Skip to content

Commit

Permalink
Merge pull request #14 from zeropsio/18389
Browse files Browse the repository at this point in the history
#18389 CA cert source change to download url.
  • Loading branch information
tikinang authored Nov 11, 2020
2 parents af3cdd8 + 5025224 commit 169699a
Show file tree
Hide file tree
Showing 17 changed files with 144 additions and 151 deletions.
8 changes: 4 additions & 4 deletions src/cliAction/startVpn/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ type Config struct {
}

type RunConfig struct {
ProjectName string
Token string
Mtu uint32
CaCertificate []byte
ProjectName string
Token string
Mtu uint32
CaCertificateUrl string
}

type Handler struct {
Expand Down
14 changes: 7 additions & 7 deletions src/cliAction/startVpn/handler_run.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,13 +61,13 @@ func (h *Handler) tryStartVpn(ctx context.Context, project *zeropsApiProtocol.Pr
defer closeFn()

response, err := zeropsDaemonClient.StartVpn(ctx, &zeropsDaemonProtocol.StartVpnRequest{
ApiAddress: h.config.GrpcApiAddress,
VpnAddress: h.config.VpnAddress,
ProjectId: project.GetId(),
Token: config.Token,
Mtu: config.Mtu,
UserId: userId,
CaCertificate: config.CaCertificate,
ApiAddress: h.config.GrpcApiAddress,
VpnAddress: h.config.VpnAddress,
ProjectId: project.GetId(),
Token: config.Token,
Mtu: config.Mtu,
UserId: userId,
CaCertificateUrl: config.CaCertificateUrl,
})
daemonInstalled, err := utils.HandleDaemonError(err)
if err != nil {
Expand Down
6 changes: 4 additions & 2 deletions src/cmd/deploy.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import (
"context"
"time"

"github.com/zerops-io/zcli/src/constants"

"github.com/zerops-io/zcli/src/grpcApiClientFactory"

"github.com/zerops-io/zcli/src/cliAction/buildDeploy"
Expand All @@ -30,11 +32,11 @@ func deployCmd() *cobra.Command {
}

apiClientFactory := grpcApiClientFactory.New(grpcApiClientFactory.Config{
CaCertificate: params.GetPersistentBytes("caCertificate"),
CaCertificateUrl: params.GetPersistentString(constants.PersistentParamCaCertificateUrl),
})
apiGrpcClient, closeFunc, err := apiClientFactory.CreateClient(
ctx,
params.GetPersistentString("grpcApiAddress"),
params.GetPersistentString(constants.PersistentParamGrpcApiAddress),
getToken(storage),
)
if err != nil {
Expand Down
8 changes: 5 additions & 3 deletions src/cmd/login.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import (
"context"
"time"

"github.com/zerops-io/zcli/src/constants"

"github.com/zerops-io/zcli/src/grpcDaemonClientFactory"

"github.com/zerops-io/zcli/src/grpcApiClientFactory"
Expand Down Expand Up @@ -33,13 +35,13 @@ func loginCmd() *cobra.Command {
})

apiClientFactory := grpcApiClientFactory.New(grpcApiClientFactory.Config{
CaCertificate: params.GetPersistentBytes("caCertificate"),
CaCertificateUrl: params.GetPersistentString(constants.PersistentParamCaCertificateUrl),
})

return login.New(
login.Config{
RestApiAddress: params.GetPersistentString("restApiAddress"),
GrpcApiAddress: params.GetPersistentString("grpcApiAddress"),
RestApiAddress: params.GetPersistentString(constants.PersistentParamRestApiAddress),
GrpcApiAddress: params.GetPersistentString(constants.PersistentParamGrpcApiAddress),
},
storage,
httpClient,
Expand Down
5 changes: 3 additions & 2 deletions src/cmd/push.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"time"

"github.com/zerops-io/zcli/src/constants"
"github.com/zerops-io/zcli/src/grpcApiClientFactory"

"github.com/zerops-io/zcli/src/cliAction/buildDeploy"
Expand Down Expand Up @@ -31,11 +32,11 @@ func pushCmd() *cobra.Command {
}

apiClientFactory := grpcApiClientFactory.New(grpcApiClientFactory.Config{
CaCertificate: params.GetPersistentBytes("caCertificate"),
CaCertificateUrl: params.GetPersistentString(constants.PersistentParamCaCertificateUrl),
})
apiGrpcClient, closeFunc, err := apiClientFactory.CreateClient(
ctx,
params.GetPersistentString("grpcApiAddress"),
params.GetPersistentString(constants.PersistentParamGrpcApiAddress),
getToken(storage),
)
if err != nil {
Expand Down
35 changes: 6 additions & 29 deletions src/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"os/signal"
"syscall"

"github.com/zerops-io/zcli/src/constants"

"github.com/spf13/cobra"
paramsPackage "github.com/zerops-io/zcli/src/utils/params"
)
Expand All @@ -23,10 +25,10 @@ func ExecuteCmd() error {
Use: "zcli",
}

params.RegisterPersistentString(rootCmd, "restApiAddress", "https://app.zerops.dev", "address of rest api")
params.RegisterPersistentString(rootCmd, "grpcApiAddress", "app.zerops.dev:20902", "address of grpc api")
params.RegisterPersistentString(rootCmd, "vpnApiAddress", "vpn.app.zerops.dev", "address of vpn api")
params.RegisterPersistentString(rootCmd, "caCertificate", defaultZeropsCACertificate, "certificate of Zerops certificate authority used for tls encrypted communication via gRPC")
params.RegisterPersistentString(rootCmd, constants.PersistentParamRestApiAddress, "https://app.zerops.dev", "address of rest api")
params.RegisterPersistentString(rootCmd, constants.PersistentParamGrpcApiAddress, "app.zerops.dev:20902", "address of grpc api")
params.RegisterPersistentString(rootCmd, constants.PersistentParamVpnApiAddress, "vpn.app.zerops.dev", "address of vpn api")
params.RegisterPersistentString(rootCmd, constants.PersistentParamCaCertificateUrl, "https://app.zerops.dev/ca.crt", "download url for certificate of Zerops certificate authority used for tls encrypted communication via gRPC")

rootCmd.AddCommand(deployCmd())
rootCmd.AddCommand(pushCmd())
Expand Down Expand Up @@ -59,28 +61,3 @@ func regSignals(contextCancel func()) {
contextCancel()
}()
}

const defaultZeropsCACertificate = `-----BEGIN CERTIFICATE-----
MIID6jCCAtKgAwIBAgICB+QwDQYJKoZIhvcNAQELBQAwgYkxCzAJBgNVBAYTAkNa
MQ8wDQYDVQQIEwZQcmFndWUxDzANBgNVBAcTBlByYWd1ZTEZMBcGA1UECRMQU29k
b21rb3ZhIDE1NzkvNTEOMAwGA1UEERMFMTAyMDAxGTAXBgNVBAoTEFZTSG9zdGlu
ZyBzLnIuby4xEjAQBgNVBAMTCXplcm9wcy5pbzAgFw0xOTA3MjcxMzU4MDVaGA8y
MTIwMDcyNzEzNTgwNVowgYkxCzAJBgNVBAYTAkNaMQ8wDQYDVQQIEwZQcmFndWUx
DzANBgNVBAcTBlByYWd1ZTEZMBcGA1UECRMQU29kb21rb3ZhIDE1NzkvNTEOMAwG
A1UEERMFMTAyMDAxGTAXBgNVBAoTEFZTSG9zdGluZyBzLnIuby4xEjAQBgNVBAMT
CXplcm9wcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQOFw5F
epu+90na1n6K/G5JSBgBtrBF/V9BvTs7+C716vquw/EDTAhhboL8EcvbQaGUuTvL
Co38GD8zv9A2k8M3l8iWQmEsHhvZv+21Cn/P5mwPxHnJm6STrkc0s3fQY/6q7zFU
ELF/4ICmjv9IVW4t13h4aD5J24va3tC7rmZchgrR2+wsrYq7DuUpt0sGk56Oh5Wp
FR34RvDjIdWc77wHFVfSRmGOPxLV5ZbfvQixN2ZNWQjFz0FQjgNrPK1fFBRMBf0d
QzeYz8ku0315mcKwWc/gSSAQBzs6bIv8z0nJeTgGKTJVDfPtb0kzGISC9usOvIuh
cfDrrBwPRqOu1l8CAwEAAaNYMFYwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQG
CCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MBQGA1UdEQQNMAuC
CXplcm9wcy5pbzANBgkqhkiG9w0BAQsFAAOCAQEAeEbQlIRd1KDZJxP++rU3J28t
+pLn4TLwR6fUBaSI4plrZkO/5wibhfKYuHs2ikUtZ4PRGbDjx6qnTcRhBASDTCOA
avnsgsrxlE2YDiSyHy7gPzHv/LYMIzM4dXIHlfMk2E73bHAnG5BZVgnMrCxJ2nIl
z04AOUJN5usLANI2l+ExSsg+mall6kggTi84ImnsVCevb2pz4bQ3mDHLf86Emu3o
pvSWmWdIc3A71HtYSZjxbobiCsriWQmwXPcUPHPveuzULraoAcQSefAZ9/dxLNFZ
CjdL1udHsEL8XqJgvzBkrmRWHDRBWabdsc6bCyxcqzFGmZ4LUvSxLT6Smgj7xA==
-----END CERTIFICATE-----
`
20 changes: 10 additions & 10 deletions src/cmd/vpnStart.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package cmd
import (
"context"

"github.com/zerops-io/zcli/src/constants"
"github.com/zerops-io/zcli/src/grpcApiClientFactory"

"github.com/zerops-io/zcli/src/daemonInstaller"
Expand Down Expand Up @@ -30,13 +31,12 @@ func vpnStartCmd() *cobra.Command {
return err
}

caCertUrl := params.GetPersistentString(constants.PersistentParamCaCertificateUrl)
token := getToken(storage)
apiClientFactory := grpcApiClientFactory.New(grpcApiClientFactory.Config{
CaCertificate: params.GetPersistentBytes("caCertificate"),
})
apiClientFactory := grpcApiClientFactory.New(grpcApiClientFactory.Config{CaCertificateUrl: caCertUrl})
apiGrpcClient, closeFunc, err := apiClientFactory.CreateClient(
ctx,
params.GetPersistentString("grpcApiAddress"),
params.GetPersistentString(constants.PersistentParamGrpcApiAddress),
token,
)
if err != nil {
Expand All @@ -51,17 +51,17 @@ func vpnStartCmd() *cobra.Command {

return startVpn.New(
startVpn.Config{
GrpcApiAddress: params.GetPersistentString("grpcApiAddress"),
VpnAddress: params.GetPersistentString("vpnApiAddress"),
GrpcApiAddress: params.GetPersistentString(constants.PersistentParamGrpcApiAddress),
VpnAddress: params.GetPersistentString(constants.PersistentParamVpnApiAddress),
},
apiGrpcClient,
grpcDaemonClientFactory.New(),
installer,
).Run(ctx, startVpn.RunConfig{
ProjectName: args[0],
Token: token,
Mtu: params.GetUint32("mtu"),
CaCertificate: params.GetPersistentBytes("caCertificate"),
ProjectName: args[0],
Token: token,
Mtu: params.GetUint32("mtu"),
CaCertificateUrl: caCertUrl,
})
},
}
Expand Down
8 changes: 8 additions & 0 deletions src/constants/params.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
package constants

const (
PersistentParamCaCertificateUrl = "caCertificateUrl"
PersistentParamRestApiAddress = "restApiAddress"
PersistentParamGrpcApiAddress = "grpcApiAddress"
PersistentParamVpnApiAddress = "vpnApiAddress"
)
26 changes: 13 additions & 13 deletions src/daemonStorage/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,19 @@ type Handler struct {
}

type Data struct {
ProjectId string
UserId string
ServerIp net.IP
VpnNetwork net.IPNet
GrpcApiAddress string
GrpcVpnAddress string
Token string
DnsIp net.IP
ClientIp net.IP
Mtu uint32
DnsManagement string
CaCertificate []byte
VpnStarted bool
ProjectId string
UserId string
ServerIp net.IP
VpnNetwork net.IPNet
GrpcApiAddress string
GrpcVpnAddress string
Token string
DnsIp net.IP
ClientIp net.IP
Mtu uint32
DnsManagement string
CaCertificateUrl string
VpnStarted bool
}

func New(config Config) (*Handler, error) {
Expand Down
17 changes: 15 additions & 2 deletions src/grpcApiClientFactory/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"net/http"

"golang.org/x/oauth2"
"google.golang.org/grpc/credentials/oauth"
Expand All @@ -16,7 +18,7 @@ import (
)

type Config struct {
CaCertificate []byte
CaCertificateUrl string
}

type Handler struct {
Expand Down Expand Up @@ -58,8 +60,19 @@ func (h *Handler) createBearerCredentials(token string) credentials.PerRPCCreden
}

func (h *Handler) createTLSCredentials() (credentials.TransportCredentials, error) {

resp, err := http.Get(h.config.CaCertificateUrl)
if err != nil {
return nil, fmt.Errorf("get caCertificate => %s", err.Error())
}
defer resp.Body.Close()
caCertBytes, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("read caCertificate response => %s", err.Error())
}

certPool := x509.NewCertPool()
if !certPool.AppendCertsFromPEM(h.config.CaCertificate) {
if !certPool.AppendCertsFromPEM(caCertBytes) {
return nil, fmt.Errorf("failed to add server CA certificate")
}
config := &tls.Config{
Expand Down
2 changes: 1 addition & 1 deletion src/grpcDaemonServer/handler_startVpn.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ func (h *Handler) StartVpn(ctx context.Context, request *zeropsDaemonProtocol.St
request.GetProjectId(),
request.GetUserId(),
request.GetMtu(),
request.GetCaCertificate(),
request.GetCaCertificateUrl(),
)
if err != nil {
return &zeropsDaemonProtocol.StartVpnResponse{}, err
Expand Down
10 changes: 0 additions & 10 deletions src/utils/params/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,16 +88,6 @@ func (h *Handler) GetPersistentString(name string) string {
return ""
}

func (h *Handler) GetPersistentBytes(name string) []byte {
if param, exists := h.params[name]; exists {
if v, ok := param.(func() string); ok {
return []byte(v())
}
return nil
}
return nil
}

func (h *Handler) GetString(cmd *cobra.Command, name string) string {
id := h.getCmdId(cmd, name)
if param, exists := h.params[id]; exists {
Expand Down
4 changes: 2 additions & 2 deletions src/vpn/handler_public_startVpn.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ func (h *Handler) StartVpn(
projectId string,
userId string,
mtu uint32,
caCertificate []byte,
caCertificateUrl string,
) (vpnStatus *zeropsDaemonProtocol.VpnStatus, err error) {
h.lock.Lock()
defer h.lock.Unlock()
Expand All @@ -30,7 +30,7 @@ func (h *Handler) StartVpn(
projectId,
userId,
mtu,
caCertificate,
caCertificateUrl,
)
if err != nil {
return nil, err
Expand Down
2 changes: 1 addition & 1 deletion src/vpn/handler_public_vpnStatusCheck.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ func (h *Handler) vpnStatusCheck(ctx context.Context) {
data.ProjectId,
data.UserId,
data.Mtu,
data.CaCertificate,
data.CaCertificateUrl,
)
if err != nil {
h.logger.Error(err)
Expand Down
6 changes: 3 additions & 3 deletions src/vpn/handler_startVpn.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ func (h *Handler) startVpn(
projectId string,
userId string,
mtu uint32,
caCertificate []byte,
caCertificateUrl string,
) (err error) {
defer func() {
if err != nil {
Expand All @@ -42,7 +42,7 @@ func (h *Handler) startVpn(
return err
}

apiClientFactory := grpcApiClientFactory.New(grpcApiClientFactory.Config{CaCertificate: caCertificate})
apiClientFactory := grpcApiClientFactory.New(grpcApiClientFactory.Config{CaCertificateUrl: caCertificateUrl})
apiGrpcClient, closeFunc, err := apiClientFactory.CreateClient(ctx, grpcApiAddress, token)
if err != nil {
return err
Expand Down Expand Up @@ -162,7 +162,7 @@ func (h *Handler) startVpn(
data.GrpcVpnAddress = grpcVpnAddress
data.Token = token
data.DnsManagement = string(dnsManagement)
data.CaCertificate = caCertificate
data.CaCertificateUrl = caCertificateUrl
data.VpnStarted = true

err = h.storage.Save(data)
Expand Down
Loading

0 comments on commit 169699a

Please sign in to comment.