mirror of
https://github.com/rancher/os.git
synced 2025-08-11 03:22:49 +00:00
154 lines
5.2 KiB
Go
154 lines
5.2 KiB
Go
package server
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
|
|
v1 "github.com/rancher/os/pkg/apis/rancheros.cattle.io/v1"
|
|
"github.com/rancher/os/pkg/clients"
|
|
ranchercontrollers "github.com/rancher/os/pkg/generated/controllers/management.cattle.io/v3"
|
|
roscontrollers "github.com/rancher/os/pkg/generated/controllers/rancheros.cattle.io/v1"
|
|
v3 "github.com/rancher/rancher/pkg/apis/management.cattle.io/v3"
|
|
corecontrollers "github.com/rancher/wrangler/pkg/generated/controllers/core/v1"
|
|
"github.com/sirupsen/logrus"
|
|
corev1 "k8s.io/api/core/v1"
|
|
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
|
)
|
|
|
|
var (
|
|
tokenType = "rancheros.cattle.io/token"
|
|
tokenKey = "token"
|
|
tokenIndex = "tokenIndex"
|
|
machineBySecretNameIndex = "machineBySecretNameIndex"
|
|
)
|
|
|
|
type InventoryServer struct {
|
|
secretCache corecontrollers.SecretCache
|
|
settingCache ranchercontrollers.SettingCache
|
|
machineCache roscontrollers.MachineInventoryCache
|
|
clusterRegistrationToken ranchercontrollers.ClusterRegistrationTokenCache
|
|
}
|
|
|
|
func New(clients *clients.Clients) *InventoryServer {
|
|
server := &InventoryServer{
|
|
secretCache: clients.Core.Secret().Cache(),
|
|
settingCache: clients.Rancher.Setting().Cache(),
|
|
machineCache: clients.OS.MachineInventory().Cache(),
|
|
clusterRegistrationToken: clients.Rancher.ClusterRegistrationToken().Cache(),
|
|
}
|
|
|
|
server.secretCache.AddIndexer(tokenIndex, func(obj *corev1.Secret) ([]string, error) {
|
|
if string(obj.Type) != tokenType {
|
|
return nil, nil
|
|
}
|
|
t := obj.Data[tokenKey]
|
|
if len(t) == 0 {
|
|
return nil, nil
|
|
}
|
|
return []string{base64.StdEncoding.EncodeToString(t)}, nil
|
|
})
|
|
|
|
server.machineCache.AddIndexer(machineBySecretNameIndex, func(obj *v1.MachineInventory) ([]string, error) {
|
|
if obj.Spec.MachineTokenSecretName == "" {
|
|
return nil, nil
|
|
}
|
|
return []string{obj.Namespace + "/" + obj.Spec.MachineTokenSecretName}, nil
|
|
})
|
|
|
|
server.secretCache.AddIndexer(tokenHash, func(obj *corev1.Secret) ([]string, error) {
|
|
if string(obj.Type) == tokenType {
|
|
return nil, nil
|
|
}
|
|
if token := obj.Data[tokenKey]; len(token) > 0 {
|
|
hash := sha256.Sum256(token)
|
|
return []string{base64.StdEncoding.EncodeToString(hash[:])}, nil
|
|
}
|
|
return nil, nil
|
|
})
|
|
|
|
return server
|
|
}
|
|
|
|
func (i *InventoryServer) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
|
|
if strings.HasSuffix(req.URL.Path, "/cacerts") {
|
|
i.cacerts(resp, req)
|
|
} else {
|
|
err := i.handle(resp, req)
|
|
if err != nil {
|
|
http.Error(resp, err.Error(), http.StatusInternalServerError)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (i *InventoryServer) handle(resp http.ResponseWriter, req *http.Request) error {
|
|
token := strings.TrimPrefix(req.Header.Get("Authorization"), "Bearer ")
|
|
secrets, err := i.secretCache.GetByIndex(tokenIndex, token)
|
|
if apierrors.IsNotFound(err) {
|
|
http.Error(resp, "Token not found", http.StatusNotFound)
|
|
return nil
|
|
} else if err != nil {
|
|
return err
|
|
} else if len(secrets) > 1 {
|
|
logrus.Errorf("Multiple machine secrets with the same value [%s/%s, %s/%s, ...]",
|
|
secrets[0].Namespace, secrets[0].Name, secrets[1].Namespace, secrets[1].Name)
|
|
http.Error(resp, "Token not found", http.StatusNotFound)
|
|
return nil
|
|
}
|
|
|
|
machines, err := i.machineCache.GetByIndex(machineBySecretNameIndex, secrets[0].Namespace+"/"+secrets[0].Name)
|
|
if len(machines) > 1 {
|
|
logrus.Errorf("Multiple machine inventories with the token: %v", machines)
|
|
}
|
|
if apierrors.IsNotFound(err) || len(machines) != 1 {
|
|
http.Error(resp, "Machine not found", http.StatusNotFound)
|
|
return nil
|
|
} else if err != nil {
|
|
return err
|
|
}
|
|
|
|
crt, err := i.clusterRegistrationToken.Get(machines[0].Status.ClusterRegistrationTokenNamespace,
|
|
machines[0].Status.ClusterRegistrationTokenName)
|
|
if apierrors.IsNotFound(err) || crt.Status.Token == "" {
|
|
http.Error(resp, "Cluster token not found", http.StatusNotFound)
|
|
return nil
|
|
}
|
|
|
|
return writeResponse(resp, machines[0], crt)
|
|
}
|
|
|
|
type config struct {
|
|
Role string `json:"role,omitempty"`
|
|
NodeName string `json:"nodeName,omitempty"`
|
|
Address string `json:"address,omitempty"`
|
|
InternalAddress string `json:"internalAddress,omitempty"`
|
|
Taints []string `json:"taints,omitempty"`
|
|
Labels []string `json:"labels,omitempty"`
|
|
ConfigValues map[string]string `json:"extraConfig,omitempty"`
|
|
Token string `json:"token,omitempty"`
|
|
}
|
|
|
|
func writeResponse(resp http.ResponseWriter, inventory *v1.MachineInventory, crt *v3.ClusterRegistrationToken) error {
|
|
config := config{
|
|
Role: inventory.Spec.Config.Role,
|
|
NodeName: inventory.Spec.Config.NodeName,
|
|
Address: inventory.Spec.Config.Address,
|
|
InternalAddress: inventory.Spec.Config.InternalAddress,
|
|
Taints: nil,
|
|
Labels: nil,
|
|
ConfigValues: inventory.Spec.Config.ConfigValues,
|
|
Token: crt.Status.Token,
|
|
}
|
|
for k, v := range inventory.Spec.Config.Labels {
|
|
config.Labels = append(config.Labels, fmt.Sprintf("%s=%s", k, v))
|
|
}
|
|
for _, taint := range inventory.Spec.Config.Taints {
|
|
config.Labels = append(config.Labels, taint.ToString())
|
|
}
|
|
resp.Header().Set("Content-Type", "application/json")
|
|
return json.NewEncoder(resp).Encode(config)
|
|
}
|