direktil/dkl
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Mikaël Cluseau
2025-06-29 18:28:01 +02:00
commit 3256f7dbe4
7 changed files with 2347 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
/target
/dls
/modd.conf
/m1_bootstrap-config

1920
Cargo.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

19
Cargo.toml Normal file
View File

@ -0,0 +1,19 @@
[package]
name = "dkl"
version = "0.1.0"
edition = "2024"
[dependencies]
bytes = "1.10.1"
clap = { version = "4.5.40", features = ["derive"] }
env_logger = "0.11.8"
eyre = "0.6.12"
futures-util = "0.3.31"
log = "0.4.27"
reqwest = { version = "0.12.20", features = ["json", "stream"] }
serde = { version = "1.0.219", features = ["derive"] }
serde_json = "1.0.140"
serde_yaml = "0.9.34"
thiserror = "2.0.12"
tokio = { version = "1.45.1", features = ["fs", "macros", "rt"] }

149
src/bin/dls.rs Normal file
View File

@ -0,0 +1,149 @@
use clap::{Parser, Subcommand};
use eyre::{format_err, Result};
use futures_util::StreamExt;
use tokio::io::AsyncWriteExt;
use dkl::dls;
#[derive(Parser)]
#[command()]
struct Cli {
#[arg(long, default_value = "http://[::1]:7606")]
dls: String,
#[command(subcommand)]
command: Command,
}
#[derive(Subcommand)]
enum Command {
Clusters,
Cluster {
cluster: String,
#[command(subcommand)]
command: Option<ClusterCommand>,
},
Hosts,
Host {
host: String,
asset: Option<String>,
},
}
#[derive(Subcommand)]
enum ClusterCommand {
CaCert {
#[arg(default_value = "cluster")]
name: String,
},
Token {
#[arg(default_value = "admin")]
name: String,
},
Addons,
SshSign {
user_public_key: String,
#[arg(long, default_value = "root")]
principal: String,
#[arg(long, default_value = "+1d")]
validity: String,
#[arg(long)]
options: Vec<String>,
},
}
#[tokio::main(flavor = "current_thread")]
async fn main() -> Result<()> {
let cli = Cli::parse();
env_logger::builder()
.parse_filters("info")
.parse_default_env()
.init();
let token = std::env::var("DLS_TOKEN").map_err(|_| format_err!("DLS_TOKEN should be set"))?;
let dls = dls::Client::new(cli.dls, token);
use Command as C;
match cli.command {
C::Clusters => write_json(&dls.clusters().await?),
C::Cluster { cluster, command } => {
let cluster = dls.cluster(cluster);
use ClusterCommand as CC;
match command {
None => write_json(&cluster.config().await?),
Some(CC::CaCert { name }) => write_raw(&cluster.ca_cert(&name).await?),
Some(CC::Token { name }) => println!("{}", &cluster.token(&name).await?),
Some(CC::Addons) => write_raw(&cluster.addons().await?),
Some(CC::SshSign {
user_public_key,
principal,
validity,
options,
}) => {
let pub_key = tokio::fs::read_to_string(user_public_key).await?;
let cert = cluster
.sign_ssh_user_pubkey(&dls::SshSignReq {
pub_key,
principal,
validity: Some(validity).filter(|s| s != ""),
options,
})
.await?;
write_raw(&cert);
}
}
}
C::Hosts => write_json(&dls.hosts().await?),
C::Host { host, asset } => {
let host_name = host.clone();
let host = dls.host(host);
match asset {
None => write_json(&host.config().await?),
Some(asset) => {
let mut stream = host.asset(&asset).await?;
let out_path = format!("{host_name}_{asset}");
eprintln!("writing {host_name} asset {asset} to {out_path}");
let out = tokio::fs::File::options()
.mode(0o600)
.write(true)
.create(true)
.truncate(true)
.open(out_path)
.await?;
let mut out = tokio::io::BufWriter::new(out);
let mut n = 0u64;
while let Some(chunk) = stream.next().await {
let chunk = chunk?;
n += chunk.len() as u64;
eprint!("wrote {n} bytes\r");
out.write_all(&chunk).await?;
}
eprintln!();
out.flush().await?;
}
}
}
};
Ok(())
}
fn write_json<T: serde::ser::Serialize>(v: &T) {
let data = serde_json::to_string_pretty(v).expect("value should serialize to json");
println!("{data}");
}
fn write_raw(raw: &[u8]) {
use std::io::Write;
let mut out = std::io::stdout();
out.write(raw).expect("stdout write");
out.flush().expect("stdout flush");
}

234
src/dls.rs Normal file
View File

@ -0,0 +1,234 @@
use bytes::Bytes;
use futures_util::Stream;
use log::debug;
use reqwest::Method;
use std::collections::BTreeMap as Map;
use std::fmt::Display;
use std::net::IpAddr;
pub struct Client {
base_url: String,
token: String,
http_client: reqwest::Client,
}
impl Client {
pub fn new(base_url: String, token: String) -> Self {
Self {
base_url,
token,
http_client: reqwest::Client::default(),
}
}
pub fn with_proxy(self, proxy: String) -> reqwest::Result<Self> {
let proxy = reqwest::Proxy::all(proxy)?;
Ok(Self {
http_client: reqwest::Client::builder().proxy(proxy).build()?,
..self
})
}
pub async fn clusters(&self) -> Result<Vec<String>> {
self.get_json("clusters").await
}
pub fn cluster(&self, name: String) -> Cluster {
Cluster { dls: self, name }
}
pub async fn hosts(&self) -> Result<Vec<String>> {
self.get_json("hosts").await
}
pub fn host(&self, name: String) -> Host {
Host { dls: self, name }
}
pub async fn get_json<T: serde::de::DeserializeOwned>(&self, path: impl Display) -> Result<T> {
let req = self.get(&path)?.header("Accept", "application/json");
let resp = do_req(req, &self.token).await?;
let body = resp.bytes().await.map_err(Error::Read)?;
serde_json::from_slice(&body).map_err(Error::Parse)
}
pub async fn get_bytes(&self, path: impl Display) -> Result<Vec<u8>> {
let resp = do_req(self.get(&path)?, &self.token).await?;
Ok(resp.bytes().await.map_err(Error::Read)?.to_vec())
}
pub fn get(&self, path: impl Display) -> Result<reqwest::RequestBuilder> {
self.req(Method::GET, path)
}
pub fn req(&self, method: Method, path: impl Display) -> Result<reqwest::RequestBuilder> {
let uri = format!("{}/{path}", self.base_url);
Ok((self.http_client.request(method, uri))
.header("Authorization", format!("Bearer {}", self.token)))
}
}
pub struct Cluster<'t> {
dls: &'t Client,
name: String,
}
impl<'t> Cluster<'t> {
pub async fn config(&self) -> Result<ClusterConfig> {
self.dls.get_json(format!("clusters/{}", self.name)).await
}
pub async fn ca_cert(&self, ca_name: &str) -> Result<Vec<u8>> {
self.dls
.get_bytes(format!("clusters/{}/CAs/{ca_name}/certificate", self.name))
.await
}
pub async fn token(&self, name: &str) -> Result<String> {
self.dls
.get_json(format!("clusters/{}/tokens/{name}", self.name))
.await
}
pub async fn addons(&self) -> Result<Vec<u8>> {
self.dls
.get_bytes(format!("clusters/{}/addons", self.name))
.await
}
pub async fn sign_ssh_user_pubkey(&self, sign_req: &SshSignReq) -> Result<Vec<u8>> {
let req = self.dls.req(
Method::POST,
format!("clusters/{}/ssh/user-ca/sign", self.name),
)?;
let req = req.json(sign_req);
let resp = do_req(req, &self.dls.token).await?;
Ok(resp.bytes().await.map_err(Error::Read)?.to_vec())
}
}
pub struct Host<'t> {
dls: &'t Client,
name: String,
}
impl<'t> Host<'t> {
pub async fn config(&self) -> Result<HostConfig> {
self.dls.get_json(format!("hosts/{}", self.name)).await
}
pub async fn asset(
&self,
asset_name: &str,
) -> Result<impl Stream<Item = reqwest::Result<Bytes>>> {
let req = self.dls.get(format!("hosts/{}/{asset_name}", self.name))?;
let resp = do_req(req, &self.dls.token).await?;
Ok(resp.bytes_stream())
}
}
#[derive(serde::Deserialize, serde::Serialize)]
#[serde(rename_all = "PascalCase")]
pub struct ClusterConfig {
pub name: String,
pub bootstrap_pods: String,
pub addons: String,
}
#[derive(serde::Deserialize, serde::Serialize)]
#[serde(rename_all = "PascalCase")]
pub struct HostConfig {
pub name: String,
pub cluster_name: Option<String>,
pub annotations: Map<String, String>,
pub bootstrap_config: String,
#[serde(rename = "IPXE")]
pub ipxe: Option<String>,
#[serde(rename = "IPs")]
pub ips: Vec<IpAddr>,
pub initrd: String,
pub kernel: String,
pub labels: Map<String, String>,
pub versions: Map<String, String>,
}
#[derive(serde::Deserialize, serde::Serialize)]
#[serde(rename_all = "PascalCase")]
pub struct SshSignReq {
pub pub_key: String,
pub principal: String,
#[serde(skip_serializing_if = "Option::is_none")]
pub validity: Option<String>,
#[serde(skip_serializing_if = "Vec::is_empty")]
pub options: Vec<String>,
}
#[derive(Debug, serde::Deserialize, serde::Serialize)]
struct ServerError {
code: u16,
message: String,
#[serde(skip_serializing_if = "Option::is_none")]
details: Option<serde_json::Value>,
}
pub async fn do_req(req: reqwest::RequestBuilder, token: &str) -> Result<reqwest::Response> {
let (client, req) = req.build_split();
let req = req.map_err(Error::Build)?;
let method = req.method().clone();
let path = req.url().path().replace(token, "<token>"); // clone required anyway, so replace the token as we copy
debug!("request: {} {}", req.method(), req.url());
let resp = client.execute(req).await.map_err(Error::Send)?;
let status = resp.status();
if !status.is_success() {
let body = resp.bytes().await.map_err(Error::ErrorRead)?;
let srv_err: ServerError =
serde_json::from_slice(&body).map_err(|e| Error::ErrorParse {
error: e,
raw: body.to_vec(),
})?;
return Err(Error::ServerReject {
method,
path,
status,
message: srv_err.message,
details: srv_err.details,
});
}
Ok(resp)
}
pub type Result<T> = std::result::Result<T, Error>;
#[derive(thiserror::Error, Debug)]
pub enum Error {
#[error("request build failed: {0}")]
Build(reqwest::Error),
#[error("request send failed: {0}")]
Send(reqwest::Error),
#[error("response error read failed: {0}")]
ErrorRead(reqwest::Error),
#[error("response error parsing failed: {error}")]
ErrorParse {
error: serde_json::Error,
raw: Vec<u8>,
},
#[error("response read failed: {0}")]
Read(reqwest::Error),
#[error("rejected by server: {method} {path}: {} {message}", status.as_u16())]
ServerReject {
method: reqwest::Method,
path: String,
status: reqwest::StatusCode,
message: String,
details: Option<serde_json::Value>,
},
#[error("response parsing failed: {0}")]
Parse(serde_json::Error),
}

1
src/lib.rs Normal file
View File

@ -0,0 +1 @@
pub mod dls;

20
test Executable file
View File

@ -0,0 +1,20 @@
#! /bin/bash
dls=target/debug/dls
export RUST_LOG=debug
set -ex
$dls clusters
$dls hosts
$dls cluster cluster | jq '{Name}'
$dls cluster cluster ca-cert
$dls cluster cluster token
$dls cluster cluster addons | head
$dls cluster cluster ssh-sign ~/.ssh/id_ed25519.pub
$dls host m1 | jq '{Name, ClusterName, IPs}'
$dls host m1 bootstrap-config