Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[turbo WIP] MIMO PoC #3210

Closed
wants to merge 28 commits into from
Closed

[turbo WIP] MIMO PoC #3210

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
6c8f430
move some boilerplate out
hawkowl Oct 11, 2023
2b1d929
revendor
hawkowl Oct 11, 2023
f81be74
some db sorting out
hawkowl Oct 11, 2023
ec02c7c
database creation logic
hawkowl Oct 12, 2023
620776b
reduce duplication of things that use env
hawkowl Oct 12, 2023
c00fd03
update
hawkowl Oct 12, 2023
04ba49b
fix
hawkowl Oct 12, 2023
892db2c
move out the worker queue, fix a quiet bug around the worker count
hawkowl Oct 12, 2023
4e3fab7
queue logging
hawkowl Oct 12, 2023
8ae1fad
mimo CLI skeleton
hawkowl Oct 12, 2023
37360d1
go mod + sum
hawkowl Oct 12, 2023
41085c3
hmm don't worry about this rn
hawkowl Oct 16, 2023
74d98cc
mimo db
hawkowl Oct 16, 2023
77e866e
don't need
hawkowl Oct 16, 2023
5d6b531
fix
hawkowl Oct 18, 2023
aca1bb8
mimo db stuff
hawkowl Oct 18, 2023
e61bb6f
db up
hawkowl Oct 18, 2023
bc97e29
move bucket stuff
hawkowl Oct 25, 2023
ba607c2
move monitor stuff
hawkowl Oct 25, 2023
7b37922
add bucket services
hawkowl Oct 25, 2023
19c2d45
generate
hawkowl Oct 25, 2023
8b26773
bucket services
hawkowl Oct 25, 2023
d163bef
fix buckets
hawkowl Oct 25, 2023
5d95719
new prov state
hawkowl Oct 25, 2023
53f45fd
MIMO db stuff
hawkowl Oct 25, 2023
91e76ae
gen
hawkowl Oct 25, 2023
768a270
cleanups
hawkowl Oct 25, 2023
260c37d
mimo changes
hawkowl Oct 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 15 additions & 29 deletions cmd/aro/dbtoken.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,23 +10,28 @@ import (

"github.com/sirupsen/logrus"

"github.com/Azure/ARO-RP/pkg/database"
"github.com/Azure/ARO-RP/pkg/database/cosmosdb"
pkgdbtoken "github.com/Azure/ARO-RP/pkg/dbtoken"
"github.com/Azure/ARO-RP/pkg/env"
"github.com/Azure/ARO-RP/pkg/metrics/statsd"
"github.com/Azure/ARO-RP/pkg/metrics/statsd/golang"
"github.com/Azure/ARO-RP/pkg/util/keyvault"
"github.com/Azure/ARO-RP/pkg/util/oidc"
"github.com/Azure/ARO-RP/pkg/util/service"
)

func dbtoken(ctx context.Context, log *logrus.Entry) error {
_env, err := env.NewCore(ctx, log)
_env, err := env.NewCore(ctx, log, env.COMPONENT_DBTOKEN)
if err != nil {
return err
}

if err := env.ValidateVars("AZURE_GATEWAY_SERVICE_PRINCIPAL_ID", "AZURE_DBTOKEN_CLIENT_ID"); err != nil {
if err := env.ValidateVars(
"AZURE_GATEWAY_SERVICE_PRINCIPAL_ID",
"AZURE_DBTOKEN_CLIENT_ID",
service.DatabaseAccountName,
service.KeyVaultPrefix,
); err != nil {
return err
}

Expand All @@ -36,42 +41,26 @@ func dbtoken(ctx context.Context, log *logrus.Entry) error {
}
}

msiAuthorizer, err := _env.NewMSIAuthorizer(env.MSIContextRP, _env.Environment().ResourceManagerScope)
msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope)
if err != nil {
return err
}

msiKVAuthorizer, err := _env.NewMSIAuthorizer(env.MSIContextRP, _env.Environment().KeyVaultScope)
if err != nil {
return err
}

m := statsd.New(ctx, log.WithField("component", "dbtoken"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET"))
m := statsd.NewFromEnv(ctx, _env.Logger(), _env)

g, err := golang.NewMetrics(log.WithField("component", "dbtoken"), m)
g, err := golang.NewMetrics(_env.Logger(), m)
if err != nil {
return err
}

go g.Run()

if err := env.ValidateVars(DatabaseAccountName); err != nil {
return err
}

dbAccountName := os.Getenv(DatabaseAccountName)

dbAuthorizer, err := database.NewMasterKeyAuthorizer(ctx, _env, msiAuthorizer, dbAccountName)
dbc, err := service.NewDatabase(ctx, _env, log, m, service.DB_ALWAYS_MASTERKEY, false)
if err != nil {
return err
}

dbc, err := database.NewDatabaseClient(log.WithField("component", "database"), _env, dbAuthorizer, m, nil, dbAccountName)
if err != nil {
return err
}

dbName, err := DBName(_env.IsLocalDevelopmentMode())
dbName, err := service.DBName(_env.IsLocalDevelopmentMode())
if err != nil {
return err
}
Expand All @@ -83,10 +72,7 @@ func dbtoken(ctx context.Context, log *logrus.Entry) error {
return err
}

if err := env.ValidateVars(KeyVaultPrefix); err != nil {
return err
}
keyVaultPrefix := os.Getenv(KeyVaultPrefix)
keyVaultPrefix := os.Getenv(service.KeyVaultPrefix)
dbtokenKeyvaultURI := keyvault.URI(_env, env.DBTokenKeyvaultSuffix, keyVaultPrefix)
dbtokenKeyvault := keyvault.NewManager(msiKVAuthorizer, dbtokenKeyvaultURI)

Expand Down Expand Up @@ -116,7 +102,7 @@ func dbtoken(ctx context.Context, log *logrus.Entry) error {

log.Print("listening")

server, err := pkgdbtoken.NewServer(ctx, _env, log.WithField("component", "dbtoken"), log.WithField("component", "dbtoken-access"), l, servingKey, servingCerts, verifier, userc, m)
server, err := pkgdbtoken.NewServer(ctx, _env, _env.Logger(), log.WithField("component", "dbtoken-access"), l, servingKey, servingCerts, verifier, userc, m)
if err != nil {
return err
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/aro/deploy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ func deploy(ctx context.Context, log *logrus.Entry) error {
var tokenCredential azcore.TokenCredential
if os.Getenv("AZURE_EV2") != "" { // running in EV2 - use MSI
var err error
_env, err = env.NewCore(ctx, log)
_env, err = env.NewCore(ctx, log, env.COMPONENT_DEPLOY)
if err != nil {
return err
}
Expand Down
67 changes: 9 additions & 58 deletions cmd/aro/gateway.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,32 +7,33 @@ import (
"context"
"os"
"os/signal"
"strings"
"syscall"
"time"

"github.com/sirupsen/logrus"

"github.com/Azure/ARO-RP/pkg/database"
pkgdbtoken "github.com/Azure/ARO-RP/pkg/dbtoken"
"github.com/Azure/ARO-RP/pkg/env"
pkggateway "github.com/Azure/ARO-RP/pkg/gateway"
"github.com/Azure/ARO-RP/pkg/metrics/statsd"
"github.com/Azure/ARO-RP/pkg/metrics/statsd/golang"
utilnet "github.com/Azure/ARO-RP/pkg/util/net"
"github.com/Azure/ARO-RP/pkg/util/service"
)

func gateway(ctx context.Context, log *logrus.Entry) error {
_env, err := env.NewCore(ctx, log)
_env, err := env.NewCore(ctx, log, env.COMPONENT_GATEWAY)
if err != nil {
return err
}

if err = env.ValidateVars("AZURE_DBTOKEN_CLIENT_ID"); err != nil {
if err = env.ValidateVars(
"AZURE_DBTOKEN_CLIENT_ID",
service.DatabaseAccountName,
); err != nil {
return err
}

m := statsd.New(ctx, log.WithField("component", "gateway"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET"))
m := statsd.NewFromEnv(ctx, log.WithField("component", "gateway"), _env)

g, err := golang.NewMetrics(log.WithField("component", "gateway"), m)
if err != nil {
Expand All @@ -41,41 +42,12 @@ func gateway(ctx context.Context, log *logrus.Entry) error {

go g.Run()

if err := env.ValidateVars(DatabaseAccountName); err != nil {
return err
}
dbc, err := database.NewDatabaseClient(log.WithField("component", "database"), _env, nil, m, nil, os.Getenv(DatabaseAccountName))
dbc, err := service.NewDatabase(ctx, _env, log, m, service.DB_ALWAYS_DBTOKEN, false)
if err != nil {
return err
}

// Access token GET request needs to be:
// http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$AZURE_DBTOKEN_CLIENT_ID
//
// In this context, the "resource" parameter is passed to azidentity as a
// "scope" argument even though a scope normally consists of an endpoint URL.
scope := os.Getenv("AZURE_DBTOKEN_CLIENT_ID")
msiRefresherAuthorizer, err := _env.NewMSIAuthorizer(env.MSIContextGateway, scope)
if err != nil {
return err
}

// TODO: refactor this poor man's feature flag
insecureSkipVerify := _env.IsLocalDevelopmentMode()
for _, feature := range strings.Split(os.Getenv("GATEWAY_FEATURES"), ",") {
if feature == "InsecureSkipVerifyDBTokenCertificate" {
insecureSkipVerify = true
break
}
}

url, err := getURL(_env.IsLocalDevelopmentMode())
if err != nil {
return err
}
dbRefresher := pkgdbtoken.NewRefresher(log, _env, msiRefresherAuthorizer, insecureSkipVerify, dbc, "gateway", m, "gateway", url)

dbName, err := DBName(_env.IsLocalDevelopmentMode())
dbName, err := service.DBName(_env.IsLocalDevelopmentMode())
if err != nil {
return err
}
Expand All @@ -85,15 +57,6 @@ func gateway(ctx context.Context, log *logrus.Entry) error {
return err
}

go func() {
_ = dbRefresher.Run(ctx)
}()

log.Print("waiting for database token")
for !dbRefresher.HasSyncedOnce() {
time.Sleep(time.Second)
}

httpl, err := utilnet.Listen("tcp", ":8080", pkggateway.SocketSize)
if err != nil {
return err
Expand Down Expand Up @@ -130,15 +93,3 @@ func gateway(ctx context.Context, log *logrus.Entry) error {

return nil
}

func getURL(isLocalDevelopmentMode bool) (string, error) {
if isLocalDevelopmentMode {
return "https://localhost:8445", nil
}

if err := env.ValidateVars(DBTokenUrl); err != nil {
return "", err
}

return os.Getenv(DBTokenUrl), nil
}
13 changes: 0 additions & 13 deletions cmd/aro/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import (
"strings"
"time"

"github.com/Azure/ARO-RP/pkg/env"
utillog "github.com/Azure/ARO-RP/pkg/util/log"
_ "github.com/Azure/ARO-RP/pkg/util/scheme"
"github.com/Azure/ARO-RP/pkg/util/version"
Expand Down Expand Up @@ -102,15 +101,3 @@ func checkMinArgs(required int) {
os.Exit(2)
}
}

func DBName(isLocalDevelopmentMode bool) (string, error) {
if !isLocalDevelopmentMode {
return "ARO", nil
}

if err := env.ValidateVars(DatabaseName); err != nil {
return "", fmt.Errorf("%v (development mode)", err.Error())
}

return os.Getenv(DatabaseName), nil
}
56 changes: 14 additions & 42 deletions cmd/aro/monitor.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ package main

import (
"context"
"os"

"github.com/Azure/go-autorest/tracing"
"github.com/sirupsen/logrus"
Expand All @@ -20,12 +19,11 @@ import (
"github.com/Azure/ARO-RP/pkg/metrics/statsd/k8s"
pkgmonitor "github.com/Azure/ARO-RP/pkg/monitor"
"github.com/Azure/ARO-RP/pkg/proxy"
"github.com/Azure/ARO-RP/pkg/util/encryption"
"github.com/Azure/ARO-RP/pkg/util/keyvault"
"github.com/Azure/ARO-RP/pkg/util/service"
)

func monitor(ctx context.Context, log *logrus.Entry) error {
_env, err := env.NewEnv(ctx, log)
_env, err := env.NewEnv(ctx, log, env.COMPONENT_MONITOR)
if err != nil {
return err
}
Expand All @@ -42,7 +40,14 @@ func monitor(ctx context.Context, log *logrus.Entry) error {
}
}

m := statsd.New(ctx, log.WithField("component", "metrics"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET"))
if err := env.ValidateVars(
service.KeyVaultPrefix,
service.DatabaseAccountName,
); err != nil {
return err
}

m := statsd.NewFromEnv(ctx, log.WithField("component", "metrics"), _env)

g, err := golang.NewMetrics(log.WithField("component", "metrics"), m)
if err != nil {
Expand All @@ -57,47 +62,14 @@ func monitor(ctx context.Context, log *logrus.Entry) error {
RequestLatency: k8s.NewLatency(m),
})

clusterm := statsd.New(ctx, log.WithField("component", "metrics"), _env, os.Getenv("CLUSTER_MDM_ACCOUNT"), os.Getenv("CLUSTER_MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET"))

msiAuthorizer, err := _env.NewMSIAuthorizer(env.MSIContextRP, _env.Environment().ResourceManagerScope)
if err != nil {
return err
}

msiKVAuthorizer, err := _env.NewMSIAuthorizer(env.MSIContextRP, _env.Environment().KeyVaultScope)
if err != nil {
return err
}

if err := env.ValidateVars(KeyVaultPrefix); err != nil {
return err
}
keyVaultPrefix := os.Getenv(KeyVaultPrefix)
// TODO: should not be using the service keyvault here
serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix)
serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI)

aead, err := encryption.NewMulti(ctx, serviceKeyvault, env.EncryptionSecretV2Name, env.EncryptionSecretName)
if err != nil {
return err
}

if err := env.ValidateVars(DatabaseAccountName); err != nil {
return err
}

dbAccountName := os.Getenv(DatabaseAccountName)
dbAuthorizer, err := database.NewMasterKeyAuthorizer(ctx, _env, msiAuthorizer, dbAccountName)
if err != nil {
return err
}
clusterm := statsd.NewFromEnv(ctx, log.WithField("component", "metrics"), _env, "CLUSTER")

dbc, err := database.NewDatabaseClient(log.WithField("component", "database"), _env, dbAuthorizer, &noop.Noop{}, aead, dbAccountName)
dbc, err := service.NewDatabase(ctx, _env, log, &noop.Noop{}, service.DB_ALWAYS_MASTERKEY, true)
if err != nil {
return err
}

dbName, err := DBName(_env.IsLocalDevelopmentMode())
dbName, err := service.DBName(_env.IsLocalDevelopmentMode())
if err != nil {
return err
}
Expand Down Expand Up @@ -126,7 +98,7 @@ func monitor(ctx context.Context, log *logrus.Entry) error {
return err
}

mon := pkgmonitor.NewMonitor(log.WithField("component", "monitor"), dialer, dbMonitors, dbOpenShiftClusters, dbSubscriptions, m, clusterm, liveConfig, _env)
mon := pkgmonitor.NewMonitor(_env.Logger(), dialer, dbMonitors, dbOpenShiftClusters, dbSubscriptions, m, clusterm, liveConfig, _env)

return mon.Run(ctx)
}
Loading
Loading