juanfont.headscale/cmd/headscale/cli/utils.go

package cli

import (
	"context"
	"crypto/tls"
	"encoding/json"
	"fmt"
	"os"
	"reflect"

	"github.com/juanfont/headscale"
	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
	"github.com/rs/zerolog/log"
	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"
	"google.golang.org/grpc/credentials/insecure"
	"gopkg.in/yaml.v2"
)

const (
	HeadscaleDateTimeFormat = "2006-01-02 15:04:05"
	SocketWritePermissions  = 0o666
)

func getHeadscaleApp() (*headscale.Headscale, error) {
	cfg, err := headscale.GetHeadscaleConfig()
	if err != nil {
		return nil, fmt.Errorf(
			"failed to load configuration while creating headscale instance: %w",
			err,
		)
	}

	app, err := headscale.NewHeadscale(cfg)
	if err != nil {
		return nil, err
	}

	// We are doing this here, as in the future could be cool to have it also hot-reload

	if cfg.ACL.PolicyPath != "" {
		aclPath := headscale.AbsolutePathFromConfigPath(cfg.ACL.PolicyPath)
		err = app.LoadACLPolicy(aclPath)
		if err != nil {
			log.Fatal().
				Str("path", aclPath).
				Err(err).
				Msg("Could not load the ACL policy")
		}
	}

	return app, nil
}

func getHeadscaleCLIClient() (context.Context, v1.HeadscaleServiceClient, *grpc.ClientConn, context.CancelFunc) {
	cfg, err := headscale.GetHeadscaleConfig()
	if err != nil {
		log.Fatal().
			Err(err).
			Caller().
			Msgf("Failed to load configuration")
		os.Exit(-1) // we get here if logging is suppressed (i.e., json output)
	}

	log.Debug().
		Dur("timeout", cfg.CLI.Timeout).
		Msgf("Setting timeout")

	ctx, cancel := context.WithTimeout(context.Background(), cfg.CLI.Timeout)

	grpcOptions := []grpc.DialOption{
		grpc.WithBlock(),
	}

	address := cfg.CLI.Address

	// If the address is not set, we assume that we are on the server hosting headscale.
	if address == "" {
		log.Debug().
			Str("socket", cfg.UnixSocket).
			Msgf("HEADSCALE_CLI_ADDRESS environment is not set, connecting to unix socket.")

		address = cfg.UnixSocket

		// Try to give the user better feedback if we cannot write to the headscale
		// socket.
		socket, err := os.OpenFile(cfg.UnixSocket, os.O_WRONLY, SocketWritePermissions) //nolint
		if err != nil {
			if os.IsPermission(err) {
				log.Fatal().
					Err(err).
					Str("socket", cfg.UnixSocket).
					Msgf("Unable to read/write to headscale socket, do you have the correct permissions?")
			}
		}
		socket.Close()

		grpcOptions = append(
			grpcOptions,
			grpc.WithTransportCredentials(insecure.NewCredentials()),
			grpc.WithContextDialer(headscale.GrpcSocketDialer),
		)
	} else {
		// If we are not connecting to a local server, require an API key for authentication
		apiKey := cfg.CLI.APIKey
		if apiKey == "" {
			log.Fatal().Caller().Msgf("HEADSCALE_CLI_API_KEY environment variable needs to be set.")
		}
		grpcOptions = append(grpcOptions,
			grpc.WithPerRPCCredentials(tokenAuth{
				token: apiKey,
			}),
		)

		if cfg.CLI.Insecure {
			tlsConfig := &tls.Config{
				// turn of gosec as we are intentionally setting
				// insecure.
				//nolint:gosec
				InsecureSkipVerify: true,
			}

			grpcOptions = append(grpcOptions,
				grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)),
			)
		} else {
			grpcOptions = append(grpcOptions,
				grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")),
			)
		}
	}

	log.Trace().Caller().Str("address", address).Msg("Connecting via gRPC")
	conn, err := grpc.DialContext(ctx, address, grpcOptions...)
	if err != nil {
		log.Fatal().Caller().Err(err).Msgf("Could not connect: %v", err)
		os.Exit(-1) // we get here if logging is suppressed (i.e., json output)
	}

	client := v1.NewHeadscaleServiceClient(conn)

	return ctx, client, conn, cancel
}

func SuccessOutput(result interface{}, override string, outputFormat string) {
	var jsonBytes []byte
	var err error
	switch outputFormat {
	case "json":
		jsonBytes, err = json.MarshalIndent(result, "", "\t")
		if err != nil {
			log.Fatal().Err(err)
		}
	case "json-line":
		jsonBytes, err = json.Marshal(result)
		if err != nil {
			log.Fatal().Err(err)
		}
	case "yaml":
		jsonBytes, err = yaml.Marshal(result)
		if err != nil {
			log.Fatal().Err(err)
		}
	default:
		//nolint
		fmt.Println(override)

		return
	}

	//nolint
	fmt.Println(string(jsonBytes))
}

func ErrorOutput(errResult error, override string, outputFormat string) {
	type errOutput struct {
		Error string `json:"error"`
	}

	SuccessOutput(errOutput{errResult.Error()}, override, outputFormat)
}

func HasMachineOutputFlag() bool {
	for _, arg := range os.Args {
		if arg == "json" || arg == "json-line" || arg == "yaml" {
			return true
		}
	}

	return false
}

type tokenAuth struct {
	token string
}

// Return value is mapped to request headers.
func (t tokenAuth) GetRequestMetadata(
	ctx context.Context,
	in ...string,
) (map[string]string, error) {
	return map[string]string{
		"authorization": "Bearer " + t.token,
	}, nil
}

func (tokenAuth) RequireTransportSecurity() bool {
	return true
}

func contains[T string](ts []T, t T) bool {
	for _, v := range ts {
		if reflect.DeepEqual(v, t) {
			return true
		}
	}

	return false
}
Move the CLI functiontionality to the CLI package 2021-04-28 16:15:45 +02:00			`package cli`

			`import (`
Move config loading out of the headscale app setup 2021-10-29 19:09:06 +02:00			`"context"`
Add insecure option Add option to not _validate_ if the certificate served from headscale is trusted. 2022-02-13 09:41:49 +01:00			`"crypto/tls"`
Adding support for JSON-formatted output 1/n 2021-05-08 13:28:22 +02:00			`"encoding/json"`
			`"fmt"`
Move the CLI functiontionality to the CLI package 2021-04-28 16:15:45 +02:00			`"os"`
refact: use generics for contains functions 2022-04-25 21:50:40 +02:00			`"reflect"`
Move the CLI functiontionality to the CLI package 2021-04-28 16:15:45 +02:00
			`"github.com/juanfont/headscale"`
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`v1 "github.com/juanfont/headscale/gen/go/headscale/v1"`
Convert cli/utils.go 2021-08-05 19:26:49 +02:00			`"github.com/rs/zerolog/log"`
Move config loading out of the headscale app setup 2021-10-29 19:09:06 +02:00			`"google.golang.org/grpc"`
Use undeprecated method for insecure 2022-02-12 20:08:33 +01:00			`"google.golang.org/grpc/credentials"`
			`"google.golang.org/grpc/credentials/insecure"`
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`"gopkg.in/yaml.v2"`
Move the CLI functiontionality to the CLI package 2021-04-28 16:15:45 +02:00			`)`

Make Unix socket permissions configurable 2022-01-28 19:58:22 +01:00			`const (`
More reusable stuff in cli 2022-01-25 23:11:15 +01:00			`HeadscaleDateTimeFormat = "2006-01-02 15:04:05"`
Fix lint Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2022-10-31 10:41:34 +01:00			`SocketWritePermissions = 0o666`
Make Unix socket permissions configurable 2022-01-28 19:58:22 +01:00			`)`

Move config loading out of the headscale app setup 2021-10-29 19:09:06 +02:00			`func getHeadscaleApp() (*headscale.Headscale, error) {`
Make get config load the config, use config in main method 2022-06-05 17:47:12 +02:00			`cfg, err := headscale.GetHeadscaleConfig()`
			`if err != nil {`
chore(all): apply formater 2022-08-04 10:47:00 +02:00			`return nil, fmt.Errorf(`
			`"failed to load configuration while creating headscale instance: %w",`
			`err,`
			`)`
Make get config load the config, use config in main method 2022-06-05 17:47:12 +02:00			`}`

Initial work eliminating one/two letter variables 2021-11-14 20:32:03 +01:00			`app, err := headscale.NewHeadscale(cfg)`
Move the CLI functiontionality to the CLI package 2021-04-28 16:15:45 +02:00			`if err != nil {`
			`return nil, err`
			`}`
Load ACL policy on headscale startup 2021-07-04 13:24:05 +02:00
			`// We are doing this here, as in the future could be cool to have it also hot-reload`
Only load ACLs if a path is present 2021-07-11 15:10:11 +02:00
Use config object instead of viper for policy path 2022-05-31 12:50:43 +02:00			`if cfg.ACL.PolicyPath != "" {`
Move Abspath function to headscale utils 2022-05-31 12:57:48 +02:00			`aclPath := headscale.AbsolutePathFromConfigPath(cfg.ACL.PolicyPath)`
Initial work eliminating one/two letter variables 2021-11-14 20:32:03 +01:00			`err = app.LoadACLPolicy(aclPath)`
Only load ACLs if a path is present 2021-07-11 15:10:11 +02:00			`if err != nil {`
Exit Headscale if ACL policy file cannot be parsed 2022-04-06 16:05:08 +02:00			`log.Fatal().`
Make log keys lowercase 2021-08-05 21:57:47 +02:00			`Str("path", aclPath).`
Convert cli/utils.go 2021-08-05 19:26:49 +02:00			`Err(err).`
			`Msg("Could not load the ACL policy")`
Only load ACLs if a path is present 2021-07-11 15:10:11 +02:00			`}`
Load ACL policy on headscale startup 2021-07-04 13:24:05 +02:00			`}`

Initial work eliminating one/two letter variables 2021-11-14 20:32:03 +01:00			`return app, nil`
Move the CLI functiontionality to the CLI package 2021-04-28 16:15:45 +02:00			`}`

Attempt to dry up CLI client, add proepr config This commit is trying to DRY up the initiation of the gRPC client in each command: It renames the function to CLI instead of GRPC as it actually set up a CLI client, not a generic grpc client It also moves the configuration of address, timeout (which is now consistent) and api to use Viper, allowing users to set it via env vars and configuration file 2021-11-07 10:41:14 +01:00			`func getHeadscaleCLIClient() (context.Context, v1.HeadscaleServiceClient, *grpc.ClientConn, context.CancelFunc) {`
Make get config load the config, use config in main method 2022-06-05 17:47:12 +02:00			`cfg, err := headscale.GetHeadscaleConfig()`
			`if err != nil {`
			`log.Fatal().`
			`Err(err).`
			`Caller().`
			`Msgf("Failed to load configuration")`
Update cmd/headscale/cli/utils.go 2022-06-26 09:52:04 +02:00			`os.Exit(-1) // we get here if logging is suppressed (i.e., json output)`
Make get config load the config, use config in main method 2022-06-05 17:47:12 +02:00			`}`
Attempt to dry up CLI client, add proepr config This commit is trying to DRY up the initiation of the gRPC client in each command: It renames the function to CLI instead of GRPC as it actually set up a CLI client, not a generic grpc client It also moves the configuration of address, timeout (which is now consistent) and api to use Viper, allowing users to set it via env vars and configuration file 2021-11-07 10:41:14 +01:00
			`log.Debug().`
			`Dur("timeout", cfg.CLI.Timeout).`
			`Msgf("Setting timeout")`

			`ctx, cancel := context.WithTimeout(context.Background(), cfg.CLI.Timeout)`

Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00			`grpcOptions := []grpc.DialOption{`
			`grpc.WithBlock(),`
			`}`

Attempt to dry up CLI client, add proepr config This commit is trying to DRY up the initiation of the gRPC client in each command: It renames the function to CLI instead of GRPC as it actually set up a CLI client, not a generic grpc client It also moves the configuration of address, timeout (which is now consistent) and api to use Viper, allowing users to set it via env vars and configuration file 2021-11-07 10:41:14 +01:00			`address := cfg.CLI.Address`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00
			`// If the address is not set, we assume that we are on the server hosting headscale.`
			`if address == "" {`
Switch from gRPC localhost to socket This commit changes the way CLI and grpc-gateway communicates with the gRPC backend to socket, instead of localhost. Unauthenticated access now goes on the socket, while the network interface will require API key (in the future). 2021-10-30 16:08:16 +02:00			`log.Debug().`
			`Str("socket", cfg.UnixSocket).`
Attempt to dry up CLI client, add proepr config This commit is trying to DRY up the initiation of the gRPC client in each command: It renames the function to CLI instead of GRPC as it actually set up a CLI client, not a generic grpc client It also moves the configuration of address, timeout (which is now consistent) and api to use Viper, allowing users to set it via env vars and configuration file 2021-11-07 10:41:14 +01:00			`Msgf("HEADSCALE_CLI_ADDRESS environment is not set, connecting to unix socket.")`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00
Switch from gRPC localhost to socket This commit changes the way CLI and grpc-gateway communicates with the gRPC backend to socket, instead of localhost. Unauthenticated access now goes on the socket, while the network interface will require API key (in the future). 2021-10-30 16:08:16 +02:00			`address = cfg.UnixSocket`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00
Give user better feedback if headscale socket is unwritable Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2022-10-31 10:37:42 +01:00			`// Try to give the user better feedback if we cannot write to the headscale`
			`// socket.`
Add nolint since go os has weird casing Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2022-10-31 10:47:30 +01:00			`socket, err := os.OpenFile(cfg.UnixSocket, os.O_WRONLY, SocketWritePermissions) //nolint`
Give user better feedback if headscale socket is unwritable Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> 2022-10-31 10:37:42 +01:00			`if err != nil {`
			`if os.IsPermission(err) {`
			`log.Fatal().`
			`Err(err).`
			`Str("socket", cfg.UnixSocket).`
			`Msgf("Unable to read/write to headscale socket, do you have the correct permissions?")`
			`}`
			`}`
			`socket.Close()`

Switch from gRPC localhost to socket This commit changes the way CLI and grpc-gateway communicates with the gRPC backend to socket, instead of localhost. Unauthenticated access now goes on the socket, while the network interface will require API key (in the future). 2021-10-30 16:08:16 +02:00			`grpcOptions = append(`
			`grpcOptions,`
Use undeprecated method for insecure 2022-02-12 20:08:33 +01:00			`grpc.WithTransportCredentials(insecure.NewCredentials()),`
Fix lint error 2021-10-30 16:29:03 +02:00			`grpc.WithContextDialer(headscale.GrpcSocketDialer),`
Switch from gRPC localhost to socket This commit changes the way CLI and grpc-gateway communicates with the gRPC backend to socket, instead of localhost. Unauthenticated access now goes on the socket, while the network interface will require API key (in the future). 2021-10-30 16:08:16 +02:00			`)`
			`} else {`
			`// If we are not connecting to a local server, require an API key for authentication`
Attempt to dry up CLI client, add proepr config This commit is trying to DRY up the initiation of the gRPC client in each command: It renames the function to CLI instead of GRPC as it actually set up a CLI client, not a generic grpc client It also moves the configuration of address, timeout (which is now consistent) and api to use Viper, allowing users to set it via env vars and configuration file 2021-11-07 10:41:14 +01:00			`apiKey := cfg.CLI.APIKey`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00			`if apiKey == "" {`
More reusable stuff in cli 2022-01-25 23:11:15 +01:00			`log.Fatal().Caller().Msgf("HEADSCALE_CLI_API_KEY environment variable needs to be set.")`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00			`}`
			`grpcOptions = append(grpcOptions,`
			`grpc.WithPerRPCCredentials(tokenAuth{`
			`token: apiKey,`
			`}),`
			`)`
Add insecure option Add option to not _validate_ if the certificate served from headscale is trusted. 2022-02-13 09:41:49 +01:00
			`if cfg.CLI.Insecure {`
			`tlsConfig := &tls.Config{`
Fix lint 2022-02-13 09:46:35 +01:00			`// turn of gosec as we are intentionally setting`
			`// insecure.`
			`//nolint:gosec`
Add insecure option Add option to not _validate_ if the certificate served from headscale is trusted. 2022-02-13 09:41:49 +01:00			`InsecureSkipVerify: true,`
			`}`

			`grpcOptions = append(grpcOptions,`
			`grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)),`
			`)`
			`} else {`
			`grpcOptions = append(grpcOptions,`
			`grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")),`
			`)`
			`}`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00			`}`

			`log.Trace().Caller().Str("address", address).Msg("Connecting via gRPC")`
Fix lint error 2021-10-29 19:36:11 +02:00			`conn, err := grpc.DialContext(ctx, address, grpcOptions...)`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00			`if err != nil {`
More reusable stuff in cli 2022-01-25 23:11:15 +01:00			`log.Fatal().Caller().Err(err).Msgf("Could not connect: %v", err)`
Update cmd/headscale/cli/utils.go 2022-06-26 09:52:11 +02:00			`os.Exit(-1) // we get here if logging is suppressed (i.e., json output)`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00			`}`

Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`client := v1.NewHeadscaleServiceClient(conn)`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00
Attempt to dry up CLI client, add proepr config This commit is trying to DRY up the initiation of the gRPC client in each command: It renames the function to CLI instead of GRPC as it actually set up a CLI client, not a generic grpc client It also moves the configuration of address, timeout (which is now consistent) and api to use Viper, allowing users to set it via env vars and configuration file 2021-11-07 10:41:14 +01:00			`return ctx, client, conn, cancel`
Add helper function to setup grpc client for cli 2021-10-29 19:15:52 +02:00			`}`

Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`func SuccessOutput(result interface{}, override string, outputFormat string) {`
Rename j 2022-02-12 20:08:41 +01:00			`var jsonBytes []byte`
Adding support for JSON-formatted output 1/n 2021-05-08 13:28:22 +02:00			`var err error`
			`switch outputFormat {`
			`case "json":`
Rename j 2022-02-12 20:08:41 +01:00			`jsonBytes, err = json.MarshalIndent(result, "", "\t")`
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`if err != nil {`
			`log.Fatal().Err(err)`
Adding support for JSON-formatted output 1/n 2021-05-08 13:28:22 +02:00			`}`
			`case "json-line":`
Rename j 2022-02-12 20:08:41 +01:00			`jsonBytes, err = json.Marshal(result)`
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`if err != nil {`
			`log.Fatal().Err(err)`
			`}`
			`case "yaml":`
Rename j 2022-02-12 20:08:41 +01:00			`jsonBytes, err = yaml.Marshal(result)`
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`if err != nil {`
			`log.Fatal().Err(err)`
Adding support for JSON-formatted output 1/n 2021-05-08 13:28:22 +02:00			`}`
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`default:`
Add and fix forbidigo 2021-11-15 19:36:02 +01:00			`//nolint`
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`fmt.Println(override)`
Add and fix nlreturn (new line return) 2021-11-14 16:46:09 +01:00
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`return`
Adding support for JSON-formatted output 1/n 2021-05-08 13:28:22 +02:00			`}`
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00
Add and fix forbidigo 2021-11-15 19:36:02 +01:00			`//nolint`
Rename j 2022-02-12 20:08:41 +01:00			`fmt.Println(string(jsonBytes))`
Adding support for JSON-formatted output 1/n 2021-05-08 13:28:22 +02:00			`}`
This commit disables the version checker when JSON output (#153) 2021-10-13 00:18:55 +02:00
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`func ErrorOutput(errResult error, override string, outputFormat string) {`
			`type errOutput struct {`
			Error string `json:"error"`
			`}`

			`SuccessOutput(errOutput{errResult.Error()}, override, outputFormat)`
			`}`

			`func HasMachineOutputFlag() bool {`
This commit disables the version checker when JSON output (#153) 2021-10-13 00:18:55 +02:00			`for _, arg := range os.Args {`
Expand json output to support yaml, make more generic 2021-11-04 23:31:47 +01:00			`if arg == "json" \|\| arg == "json-line" \|\| arg == "yaml" {`
This commit disables the version checker when JSON output (#153) 2021-10-13 00:18:55 +02:00			`return true`
			`}`
			`}`
Add and fix nlreturn (new line return) 2021-11-14 16:46:09 +01:00
This commit disables the version checker when JSON output (#153) 2021-10-13 00:18:55 +02:00			`return false`
			`}`
Add grpc token auth struct 2021-10-29 19:08:21 +02:00
			`type tokenAuth struct {`
			`token string`
			`}`

			`// Return value is mapped to request headers.`
Go format with shorter lines 2021-11-13 09:36:45 +01:00			`func (t tokenAuth) GetRequestMetadata(`
			`ctx context.Context,`
			`in ...string,`
			`) (map[string]string, error) {`
Add grpc token auth struct 2021-10-29 19:08:21 +02:00			`return map[string]string{`
			`"authorization": "Bearer " + t.token,`
			`}, nil`
			`}`

			`func (tokenAuth) RequireTransportSecurity() bool {`
Remove insecure, only allow valid certs 2022-02-12 20:35:55 +01:00			`return true`
Add grpc token auth struct 2021-10-29 19:08:21 +02:00			`}`
Resolve merge conflict 2021-10-31 10:40:43 +01:00
fix: fix linting issue on my computer 2022-04-25 22:33:53 +02:00			`func contains[T string](ts []T, t T) bool {`
refact: use generics for contains functions 2022-04-25 21:50:40 +02:00			`for _, v := range ts {`
chore: apply linting 2022-04-25 22:27:44 +02:00			`if reflect.DeepEqual(v, t) {`
fix: move tag command to subcommand of nodes 2022-04-21 23:43:20 +02:00			`return true`
			`}`
			`}`

			`return false`
			`}`