Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a config endpoint on a new api server #21025

Merged
merged 33 commits into from
Dec 5, 2023
Merged

Add a config endpoint on a new api server #21025

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
42b8aa8
refactor to prepare new server
pgimalac Nov 20, 2023
02344fd
feat: implement config api server
pgimalac Nov 21, 2023
1e315df
refactor: move each server to its own file
pgimalac Nov 21, 2023
66fe2eb
merge with main
pgimalac Nov 21, 2023
bcf2bcf
fix revive duplicate import lint
pgimalac Nov 22, 2023
17b1c34
refactor: rename variables to ipc and cmd
pgimalac Nov 24, 2023
cbfadde
rename api server files to cmd and ipc
pgimalac Nov 24, 2023
a1125dd
limit ipc config endpoint to api_key for now
pgimalac Nov 24, 2023
7f69bc9
feat: define proper config payload type configPayload
pgimalac Nov 24, 2023
59cd5c5
merge with main
pgimalac Nov 27, 2023
e457dc9
renaming configs to agent_ipc_host/port
pgimalac Nov 28, 2023
44113ca
directly return error as string, or marshalled value
pgimalac Nov 28, 2023
69606a1
disable new endpoint by default
pgimalac Nov 28, 2023
4b62f52
rename extraHosts additionalHostIdentities
pgimalac Nov 29, 2023
99993c7
add some docs and logs, clean up stop server
pgimalac Nov 29, 2023
d1c14cd
refactor: improve naming
pgimalac Nov 29, 2023
c21c66d
move config endpoint to separate function
pgimalac Nov 29, 2023
79ba640
add logs to config endpoint on failure and success
pgimalac Nov 29, 2023
23f8c5b
only add the host without port to the certificate
pgimalac Nov 29, 2023
3a04b99
refactor: move config endpoint to separate directory, add tests
pgimalac Dec 1, 2023
6d1e442
test logic around enabling ipc server
pgimalac Dec 1, 2023
9ecb46c
add expvar metrics in config endpoint
pgimalac Dec 1, 2023
fa3bfa2
rename endpoint server and path
pgimalac Dec 1, 2023
ed704ae
merge with main
pgimalac Dec 1, 2023
6071290
refactor: rewrite test cases as structs
pgimalac Dec 2, 2023
27b9332
early return getIPCServerAddressPort
pgimalac Dec 2, 2023
b7ea9f8
Update pkg/api/security/security.go
pgimalac Dec 4, 2023
a6abb74
clean up variable name and types
pgimalac Dec 4, 2023
70fd44c
simplify test naming
pgimalac Dec 4, 2023
36685a1
refactor: remove global state, clean test naming
pgimalac Dec 4, 2023
72d395d
chore: log in case of answer write error
pgimalac Dec 4, 2023
d6763cf
pass config as parameter to test helper
pgimalac Dec 4, 2023
fde8155
feat: test expvars
pgimalac Dec 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 1 addition & 5 deletions cmd/agent/api/listener.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,6 @@ func getIPCAddressPort() (string, error) {
}

// getListener returns a listening connection
func getListener() (net.Listener, error) {
address, err := getIPCAddressPort()
if err != nil {
return nil, err
}
func getListener(address string) (net.Listener, error) {
return net.Listen("tcp", address)
}
19 changes: 4 additions & 15 deletions cmd/agent/api/security.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,6 @@ import (
"github.com/DataDog/datadog-agent/pkg/api/util"
)

var (
tlsKeyPair *tls.Certificate
tlsCertPool *x509.CertPool
tlsAddr string
pgimalac marked this conversation as resolved.
Show resolved Hide resolved
)

// validateToken - validates token for legacy API
func validateToken(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
Expand All @@ -47,7 +41,6 @@ func parseToken(token string) (interface{}, error) {
}

func buildSelfSignedKeyPair() ([]byte, []byte) {

hosts := []string{"127.0.0.1", "localhost", "::1"}
ipcAddr, err := getIPCAddressPort()
if err == nil {
Expand All @@ -67,8 +60,7 @@ func buildSelfSignedKeyPair() ([]byte, []byte) {
return rootCertPEM, rootKeyPEM
}

func initializeTLS() {

func initializeTLS() (*tls.Certificate, *x509.CertPool) {
cert, key := buildSelfSignedKeyPair()
if cert == nil {
panic("unable to generate certificate")
Expand All @@ -77,15 +69,12 @@ func initializeTLS() {
if err != nil {
panic(err)
}
tlsKeyPair = &pair
tlsCertPool = x509.NewCertPool()

tlsCertPool := x509.NewCertPool()
ok := tlsCertPool.AppendCertsFromPEM(cert)
if !ok {
panic("bad certs")
}

tlsAddr, err = getIPCAddressPort()
if err != nil {
panic("unable to get IPC address and port")
}
return &pair, tlsCertPool
}
30 changes: 17 additions & 13 deletions cmd/agent/api/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ import (
"github.com/DataDog/datadog-agent/pkg/util/optional"
)

var listener net.Listener
var apiListener net.Listener

// StartServer creates the router and starts the HTTP server
func StartServer(
pgimalac marked this conversation as resolved.
Show resolved Hide resolved
Expand All @@ -63,11 +63,15 @@ func StartServer(
hostMetadata host.Component,
invAgent inventoryagent.Component,
) error {
initializeTLS()
tlsKeyPair, tlsCertPool := initializeTLS()

apiAddr, err := getIPCAddressPort()
if err != nil {
panic("unable to get IPC address and port")
}

// get the transport we're going to use under HTTP
var err error
listener, err = getListener()
apiListener, err = getListener(apiAddr)
if err != nil {
// we use the listener to handle commands for the Agent, there's
// no way we can recover from this error
Expand All @@ -82,7 +86,7 @@ func StartServer(
// gRPC server
authInterceptor := grpcutil.AuthInterceptor(parseToken)
opts := []grpc.ServerOption{
grpc.Creds(credentials.NewClientTLSFromCert(tlsCertPool, tlsAddr)),
grpc.Creds(credentials.NewClientTLSFromCert(tlsCertPool, apiAddr)),
grpc.StreamInterceptor(grpc_auth.StreamServerInterceptor(authInterceptor)),
grpc.UnaryInterceptor(grpc_auth.UnaryServerInterceptor(authInterceptor)),
}
Expand All @@ -99,7 +103,7 @@ func StartServer(
})

dcreds := credentials.NewTLS(&tls.Config{
ServerName: tlsAddr,
ServerName: apiAddr,
RootCAs: tlsCertPool,
})
dopts := []grpc.DialOption{grpc.WithTransportCredentials(dcreds)}
Expand All @@ -108,13 +112,13 @@ func StartServer(
ctx := context.Background()
gwmux := runtime.NewServeMux()
err = pb.RegisterAgentHandlerFromEndpoint(
ctx, gwmux, tlsAddr, dopts)
ctx, gwmux, apiAddr, dopts)
if err != nil {
panic(err)
}

err = pb.RegisterAgentSecureHandlerFromEndpoint(
ctx, gwmux, tlsAddr, dopts)
ctx, gwmux, apiAddr, dopts)
if err != nil {
panic(err)
}
Expand Down Expand Up @@ -149,7 +153,7 @@ func StartServer(
logWriter, _ := config.NewLogWriter(5, seelog.ErrorLvl)

srv := grpcutil.NewMuxedGRPCServer(
tlsAddr,
apiAddr,
&tls.Config{
Certificates: []tls.Certificate{*tlsKeyPair},
NextProtos: []string{"h2"},
Expand All @@ -161,7 +165,7 @@ func StartServer(

srv.ErrorLog = stdLog.New(logWriter, "Error from the agent http API server: ", 0) // log errors to seelog

tlsListener := tls.NewListener(listener, srv.TLSConfig)
tlsListener := tls.NewListener(apiListener, srv.TLSConfig)

go srv.Serve(tlsListener) //nolint:errcheck
return nil
Expand All @@ -170,12 +174,12 @@ func StartServer(
// StopServer closes the connection and the server
// stops listening to new commands.
func StopServer() {
pgimalac marked this conversation as resolved.
Show resolved Hide resolved
if listener != nil {
listener.Close()
if apiListener != nil {
apiListener.Close()
}
}

// ServerAddress retruns the server address.
func ServerAddress() *net.TCPAddr {
return listener.Addr().(*net.TCPAddr)
return apiListener.Addr().(*net.TCPAddr)
}