Merge pull request #35 from openinfradev/support_tls

feature. support tls
openinfradev · Mar 22, 2022 · 82e7ad5 · 82e7ad5
2 parents 86f3790 + f130b0f
commit 82e7ad5
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 104 deletions.
diff --git a/cmd/server/handlers.go b/cmd/server/handlers.go
@@ -10,56 +10,16 @@ import (
 	"strings"
 
 	"github.com/google/uuid"
-	"github.com/openinfradev/tks-common/pkg/argowf"
-	"github.com/openinfradev/tks-common/pkg/grpc_client"
 	"github.com/openinfradev/tks-common/pkg/log"
 	pb "github.com/openinfradev/tks-proto/tks_pb"
 )
 
 var (
-	argowfClient      argowf.Client
-	contractClient    pb.ContractServiceClient
-	cspInfoClient     pb.CspInfoServiceClient
-	clusterInfoClient pb.ClusterInfoServiceClient
-	appInfoClient     pb.AppInfoServiceClient
-
 	filePathAzRegion  = "./az-per-region.txt"
 )
 
 const MAX_SIZE_PER_AZ = 99
 
-// 각 client lifecycle은 서버 종료시까지므로 close는 하지 않는다.
-func InitHandlers(contractAddress string, contractPort int, infoAddress string, infoPort int, argoAddress string, argoPort int) {
-	var err error
-
-	argowfClient, err = argowf.New(argoAddress, argoPort)
-	if err != nil {
-		log.Fatal("failed to create argowf client : ", err)
-	}
-
-	_, contractClient, err = grpc_client.CreateContractClient(contractAddress, contractPort, "tks-cluster-lcm")
-	if err != nil {
-		log.Fatal("failed to create contract client : ", err)
-	}
-
-	_, cspInfoClient, err = grpc_client.CreateCspInfoClient(infoAddress, infoPort, "tks-cluster-lcm")
-	if err != nil {
-		log.Fatal("failed to create cspinfo client : ", err)
-	}
-
-	_, clusterInfoClient, err = grpc_client.CreateClusterInfoClient(infoAddress, infoPort, "tks-cluster-lcm")
-	if err != nil {
-		log.Fatal("failed to create cluster client : ", err)
-	}
-
-	_, appInfoClient, err = grpc_client.CreateAppInfoClient(infoAddress, infoPort, "tks-cluster-lcm")
-	if err != nil {
-		log.Fatal("failed to create appinfo client : ", err)
-	}
-
-	log.Info("All clients created successfully")
-}
-
 func validateCreateClusterRequest(in *pb.CreateClusterRequest) (err error) {
 	if _, err := uuid.Parse(in.GetContractId()); err != nil {
 		return fmt.Errorf("invalid contract ID %s", in.GetContractId())
@@ -312,14 +272,14 @@ func (s *server) CreateCluster(ctx context.Context, in *pb.CreateClusterRequest)
 	// create usercluster
 	nameSpace := "argo"
 	workflow := "create-tks-usercluster"
-	manifestRepoUrl := "https://github.com/" + gitAccount + "/" + clusterId + "-manifests"
+	manifestRepoUrl := "https://github.com/" + githubAccount + "/" + clusterId + "-manifests"
 
 	parameters := []string{
 		"contract_id=" + in.GetContractId(),
 		"cluster_id=" + clusterId,
 		"site_name=" + clusterId,
 		"template_name=template-std",
-		"git_account=" + gitAccount,
+		"git_account=" + githubAccount,
 		"manifest_repo_url=" + manifestRepoUrl,
 		"revision=" + revision,
 	}
@@ -490,8 +450,8 @@ func (s *server) InstallAppGroups(ctx context.Context, in *pb.InstallAppGroupsRe
 
 		// Call argo workflow template
 		workflowTemplate := ""
-		siteRepoUrl := "https://" + gitToken + "@github.com/" + gitAccount + "/" + clusterId
-		manifestRepoUrl := "https://github.com/" + gitAccount + "/" + clusterId + "-manifests"
+		siteRepoUrl := "https://" + githubToken + "@github.com/" + githubAccount + "/" + clusterId
+		manifestRepoUrl := "https://github.com/" + githubAccount + "/" + clusterId + "-manifests"
 		parameters := []string{
 			"site_name=" + clusterId,
 			"cluster_id=" + clusterId,
@@ -590,7 +550,7 @@ func (s *server) UninstallAppGroups(ctx context.Context, in *pb.UninstallAppGrou
 			continue
 		}
 
-		siteRepoUrl := "https://" + gitToken + "@github.com/" + gitAccount + "/" + clusterId
+		siteRepoUrl := "https://" + githubToken + "@github.com/" + githubAccount + "/" + clusterId
 		parameters := []string{
 			"app_group=" + appGroupName,
 			"site_repo_url=" + siteRepoUrl,

diff --git a/cmd/server/main.go b/cmd/server/main.go
@@ -2,77 +2,116 @@ package main
 
 import (
 	"flag"
-	"net"
 	"os"
-	"strconv"
 
+	"github.com/openinfradev/tks-common/pkg/argowf"
+	"github.com/openinfradev/tks-common/pkg/grpc_client"
+	"github.com/openinfradev/tks-common/pkg/grpc_server"
 	"github.com/openinfradev/tks-common/pkg/log"
 	pb "github.com/openinfradev/tks-proto/tks_pb"
-	"google.golang.org/grpc"
+)
+
+type server struct {
+	pb.UnimplementedClusterLcmServiceServer
+}
+
+var (
+	argowfClient      argowf.Client
+	contractClient    pb.ContractServiceClient
+	cspInfoClient     pb.CspInfoServiceClient
+	clusterInfoClient pb.ClusterInfoServiceClient
+	appInfoClient     pb.AppInfoServiceClient
 )
 
 var (
-	port            int
+	port              int
+	tlsEnabled        bool
+	tlsClientCertPath string
+	tlsCertPath       string
+	tlsKeyPath        string
+
 	contractAddress string
 	contractPort    int
 	infoAddress     string
 	infoPort        int
 	argoAddress     string
 	argoPort        int
 	revision        string
-	gitAccount      string
-	gitToken        string
+	githubAccount      string
+	githubToken        string
 )
 
-type server struct {
-	pb.UnimplementedClusterLcmServiceServer
-}
-
 func init() {
 	flag.IntVar(&port, "port", 9112, "service port")
+	flag.BoolVar(&tlsEnabled, "tlsEnabled", false, "enabled tls")
+	flag.StringVar(&tlsClientCertPath, "tls-client-cert-path", "../../cert/tks-ca.crt", "path of ca cert file for tls")
+	flag.StringVar(&tlsCertPath, "tls-cert-path", "../../cert/tks-server.crt", "path of cert file for tls")
+	flag.StringVar(&tlsKeyPath, "tls-key-path", "../../cert/tks-server.key", "path of key file for tls")
 	flag.StringVar(&contractAddress, "contract-address", "localhost", "service address for tks-contract")
 	flag.IntVar(&contractPort, "contract-port", 9110, "service port for tks-contract")
 	flag.StringVar(&infoAddress, "info-address", "localhost", "service address for tks-info")
 	flag.IntVar(&infoPort, "info-port", 9111, "service port for tks-info")
 	flag.StringVar(&argoAddress, "argo-address", "192.168.70.10", "server address for argo-workflow-server")
 	flag.IntVar(&argoPort, "argo-port", 2746, "server port for argo-workflow-server")
 	flag.StringVar(&revision, "revision", "main", "revision for workflow parameter")
-	flag.StringVar(&gitAccount, "repo-name", "tks-management", "git repository name for workflow parameter")
+	flag.StringVar(&githubAccount, "repo-name", "tks-management", "git repository name for workflow parameter")
 
-	gitToken = os.Getenv("TOKEN")
+	githubToken = os.Getenv("TOKEN")
 }
 
 func main() {
-	log.Info("tks-cluster-lcm server is starting...")
 	flag.Parse()
 
-	if gitToken == "" {
-		log.Fatal("Specify gitToken to environment variable (TOKEN).")
-	}
-
-	log.Info("*** Connection Addresses *** ")
+	log.Info("*** Arguments *** ")
+	log.Info("tlsEnabled : ", tlsEnabled)
+	log.Info("tlsClientCertPath : ", tlsClientCertPath)
+	log.Info("tlsCertPath : ", tlsCertPath)
+	log.Info("tlsKeyPath : ", tlsKeyPath)
 	log.Info("contractAddress : ", contractAddress)
 	log.Info("contractPort : ", contractPort)
 	log.Info("infoAddress : ", infoAddress)
 	log.Info("infoPort : ", infoPort)
 	log.Info("argoAddress : ", argoAddress)
 	log.Info("argoPort : ", argoPort)
 	log.Info("revision : ", revision)
-	log.Info("gitAccount : ", gitAccount)
+	log.Info("githubAccount : ", githubAccount)
+	log.Info("****************** ")
+
+	if githubToken = os.Getenv("TOKEN"); githubToken == "" {
+		log.Fatal("Specify githubToken to environment variable (TOKEN).")
+	}
 
-	lis, err := net.Listen("tcp", ":"+strconv.Itoa(port))
+	// initialize handlers
+	var err error
+	argowfClient, err = argowf.New(argoAddress, argoPort)
 	if err != nil {
-		log.Fatal("an error failed to listen : ", err)
+		log.Fatal("failed to create argowf client : ", err)
+	}
+
+	if _, contractClient, err = grpc_client.CreateContractClient(contractAddress, contractPort, tlsEnabled, tlsClientCertPath); err != nil {
+		log.Fatal("failed to create contract client : ", err)
+	}
+
+	if _, cspInfoClient, err = grpc_client.CreateCspInfoClient(infoAddress, infoPort, tlsEnabled, tlsClientCertPath); err != nil {
+		log.Fatal("failed to create cspinfo client : ", err)
+	}
+
+	if _, clusterInfoClient, err = grpc_client.CreateClusterInfoClient(infoAddress, infoPort, tlsEnabled, tlsClientCertPath); err != nil {
+		log.Fatal("failed to create cluster client : ", err)
 	}
-	s := grpc.NewServer()
 
-	log.Info("Started to listen port ", port)
-	log.Info("****************************")
+	if _, appInfoClient, err = grpc_client.CreateAppInfoClient(infoAddress, infoPort, tlsEnabled, tlsClientCertPath); err != nil {
+		log.Fatal("failed to create appinfo client : ", err)
+	}
 
-	InitHandlers(contractAddress, contractPort, infoAddress, infoPort, argoAddress, argoPort)
+	// start server
+	s, conn, err := grpc_server.CreateServer(port, tlsEnabled, tlsCertPath, tlsKeyPath)
+	if err != nil {
+		log.Fatal("failed to crate grpc_server : ", err)
+	}
 
 	pb.RegisterClusterLcmServiceServer(s, &server{})
-	if err := s.Serve(lis); err != nil {
+	if err := s.Serve(conn); err != nil {
 		log.Fatal("failed to serve: ", err)
 	}
 }
diff --git a/go.mod b/go.mod
@@ -7,18 +7,17 @@ require (
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.3.0
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
-	github.com/openinfradev/tks-common v0.0.0-20220210005751-57d957152e7b
+	github.com/openinfradev/tks-common v0.0.0-20220321044608-105302d33457
 	github.com/openinfradev/tks-proto v0.0.6-0.20220318062944-7fccd257bcae // indirect
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
 	golang.org/x/net v0.0.0-20211011170408-caeb26a5c8c0 // indirect
 	google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4 // indirect
-	google.golang.org/grpc v1.43.0
 )
 
 replace github.com/openinfradev/tks-cluster-lcm => ./
 
 //replace github.com/openinfradev/tks-contract => ../tks-contract
 //replace github.com/openinfradev/tks-proto => ../tks-proto
 //replace github.com/openinfradev/tks-info => ../tks-info
-//replace github.com/openinfradev/tks-common => ./tks-common
+//replace github.com/openinfradev/tks-common => ../tks-common