From 0368b9f992a2a79e3d20f7d40b754201b410adea Mon Sep 17 00:00:00 2001 From: Michael Andersen Date: Mon, 4 Jun 2018 13:54:57 -0700 Subject: [PATCH 1/5] Getting Admin API online --- Gopkg.lock | 36 +- acl/acl.go | 48 +- containers/kcm-ceph/Dockerfile | 2 +- containers/kcm-ceph/rebuild.sh | 4 +- .../adminconsole.deployment.yaml | 12 + tools/admincliserver/adminapi/adminapi.go | 255 +++++++++ tools/admincliserver/adminapi/adminapi.pb.go | 492 ++++++++++++++++++ .../admincliserver/adminapi/adminapi.pb.gw.go | 257 +++++++++ tools/admincliserver/adminapi/adminapi.proto | 76 +++ .../adminapi/adminapi.swagger.json | 243 +++++++++ tools/admincliserver/main.go | 3 + tools/apifrontend/main.go | 42 +- .../{apifrontend/tls.go => certutils/cert.go} | 43 +- 13 files changed, 1456 insertions(+), 57 deletions(-) create mode 100644 tools/admincliserver/adminapi/adminapi.go create mode 100644 tools/admincliserver/adminapi/adminapi.pb.go create mode 100644 tools/admincliserver/adminapi/adminapi.pb.gw.go create mode 100644 tools/admincliserver/adminapi/adminapi.proto create mode 100644 tools/admincliserver/adminapi/adminapi.swagger.json rename tools/{apifrontend/tls.go => certutils/cert.go} (87%) diff --git a/Gopkg.lock b/Gopkg.lock index f6c4778..864a9b9 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -20,7 +20,7 @@ "internal/mprovider", "internal/rez" ] - revision = "99e6a535295ea385f48d00a4ace3856ccbd2587c" + revision = "72fa28d9df15f16c8e359d49bda5042c2d22f758" [[projects]] branch = "master" @@ -29,7 +29,7 @@ "accounts", "keys" ] - revision = "83c348dddc56ba7bbf230d5bcdc7e647240eb193" + revision = "a41d149e3eba7f73247cb535789087cc2b17d189" [[projects]] branch = "master" @@ -65,7 +65,7 @@ "raft", "raft/raftpb" ] - revision = "20cf7f4d5b7af698dd216b228a53d3e192e32d1f" + revision = "438e6750ee4dd3861c83514e405adf2f3e437e4c" [[projects]] name = "github.com/coreos/go-systemd" @@ -122,6 +122,16 @@ packages = ["."] revision = "2e65f85255dbc3072edf28d6b5b8efc472979f5a" +[[projects]] + name = "github.com/grpc-ecosystem/go-grpc-middleware" + packages = [ + ".", + "auth", + "util/metautils" + ] + revision = "c250d6563d4d4c20252cd865923440e829844f4e" + version = "v1.0.0" + [[projects]] name = "github.com/grpc-ecosystem/grpc-gateway" packages = [ @@ -189,8 +199,8 @@ [[projects]] name = "github.com/matttproud/golang_protobuf_extensions" packages = ["pbutil"] - revision = "3247c84500bff8d9fb6d579d800f20b3e091582c" - version = "v1.0.0" + revision = "c12348ce28de40eed0136aa2b644d0ee0650e56c" + version = "v1.0.1" [[projects]] name = "github.com/montanaflynn/stats" @@ -256,7 +266,7 @@ "nfs", "xfs" ] - revision = "8b1c2da0d56deffdbb9e48d4414b4e674bd8083e" + revision = "94663424ae5ae9856b40a9f170762b4197024661" [[projects]] branch = "master" @@ -331,7 +341,7 @@ "ssh", "ssh/terminal" ] - revision = "159ae71589f303f9fbfd7528413e0fe944b9c1cb" + revision = "df8d4716b3472e4a531c33cedbe537dae921a1a9" [[projects]] branch = "master" @@ -345,7 +355,7 @@ "internal/timeseries", "trace" ] - revision = "dfa909b99c79129e1100513e5cd36307665e5723" + revision = "1e491301e022f8f977054da4c2d852decd59571f" [[projects]] branch = "master" @@ -354,7 +364,7 @@ "unix", "windows" ] - revision = "04b83988a018ef3ebffe1485df79d6499b76a4b4" + revision = "c11f84a56e43e20a78cee75a7c034031ecf57d1f" [[projects]] name = "golang.org/x/text" @@ -384,7 +394,7 @@ "googleapis/api/annotations", "googleapis/rpc/status" ] - revision = "694d95ba50e67b2e363f3483057db5d4910c18f9" + revision = "81158efcc9f219c511e4d3c0d61a0e6e49c01a24" [[projects]] name = "google.golang.org/grpc" @@ -474,8 +484,8 @@ [[projects]] name = "gopkg.in/ini.v1" packages = ["."] - revision = "6529cf7c58879c08d927016dde4477f18a0634cb" - version = "v1.36.0" + revision = "06f5f3d67269ccec1fe5fe4134ba6e982984f7f5" + version = "v1.37.0" [[projects]] name = "gopkg.in/mattn/go-colorable.v0" @@ -519,6 +529,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "0b239aee6fc8ac62f79caca42d416fef1046357caf3163afcd6be1b233b3de6b" + inputs-digest = "3b3c654c965bac66f0b2a2ffa5055f7be3b11b219b1477e56c0c507fce926750" solver-name = "gps-cdcl" solver-version = 1 diff --git a/acl/acl.go b/acl/acl.go index 2e529f7..b869994 100644 --- a/acl/acl.go +++ b/acl/acl.go @@ -7,6 +7,7 @@ import ( "errors" "fmt" "regexp" + "sync" "time" "golang.org/x/crypto/bcrypt" @@ -14,13 +15,17 @@ import ( etcd "github.com/coreos/etcd/clientv3" ) +const DefaultPrefix = "btrdb" + type ACLEngine struct { - c *etcd.Client - prefix string + c *etcd.Client + prefix string + cachedUsers map[CachedUserKey]CachedUser + cachedUsersMu sync.Mutex } func NewACLEngine(prefix string, c *etcd.Client) *ACLEngine { - return &ACLEngine{c: c, prefix: prefix} + return &ACLEngine{c: c, prefix: prefix, cachedUsers: make(map[CachedUserKey]CachedUser)} } type IdentityProvider string @@ -38,6 +43,7 @@ var KnownCapabilities = map[string]bool{ "read": true, "delete": true, "obliterate": true, + "admin": true, } func (e *ACLEngine) set(key string, val string) error { @@ -308,6 +314,15 @@ type User struct { Capabilities []string } +func (u *User) HasCapability(c string) bool { + for _, cap := range u.Capabilities { + if cap == c { + return true + } + } + return false +} + func (e *ACLEngine) WatchForAuthChanges(ctx context.Context) (chan struct{}, error) { rv := make(chan struct{}, 10) go func() { @@ -320,8 +335,29 @@ func (e *ACLEngine) WatchForAuthChanges(ctx context.Context) (chan struct{}, err return rv, nil } +type CachedUser struct { + User *User + Expiry time.Time +} +type CachedUserKey struct { + Name string + Password string +} + +const UserCacheTime = 3 * time.Minute + //Returns false, nil, nil if password is incorrect or user does not exist func (e *ACLEngine) AuthenticateUser(name string, password string) (bool, *User, error) { + ck := CachedUserKey{ + Name: name, + Password: password, + } + e.cachedUsersMu.Lock() + cached, ok := e.cachedUsers[ck] + e.cachedUsersMu.Unlock() + if ok && cached.Expiry.Before(time.Now()) { + return ok, cached.User, nil + } idp, err := e.GetIDP() if err != nil { return false, nil, err @@ -338,6 +374,12 @@ func (e *ACLEngine) AuthenticateUser(name string, password string) (bool, *User, if err != nil { return false, nil, nil } + e.cachedUsersMu.Lock() + e.cachedUsers[ck] = CachedUser{ + User: u, + Expiry: time.Now().Add(UserCacheTime), + } + e.cachedUsersMu.Unlock() return true, u, nil } return false, nil, fmt.Errorf("unsupported identity provider") diff --git a/containers/kcm-ceph/Dockerfile b/containers/kcm-ceph/Dockerfile index ceb02c2..9d98562 100644 --- a/containers/kcm-ceph/Dockerfile +++ b/containers/kcm-ceph/Dockerfile @@ -3,7 +3,7 @@ FROM ubuntu:xenial ENV ETCDCTL_VERSION v3.1.7 ENV ETCDCTL_ARCH linux-amd64 ENV CEPH_VERSION luminous -ENV KUBE_VERSION v1.9.3 +ENV KUBE_VERSION v1.10.0 ENV GO_VERSION 1.9.2 RUN apt-get update && apt-get install -y net-tools git build-essential wget RUN wget -q -O- 'https://download.ceph.com/keys/release.asc' | apt-key add - && \ diff --git a/containers/kcm-ceph/rebuild.sh b/containers/kcm-ceph/rebuild.sh index ae58cb4..bbb30c2 100755 --- a/containers/kcm-ceph/rebuild.sh +++ b/containers/kcm-ceph/rebuild.sh @@ -1,4 +1,4 @@ #!/bin/bash set -ex -docker build --no-cache -t btrdb/kubernetes-controller-manager-rbd:1.9.3 . -docker push btrdb/kubernetes-controller-manager-rbd:1.9.3 +docker build --no-cache -t btrdb/kubernetes-controller-manager-rbd:1.10.0 . +docker push btrdb/kubernetes-controller-manager-rbd:1.10.0 diff --git a/manifest_templates/adminconsole.deployment.yaml b/manifest_templates/adminconsole.deployment.yaml index e543c90..4df3156 100644 --- a/manifest_templates/adminconsole.deployment.yaml +++ b/manifest_templates/adminconsole.deployment.yaml @@ -31,6 +31,12 @@ spec: - containerPort: 2222 protocol: TCP name: adminport + - containerPort: 2223 + name: admin-grpc-api + protocol: TCP + - containerPort: 2224 + name: admin-http-api + protocol: TCP volumes: - name: ceph-keyring secret: @@ -51,6 +57,12 @@ spec: - port: 2222 targetPort: adminport name: console + - port: 2223 + targetPort: admin-grpc-api + name: admin-grpc-api + - port: 2224 + targetPort: admin-http-api + name: admin-http-api externalIPs:{{range .SiteInfo.ExternalIPs}} - {{.}}{{end}} selector: diff --git a/tools/admincliserver/adminapi/adminapi.go b/tools/admincliserver/adminapi/adminapi.go new file mode 100644 index 0000000..9d9259b --- /dev/null +++ b/tools/admincliserver/adminapi/adminapi.go @@ -0,0 +1,255 @@ +package adminapi + +import ( + "context" + "encoding/base64" + "fmt" + "net" + "net/http" + "os" + "strings" + + "github.com/BTrDB/btrdb-server/bte" + "github.com/BTrDB/smartgridstore/acl" + "github.com/BTrDB/smartgridstore/tools/certutils" + "github.com/BTrDB/smartgridstore/tools/manifest" + etcd "github.com/coreos/etcd/clientv3" + "github.com/grpc-ecosystem/go-grpc-middleware/auth" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials" +) + +//go:generate protoc -I/usr/local/include -I. -I$GOPATH/src -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis --go_out=plugins=grpc:. adminapi.proto +//go:generate protoc -I/usr/local/include -I. -I$GOPATH/src -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis --grpc-gateway_out=logtostderr=true:. adminapi.proto +//go:generate protoc -I/usr/local/include -I. -I$GOPATH/src -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis --swagger_out=logtostderr=true:. adminapi.proto + +func ServeGRPC(ec *etcd.Client, laddr string) { + cfg, err := certutils.GetAPIConfig(ec) + if err != nil { + fmt.Printf("COULD NOT OBTAIN TLS CERTIFICATE\n") + fmt.Printf("ERR: %v\n", err) + os.Exit(1) + } + if cfg == nil { + fmt.Printf("TLS setup incomplete, cannot start admin API\n") + return + } + creds := credentials.NewTLS(cfg) + l, err := net.Listen("tcp", laddr) + if err != nil { + panic(err) + } + api := &apiProvider{ec: ec} + grpcServer := grpc.NewServer(grpc.Creds(creds), + grpc.StreamInterceptor(grpc_auth.StreamServerInterceptor(api.authfunc)), + grpc.UnaryInterceptor(grpc_auth.UnaryServerInterceptor(api.authfunc))) + api.s = grpcServer + RegisterBTrDBAdminServer(grpcServer, api) + go grpcServer.Serve(l) + + //Insecure server + il, err := net.Listen("tcp", "127.0.0.1:2250") + if err != nil { + panic(err) + } + grpcInsecureServer := grpc.NewServer(grpc.StreamInterceptor(grpc_auth.StreamServerInterceptor(api.authfunc)), + grpc.UnaryInterceptor(grpc_auth.UnaryServerInterceptor(api.authfunc))) + RegisterBTrDBAdminServer(grpcInsecureServer, api) + go grpcInsecureServer.Serve(il) + fmt.Printf("secure/insecure api running\n") +} + +func ServeHTTP(ec *etcd.Client, laddr string, svcaddr string) { + cfg, err := certutils.GetAPIConfig(ec) + if err != nil { + fmt.Printf("COULD NOT OBTAIN TLS CERTIFICATE\n") + fmt.Printf("ERR: %v\n", err) + os.Exit(1) + } + if cfg == nil { + fmt.Printf("TLS setup incomplete, cannot start admin API\n") + return + } + + mux := runtime.NewServeMux() + opts := []grpc.DialOption{ + //Use the operating system root TLS certificates + // grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{})), + grpc.WithInsecure(), + } + err = RegisterBTrDBAdminHandlerFromEndpoint(context.Background(), mux, "127.0.0.1:2250", opts) + if err != nil { + panic(err) + } + + go func() { + server := &http.Server{Addr: laddr, Handler: mux, TLSConfig: cfg} + err := server.ListenAndServeTLS("", "") + if err != nil { + panic(err) + } + }() + +} + +type apiProvider struct { + s *grpc.Server + ec *etcd.Client +} + +//Copied verbatim from golang HTTP package +func parseBasicAuth(auth string) (username, password string, ok bool) { + c, err := base64.StdEncoding.DecodeString(auth) + if err != nil { + return + } + cs := string(c) + s := strings.IndexByte(cs, ':') + if s < 0 { + return + } + return cs[:s], cs[s+1:], true +} + +type TUserObject string + +var UserObject TUserObject = "user_object" + +func (a *apiProvider) authfunc(ctx context.Context) (context.Context, error) { + auth, err := grpc_auth.AuthFromMD(ctx, "basic") + if err != nil { + return nil, err + } + user, pass, ok := parseBasicAuth(auth) + if !ok { + fmt.Printf("a\n") + return nil, grpc.Errorf(codes.Unauthenticated, "invalid basic credentials") + } + //Returns false, nil, nil if password is incorrect or user does not exist + ae := acl.NewACLEngine(acl.DefaultPrefix, a.ec) + ok, userObj, err := ae.AuthenticateUser(user, pass) + if err != nil { + panic(err) + } + if !ok { + fmt.Printf("c") + return nil, grpc.Errorf(codes.Unauthenticated, "invalid user credentials") + } + + newCtx := context.WithValue(ctx, UserObject, userObj) + return newCtx, nil +} + +func (a *apiProvider) ManifestAdd(ctx context.Context, p *ManifestAddParams) (*ManifestAddResponse, error) { + u, ok := ctx.Value(UserObject).(*acl.User) + if !ok || !u.HasCapability("admin") { + return &ManifestAddResponse{ + Stat: &Status{ + Code: bte.Unauthorized, + Msg: "user does not have 'admin' permissions", + }, + }, nil + } + metadata := make(map[string]string) + for _, kv := range p.Metadata { + metadata[kv.Key] = kv.Value + } + dev := &manifest.ManifestDevice{Descriptor: p.Deviceid, Metadata: metadata, Streams: make(map[string]*manifest.ManifestDeviceStream)} + success, err := manifest.UpsertManifestDeviceAtomically(ctx, a.ec, dev) + if err != nil { + return &ManifestAddResponse{ + Stat: &Status{ + Code: bte.ManifestError, + Msg: err.Error(), + }, + }, nil + } + if !success { + return &ManifestAddResponse{ + Stat: &Status{ + Code: bte.ManifestDeviceDuplicated, + Msg: err.Error(), + }, + }, nil + } + return &ManifestAddResponse{}, nil +} + +func (a *apiProvider) ManifestDel(ctx context.Context, p *ManifestDelParams) (*ManifestDelResponse, error) { + u, ok := ctx.Value(UserObject).(*acl.User) + if !ok || !u.HasCapability("admin") { + return &ManifestDelResponse{ + Stat: &Status{ + Code: bte.Unauthorized, + Msg: "user does not have 'admin' permissions", + }, + }, nil + } + err := manifest.DeleteManifestDevice(ctx, a.ec, p.Deviceid) + if err != nil { + return &ManifestDelResponse{ + Stat: &Status{ + Code: bte.ManifestError, + Msg: err.Error(), + }, + }, nil + } + return &ManifestDelResponse{}, nil +} + +func (a *apiProvider) ManifestDelPrefix(ctx context.Context, p *ManifestDelPrefixParams) (*ManifestDelPrefixResponse, error) { + u, ok := ctx.Value(UserObject).(*acl.User) + if !ok || !u.HasCapability("admin") { + return &ManifestDelPrefixResponse{ + Stat: &Status{ + Code: bte.Unauthorized, + Msg: "user does not have 'admin' permissions", + }, + }, nil + } + n, err := manifest.DeleteMultipleManifestDevices(ctx, a.ec, p.Deviceidprefix) + if err != nil { + return &ManifestDelPrefixResponse{ + Stat: &Status{ + Code: bte.ManifestError, + Msg: err.Error(), + }, + }, nil + } + return &ManifestDelPrefixResponse{ + Numdeleted: uint32(n), + }, nil +} + +func (a *apiProvider) ManifestLsDevs(ctx context.Context, p *ManifestLsDevsParams) (*ManifestLsDevsResponse, error) { + u, ok := ctx.Value(UserObject).(*acl.User) + if !ok || !u.HasCapability("admin") { + fmt.Printf("XX\n") + return &ManifestLsDevsResponse{ + Stat: &Status{ + Code: bte.Unauthorized, + Msg: "user does not have 'admin' permissions", + }, + }, nil + } + devs, err := manifest.RetrieveMultipleManifestDevices(ctx, a.ec, p.Deviceidprefix) + if err != nil { + return &ManifestLsDevsResponse{ + Stat: &Status{ + Code: bte.ManifestError, + Msg: err.Error(), + }, + }, nil + } + rv := &ManifestLsDevsResponse{} + for _, dev := range devs { + d := &ManifestDevice{Deviceid: dev.Descriptor} + for k, v := range dev.Metadata { + d.Metadata = append(d.Metadata, &MetaKeyValue{Key: k, Value: v}) + } + rv.Devices = append(rv.Devices, d) + } + return rv, nil +} diff --git a/tools/admincliserver/adminapi/adminapi.pb.go b/tools/admincliserver/adminapi/adminapi.pb.go new file mode 100644 index 0000000..e9a052f --- /dev/null +++ b/tools/admincliserver/adminapi/adminapi.pb.go @@ -0,0 +1,492 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: adminapi.proto + +/* +Package adminapi is a generated protocol buffer package. + +It is generated from these files: + adminapi.proto + +It has these top-level messages: + ManifestAddParams + ManifestAddResponse + MetaKeyValue + ManifestDelParams + ManifestDelResponse + ManifestDelPrefixParams + ManifestDelPrefixResponse + ManifestLsDevsParams + ManifestLsDevsResponse + ManifestDevice + Status +*/ +package adminapi + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "google.golang.org/genproto/googleapis/api/annotations" + +import ( + context "golang.org/x/net/context" + grpc "google.golang.org/grpc" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +type ManifestAddParams struct { + Deviceid string `protobuf:"bytes,1,opt,name=deviceid" json:"deviceid,omitempty"` + Metadata []*MetaKeyValue `protobuf:"bytes,2,rep,name=metadata" json:"metadata,omitempty"` +} + +func (m *ManifestAddParams) Reset() { *m = ManifestAddParams{} } +func (m *ManifestAddParams) String() string { return proto.CompactTextString(m) } +func (*ManifestAddParams) ProtoMessage() {} +func (*ManifestAddParams) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } + +func (m *ManifestAddParams) GetDeviceid() string { + if m != nil { + return m.Deviceid + } + return "" +} + +func (m *ManifestAddParams) GetMetadata() []*MetaKeyValue { + if m != nil { + return m.Metadata + } + return nil +} + +type ManifestAddResponse struct { + Stat *Status `protobuf:"bytes,1,opt,name=stat" json:"stat,omitempty"` +} + +func (m *ManifestAddResponse) Reset() { *m = ManifestAddResponse{} } +func (m *ManifestAddResponse) String() string { return proto.CompactTextString(m) } +func (*ManifestAddResponse) ProtoMessage() {} +func (*ManifestAddResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} } + +func (m *ManifestAddResponse) GetStat() *Status { + if m != nil { + return m.Stat + } + return nil +} + +type MetaKeyValue struct { + Key string `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"` + Value string `protobuf:"bytes,2,opt,name=value" json:"value,omitempty"` +} + +func (m *MetaKeyValue) Reset() { *m = MetaKeyValue{} } +func (m *MetaKeyValue) String() string { return proto.CompactTextString(m) } +func (*MetaKeyValue) ProtoMessage() {} +func (*MetaKeyValue) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} } + +func (m *MetaKeyValue) GetKey() string { + if m != nil { + return m.Key + } + return "" +} + +func (m *MetaKeyValue) GetValue() string { + if m != nil { + return m.Value + } + return "" +} + +type ManifestDelParams struct { + Deviceid string `protobuf:"bytes,1,opt,name=deviceid" json:"deviceid,omitempty"` +} + +func (m *ManifestDelParams) Reset() { *m = ManifestDelParams{} } +func (m *ManifestDelParams) String() string { return proto.CompactTextString(m) } +func (*ManifestDelParams) ProtoMessage() {} +func (*ManifestDelParams) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} } + +func (m *ManifestDelParams) GetDeviceid() string { + if m != nil { + return m.Deviceid + } + return "" +} + +type ManifestDelResponse struct { + Stat *Status `protobuf:"bytes,1,opt,name=stat" json:"stat,omitempty"` +} + +func (m *ManifestDelResponse) Reset() { *m = ManifestDelResponse{} } +func (m *ManifestDelResponse) String() string { return proto.CompactTextString(m) } +func (*ManifestDelResponse) ProtoMessage() {} +func (*ManifestDelResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} } + +func (m *ManifestDelResponse) GetStat() *Status { + if m != nil { + return m.Stat + } + return nil +} + +type ManifestDelPrefixParams struct { + Deviceidprefix string `protobuf:"bytes,1,opt,name=deviceidprefix" json:"deviceidprefix,omitempty"` +} + +func (m *ManifestDelPrefixParams) Reset() { *m = ManifestDelPrefixParams{} } +func (m *ManifestDelPrefixParams) String() string { return proto.CompactTextString(m) } +func (*ManifestDelPrefixParams) ProtoMessage() {} +func (*ManifestDelPrefixParams) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} } + +func (m *ManifestDelPrefixParams) GetDeviceidprefix() string { + if m != nil { + return m.Deviceidprefix + } + return "" +} + +type ManifestDelPrefixResponse struct { + Stat *Status `protobuf:"bytes,1,opt,name=stat" json:"stat,omitempty"` + Numdeleted uint32 `protobuf:"varint,2,opt,name=numdeleted" json:"numdeleted,omitempty"` +} + +func (m *ManifestDelPrefixResponse) Reset() { *m = ManifestDelPrefixResponse{} } +func (m *ManifestDelPrefixResponse) String() string { return proto.CompactTextString(m) } +func (*ManifestDelPrefixResponse) ProtoMessage() {} +func (*ManifestDelPrefixResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} } + +func (m *ManifestDelPrefixResponse) GetStat() *Status { + if m != nil { + return m.Stat + } + return nil +} + +func (m *ManifestDelPrefixResponse) GetNumdeleted() uint32 { + if m != nil { + return m.Numdeleted + } + return 0 +} + +type ManifestLsDevsParams struct { + Deviceidprefix string `protobuf:"bytes,1,opt,name=deviceidprefix" json:"deviceidprefix,omitempty"` +} + +func (m *ManifestLsDevsParams) Reset() { *m = ManifestLsDevsParams{} } +func (m *ManifestLsDevsParams) String() string { return proto.CompactTextString(m) } +func (*ManifestLsDevsParams) ProtoMessage() {} +func (*ManifestLsDevsParams) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} } + +func (m *ManifestLsDevsParams) GetDeviceidprefix() string { + if m != nil { + return m.Deviceidprefix + } + return "" +} + +type ManifestLsDevsResponse struct { + Stat *Status `protobuf:"bytes,1,opt,name=stat" json:"stat,omitempty"` + Devices []*ManifestDevice `protobuf:"bytes,2,rep,name=devices" json:"devices,omitempty"` +} + +func (m *ManifestLsDevsResponse) Reset() { *m = ManifestLsDevsResponse{} } +func (m *ManifestLsDevsResponse) String() string { return proto.CompactTextString(m) } +func (*ManifestLsDevsResponse) ProtoMessage() {} +func (*ManifestLsDevsResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} } + +func (m *ManifestLsDevsResponse) GetStat() *Status { + if m != nil { + return m.Stat + } + return nil +} + +func (m *ManifestLsDevsResponse) GetDevices() []*ManifestDevice { + if m != nil { + return m.Devices + } + return nil +} + +type ManifestDevice struct { + Deviceid string `protobuf:"bytes,1,opt,name=deviceid" json:"deviceid,omitempty"` + Metadata []*MetaKeyValue `protobuf:"bytes,2,rep,name=metadata" json:"metadata,omitempty"` +} + +func (m *ManifestDevice) Reset() { *m = ManifestDevice{} } +func (m *ManifestDevice) String() string { return proto.CompactTextString(m) } +func (*ManifestDevice) ProtoMessage() {} +func (*ManifestDevice) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{9} } + +func (m *ManifestDevice) GetDeviceid() string { + if m != nil { + return m.Deviceid + } + return "" +} + +func (m *ManifestDevice) GetMetadata() []*MetaKeyValue { + if m != nil { + return m.Metadata + } + return nil +} + +type Status struct { + Code uint32 `protobuf:"varint,1,opt,name=code" json:"code,omitempty"` + Msg string `protobuf:"bytes,2,opt,name=msg" json:"msg,omitempty"` +} + +func (m *Status) Reset() { *m = Status{} } +func (m *Status) String() string { return proto.CompactTextString(m) } +func (*Status) ProtoMessage() {} +func (*Status) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{10} } + +func (m *Status) GetCode() uint32 { + if m != nil { + return m.Code + } + return 0 +} + +func (m *Status) GetMsg() string { + if m != nil { + return m.Msg + } + return "" +} + +func init() { + proto.RegisterType((*ManifestAddParams)(nil), "adminapi.ManifestAddParams") + proto.RegisterType((*ManifestAddResponse)(nil), "adminapi.ManifestAddResponse") + proto.RegisterType((*MetaKeyValue)(nil), "adminapi.MetaKeyValue") + proto.RegisterType((*ManifestDelParams)(nil), "adminapi.ManifestDelParams") + proto.RegisterType((*ManifestDelResponse)(nil), "adminapi.ManifestDelResponse") + proto.RegisterType((*ManifestDelPrefixParams)(nil), "adminapi.ManifestDelPrefixParams") + proto.RegisterType((*ManifestDelPrefixResponse)(nil), "adminapi.ManifestDelPrefixResponse") + proto.RegisterType((*ManifestLsDevsParams)(nil), "adminapi.ManifestLsDevsParams") + proto.RegisterType((*ManifestLsDevsResponse)(nil), "adminapi.ManifestLsDevsResponse") + proto.RegisterType((*ManifestDevice)(nil), "adminapi.ManifestDevice") + proto.RegisterType((*Status)(nil), "adminapi.Status") +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 + +// Client API for BTrDBAdmin service + +type BTrDBAdminClient interface { + // Requires Manifest capability + ManifestAdd(ctx context.Context, in *ManifestAddParams, opts ...grpc.CallOption) (*ManifestAddResponse, error) + ManifestDel(ctx context.Context, in *ManifestDelParams, opts ...grpc.CallOption) (*ManifestDelResponse, error) + ManifestDelPrefix(ctx context.Context, in *ManifestDelPrefixParams, opts ...grpc.CallOption) (*ManifestDelPrefixResponse, error) + ManifestLsDevs(ctx context.Context, in *ManifestLsDevsParams, opts ...grpc.CallOption) (*ManifestLsDevsResponse, error) +} + +type bTrDBAdminClient struct { + cc *grpc.ClientConn +} + +func NewBTrDBAdminClient(cc *grpc.ClientConn) BTrDBAdminClient { + return &bTrDBAdminClient{cc} +} + +func (c *bTrDBAdminClient) ManifestAdd(ctx context.Context, in *ManifestAddParams, opts ...grpc.CallOption) (*ManifestAddResponse, error) { + out := new(ManifestAddResponse) + err := grpc.Invoke(ctx, "/adminapi.BTrDBAdmin/ManifestAdd", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *bTrDBAdminClient) ManifestDel(ctx context.Context, in *ManifestDelParams, opts ...grpc.CallOption) (*ManifestDelResponse, error) { + out := new(ManifestDelResponse) + err := grpc.Invoke(ctx, "/adminapi.BTrDBAdmin/ManifestDel", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *bTrDBAdminClient) ManifestDelPrefix(ctx context.Context, in *ManifestDelPrefixParams, opts ...grpc.CallOption) (*ManifestDelPrefixResponse, error) { + out := new(ManifestDelPrefixResponse) + err := grpc.Invoke(ctx, "/adminapi.BTrDBAdmin/ManifestDelPrefix", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *bTrDBAdminClient) ManifestLsDevs(ctx context.Context, in *ManifestLsDevsParams, opts ...grpc.CallOption) (*ManifestLsDevsResponse, error) { + out := new(ManifestLsDevsResponse) + err := grpc.Invoke(ctx, "/adminapi.BTrDBAdmin/ManifestLsDevs", in, out, c.cc, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// Server API for BTrDBAdmin service + +type BTrDBAdminServer interface { + // Requires Manifest capability + ManifestAdd(context.Context, *ManifestAddParams) (*ManifestAddResponse, error) + ManifestDel(context.Context, *ManifestDelParams) (*ManifestDelResponse, error) + ManifestDelPrefix(context.Context, *ManifestDelPrefixParams) (*ManifestDelPrefixResponse, error) + ManifestLsDevs(context.Context, *ManifestLsDevsParams) (*ManifestLsDevsResponse, error) +} + +func RegisterBTrDBAdminServer(s *grpc.Server, srv BTrDBAdminServer) { + s.RegisterService(&_BTrDBAdmin_serviceDesc, srv) +} + +func _BTrDBAdmin_ManifestAdd_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ManifestAddParams) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BTrDBAdminServer).ManifestAdd(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/adminapi.BTrDBAdmin/ManifestAdd", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BTrDBAdminServer).ManifestAdd(ctx, req.(*ManifestAddParams)) + } + return interceptor(ctx, in, info, handler) +} + +func _BTrDBAdmin_ManifestDel_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ManifestDelParams) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BTrDBAdminServer).ManifestDel(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/adminapi.BTrDBAdmin/ManifestDel", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BTrDBAdminServer).ManifestDel(ctx, req.(*ManifestDelParams)) + } + return interceptor(ctx, in, info, handler) +} + +func _BTrDBAdmin_ManifestDelPrefix_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ManifestDelPrefixParams) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BTrDBAdminServer).ManifestDelPrefix(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/adminapi.BTrDBAdmin/ManifestDelPrefix", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BTrDBAdminServer).ManifestDelPrefix(ctx, req.(*ManifestDelPrefixParams)) + } + return interceptor(ctx, in, info, handler) +} + +func _BTrDBAdmin_ManifestLsDevs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ManifestLsDevsParams) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BTrDBAdminServer).ManifestLsDevs(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/adminapi.BTrDBAdmin/ManifestLsDevs", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BTrDBAdminServer).ManifestLsDevs(ctx, req.(*ManifestLsDevsParams)) + } + return interceptor(ctx, in, info, handler) +} + +var _BTrDBAdmin_serviceDesc = grpc.ServiceDesc{ + ServiceName: "adminapi.BTrDBAdmin", + HandlerType: (*BTrDBAdminServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "ManifestAdd", + Handler: _BTrDBAdmin_ManifestAdd_Handler, + }, + { + MethodName: "ManifestDel", + Handler: _BTrDBAdmin_ManifestDel_Handler, + }, + { + MethodName: "ManifestDelPrefix", + Handler: _BTrDBAdmin_ManifestDelPrefix_Handler, + }, + { + MethodName: "ManifestLsDevs", + Handler: _BTrDBAdmin_ManifestLsDevs_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "adminapi.proto", +} + +func init() { proto.RegisterFile("adminapi.proto", fileDescriptor0) } + +var fileDescriptor0 = []byte{ + // 493 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x94, 0xcd, 0x6e, 0xd3, 0x40, + 0x10, 0xc7, 0x95, 0xa4, 0x94, 0x30, 0xa1, 0xa1, 0x2c, 0xa1, 0x0d, 0x86, 0x56, 0x61, 0x41, 0xa8, + 0xea, 0x21, 0x96, 0x0c, 0xe2, 0x50, 0x24, 0xa4, 0x54, 0xbe, 0x41, 0x25, 0x64, 0x10, 0x67, 0x86, + 0xec, 0x34, 0xb2, 0xf0, 0x17, 0xde, 0x8d, 0x45, 0x0f, 0x5c, 0x78, 0x05, 0x5e, 0x8b, 0x1b, 0xaf, + 0xc0, 0x83, 0x20, 0xaf, 0x3f, 0xb2, 0x49, 0x0c, 0xc8, 0x12, 0xb7, 0xdd, 0x99, 0xf1, 0xfc, 0xfe, + 0xb3, 0xfb, 0x5f, 0xc3, 0x10, 0x45, 0xe8, 0x47, 0x98, 0xf8, 0xd3, 0x24, 0x8d, 0x55, 0xcc, 0xfa, + 0xd5, 0xde, 0x7a, 0xb0, 0x88, 0xe3, 0x45, 0x40, 0x36, 0x26, 0xbe, 0x8d, 0x51, 0x14, 0x2b, 0x54, + 0x7e, 0x1c, 0xc9, 0xa2, 0x8e, 0xcf, 0xe1, 0xf6, 0x05, 0x46, 0xfe, 0x25, 0x49, 0x35, 0x13, 0xe2, + 0x0d, 0xa6, 0x18, 0x4a, 0x66, 0x41, 0x5f, 0x50, 0xe6, 0xcf, 0xc9, 0x17, 0xe3, 0xce, 0xa4, 0x73, + 0x72, 0xc3, 0xab, 0xf7, 0xcc, 0x81, 0x7e, 0x48, 0x0a, 0x05, 0x2a, 0x1c, 0x77, 0x27, 0xbd, 0x93, + 0x81, 0x73, 0x30, 0xad, 0xd9, 0x17, 0xa4, 0xf0, 0x15, 0x5d, 0xbd, 0xc7, 0x60, 0x49, 0x5e, 0x5d, + 0xc7, 0x5f, 0xc0, 0x1d, 0x03, 0xe2, 0x91, 0x4c, 0xe2, 0x48, 0x12, 0x7b, 0x0c, 0x3b, 0x52, 0xa1, + 0xd2, 0x88, 0x81, 0xb3, 0xbf, 0x6a, 0xf3, 0x56, 0xa1, 0x5a, 0x4a, 0x4f, 0x67, 0xf9, 0x73, 0xb8, + 0x69, 0xb6, 0x65, 0xfb, 0xd0, 0xfb, 0x44, 0x57, 0xa5, 0xae, 0x7c, 0xc9, 0x46, 0x70, 0x2d, 0xcb, + 0x53, 0xe3, 0xae, 0x8e, 0x15, 0x1b, 0x6e, 0xaf, 0x26, 0x73, 0x29, 0xf8, 0xf7, 0x64, 0xa6, 0x4a, + 0x97, 0x82, 0x96, 0x2a, 0x67, 0x70, 0x68, 0xd2, 0x52, 0xba, 0xf4, 0xbf, 0x94, 0xcc, 0x27, 0x30, + 0xac, 0x18, 0x89, 0x8e, 0x97, 0xe4, 0x8d, 0x28, 0x47, 0xb8, 0xb7, 0xd5, 0xa2, 0x9d, 0x0a, 0x76, + 0x0c, 0x10, 0x2d, 0x43, 0x41, 0x01, 0x29, 0x12, 0xfa, 0x38, 0xf6, 0x3c, 0x23, 0xc2, 0x5f, 0xc2, + 0xa8, 0x42, 0xbc, 0x96, 0x2e, 0x65, 0xb2, 0xa5, 0xc4, 0x14, 0x0e, 0xd6, 0xbf, 0x6f, 0xa9, 0xcf, + 0x81, 0xeb, 0x45, 0x47, 0x59, 0x7a, 0x67, 0x6c, 0x78, 0xa7, 0x9e, 0x3d, 0x2f, 0xf0, 0xaa, 0x42, + 0xfe, 0x01, 0x86, 0xeb, 0xa9, 0xff, 0x6e, 0xcf, 0x29, 0xec, 0x16, 0x2a, 0x19, 0x83, 0x9d, 0x79, + 0x2c, 0x48, 0x77, 0xdd, 0xf3, 0xf4, 0x3a, 0xf7, 0x5b, 0x28, 0x17, 0xa5, 0xb7, 0xf2, 0xa5, 0xf3, + 0xa3, 0x07, 0x70, 0xfe, 0x2e, 0x75, 0xcf, 0x67, 0x79, 0x63, 0x46, 0x30, 0x30, 0xdc, 0xcd, 0xee, + 0x6f, 0x8f, 0x54, 0xbf, 0x2c, 0xeb, 0xa8, 0x31, 0x59, 0x9d, 0x22, 0xb7, 0xbe, 0xfd, 0xfc, 0xf5, + 0xbd, 0x3b, 0xe2, 0xb7, 0xec, 0xec, 0x99, 0x1d, 0x96, 0x05, 0x28, 0xc4, 0x59, 0xe7, 0xd4, 0xc4, + 0xb8, 0x14, 0x34, 0x61, 0x6a, 0x9b, 0x37, 0x61, 0x0c, 0x4b, 0x37, 0x63, 0x04, 0x05, 0x39, 0xe6, + 0xeb, 0xfa, 0xb3, 0xd1, 0xf7, 0xce, 0x1e, 0x36, 0xc3, 0x0c, 0x97, 0x5b, 0x8f, 0xfe, 0x52, 0x52, + 0x83, 0x27, 0x1a, 0x6c, 0xf1, 0xbb, 0x1b, 0xe0, 0xc2, 0x5e, 0x39, 0xfe, 0xf3, 0xea, 0xb6, 0x0b, + 0x87, 0xb1, 0xe3, 0xed, 0xc6, 0xa6, 0x77, 0xad, 0xc9, 0x9f, 0xf2, 0x35, 0xf5, 0x48, 0x53, 0x0f, + 0x39, 0x33, 0xa9, 0x81, 0x14, 0x94, 0xc9, 0xb3, 0xce, 0xe9, 0xc7, 0x5d, 0xfd, 0x27, 0x7c, 0xfa, + 0x3b, 0x00, 0x00, 0xff, 0xff, 0x8b, 0xfa, 0x2d, 0xf0, 0x43, 0x05, 0x00, 0x00, +} diff --git a/tools/admincliserver/adminapi/adminapi.pb.gw.go b/tools/admincliserver/adminapi/adminapi.pb.gw.go new file mode 100644 index 0000000..853d551 --- /dev/null +++ b/tools/admincliserver/adminapi/adminapi.pb.gw.go @@ -0,0 +1,257 @@ +// Code generated by protoc-gen-grpc-gateway. DO NOT EDIT. +// source: adminapi.proto + +/* +Package adminapi is a reverse proxy. + +It translates gRPC into RESTful JSON APIs. +*/ +package adminapi + +import ( + "io" + "net/http" + + "github.com/golang/protobuf/proto" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/grpc-ecosystem/grpc-gateway/utilities" + "golang.org/x/net/context" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/status" +) + +var _ codes.Code +var _ io.Reader +var _ status.Status +var _ = runtime.String +var _ = utilities.NewDoubleArray + +func request_BTrDBAdmin_ManifestAdd_0(ctx context.Context, marshaler runtime.Marshaler, client BTrDBAdminClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ManifestAddParams + var metadata runtime.ServerMetadata + + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ManifestAdd(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func request_BTrDBAdmin_ManifestDel_0(ctx context.Context, marshaler runtime.Marshaler, client BTrDBAdminClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ManifestDelParams + var metadata runtime.ServerMetadata + + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ManifestDel(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func request_BTrDBAdmin_ManifestDelPrefix_0(ctx context.Context, marshaler runtime.Marshaler, client BTrDBAdminClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ManifestDelPrefixParams + var metadata runtime.ServerMetadata + + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ManifestDelPrefix(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func request_BTrDBAdmin_ManifestLsDevs_0(ctx context.Context, marshaler runtime.Marshaler, client BTrDBAdminClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ManifestLsDevsParams + var metadata runtime.ServerMetadata + + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ManifestLsDevs(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +// RegisterBTrDBAdminHandlerFromEndpoint is same as RegisterBTrDBAdminHandler but +// automatically dials to "endpoint" and closes the connection when "ctx" gets done. +func RegisterBTrDBAdminHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) { + conn, err := grpc.Dial(endpoint, opts...) + if err != nil { + return err + } + defer func() { + if err != nil { + if cerr := conn.Close(); cerr != nil { + grpclog.Printf("Failed to close conn to %s: %v", endpoint, cerr) + } + return + } + go func() { + <-ctx.Done() + if cerr := conn.Close(); cerr != nil { + grpclog.Printf("Failed to close conn to %s: %v", endpoint, cerr) + } + }() + }() + return RegisterBTrDBAdminHandler(ctx, mux, conn) +} + +// RegisterBTrDBAdminHandler registers the http handlers for service BTrDBAdmin to "mux". +// The handlers forward requests to the grpc endpoint over "conn". +func RegisterBTrDBAdminHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error { + return RegisterBTrDBAdminHandlerClient(ctx, mux, NewBTrDBAdminClient(conn)) +} + +// RegisterBTrDBAdminHandler registers the http handlers for service BTrDBAdmin to "mux". +// The handlers forward requests to the grpc endpoint over the given implementation of "BTrDBAdminClient". +// Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "BTrDBAdminClient" +// doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in +// "BTrDBAdminClient" to call the correct interceptors. +func RegisterBTrDBAdminHandlerClient(ctx context.Context, mux *runtime.ServeMux, client BTrDBAdminClient) error { + + mux.Handle("POST", pattern_BTrDBAdmin_ManifestAdd_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + if cn, ok := w.(http.CloseNotifier); ok { + go func(done <-chan struct{}, closed <-chan bool) { + select { + case <-done: + case <-closed: + cancel() + } + }(ctx.Done(), cn.CloseNotify()) + } + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_BTrDBAdmin_ManifestAdd_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_BTrDBAdmin_ManifestAdd_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("POST", pattern_BTrDBAdmin_ManifestDel_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + if cn, ok := w.(http.CloseNotifier); ok { + go func(done <-chan struct{}, closed <-chan bool) { + select { + case <-done: + case <-closed: + cancel() + } + }(ctx.Done(), cn.CloseNotify()) + } + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_BTrDBAdmin_ManifestDel_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_BTrDBAdmin_ManifestDel_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("POST", pattern_BTrDBAdmin_ManifestDelPrefix_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + if cn, ok := w.(http.CloseNotifier); ok { + go func(done <-chan struct{}, closed <-chan bool) { + select { + case <-done: + case <-closed: + cancel() + } + }(ctx.Done(), cn.CloseNotify()) + } + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_BTrDBAdmin_ManifestDelPrefix_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_BTrDBAdmin_ManifestDelPrefix_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("POST", pattern_BTrDBAdmin_ManifestLsDevs_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + if cn, ok := w.(http.CloseNotifier); ok { + go func(done <-chan struct{}, closed <-chan bool) { + select { + case <-done: + case <-closed: + cancel() + } + }(ctx.Done(), cn.CloseNotify()) + } + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_BTrDBAdmin_ManifestLsDevs_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_BTrDBAdmin_ManifestLsDevs_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + return nil +} + +var ( + pattern_BTrDBAdmin_ManifestAdd_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v4", "manifestadd"}, "")) + + pattern_BTrDBAdmin_ManifestDel_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v4", "manifestdel"}, "")) + + pattern_BTrDBAdmin_ManifestDelPrefix_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v4", "manifestdelprefix"}, "")) + + pattern_BTrDBAdmin_ManifestLsDevs_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v4", "manifestlsdevs"}, "")) +) + +var ( + forward_BTrDBAdmin_ManifestAdd_0 = runtime.ForwardResponseMessage + + forward_BTrDBAdmin_ManifestDel_0 = runtime.ForwardResponseMessage + + forward_BTrDBAdmin_ManifestDelPrefix_0 = runtime.ForwardResponseMessage + + forward_BTrDBAdmin_ManifestLsDevs_0 = runtime.ForwardResponseMessage +) diff --git a/tools/admincliserver/adminapi/adminapi.proto b/tools/admincliserver/adminapi/adminapi.proto new file mode 100644 index 0000000..d12eca3 --- /dev/null +++ b/tools/admincliserver/adminapi/adminapi.proto @@ -0,0 +1,76 @@ +syntax = "proto3"; +package adminapi; + +import "google/api/annotations.proto"; + +service BTrDBAdmin { + //Requires Manifest capability + rpc ManifestAdd(ManifestAddParams) returns (ManifestAddResponse) { + option (google.api.http) = { + post: "/v4/manifestadd" + body: "*" + }; + } + rpc ManifestDel(ManifestDelParams) returns (ManifestDelResponse) { + option (google.api.http) = { + post: "/v4/manifestdel" + body: "*" + }; + } + rpc ManifestDelPrefix(ManifestDelPrefixParams) returns (ManifestDelPrefixResponse) { + option (google.api.http) = { + post: "/v4/manifestdelprefix" + body: "*" + }; + } + rpc ManifestLsDevs(ManifestLsDevsParams) returns (ManifestLsDevsResponse) { + option (google.api.http) = { + post: "/v4/manifestlsdevs" + body: "*" + }; + } +} + +message ManifestAddParams { + string deviceid = 1; + repeated MetaKeyValue metadata = 2; +} +message ManifestAddResponse { + Status stat = 1; +} +message MetaKeyValue { + string key = 1; + string value = 2; +} + +message ManifestDelParams { + string deviceid = 1; +} +message ManifestDelResponse { + Status stat = 1; +} + +message ManifestDelPrefixParams { + string deviceidprefix = 1; +} +message ManifestDelPrefixResponse { + Status stat = 1; + uint32 numdeleted = 2; +} + +message ManifestLsDevsParams { + string deviceidprefix = 1; +} +message ManifestLsDevsResponse { + Status stat = 1; + repeated ManifestDevice devices = 2; +} +message ManifestDevice { + string deviceid = 1; + repeated MetaKeyValue metadata = 2; +} + +message Status { + uint32 code = 1; + string msg = 2; +} diff --git a/tools/admincliserver/adminapi/adminapi.swagger.json b/tools/admincliserver/adminapi/adminapi.swagger.json new file mode 100644 index 0000000..084207c --- /dev/null +++ b/tools/admincliserver/adminapi/adminapi.swagger.json @@ -0,0 +1,243 @@ +{ + "swagger": "2.0", + "info": { + "title": "adminapi.proto", + "version": "version not set" + }, + "schemes": [ + "http", + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/v4/manifestadd": { + "post": { + "summary": "Requires Manifest capability", + "operationId": "ManifestAdd", + "responses": { + "200": { + "description": "", + "schema": { + "$ref": "#/definitions/adminapiManifestAddResponse" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/adminapiManifestAddParams" + } + } + ], + "tags": [ + "BTrDBAdmin" + ] + } + }, + "/v4/manifestdel": { + "post": { + "operationId": "ManifestDel", + "responses": { + "200": { + "description": "", + "schema": { + "$ref": "#/definitions/adminapiManifestDelResponse" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/adminapiManifestDelParams" + } + } + ], + "tags": [ + "BTrDBAdmin" + ] + } + }, + "/v4/manifestdelprefix": { + "post": { + "operationId": "ManifestDelPrefix", + "responses": { + "200": { + "description": "", + "schema": { + "$ref": "#/definitions/adminapiManifestDelPrefixResponse" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/adminapiManifestDelPrefixParams" + } + } + ], + "tags": [ + "BTrDBAdmin" + ] + } + }, + "/v4/manifestlsdevs": { + "post": { + "operationId": "ManifestLsDevs", + "responses": { + "200": { + "description": "", + "schema": { + "$ref": "#/definitions/adminapiManifestLsDevsResponse" + } + } + }, + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/adminapiManifestLsDevsParams" + } + } + ], + "tags": [ + "BTrDBAdmin" + ] + } + } + }, + "definitions": { + "adminapiManifestAddParams": { + "type": "object", + "properties": { + "deviceid": { + "type": "string" + }, + "metadata": { + "type": "array", + "items": { + "$ref": "#/definitions/adminapiMetaKeyValue" + } + } + } + }, + "adminapiManifestAddResponse": { + "type": "object", + "properties": { + "stat": { + "$ref": "#/definitions/adminapiStatus" + } + } + }, + "adminapiManifestDelParams": { + "type": "object", + "properties": { + "deviceid": { + "type": "string" + } + } + }, + "adminapiManifestDelPrefixParams": { + "type": "object", + "properties": { + "deviceidprefix": { + "type": "string" + } + } + }, + "adminapiManifestDelPrefixResponse": { + "type": "object", + "properties": { + "stat": { + "$ref": "#/definitions/adminapiStatus" + }, + "numdeleted": { + "type": "integer", + "format": "int64" + } + } + }, + "adminapiManifestDelResponse": { + "type": "object", + "properties": { + "stat": { + "$ref": "#/definitions/adminapiStatus" + } + } + }, + "adminapiManifestDevice": { + "type": "object", + "properties": { + "deviceid": { + "type": "string" + }, + "metadata": { + "type": "array", + "items": { + "$ref": "#/definitions/adminapiMetaKeyValue" + } + } + } + }, + "adminapiManifestLsDevsParams": { + "type": "object", + "properties": { + "deviceidprefix": { + "type": "string" + } + } + }, + "adminapiManifestLsDevsResponse": { + "type": "object", + "properties": { + "stat": { + "$ref": "#/definitions/adminapiStatus" + }, + "devices": { + "type": "array", + "items": { + "$ref": "#/definitions/adminapiManifestDevice" + } + } + } + }, + "adminapiMetaKeyValue": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "adminapiStatus": { + "type": "object", + "properties": { + "code": { + "type": "integer", + "format": "int64" + }, + "msg": { + "type": "string" + } + } + } + } +} diff --git a/tools/admincliserver/main.go b/tools/admincliserver/main.go index 5e8daf4..167169a 100644 --- a/tools/admincliserver/main.go +++ b/tools/admincliserver/main.go @@ -12,6 +12,7 @@ import ( "github.com/BTrDB/smartgridstore/acl" "github.com/BTrDB/smartgridstore/tools" + "github.com/BTrDB/smartgridstore/tools/admincliserver/adminapi" etcd "github.com/coreos/etcd/clientv3" "golang.org/x/crypto/bcrypt" "golang.org/x/crypto/ssh" @@ -106,6 +107,8 @@ func main() { } config.AddHostKey(private) + adminapi.ServeGRPC(etcdClient, "0.0.0.0:2223") + adminapi.ServeHTTP(etcdClient, "0.0.0.0:2224", "cm7.cal-sdb.org:2223") listener, err := net.Listen("tcp", "0.0.0.0:2222") if err != nil { diff --git a/tools/apifrontend/main.go b/tools/apifrontend/main.go index ac257ec..af9915b 100644 --- a/tools/apifrontend/main.go +++ b/tools/apifrontend/main.go @@ -19,7 +19,7 @@ import ( btrdb "gopkg.in/BTrDB/btrdb.v4" "github.com/BTrDB/smartgridstore/tools" - "github.com/BTrDB/smartgridstore/tools/apifrontend/cli" + "github.com/BTrDB/smartgridstore/tools/certutils" assetfs "github.com/elazarl/go-bindata-assetfs" "github.com/grpc-ecosystem/grpc-gateway/runtime" logging "github.com/op/go-logging" @@ -114,45 +114,13 @@ func ProxyGRPCSecure(laddr string) *tls.Config { os.Exit(1) } - var cfg *tls.Config - - mode, err := cli.GetAPIFrontendCertSrc(etcdClient) - + cfg, err := certutils.GetAPIConfig(etcdClient) if err != nil { - fmt.Printf("could not get certificate config: %v\n", err) + fmt.Printf("Could not initialize TLS: %v\n", err) os.Exit(1) } - switch mode { - case "autocert": - cfg, err = MRPlottersAutocertTLSConfig(etcdClient) - if err != nil { - fmt.Printf("could not set up autocert: %v\n", err) - os.Exit(1) - } - if cfg == nil { - fmt.Printf("mrplotter autocert not set up fully\n") - os.Exit(1) - } - fmt.Printf("successfully loaded mrplotter's cert\n") - case "hardcoded": - cert, key, err := cli.GetAPIFrontendHardcoded(etcdClient) - if err != nil { - fmt.Printf("could not load hardcoded certificate: %v\n", err) - os.Exit(1) - } - if len(cert) == 0 || len(key) == 0 { - fmt.Printf("CRITICAL: certsrc set to hardcoded but no certificate set\n") - os.Exit(1) - } - var tlsCertificate tls.Certificate - tlsCertificate, err = tls.X509KeyPair(cert, key) - cfg = &tls.Config{ - GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { - return &tlsCertificate, nil - }, - } - default: - fmt.Printf("WARNING! secure API disabled in api frontend\n") + if cfg == nil { + fmt.Printf("TLS config is incomplete, disabling secure endpoints\n") return nil } diff --git a/tools/apifrontend/tls.go b/tools/certutils/cert.go similarity index 87% rename from tools/apifrontend/tls.go rename to tools/certutils/cert.go index a2d66b7..71359ce 100644 --- a/tools/apifrontend/tls.go +++ b/tools/certutils/cert.go @@ -1,4 +1,6 @@ -package main +//This package allows tools to use the external TLS certificate + +package certutils import ( "context" @@ -16,9 +18,48 @@ import ( "strings" "time" + acli "github.com/BTrDB/smartgridstore/tools/apifrontend/cli" + etcd "github.com/coreos/etcd/clientv3" ) +func GetAPIConfig(ec *etcd.Client) (*tls.Config, error) { + src, err := acli.GetAPIFrontendCertSrc(ec) + if err != nil { + return nil, err + } + switch src { + case "hardcoded": + cert, key, err := acli.GetAPIFrontendHardcoded(ec) + if err != nil { + return nil, fmt.Errorf("could not load hardcoded certificate: %v\n", err) + } + if len(cert) == 0 || len(key) == 0 { + return nil, fmt.Errorf("CRITICAL: certsrc set to hardcoded but no certificate set\n") + } + var tlsCertificate tls.Certificate + tlsCertificate, err = tls.X509KeyPair(cert, key) + cfg := &tls.Config{ + GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { + return &tlsCertificate, nil + }, + } + return cfg, nil + case "autocert": + cfg, err := MRPlottersAutocertTLSConfig(ec) + if err != nil { + return nil, err + } + if cfg == nil { + return nil, nil + } + return cfg, nil + case "disabled": + return nil, nil + } + return nil, nil +} + // This was taken from https://golang.org/src/crypto/tls/generate_cert.go. // All credit to the Go Authors. func pemBlockForKey(priv interface{}) (*pem.Block, error) { From 5a9a411d80d1b1d442e25569952222dde29219a3 Mon Sep 17 00:00:00 2001 From: Michael Andersen Date: Mon, 4 Jun 2018 14:24:57 -0700 Subject: [PATCH 2/5] Bump version and deps --- Gopkg.lock | 4 ++-- tools/version.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 864a9b9..d2a7473 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -20,7 +20,7 @@ "internal/mprovider", "internal/rez" ] - revision = "72fa28d9df15f16c8e359d49bda5042c2d22f758" + revision = "b056a821443483bcb7c2b3d31ff505ff8a24fc37" [[projects]] branch = "master" @@ -29,7 +29,7 @@ "accounts", "keys" ] - revision = "a41d149e3eba7f73247cb535789087cc2b17d189" + revision = "aaa430d6465e35c9e9b26cd0da998be05b7f0bbc" [[projects]] branch = "master" diff --git a/tools/version.go b/tools/version.go index a4b3bba..cf7162e 100644 --- a/tools/version.go +++ b/tools/version.go @@ -1,5 +1,5 @@ package tools const VersionMajor = 4 -const VersionMinor = 10 -const VersionPatch = 2 +const VersionMinor = 11 +const VersionPatch = 0 From a4e9bb2e31e290c31bcaabd84463fab821bb98c4 Mon Sep 17 00:00:00 2001 From: Michael Andersen Date: Mon, 4 Jun 2018 16:31:16 -0700 Subject: [PATCH 3/5] Bump version --- mfgen/main.go | 2 +- tools/certutils/setcert/hardcodecert.go | 67 +++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 tools/certutils/setcert/hardcodecert.go diff --git a/mfgen/main.go b/mfgen/main.go index 389897b..0875ca9 100644 --- a/mfgen/main.go +++ b/mfgen/main.go @@ -10,7 +10,7 @@ import ( //go:generate go-bindata -o templates.go -prefix ../manifest_templates ../manifest_templates/ -const PackageVersion = "4.10.2" +const PackageVersion = "4.11.0" func main() { app := cli.NewApp() diff --git a/tools/certutils/setcert/hardcodecert.go b/tools/certutils/setcert/hardcodecert.go new file mode 100644 index 0000000..997ef82 --- /dev/null +++ b/tools/certutils/setcert/hardcodecert.go @@ -0,0 +1,67 @@ +package main + +import ( + "context" + "fmt" + "io/ioutil" + "log" + "os" + + "github.com/BTrDB/mr-plotter/keys" + etcd "github.com/coreos/etcd/clientv3" +) + +func main() { + if len(os.Args) != 4 { + fmt.Printf("Usage: %s plotter/api cert.pem key.pem\n", os.Args[0]) + return + } + + httpscert, err := ioutil.ReadFile(os.Args[2]) + if err != nil { + log.Fatalf("Could not read HTTPS certificate file: %v", err) + } + httpskey, err := ioutil.ReadFile(os.Args[3]) + if err != nil { + log.Fatalf("Could not read HTTPS certificate file: %v", err) + } + + hardcoded := &keys.HardcodedTLSCertificate{ + Cert: httpscert, + Key: httpskey, + } + + var etcdEndpoint = os.Getenv("ETCD_ENDPOINT") + if len(etcdEndpoint) == 0 { + etcdEndpoint = "localhost:2379" + log.Printf("ETCD_ENDPOINT is not set; using %s", etcdEndpoint) + } + var etcdConfig = etcd.Config{Endpoints: []string{etcdEndpoint}} + log.Println("Connecting to etcd...") + etcdConn, err := etcd.New(etcdConfig) + if err != nil { + log.Fatalf("Error: %v", err) + } + defer etcdConn.Close() + + switch os.Args[1] { + case "plotter": + err := keys.UpsertHardcodedTLSCertificate(context.Background(), etcdConn, hardcoded) + if err != nil { + log.Fatalf("Could not update hardcoded TLS certificate: %v", err) + } + case "api": + _, err = etcdConn.Put(context.Background(), "api/hardcoded_priv", string(httpskey)) + if err != nil { + log.Fatalf("could not set API private key: %v", err) + } + _, err = etcdConn.Put(context.Background(), "api/hardcoded_pub", string(httpscert)) + if err != nil { + log.Fatalf("could not set API public key: %v", err) + } + default: + fmt.Printf("second argument must be 'plotter' or 'api'\n") + os.Exit(1) + } + log.Println("DONE") +} From c877ef487945ac588a18a664f753306d885882d1 Mon Sep 17 00:00:00 2001 From: Michael Andersen Date: Mon, 4 Jun 2018 16:38:48 -0700 Subject: [PATCH 4/5] Use the latest release in devmachine --- devmachine/environment.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devmachine/environment.sh b/devmachine/environment.sh index bf70646..78fd5b3 100644 --- a/devmachine/environment.sh +++ b/devmachine/environment.sh @@ -10,7 +10,7 @@ export OSDBASE=$DEVMACHINE_BASE/ceph export ETCDBASE=$DEVMACHINE_BASE/etcd # which version of BTrDB and tools to install -export VERSION=4.10.1 +export VERSION=4.11.0 # pick which branch to use export PREFIX="" From 7b34439ab61d1577abbcee8fad42040bfb9c0c30 Mon Sep 17 00:00:00 2001 From: Michael Andersen Date: Mon, 4 Jun 2018 17:35:52 -0700 Subject: [PATCH 5/5] Add script to make TLS easier --- devmachine/just_make_tls_work.sh | 93 ++++++++++++++++++++++++++++++++ devmachine/start_devmachine.sh | 2 + 2 files changed, 95 insertions(+) create mode 100755 devmachine/just_make_tls_work.sh diff --git a/devmachine/just_make_tls_work.sh b/devmachine/just_make_tls_work.sh new file mode 100755 index 0000000..2727050 --- /dev/null +++ b/devmachine/just_make_tls_work.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +cat >devmachine-localhost.ca.pem << EOF +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIJAPRK/R59kVNbMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhEZXZUb3BpYTEXMBUGA1UEBwwOTXlMb2NhbE1hY2hp +bmUxGTAXBgNVBAoMEEJUckRCIERldk1hY2hpbmUxEDAOBgNVBAMMB1JPT1QgQ0Ew +HhcNMTgwNjA0MjM1NjI3WhcNMjgwNjAxMjM1NjI3WjBmMQswCQYDVQQGEwJVUzER +MA8GA1UECAwIRGV2VG9waWExFzAVBgNVBAcMDk15TG9jYWxNYWNoaW5lMRkwFwYD +VQQKDBBCVHJEQiBEZXZNYWNoaW5lMRAwDgYDVQQDDAdST09UIENBMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwC/3taEZyDyatrH6ESGqVU4Kb4TAjWdZ +0b0EscohLhTsAxUPufUYKsuH6AroUqlidYFnLsiHW2AqIyQhX3agYKB9wCcfm3Qb +D6n/Z8zUULJ/YFpTTaUPY9ex9EvnlINc+sXwyOEojsL+Yq20Vz4NvjqR7GtE1GEr +fv36Y+hd2nanU2dlVcsv1dO7zKw+ttPRi6qTYXQ4WT+nz2Mk1xWhK8NqqPsQWL3X +p0lMaJXFzsQpr84ZbkfRjczLlO2gft4b96iBbC6lseuhWniE69Z48ZtZQR73vDCH +ZCvscG7ZuXcaW0r4nLsNaVS1WjuC3baD6SWKFiQvVNt49NXf4CxG1QIDAQABo1Aw +TjAdBgNVHQ4EFgQUaXMsIjbpaboHIT41m01rJyDA+r8wHwYDVR0jBBgwFoAUaXMs +IjbpaboHIT41m01rJyDA+r8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAiyOdswyRDCmVlOICOjQGHNLDEOI4gbs6tN8KvfpJ5uZp7xorNKkV3peaTVpW +az97mrKRUdAZYEDoBY9oAvxX7enYheszG3vfgc1BXf+i3YdNKCUexhBZtetvkBFa +rg6Wi0nambU3tuZSmuUUCfskQVDSCRgnTsyMPYHfF7lOa8qJaqSpFYmhQAgdPMpe +piFhLHrAxqzMZXCfRSMP3Ji3lnjnXo2NwKu/GqIEXAIHxYZh7QnTA022Ws1FB0E4 +alL9IOoTaR7TQRYf4TOATCw1m4nYe61pfXB1J/CQ0cLVPS5qnbs9m8heynn7066q +HRNq0S1ryc6KVDR6FaxnN2bcuQ== +-----END CERTIFICATE----- +EOF + +docker exec -i devmachine-etcd /bin/bash << EOSCRIPT + +export ETCDCTL_API=3 + +etcdctl --endpoints 172.29.0.20:2379 put api/hardcoded_pub << EOF +-----BEGIN CERTIFICATE----- +MIIDqzCCApOgAwIBAgIJAI2ZCK3cIv9tMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhEZXZUb3BpYTEXMBUGA1UEBwwOTXlMb2NhbE1hY2hp +bmUxGTAXBgNVBAoMEEJUckRCIERldk1hY2hpbmUxEDAOBgNVBAMMB1JPT1QgQ0Ew +HhcNMTgwNjA1MDAwMTA1WhcNMjgwNjAyMDAwMTA1WjB9MQswCQYDVQQGEwJVUzER +MA8GA1UECAwIRGV2VG9waWExFzAVBgNVBAcMDk15TG9jYWxNYWNoaW5lMRkwFwYD +VQQKDBBCVHJEQiBEZXZNYWNoaW5lMRMwEQYDVQQLDApEZXZNYWNoaW5lMRIwEAYD +VQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy +/w3AztG1VRYnGxYowEOHhlyC0Z5eu5avFozftsKv16hB9WkrkQyyicbv5+bSfeiJ +0EIEDXk7MMkuqhtkk3SOqgusLQUK05SCVKjtoBlagujds1W/X1E6kezjjSmOtnuc ++7uxo3VG4UNxphjKpXNCegWa0gw3A3QaF0ZCub7XdAPSbpwNaGB9TyB7HEP1GctB +0rqVnP7dG46bMSEfBs3UUHsUBEfv4akpf5i8Rk+igW2BUxHtbeQ+sLGvzpzAdLJF +kGceOuIUDkt4ZBCTv7mhx4u+W+A9eXEvGBEglDKPI//+gsdpU279QWwVSjhcxySW +iz61k43ao27CO/A0w0JbAgMBAAGjRTBDMAsGA1UdDwQEAwIEMDATBgNVHSUEDDAK +BggrBgEFBQcDATAfBgNVHREEGDAWgglsb2NhbGhvc3SCCTEyNy4wLjAuMTANBgkq +hkiG9w0BAQsFAAOCAQEAU40YmF7QcW8Z4UG9JRRHmMz1u4k8Vwb9pbsAeK1Yb6NO +PCtvv0s3jF5ZEDdGMVwmOvD4VloSrs4TPtA4GE49KDhHJ7eFNZSeCA3bin52vxhH +bSyqOnaMcDNqAY/nPwh262TCuCIWNG7MOXTWDYW+dXZ0uIqacrdx+xXBh5X3wFNA +HrRCbMsy4aWGvwN18uHcMPDC3gclk5RB+MbvmzIEyer1po5Ekiu4V1CHLGbVXdOE +o6Kir1OpmqtrxjhgtvwT4kC5TycE0FOAsh/v69dEIXT84pH7zvEYMBRNlmDbuz1u +oHuLW0nt3rUNKzpHIOYd8xJXhvI5N3ChfAh4MuBSKA== +-----END CERTIFICATE----- +EOF + +etcdctl --endpoints 172.29.0.20:2379 put api/hardcoded_priv << EOF +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsv8NwM7RtVUWJxsWKMBDh4ZcgtGeXruWrxaM37bCr9eoQfVp +K5EMsonG7+fm0n3oidBCBA15OzDJLqobZJN0jqoLrC0FCtOUglSo7aAZWoLo3bNV +v19ROpHs440pjrZ7nPu7saN1RuFDcaYYyqVzQnoFmtIMNwN0GhdGQrm+13QD0m6c +DWhgfU8gexxD9RnLQdK6lZz+3RuOmzEhHwbN1FB7FARH7+GpKX+YvEZPooFtgVMR +7W3kPrCxr86cwHSyRZBnHjriFA5LeGQQk7+5oceLvlvgPXlxLxgRIJQyjyP//oLH +aVNu/UFsFUo4XMcklos+tZON2qNuwjvwNMNCWwIDAQABAoIBAQCFrVVoGQ0kj1br +/Z6e8Hd+TynnyQStWws912l96c+b40MVf2H712fULnET2ezYZo+z3IRw4l8XhWe6 +IfAzPKxfnz74ZubNHxZZ/z/ptxc4MWwXpkbzlQvk4fY4OsQ+gKnwo0+Zaqm7NaBY +z+LT9JwPmXF2HkhhDYM3uQoP6whLfmiijZxTmigM/HQySiDYfXrCfcoh80xZZ9nh +tdOYpsww9/PQ1XwuFvW+spX2FxTyriRrv3XCpDuJBZ4gzsppS7Hn2biiNEl0utj7 +FMyxvXVoRGPGjCPKLZqOPAdffD6grnC8QR2OS7y+veNNmlthFsy3oUw0A8Dhry/Q +gE4/GdUBAoGBAOUgePAMR5lYIQ1rU+0zJywSEgABtHX+XIkIv87TJYZh0GGnhvDI +9FUfCTvIQznoZeC59yL0/fxFWKGb4y15tOG5a9/a4NCP76Qlc77EybRFvF7kFNOr +R6EOVNEcCWk3WtcF+ec/kgcXJ+ZiZDlH2YMf2kd/FOcWQXPdTmryVaJzAoGBAMf9 +acCVzokt3CNjJOF/bMneB3Zfs2bpBIyCiyc0j324Rimc+s238OgjW48JXimtXvcC +luzeBfejTqcEM9lu+JRw95XuAbeWrQSawRRDkXmSTjrFcJZ0em3RJDbrVVHv3HwE +PcG0Nax3vnWnh3ddTnf2fhBKlHffqhxe8YtJwB55AoGAJRAIoAPMfSCFUC9hRwg0 +OOu/X6Lm9wMrIrt4k1MSSdd+pp07ta074J0BmFr/jNlryVsrf8sTXoA1IwcdS1jZ +in281lwIa5Qs1md8fopEelWhb9QDDm4xSvsPezfGye87UXbVArQEwgLb4GdgAOf/ +Zjd7zn7e+bZe5ggRTDlg4sMCgYBQ77sLyNUEaX3tCGPVqvdBH01P191IKcfAgdiF +Ll1gGOK0Vqad+PJTUHPuiHEGVvbW6sJf7F7n4LylFStStPl/QdTBZchmH2G4OlUn +uUy3scFdQaiWC1+87+ZDH6yw82z8985yhVcvjGqVPQ6y/R0TqbtNJpG9jdRPlREW +OOu6qQKBgHfVG3gtHt1nLPgjErQGy2PeMrDZn9Ac5bOuXZ5WlR5G7lLzcK4Ew7rR +SjMiAAkzJMUfacx7USkOfONx6VT1ZfQeUbqW3v7ZqA9C6vt+oCl8ji60HBEZ6Bx6 +llPVnHF+J/lkQsB8FCCKd8tOBZuHE0uuwlmstgg4/Ce5DFqte3uo +-----END RSA PRIVATE KEY----- +EOF + +etcdctl --endpoints 172.29.0.20:2379 put api/certsrc hardcoded +EOSCRIPT + +set -x +docker restart devmachine-console +set +x +echo "We have created a 'devmachine-localhost.ca.pem' file. Add this to your browser's Certificate Authorities and everything will just work" diff --git a/devmachine/start_devmachine.sh b/devmachine/start_devmachine.sh index 9f6de9e..72428c4 100755 --- a/devmachine/start_devmachine.sh +++ b/devmachine/start_devmachine.sh @@ -245,6 +245,8 @@ OPUT=$(docker run -d \ --name ${CONTAINER_PREFIX}console \ --net ${DOCKERNET} \ -p ${CONSOLE_PORT}:2222 \ + -p 2223:2223 \ + -p 2224:2224 \ --ip ${SUB24}.26 \ --restart always \ -v ${OSDBASE}/etc/ceph:/etc/ceph \