Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update client/connection validation #500

Merged
merged 7 commits into from
Nov 28, 2024
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions .golangci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ linters-settings:
- case
- condition
- return
gosec:
excludes:
- G115 # potential integer overflow when converting between integer types
govet:
shadow: true
settings:
Expand Down Expand Up @@ -153,10 +156,6 @@ issues:
text: "hugeParam:"
linters:
- gocritic
# integer overflow conversion
- text: "G115"
linters:
- gosec
- text: "G404"
linters:
- gosec
Expand Down
1 change: 1 addition & 0 deletions cmd/topaz/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ func run() (exitCode int) {
"no_color": strconv.FormatBool(cc.NoColor()),
"active_config": c.Config.Active.Config,
"cwd": cwd,
"timeout": cc.Timeout().String(),
},
)
zerolog.SetGlobalLevel(logLevel(cli.LogLevel))
Expand Down
8 changes: 0 additions & 8 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ require (
github.com/docker/docker v27.3.1+incompatible
github.com/docker/go-connections v0.5.0
github.com/fatih/color v1.18.0
github.com/fullstorydev/grpcurl v1.9.1
github.com/gdamore/tcell/v2 v2.7.4
github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a
github.com/google/uuid v1.6.0
Expand Down Expand Up @@ -79,12 +78,10 @@ require (
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
github.com/aserto-dev/go-decision-logs v0.1.2 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bufbuild/protocompile v0.13.0 // indirect
github.com/bufbuild/protovalidate-go v0.7.3 // indirect
github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
github.com/containerd/containerd v1.7.23 // indirect
github.com/containerd/errdefs v0.3.0 // indirect
github.com/containerd/log v0.1.0 // indirect
Expand All @@ -97,8 +94,6 @@ require (
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/envoyproxy/go-control-plane v0.13.0 // indirect
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/gdamore/encoding v1.0.1 // indirect
Expand All @@ -109,7 +104,6 @@ require (
github.com/gobwas/glob v0.2.3 // indirect
github.com/goccy/go-json v0.10.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/cel-go v0.22.0 // indirect
github.com/google/subcommands v1.2.0 // indirect
github.com/gorilla/mux v1.8.1 // indirect
Expand All @@ -119,7 +113,6 @@ require (
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/itchyny/timefmt-go v0.1.6 // indirect
github.com/jhump/protoreflect v1.16.0 // indirect
github.com/klauspost/compress v1.17.11 // indirect
github.com/lestrrat-go/blackmagic v1.0.2 // indirect
github.com/lestrrat-go/httpcc v1.0.1 // indirect
Expand Down Expand Up @@ -151,7 +144,6 @@ require (
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/panmari/cuckoofilter v1.0.6 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
Expand Down
12 changes: 0 additions & 12 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -450,8 +450,6 @@ github.com/aserto-dev/self-decision-logger v0.0.9/go.mod h1:tJYUhVtj/LPcbQNgHj8V
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bufbuild/protocompile v0.13.0 h1:6cwUB0Y2tSvmNxsbunwzmIto3xOlJOV7ALALuVOs92M=
github.com/bufbuild/protocompile v0.13.0/go.mod h1:dr++fGGeMPWHv7jPeT06ZKukm45NJscd7rUxQVzEKRk=
github.com/bufbuild/protovalidate-go v0.7.3 h1:kKnoSueygR3xxppvuBpm9SEwIsP359MMRfMBGmRByPg=
github.com/bufbuild/protovalidate-go v0.7.3/go.mod h1:CFv34wMqiBzAHdQ4q/tWYi9ILFYKuaC3/4zh6eqdUck=
github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA=
Expand Down Expand Up @@ -480,8 +478,6 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH
github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI=
github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
Expand Down Expand Up @@ -537,8 +533,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m
github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
github.com/envoyproxy/go-control-plane v0.13.0 h1:HzkeUz1Knt+3bK+8LG1bxOO/jzWZmdxpwC51i202les=
github.com/envoyproxy/go-control-plane v0.13.0/go.mod h1:GRaKG3dwvFoTg4nj7aXdZnvMg4d7nvT/wl9WgVXn3Q8=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM=
github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4=
Expand All @@ -554,8 +548,6 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/fullstorydev/grpcurl v1.9.1 h1:YxX1aCcCc4SDBQfj9uoWcTLe8t4NWrZe1y+mk83BQgo=
github.com/fullstorydev/grpcurl v1.9.1/go.mod h1:i8gKLIC6s93WdU3LSmkE5vtsCxyRmihUj5FK1cNW5EM=
github.com/gdamore/encoding v1.0.0/go.mod h1:alR0ol34c49FCSBLjhosxzcPHQbf2trDkoo5dl+VrEg=
github.com/gdamore/encoding v1.0.1 h1:YzKZckdBL6jVt2Gc+5p82qhrGiqMdG/eNs6Wy0u3Uhw=
github.com/gdamore/encoding v1.0.1/go.mod h1:0Z0cMFinngz9kS1QfMjCP8TY7em3bZYeeklsSDPivEo=
Expand Down Expand Up @@ -722,8 +714,6 @@ github.com/itchyny/gojq v0.12.16 h1:yLfgLxhIr/6sJNVmYfQjTIv0jGctu6/DgDoivmxTr7g=
github.com/itchyny/gojq v0.12.16/go.mod h1:6abHbdC2uB9ogMS38XsErnfqJ94UlngIJGlRAIj4jTM=
github.com/itchyny/timefmt-go v0.1.6 h1:ia3s54iciXDdzWzwaVKXZPbiXzxxnv1SPGFfM/myJ5Q=
github.com/itchyny/timefmt-go v0.1.6/go.mod h1:RRDZYC5s9ErkjQvTvvU7keJjxUYzIISJGxm9/mAERQg=
github.com/jhump/protoreflect v1.16.0 h1:54fZg+49widqXYQ0b+usAFHbMkBGR4PpXrsHc8+TBDg=
github.com/jhump/protoreflect v1.16.0/go.mod h1:oYPd7nPvcBw/5wlDfm/AVmU9zH9BgqGCI469pGxfj/8=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
Expand Down Expand Up @@ -833,8 +823,6 @@ github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xl
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo=
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
Expand Down
2 changes: 2 additions & 0 deletions pkg/app/tests/template-no-tls/template-no-tls_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,12 +92,14 @@ func TestTemplateNoTLS(t *testing.T) {
Host: addr,
Insecure: false,
Plaintext: true,
Timeout: 10 * time.Second,
}

azConfig := &azc.Config{
Host: addr,
Insecure: false,
Plaintext: true,
Timeout: 10 * time.Second,
}

for _, tmpl := range tcs {
Expand Down
2 changes: 2 additions & 0 deletions pkg/app/tests/template/template_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,12 +92,14 @@ func TestTemplate(t *testing.T) {
Host: addr,
Insecure: true,
Plaintext: false,
Timeout: 10 * time.Second,
}

azConfig := &azc.Config{
Host: addr,
Insecure: true,
Plaintext: false,
Timeout: 10 * time.Second,
}

for _, tmpl := range tcs {
Expand Down
56 changes: 24 additions & 32 deletions pkg/cli/cc/cc.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,25 +8,17 @@ import (
"os"
"path/filepath"
"sync"
"time"

client "github.com/aserto-dev/go-aserto"
"github.com/aserto-dev/topaz/pkg/cli/cc/iostream"
"github.com/aserto-dev/topaz/pkg/cli/dockerx"
"github.com/aserto-dev/topaz/pkg/version"
"github.com/docker/docker/api/types"
"github.com/fullstorydev/grpcurl"
"github.com/pkg/errors"
"github.com/samber/lo"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/credentials/insecure"
)

var (
ErrNotRunning = errors.New("topaz is not running, use 'topaz start' or 'topaz run' to start")
ErrIsRunning = errors.New("topaz is already running, use 'topaz stop' to stop")
ErrNotServing = errors.New("topaz gRPC endpoint not SERVING")
)

type CommonCtx struct {
Expand Down Expand Up @@ -142,36 +134,36 @@ func (c *CommonCtx) GetRunningContainers() ([]*types.Container, error) {
return topazContainers, nil
}

func (c *CommonCtx) IsServing(cfg *client.Config) (bool, error) {
if c.Config.Defaults.NoCheck {
return true, nil
}
// func (c *CommonCtx) IsServing(cfg *client.Config) (bool, error) {
gertd marked this conversation as resolved.
Show resolved Hide resolved
// if c.Config.Defaults.NoCheck {
// return true, nil
// }
// common.Validate(c.Context, )
// var creds credentials.TransportCredentials

var creds credentials.TransportCredentials
// if cfg.Insecure {
// tlsConf, err := grpcurl.ClientTLSConfig(cfg.Insecure, "", "", "")
// if err != nil {
// return false, errors.Wrap(err, "failed to create TLS config")
// }
// creds = credentials.NewTLS(tlsConf)
// }

if cfg.Insecure {
tlsConf, err := grpcurl.ClientTLSConfig(cfg.Insecure, "", "", "")
if err != nil {
return false, errors.Wrap(err, "failed to create TLS config")
}
creds = credentials.NewTLS(tlsConf)
}
// opts := []grpc.DialOption{
// grpc.WithUserAgent(version.UserAgent()),
// }

opts := []grpc.DialOption{
grpc.WithUserAgent(version.UserAgent()),
}

opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
// opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))

ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
// ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
// defer cancel()

if _, err := grpcurl.BlockingDial(ctx, "tcp", cfg.Address, creds, opts...); err != nil {
return false, err
}
// if _, err := grpcurl.BlockingDial(ctx, "tcp", cfg.Address, creds, opts...); err != nil {
// return false, err
// }

return true, nil
}
// return true, nil
// }

func (c *CommonCtx) SaveContextConfig(configurationFile string) error {
cliConfig := filepath.Join(GetTopazDir(), configurationFile)
Expand Down
11 changes: 11 additions & 0 deletions pkg/cli/cc/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package cc
import (
"os"
"strconv"
"time"
)

const (
Expand All @@ -15,6 +16,7 @@ const (
defaultTenantID = ""
defaultInsecure = false
defaultPlaintext = false
defaultTimeout = 5 * time.Second
defaultNoCheck = false
defaultNoColor = false
)
Expand Down Expand Up @@ -86,6 +88,15 @@ func Plaintext() bool {
return defaultPlaintext
}

func Timeout() time.Duration {
if timeout := os.Getenv("TOPAZ_TIMEOUT"); timeout != "" {
if dur, err := time.ParseDuration(timeout); err == nil {
return dur
}
}
return defaultTimeout
}

func NoCheck() bool {
if noCheck := os.Getenv("TOPAZ_NO_CHECK"); noCheck != "" {
if b, err := strconv.ParseBool(noCheck); err == nil {
Expand Down
2 changes: 1 addition & 1 deletion pkg/cli/cc/health.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ func ServiceHealthStatus(ctx context.Context, cfg *client.Config, service string
}

if resp.GetStatus() != healthpb.HealthCheckResponse_SERVING {
return errors.Errorf("gRPC endpoint not SERVING")
return errors.Errorf("health service %q is %s", service, resp.GetStatus().String())
}

return nil
Expand Down
38 changes: 10 additions & 28 deletions pkg/cli/clients/authorizer/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,15 @@ package authorizer

import (
"context"
"time"

client "github.com/aserto-dev/go-aserto"
"github.com/fullstorydev/grpcurl"
"github.com/pkg/errors"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/credentials/insecure"

az2 "github.com/aserto-dev/go-authorizer/aserto/authorizer/v2"
"github.com/aserto-dev/topaz/pkg/cli/cc"
"github.com/aserto-dev/topaz/pkg/version"
"github.com/aserto-dev/topaz/pkg/cli/clients"
)

type Config struct {
Expand All @@ -23,8 +21,11 @@ type Config struct {
Plaintext bool `flag:"plaintext" short:"P" default:"${plaintext}" env:"TOPAZ_PLAINTEXT" help:"use plain-text HTTP/2 (no TLS)"`
TenantID string `flag:"tenant-id" help:"" default:"${tenant_id}" env:"ASERTO_TENANT_ID" `
Headers map[string]string `flag:"headers" env:"TOPAZ_AUTHORIZER_HEADERS" help:"additional headers to send to the authorizer service"`
Timeout time.Duration `flag:"timeout" short:"T" default:"${timeout}" env:"TOPAZ_TIMEOUT" help:"command timeout"`
}

var _ clients.Config = &Config{}

type Client struct {
conn *grpc.ClientConn
Authorizer az2.AuthorizerClient
Expand All @@ -51,36 +52,13 @@ func (cfg *Config) Connect(ctx context.Context) (*grpc.ClientConn, error) {
return nil, errors.Errorf("no host specified")
}

if err := cfg.validate(ctx); err != nil {
if ok, err := clients.Validate(ctx, cfg); !ok {
return nil, err
}

return cfg.ClientConfig().Connect()
}

func (cfg *Config) validate(ctx context.Context) error {
var creds credentials.TransportCredentials
if cfg.Insecure {
tlsConf, err := grpcurl.ClientTLSConfig(cfg.Insecure, "", "", "")
if err != nil {
return errors.Wrap(err, "failed to create TLS config")
}
creds = credentials.NewTLS(tlsConf)
}

opts := []grpc.DialOption{
grpc.WithUserAgent(version.UserAgent()),
}

opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))

if _, err := grpcurl.BlockingDial(ctx, "tcp", cfg.Host, creds, opts...); err != nil {
return err
}

return nil
}

func (cfg *Config) ClientConfig() *client.Config {
return &client.Config{
Address: cfg.Host,
Expand All @@ -92,3 +70,7 @@ func (cfg *Config) ClientConfig() *client.Config {
Headers: cfg.Headers,
}
}

func (cfg *Config) CommandTimeout() time.Duration {
return cfg.Timeout
}
12 changes: 12 additions & 0 deletions pkg/cli/clients/config.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
package clients

import (
"time"

client "github.com/aserto-dev/go-aserto"
)

type Config interface {
ClientConfig() *client.Config
CommandTimeout() time.Duration
}
Loading