Skip to content

Commit

Permalink
feat: support service account auth in cli
Browse files Browse the repository at this point in the history 
Move the common GRPC interceptor code for siderov1 auth into go-api-signature.

Refactor go-api-signature to attempt to read the known environment variables for service accounts.

Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
  • Loading branch information
@utkuozdemir
utkuozdemir committed Oct 6, 2023
1 parent 336aee0 commit c14a5d4
Show file tree
Hide file tree
Showing 6 changed files with 24 additions and 122 deletions.
14 changes: 7 additions & 7 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,10 +154,6 @@ require (
github.com/MakeNowJust/heredoc v1.0.0 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/Microsoft/hcsshim v0.11.0 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
github.com/ProtonMail/gopenpgp/v2 v2.7.3 // indirect
github.com/adrg/xdg v0.4.0 // indirect
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 // indirect
github.com/aws/aws-sdk-go-v2 v1.21.0 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.13.40 // indirect
Expand All @@ -175,7 +171,6 @@ require (
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
github.com/cilium/ebpf v0.11.0 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/containerd/continuity v0.4.2 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/go-cni v1.1.9 // indirect
Expand Down Expand Up @@ -257,7 +252,6 @@ require (
github.com/pelletier/go-toml/v2 v2.0.6 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pierrec/lz4/v4 v4.1.14 // indirect
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_golang v1.16.0 // indirect
Expand All @@ -268,7 +262,7 @@ require (
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b // indirect
github.com/sethgrid/pester v1.2.0 // indirect
github.com/siderolabs/go-api-signature v0.2.6 // indirect
github.com/siderolabs/go-api-signature v0.3.0 // indirect
github.com/siderolabs/protoenc v0.2.0 // indirect
github.com/siderolabs/tcpproxy v0.1.0 // indirect
github.com/sirupsen/logrus v1.9.1 // indirect
Expand Down Expand Up @@ -320,8 +314,14 @@ require (
require (
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
github.com/ProtonMail/gopenpgp/v2 v2.7.3 // indirect
github.com/adrg/xdg v0.4.0 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
go.opentelemetry.io/otel/metric v0.37.0 // indirect
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect
)
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -635,8 +635,8 @@ github.com/siderolabs/discovery-client v0.1.5 h1:CyaOOynanZdB29v46lyEOaNfPoBnKjj
github.com/siderolabs/discovery-client v0.1.5/go.mod h1:XFSNX7ADu+4r3j/m299V6pP7f4vEDnSJJhgc5yZE73g=
github.com/siderolabs/gen v0.4.7 h1:lM69UYggT7yzpubf7hEFaNujPdY55Y9zvQf/NC18GvA=
github.com/siderolabs/gen v0.4.7/go.mod h1:4PBYMdXxTg292IDRq4CGn5AymyDxJVEDvobVKDqFBEA=
github.com/siderolabs/go-api-signature v0.2.6 h1:X4Q+J7CmyfUHKUR+4x4RqmmSSksQ2pYGDajwVX8ZaJ0=
github.com/siderolabs/go-api-signature v0.2.6/go.mod h1:jt7azUqWctrkn7XuTPunfkWllvGPIfRJW8AS3OVkiqE=
github.com/siderolabs/go-api-signature v0.3.0 h1:RSJ210iLD6p2FouRvRvkB6FMvz8ZltXvt9+g+5EGbC4=
github.com/siderolabs/go-api-signature v0.3.0/go.mod h1:RZQFRiZ4midsdC9XCGhhWyS8QcIWtpEFeigvqoDPYJY=
github.com/siderolabs/go-blockdevice v0.4.6 h1:yfxFYzXezzszB0mSF2ZG8jPPampoNXa9r8W8nM0IoZI=
github.com/siderolabs/go-blockdevice v0.4.6/go.mod h1:4PeOuk71pReJj1JQEXDE7kIIQJPVe8a+HZQa+qjxSEA=
github.com/siderolabs/go-circular v0.1.0 h1:zpBJNUbCZSh0odZxA4Dcj0d3ShLLR2WxKW6hTdAtoiE=
Expand Down
14 changes: 11 additions & 3 deletions pkg/machinery/client/connection.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ import (
"strings"

"github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-api-signature/pkg/client/interceptor"
"github.com/siderolabs/go-api-signature/pkg/pgp/client"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"

Expand Down Expand Up @@ -82,10 +84,16 @@ func (c *Client) getConn(ctx context.Context, opts ...grpc.DialOption) (*grpcCon
contextName = c.options.contextOverride
}

authInterceptor := newAuthInterceptorConfig(contextName, sideroV1.Identity)
authInterceptor := interceptor.New(interceptor.Options{
UserKeyProvider: client.NewKeyProvider("talos/keys"),
ContextName: contextName,
Identity: sideroV1.Identity,
ClientName: "Talos",
})

dialOpts = append(dialOpts,
grpc.WithUnaryInterceptor(authInterceptor.Interceptor().Unary()),
grpc.WithStreamInterceptor(authInterceptor.Interceptor().Stream()),
grpc.WithUnaryInterceptor(authInterceptor.Unary()),
grpc.WithStreamInterceptor(authInterceptor.Stream()),
)
}

Expand Down
106 changes: 0 additions & 106 deletions pkg/machinery/client/siderov1.go
View file

This file was deleted.

4 changes: 2 additions & 2 deletions pkg/machinery/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,9 @@ require (
github.com/jsimonetti/rtnetlink v1.3.5
github.com/mdlayher/ethtool v0.1.0
github.com/opencontainers/runtime-spec v1.1.0-rc.1
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8
github.com/siderolabs/crypto v0.4.1
github.com/siderolabs/gen v0.4.7
github.com/siderolabs/go-api-signature v0.2.6
github.com/siderolabs/go-api-signature v0.3.0
github.com/siderolabs/go-blockdevice v0.4.6
github.com/siderolabs/go-pointer v1.0.0
github.com/siderolabs/net v0.4.0
Expand Down Expand Up @@ -51,6 +50,7 @@ require (
github.com/mdlayher/socket v0.4.1 // indirect
github.com/onsi/ginkgo/v2 v2.2.0 // indirect
github.com/onsi/gomega v1.20.1 // indirect
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
Expand Down
4 changes: 2 additions & 2 deletions pkg/machinery/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,8 @@ github.com/siderolabs/crypto v0.4.1 h1:PP84WSDDyCCbjYKePcc0IaMSPXDndz8V3cQ9hMRSv
github.com/siderolabs/crypto v0.4.1/go.mod h1:nJmvkqWy1Hngbzw3eg2TdtJ/ZYHHofQK1NbmmYywW8k=
github.com/siderolabs/gen v0.4.7 h1:lM69UYggT7yzpubf7hEFaNujPdY55Y9zvQf/NC18GvA=
github.com/siderolabs/gen v0.4.7/go.mod h1:4PBYMdXxTg292IDRq4CGn5AymyDxJVEDvobVKDqFBEA=
github.com/siderolabs/go-api-signature v0.2.6 h1:X4Q+J7CmyfUHKUR+4x4RqmmSSksQ2pYGDajwVX8ZaJ0=
github.com/siderolabs/go-api-signature v0.2.6/go.mod h1:jt7azUqWctrkn7XuTPunfkWllvGPIfRJW8AS3OVkiqE=
github.com/siderolabs/go-api-signature v0.3.0 h1:RSJ210iLD6p2FouRvRvkB6FMvz8ZltXvt9+g+5EGbC4=
github.com/siderolabs/go-api-signature v0.3.0/go.mod h1:RZQFRiZ4midsdC9XCGhhWyS8QcIWtpEFeigvqoDPYJY=
github.com/siderolabs/go-blockdevice v0.4.6 h1:yfxFYzXezzszB0mSF2ZG8jPPampoNXa9r8W8nM0IoZI=
github.com/siderolabs/go-blockdevice v0.4.6/go.mod h1:4PeOuk71pReJj1JQEXDE7kIIQJPVe8a+HZQa+qjxSEA=
github.com/siderolabs/go-pointer v1.0.0 h1:6TshPKep2doDQJAAtHUuHWXbca8ZfyRySjSBT/4GsMU=
Expand Down

0 comments on commit c14a5d4

Please sign in to comment.