Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add token path to Agent config Command block #958

Open
wants to merge 20 commits into
base: v3
Choose a base branch
from
Open

Add token path to Agent config Command block #958

wants to merge 20 commits into from

Conversation

sean-breen
Copy link

@sean-breen sean-breen commented Jan 7, 2025
edited
Loading

Proposed changes

Allow the data plane key to be loaded from a file by adding a new configuration option token-path under the Command section of the agent config file. Also refactored some code to create new functions addTransportCredentials and validateTokenFile which are used when creating the gRPC credentials.

  • If both token and token-path are set:
    • token-path will take priority
    • token field will be used as a fallback when the token-path file does not exist or is inaccessible
command:
  server:
    host: "127.0.0.1"             # Command server host
    port: 8888                    # Command server port
  tls:
    server_name: test-local-server
    ca: /tmp/ca.pem
    cert: /tmp/cert.pem
    key: /tmp/key.pem
    generate_self_signed_cert: true
  auth:
    token: "1a2b3c4d"    
    token-path: "path/to/secret-token"    # Path to a file containing the authentication token for the command sever

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING document
  • I have run make install-tools and have attached any dependency changes to this pull request
  • If applicable, I have added tests that prove my fix is effective or that my feature works
  • If applicable, I have checked that any relevant tests pass after adding my changes
  • If applicable, I have updated any relevant documentation (README.md)
  • If applicable, I have tested my cross-platform changes on Ubuntu 22, Redhat 8, SUSE 15 and FreeBSD 13

@github-actions github-actions bot added the chore Pull requests for routine tasks label Jan 7, 2025
@sean-breen sean-breen marked this pull request as ready for review January 8, 2025 14:33
@sean-breen sean-breen requested a review from a team as a code owner January 8, 2025 14:33
@sean-breen sean-breen changed the title Draft: Add token path to Agent config Add token path to Agent config Jan 8, 2025
@sean-breen sean-breen changed the title Add token path to Agent config Add token path to Agent config Command block Jan 8, 2025
dhurley
dhurley reviewed Jan 9, 2025
View reviewed changes
internal/grpc/grpc.go Outdated
)
} else {
if err != nil {
slog.Error("Unable to add transport credentials to gRPC dial options", "error", err)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error log is misleading since we are adding the default transport credentials. Maybe it should be Unable to get transport credentials from agent configuration, adding default transport credentials to gRPC dial options

internal/grpc/grpc.go Outdated
)
} else {
if err != nil {
slog.Error("Unable to add transport credentials to gRPC dial options", "error", err)
slog.Debug("Adding default transport credentials to gRPC dial options")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe remove the debug log

internal/grpc/grpc.go Outdated
return opts
}

func validateTokenFile(path string) (string, error) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
func validateTokenFile(path string) (string, error) {
func retrieveTokenFromFile(path string) (string, error) {

might be a better description for what the function is doing

internal/grpc/grpc.go Outdated
}

func addPerRPCCredentials(agentConfig *config.Config, resourceID string, opts []grpc.DialOption) []grpc.DialOption {
key := agentConfig.Command.Auth.Token
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
key := agentConfig.Command.Auth.Token
token := agentConfig.Command.Auth.Token

would token be a better name for this variable?

internal/grpc/grpc.go Outdated
return "", errors.New("token file path is empty")
}

slog.Debug("Reading dataplane key from file", "path", path)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
slog.Debug("Reading dataplane key from file", "path", path)
slog.Debug("Reading token from file", "path", path)

Should be consistent is our naming. I think referring to it as token is better than dataplane key

internal/grpc/grpc.go Outdated
return opts
}

func validateTokenFile(path string) (string, error) {
if path == "" {
slog.Error("Token file path is empty")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you are return the error then there is no need to also log it here since it will be logged by the function calling it

internal/grpc/grpc.go Outdated

if keyVal == "" {
slog.Error("failed to load token, please check agent configuration")
return "", errors.New("failed to load token, please check agent configuration")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return "", errors.New("failed to load token, please check agent configuration")
return "", errors.New("failed to retrieve token, token file is empty")

@sean-breen sean-breen requested a review from dhurley January 10, 2025 11:30
dhurley
dhurley reviewed Jan 13, 2025
View reviewed changes
internal/grpc/grpc.go Outdated
Comment on lines 272 to 273
slog.Error("Unable to read token from file", "error", err)
return "", err
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
slog.Error("Unable to read token from file", "error", err)
return "", err
return "", fmt.Errorf("unable to read token from file %w", err)

internal/grpc/grpc_test.go
}
}

func Test_getTransportCredentials(t *testing.T) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wondering if the struct array is needed since there is only one test case

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really needed, but I was going to leave it there in case of expansion in the future.

sean-breen and others added 5 commits January 15, 2025 15:09
@sean-breen sean-breen added the v3.x Issues and Pull Requests related to the major version v3 label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhurley dhurley Awaiting requested review from dhurley

@aphralG aphralG Awaiting requested review from aphralG

@oliveromahony oliveromahony Awaiting requested review from oliveromahony

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
chore Pull requests for routine tasks v3.x Issues and Pull Requests related to the major version v3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sean-breen @dhurley @aphralG