Skip to content

Commit

Permalink
Routers: implement POST notification for bootscript requests
Browse files Browse the repository at this point in the history
This is to be used with the new TPM-manager OCHAMI component,
specifically to inform the TPM manager when a new node is booting and
will soon be ready to receive its TPM secret.
  • Loading branch information
LRitzdorf committed Jun 27, 2024
1 parent 14b5745 commit 90618f5
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
6 changes: 6 additions & 0 deletions cmd/boot-script-service/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ var (
spireServiceURL = "https://spire-tokens.spire:54440"
oauth2AdminBaseURL = "http://127.0.0.1:3333"
oauth2PublicBaseURL = "http://127.0.0.1:3333"
bootscriptNotifyURL = ""
)

func parseEnv(evar string, v interface{}) (ret error) {
Expand Down Expand Up @@ -324,6 +325,10 @@ func parseEnvVars() error {
if parseErr != nil {
errList = append(errList, fmt.Errorf("BSS_OAUTH2_PUBLIC_BASE_URL: %q", parseErr))
}
parseErr = parseEnv("BSS_BOOTSCRIPT_NOTIFY_URL", &bootscriptNotifyURL)
if parseErr != nil {
errList = append(errList, fmt.Errorf("BSS_BOOTSCRIPT_NOTIFY_URL: %q", parseErr))
}

//
// Etcd environment variables
Expand Down Expand Up @@ -421,6 +426,7 @@ func parseCmdLine() {
flag.StringVar(&jwksURL, "jwks-url", jwksURL, "(BSS_JWKS_URL) Set the JWKS URL to fetch the public key for authorization (enables authentication)")
flag.StringVar(&oauth2AdminBaseURL, "oauth2-admin-base-url", oauth2AdminBaseURL, "(BSS_OAUTH2_ADMIN_BASE_URL) Base URL of the OAUTH2 server admin endpoints for client authorizations")
flag.StringVar(&oauth2PublicBaseURL, "oauth2-public-base-url", oauth2PublicBaseURL, "(BSS_OAUTH2_PUBLIC_BASE_URL) Base URL of the OAUTH2 server public endpoints (e.g. for token grants)")
flag.StringVar(&bootscriptNotifyURL, "bootscript-notify-url", bootscriptNotifyURL, "(BSS_BOOTSCRIPT_NOTIFY_URL) Full URL to which newly-booted node IPs should be POSTed (e.g. TPM-manager server)")
flag.BoolVar(&insecure, "insecure", insecure, "(BSS_INSECURE) Don't enforce https certificate security")
flag.BoolVar(&debugFlag, "debug", debugFlag, "(BSS_DEBUG) Enable debug output")
flag.BoolVar(&useSQL, "postgres", useSQL, "(BSS_USESQL) Use Postgres instead of ETCD")
Expand Down
13 changes: 13 additions & 0 deletions cmd/boot-script-service/routers.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ package main
import (
"fmt"
"net/http"
net_url "net/url"
"time"

base "github.com/Cray-HPE/hms-base"
Expand Down Expand Up @@ -130,6 +131,9 @@ func bootParameters(w http.ResponseWriter, r *http.Request) {
}

func bootScript(w http.ResponseWriter, r *http.Request) {
if bootscriptNotifyURL != "" {
go notifyTarget(bootscriptNotifyURL, r.RemoteAddr)
}
switch r.Method {
case http.MethodGet:
BootscriptGet(w, r)
Expand Down Expand Up @@ -211,3 +215,12 @@ func endpointHistoryGet(w http.ResponseWriter, r *http.Request) {
sendAllowable(w, "GET")
}
}

func notifyTarget(url string, data string) {
resp, err := http.PostForm(url, net_url.Values{"data": {data}})
if err != nil {
fmt.Printf("Error POSTing to %s: %v\n", url, err)
return
}
defer resp.Body.Close()
}

0 comments on commit 90618f5

Please sign in to comment.