRequest(inp) //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
var conn *grpc.ClientConn
conn, err := grpc.Dial(s.SpireServerAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
if err != nil {
return err
}
defer conn.Close()
client := agent.NewAgentClient(conn)
type DeleteSelectorRequest struct {
Spiffeid string `json:"spiffeid"` // Identifier for the selector to delete
}

_, err = client.DeleteAgent(context.Background(), &inpReq)
if err != nil {
return err
// DeleteSelectors deletes a specified selector
func (s *Server) DeleteSelectors(inp DeleteSelectorRequest) error {
if len(inp.Spiffeid) == 0 {
return errors.New("input missing mandatory field - Spiffeid")
}

return nil
return s.Db.DeleteAgentEntry(inp.Spiffeid)
}

type CreateJoinTokenRequest agent.CreateJoinTokenRequest
type CreateJoinTokenResponse types.JoinToken
// Debug Server

type DebugServerRequest debugServer.GetInfoRequest
type DebugServerResponse debugServer.GetInfoResponse

func (s *Server) CreateJoinToken(inp CreateJoinTokenRequest) (*CreateJoinTokenResponse, error) { //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
inpReq := agent.CreateJoinTokenRequest(inp) //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
func (s *Server) DebugServer(inp DebugServerRequest) (*DebugServerResponse, error) {
inpReq := debugServer.GetInfoRequest(inp)
var conn *grpc.ClientConn
conn, err := grpc.Dial(s.SpireServerAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
if err != nil {
return nil, err
}
defer conn.Close()
client := agent.NewAgentClient(conn)
client := debugServer.NewDebugClient(conn)

joinToken, err := client.CreateJoinToken(context.Background(), &inpReq)
resp, err := client.GetInfo(context.Background(), &inpReq)
if err != nil {
return nil, err
}

return (*CreateJoinTokenResponse)(joinToken), nil
return (*DebugServerResponse)(resp), nil
}

// Entries
// List Agents

type ListEntriesRequest entry.ListEntriesRequest
type ListEntriesResponse entry.ListEntriesResponse
type ListAgentsRequest agent.ListAgentsRequest
type ListAgentsResponse agent.ListAgentsResponse

func (s *Server) ListEntries(inp ListEntriesRequest) (*ListEntriesResponse, error) { //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
inpReq := entry.ListEntriesRequest(inp) //nolint:govet //Ignoring mutex (not being used) - sync.Mutex by value is unused for linter govet
func (s *Server) ListAgents(inp ListAgentsRequest) (*ListAgentsResponse, error) {
inpReq := agent.ListAgentsRequest(inp)
var conn *grpc.ClientConn
conn, err := grpc.Dial(s.SpireServerAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
if err != nil {
return nil, err
}
defer conn.Close()
client := entry.NewEntryClient(conn)
client := agent.NewAgentClient(conn)

resp, err := client.ListEntries(context.Background(), &inpReq)
resp, err := client.ListAgents(context.Background(), &inpReq)
if err != nil {
return nil, err
}

return (*ListEntriesResponse)(resp), nil
return (*ListAgentsResponse)(resp), nil
}

type BatchCreateEntryRequest entry.BatchCreateEntryRequest
Expand Down
104 changes: 18 additions & 86 deletions api/agent/tornjak_apis.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,29 +6,12 @@ import (
tornjakTypes "github.com/spiffe/tornjak/pkg/agent/types"
)

/*
Agent
ListAgents(ListAgentsRequest) returns (ListAgentsResponse);
BanAgent(BanAgentRequest) returns (google.protobuf.Empty);
DeleteAgent(DeleteAgentRequest) returns (google.protobuf.Empty);
CreateJoinToken(CreateJoinTokenRequest) returns (spire.types.JoinToken);
Entries
ListEntries(ListEntriesRequest) returns (ListEntriesResponse);
BatchCreateEntry(BatchCreateEntryRequest) returns (BatchCreateEntryResponse);
GetEntry(GetEntryRequest) returns (spire.types.Entry);
*/
// Existing types and functions...

type ListSelectorsRequest struct{}
type ListSelectorsResponse tornjakTypes.AgentInfoList

// ListSelectors returns list of agents from the local DB with the following info
// spiffeid string
// plugin string
// ListSelectors returns list of selectors from the local DB
func (s *Server) ListSelectors(inp ListSelectorsRequest) (*ListSelectorsResponse, error) {
resp, err := s.Db.GetAgentSelectors()
if err != nil {
Expand All @@ -39,9 +22,7 @@ func (s *Server) ListSelectors(inp ListSelectorsRequest) (*ListSelectorsResponse

type RegisterSelectorRequest tornjakTypes.AgentInfo

// DefineSelectors registers an agent to the local DB with the following info
// spiffeid string
// plugin string
// DefineSelectors registers an agent to the local DB
func (s *Server) DefineSelectors(inp RegisterSelectorRequest) error {
sinfo := tornjakTypes.AgentInfo(inp)
if len(sinfo.Spiffeid) == 0 {
Expand All @@ -50,76 +31,27 @@ func (s *Server) DefineSelectors(inp RegisterSelectorRequest) error {
return s.Db.CreateAgentEntry(sinfo)
}

type ListAgentMetadataRequest tornjakTypes.AgentMetadataRequest
type ListAgentMetadataResponse tornjakTypes.AgentInfoList

// ListAgentMetadata takes in list of agent spiffeids
// and returns list of those agents from the local DB with following info
// spiffeid string
// plugin string
// cluster string
// if no metadata found, no row is included
// if no spiffeids are specified, all agent metadata is returned
func (s *Server) ListAgentMetadata(inp ListAgentMetadataRequest) (*ListAgentMetadataResponse, error) {
inpReq := tornjakTypes.AgentMetadataRequest(inp)
resp, err := s.Db.GetAgentsMetadata(inpReq)
if err != nil {
return nil, err
}
return (*ListAgentMetadataResponse)(&resp), nil
}

type ListClustersRequest struct{}
type ListClustersResponse tornjakTypes.ClusterInfoList
type UpdateSelectorRequest tornjakTypes.AgentInfo

// ListClusters returns list of clusters from the local DB with the following info
// name string
// details json
func (s *Server) ListClusters(inp ListClustersRequest) (*ListClustersResponse, error) {
retVal, err := s.Db.GetClusters()
if err != nil {
return nil, err
// UpdateSelectors updates an existing selector
func (s *Server) UpdateSelectors(inp UpdateSelectorRequest) error {
sinfo := tornjakTypes.AgentInfo(inp)
if len(sinfo.Spiffeid) == 0 {
return errors.New("agent's info missing mandatory field - Spiffeid")
}
return (*ListClustersResponse)(&retVal), nil
return s.Db.UpdateAgentEntry(sinfo) // Assume UpdateAgentEntry is implemented in your Db interface
}

type RegisterClusterRequest tornjakTypes.ClusterInput

// DefineCluster registers cluster to local DB
func (s *Server) DefineCluster(inp RegisterClusterRequest) error {
cinfo := tornjakTypes.ClusterInfo(inp.ClusterInstance)
if len(cinfo.Name) == 0 {
return errors.New("cluster definition missing mandatory field - Name")
} else if len(cinfo.PlatformType) == 0 {
return errors.New("cluster definition missing mandatory field - PlatformType")
} else if len(cinfo.EditedUid) > 0 {
return errors.New("cluster definition attempts renaming on create cluster - EditedUid")
}
return s.Db.CreateClusterEntry(cinfo)
type DeleteSelectorRequest struct {
Spiffeid string `json:"spiffeid"` // Identifier for the selector to delete
}

type EditClusterRequest tornjakTypes.ClusterInput

// EditCluster registers cluster to local DB
func (s *Server) EditCluster(inp EditClusterRequest) error {
cinfo := tornjakTypes.ClusterInfo(inp.ClusterInstance)
if len(cinfo.Uid) == 0 {
return errors.New("cluster definition missing mandatory field - Name")
} else if len(cinfo.PlatformType) == 0 {
return errors.New("cluster definition missing mandatory field - PlatformType")
} else if len(cinfo.EditedUid) == 0 {
return errors.New("cluster definition missing mandatory field - EditedUid")
// DeleteSelectors deletes a specified selector
func (s *Server) DeleteSelectors(inp DeleteSelectorRequest) error {
if len(inp.Spiffeid) == 0 {
return errors.New("input missing mandatory field - Spiffeid")
}
return s.Db.EditClusterEntry(cinfo)
return s.Db.DeleteAgentEntry(inp.Spiffeid) // Assume DeleteAgentEntry is implemented in your Db interface
}

type DeleteClusterRequest tornjakTypes.ClusterInput

// DeleteCluster deletes cluster with name cinfo.Name and assignment to agents
func (s *Server) DeleteCluster(inp DeleteClusterRequest) error {
cinfo := tornjakTypes.ClusterInfo(inp.ClusterInstance)
if len(cinfo.Name) == 0 {
return errors.New("input missing mandatory field - Name")
}
return s.Db.DeleteClusterEntry(cinfo.Name)
}
// Existing ListAgentMetadata, ListClusters, etc...

0 comments on commit a9fa6be

Please sign in to comment.