Skip to content

Commit

Permalink
feat: allow listening over TLS for SideroLink API
Browse files Browse the repository at this point in the history
It is going to be used in Talos tests.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
  • Loading branch information
smira committed Sep 12, 2024
1 parent e76747b commit 6c8fa1f
Show file tree
Hide file tree
Showing 6 changed files with 124 additions and 25 deletions.
7 changes: 4 additions & 3 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2024-05-27T16:57:15Z by kres bcb280a.
# Generated on 2024-09-12T13:42:52Z by kres 8be5fa7.

name: default
concurrency:
Expand Down Expand Up @@ -91,8 +91,9 @@ jobs:
- name: Generate Checksums
if: startsWith(github.ref, 'refs/tags/')
run: |
sha256sum _out/siderolink-agent-* > _out/sha256sum.txt
sha512sum _out/siderolink-agent-* > _out/sha512sum.txt
cd _out
sha256sum siderolink-agent-* > sha256sum.txt
sha512sum siderolink-agent-* > sha512sum.txt
- name: release-notes
if: startsWith(github.ref, 'refs/tags/')
run: |
Expand Down
6 changes: 3 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
# syntax = docker/dockerfile-upstream:1.8.0-labs
# syntax = docker/dockerfile-upstream:1.9.0-labs

# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2024-06-13T13:02:13Z by kres c9bcf1d.
# Generated on 2024-09-12T13:42:52Z by kres 8be5fa7.

ARG TOOLCHAIN

# runs markdownlint
FROM docker.io/oven/bun:1.1.13-alpine AS lint-markdown
FROM docker.io/oven/bun:1.1.26-alpine AS lint-markdown
WORKDIR /src
RUN bun i markdownlint-cli@0.41.0 sentences-per-line@0.2.1
COPY .markdownlint.json .
Expand Down
16 changes: 8 additions & 8 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2024-06-13T12:17:12Z by kres 90445df.
# Generated on 2024-09-12T13:42:52Z by kres 8be5fa7.

# common variables

Expand All @@ -18,14 +18,14 @@ REGISTRY ?= ghcr.io
USERNAME ?= siderolabs
REGISTRY_AND_USERNAME ?= $(REGISTRY)/$(USERNAME)
PROTOBUF_GO_VERSION ?= 1.34.2
GRPC_GO_VERSION ?= 1.4.0
GRPC_GATEWAY_VERSION ?= 2.20.0
GRPC_GO_VERSION ?= 1.5.1
GRPC_GATEWAY_VERSION ?= 2.22.0
VTPROTOBUF_VERSION ?= 0.6.0
GOIMPORTS_VERSION ?= 0.22.0
GOIMPORTS_VERSION ?= 0.24.0
DEEPCOPY_VERSION ?= v0.5.6
GOLANGCILINT_VERSION ?= v1.59.1
GOFUMPT_VERSION ?= v0.6.0
GO_VERSION ?= 1.22.4
GOLANGCILINT_VERSION ?= v1.60.3
GOFUMPT_VERSION ?= v0.7.0
GO_VERSION ?= 1.23.0
GO_BUILDFLAGS ?=
GO_LDFLAGS ?=
CGO_ENABLED ?= 0
Expand Down Expand Up @@ -67,7 +67,7 @@ COMMON_ARGS += --build-arg=DEEPCOPY_VERSION="$(DEEPCOPY_VERSION)"
COMMON_ARGS += --build-arg=GOLANGCILINT_VERSION="$(GOLANGCILINT_VERSION)"
COMMON_ARGS += --build-arg=GOFUMPT_VERSION="$(GOFUMPT_VERSION)"
COMMON_ARGS += --build-arg=TESTPKGS="$(TESTPKGS)"
TOOLCHAIN ?= docker.io/golang:1.22-alpine
TOOLCHAIN ?= docker.io/golang:1.23-alpine

# help menu

Expand Down
89 changes: 86 additions & 3 deletions hack/release.sh
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
#!/bin/bash
#!/usr/bin/env bash

# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2022-05-20T17:57:41Z by kres 0bf4e28-dirty.
# Generated on 2024-09-12T13:42:52Z by kres 8be5fa7.

set -e

Expand Down Expand Up @@ -44,9 +44,92 @@ function commit {
exit 1
fi

if is_on_main_branch; then
update_license_files
fi

git commit -s -m "release($1): prepare release" -m "This is the official $1 release."
}

function is_on_main_branch {
main_remotes=("upstream" "origin")
branch_names=("main" "master")
current_branch=$(git rev-parse --abbrev-ref HEAD)

echo "Check current branch: $current_branch"

for remote in "${main_remotes[@]}"; do
echo "Fetch remote $remote..."

if ! git fetch --quiet "$remote" &>/dev/null; then
echo "Failed to fetch $remote, skip..."

continue
fi

for branch_name in "${branch_names[@]}"; do
if ! git rev-parse --verify "$branch_name" &>/dev/null; then
echo "Branch $branch_name does not exist, skip..."

continue
fi

echo "Branch $remote/$branch_name exists, comparing..."

merge_base=$(git merge-base "$current_branch" "$remote/$branch_name")
latest_main=$(git rev-parse "$remote/$branch_name")

if [ "$merge_base" = "$latest_main" ]; then
echo "Current branch is up-to-date with $remote/$branch_name"

return 0
else
echo "Current branch is not on $remote/$branch_name"

return 1
fi
done
done

echo "No main or master branch found on any remote"

return 1
}

function update_license_files {
script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
parent_dir="$(dirname "$script_dir")"
current_year=$(date +"%Y")
change_date=$(date -v+4y +"%Y-%m-%d" 2>/dev/null || date -d "+4 years" +"%Y-%m-%d" 2>/dev/null || date --date="+4 years" +"%Y-%m-%d")

# Find LICENSE and .kres.yaml files recursively in the parent directory (project root)
find "$parent_dir" \( -name "LICENSE" -o -name ".kres.yaml" \) -type f | while read -r file; do
temp_file="${file}.tmp"

if [[ $file == *"LICENSE" ]]; then
if grep -q "^Business Source License" "$file"; then
sed -e "s/The Licensed Work is (c) [0-9]\{4\}/The Licensed Work is (c) $current_year/" \
-e "s/Change Date: [0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}/Change Date: $change_date/" \
"$file" >"$temp_file"
else
continue # Not a Business Source License file
fi
elif [[ $file == *".kres.yaml" ]]; then
sed -E 's/^([[:space:]]*)ChangeDate:.*$/\1ChangeDate: "'"$change_date"'"/' "$file" >"$temp_file"
fi

# Check if the file has changed
if ! cmp -s "$file" "$temp_file"; then
mv "$temp_file" "$file"
echo "Updated: $file"
git add "$file"
else
echo "No changes: $file"
rm "$temp_file"
fi
done
}

if declare -f "$1" > /dev/null
then
cmd="$1"
Expand All @@ -55,7 +138,7 @@ then
else
cat <<EOF
Usage:
commit: Create the official release commit message.
commit: Create the official release commit message (updates BUSL license dates if there is any).
cherry-pick: Cherry-pick a commit into a release branch.
changelog: Update the specified CHANGELOG.
release-notes: Create release notes for GitHub release.
Expand Down
17 changes: 10 additions & 7 deletions pkg/agent/agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ package agent

import (
"context"
"crypto/tls"
"fmt"
"net/netip"
"strings"
Expand All @@ -20,13 +21,14 @@ import (

// Config is the configuration for the agent.
type Config struct {
WireguardEndpoint string // WireguardEndpoint is the endpoint for the Wireguard server.
APIEndpoint string // APIEndpoint is the gRPC endpoint for the SideroLink API.
JoinToken string // JoinToken is the join token for the SideroLink API.
SinkEndpoint string // SinkEndpoint is the gRPC endpoint for the event sink.
LogEndpoint string // LogEndpoint is the TCP log receiver endpoint.
UUIDIPv6Pairs []string // UUIDIPv6Pairs is a list of UUIDs=IPv6 addrs for the nodes.
ForceUserspace bool // ForceUserspace forces the usage of the userspace UDP device for Wireguard.
WireguardEndpoint string // WireguardEndpoint is the endpoint for the Wireguard server.
APIEndpoint string // APIEndpoint is the gRPC endpoint for the SideroLink API.
APITLSConfig *tls.Config // APITLSConfig is the TLS configuration for the SideroLink API (if nil, served over plain TCP).
JoinToken string // JoinToken is the join token for the SideroLink API.
SinkEndpoint string // SinkEndpoint is the gRPC endpoint for the event sink.
LogEndpoint string // LogEndpoint is the TCP log receiver endpoint.
UUIDIPv6Pairs []string // UUIDIPv6Pairs is a list of UUIDs=IPv6 addrs for the nodes.
ForceUserspace bool // ForceUserspace forces the usage of the userspace UDP device for Wireguard.
}

// Run runs the agent. [wireguard.PeerHandler] can be nil.
Expand Down Expand Up @@ -78,6 +80,7 @@ func run(ctx context.Context, cfg Config, peerHandler wireguard.PeerHandler, eg
linkCfg := sideroLinkConfig{
wireguardEndpoint: cfg.WireguardEndpoint,
apiEndpoint: cfg.APIEndpoint,
apiTLSConfig: cfg.APITLSConfig,
joinToken: cfg.JoinToken,
forceUserspace: cfg.ForceUserspace,
predefinedPairs: bindPairs,
Expand Down
14 changes: 13 additions & 1 deletion pkg/agent/siderolink.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package agent

import (
"context"
"crypto/tls"
"fmt"
"net"
"net/netip"
Expand All @@ -29,6 +30,7 @@ import (
type sideroLinkConfig struct {
wireguardEndpoint string
apiEndpoint string
apiTLSConfig *tls.Config // if not-nil, the API will be served over TLS
joinToken string
predefinedPairs []bindUUIDtoIPv6
forceUserspace bool
Expand All @@ -40,7 +42,17 @@ type bindUUIDtoIPv6 struct {
}

func sideroLink(ctx context.Context, eg *errgroup.Group, cfg sideroLinkConfig, peerHandler wireguard.PeerHandler, logger *zap.Logger) error {
lis, err := net.Listen("tcp", cfg.apiEndpoint)
var (
lis net.Listener
err error
)

if cfg.apiTLSConfig != nil {
lis, err = tls.Listen("tcp", cfg.apiEndpoint, cfg.apiTLSConfig)
} else {
lis, err = net.Listen("tcp", cfg.apiEndpoint)
}

if err != nil {
return fmt.Errorf("error listening for gRPC API: %w", err)
}
Expand Down

0 comments on commit 6c8fa1f

Please sign in to comment.