feat(cmd/rofl): Add basic proxy support

Author: kostko

build/rofl/scheduler/metadata.go

@@ -9,4 +9,6 @@ const (
 	MetadataKeyTLSPk = "net.oasis.tls.pk"
 	// MetadataKeySchedulerAPI is the name of the metadata key that stores the API endpoint address.
 	MetadataKeySchedulerAPI = "net.oasis.scheduler.api"
+	// MetadataKeyProxyDomain is the name of the metadata key that stores the proxy domain.
+	MetadataKeyProxyDomain = "net.oasis.proxy.domain"
 )

cmd/rofl/build/validate.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strconv"
 	"strings"
 
 	"golang.org/x/net/idna"
@@ -59,9 +60,9 @@ func validateApp(manifest *buildRofl.Manifest) error {
 }
 
 // validateComposeFile validates the Docker compose file.
-func validateComposeFile(composeFile string, manifest *buildRofl.Manifest) error {
+func validateComposeFile(composeFile string, manifest *buildRofl.Manifest) error { //nolint: gocyclo
 	// Parse the compose file.
-	options, err := compose.NewProjectOptions([]string{composeFile})
+	options, err := compose.NewProjectOptions([]string{composeFile}, compose.WithInterpolation(false))
 	if err != nil {
 		return fmt.Errorf("failed to set-up compose options: %w", err)
 	}
@@ -107,6 +108,9 @@ func validateComposeFile(composeFile string, manifest *buildRofl.Manifest) error
 			if src == "/run/rofl-appd.sock" {
 				return true
 			}
+			if src == "/run/podman.sock" {
+				return true
+			}
 
 			if strings.HasPrefix(src, "/storage/") {
 				return true
@@ -129,7 +133,53 @@ func validateComposeFile(composeFile string, manifest *buildRofl.Manifest) error
 				}
 			}
 
-			return fmt.Errorf("volume '%s:%s' of service '%s' has an invalid external source (should be '/run/rofl-appd.sock' or reside inside '/storage/')", vol.Source, vol.Target, serviceName)
+			return fmt.Errorf("volume '%s:%s' of service '%s' has an invalid external source (should be '/run/rofl-appd.sock', '/run/podman.sock' or reside inside '/storage/')", vol.Source, vol.Target, serviceName)
+		}
+
+		// Validate ports.
+		publishedPorts := make(map[uint64]struct{})
+		for _, port := range service.Ports {
+			if port.Target == 0 {
+				return fmt.Errorf("service '%s' has an invalid zero port defined", serviceName)
+			}
+			if port.Published == "" || port.Published == "0" {
+				return fmt.Errorf("port '%d' of service '%s' does not have an explicit published port defined", port.Target, serviceName)
+			}
+			publishedPort, err := strconv.ParseUint(port.Published, 10, 16)
+			if err != nil {
+				return fmt.Errorf("published port '%s' of service '%s' is invalid: %w", port.Published, serviceName, err)
+			}
+			publishedPorts[publishedPort] = struct{}{}
+		}
+
+		// Validate annotations.
+		for key, value := range service.Annotations {
+			keyAtoms := strings.Split(key, ".")
+			switch {
+			case strings.HasPrefix(key, "net.oasis.proxy.ports"):
+				port, err := strconv.ParseUint(keyAtoms[4], 10, 16)
+				if err != nil {
+					return fmt.Errorf("proxy port annotation of service '%s' has an invalid port: %s", serviceName, keyAtoms[4])
+				}
+				if _, ok := publishedPorts[port]; !ok {
+					return fmt.Errorf("proxy port annotation of service '%s' references an unpublished port '%d'", serviceName, port)
+				}
+
+				// Validate supported annotations.
+				switch keyAtoms[5] {
+				case "mode":
+					// Validate supported modes.
+					switch value {
+					case "ignore":
+					case "passthrough":
+					case "terminate-tls":
+					default:
+						return fmt.Errorf("proxy port annotation of service '%s', port '%d' has an invalid mode: %s", serviceName, port, value)
+					}
+				default:
+				}
+			default:
+			}
 		}
 	}
 

cmd/rofl/machine/mgmt.go

@@ -3,12 +3,10 @@ package machine
 import (
 	"context"
 	"fmt"
-	"time"
 
 	"github.com/spf13/cobra"
 
 	"github.com/oasisprotocol/oasis-core/go/common/cbor"
-	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/client"
 	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/connection"
 	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/modules/rofl"
 	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/modules/roflmarket"
@@ -21,135 +19,6 @@ import (
 )
 
 var (
-	showCmd = &cobra.Command{
-		Use:   "show [<machine-name>]",
-		Short: "Show information about a machine",
-		Args:  cobra.MaximumNArgs(1),
-		Run: func(_ *cobra.Command, args []string) {
-			_, deployment, npa := roflCommon.LoadManifestAndSetNPA(&roflCommon.ManifestOptions{
-				NeedAppID: true,
-				NeedAdmin: false,
-			})
-
-			machine, machineName, machineID := resolveMachine(args, deployment)
-
-			// Establish connection with the target network.
-			ctx := context.Background()
-			conn, err := connection.Connect(ctx, npa.Network)
-			cobra.CheckErr(err)
-
-			// Resolve provider address.
-			providerAddr, _, err := common.ResolveLocalAccountOrAddress(npa.Network, machine.Provider)
-			if err != nil {
-				cobra.CheckErr(fmt.Sprintf("Invalid provider address: %s", err))
-			}
-
-			insDsc, err := conn.Runtime(npa.ParaTime).ROFLMarket.Instance(ctx, client.RoundLatest, *providerAddr, machineID)
-			cobra.CheckErr(err)
-
-			insCmds, err := conn.Runtime(npa.ParaTime).ROFLMarket.InstanceCommands(ctx, client.RoundLatest, *providerAddr, machineID)
-			cobra.CheckErr(err)
-
-			fmt.Printf("Name:       %s\n", machineName)
-			fmt.Printf("Provider:   %s\n", insDsc.Provider)
-			fmt.Printf("ID:         %s\n", insDsc.ID)
-			fmt.Printf("Offer:      %s\n", insDsc.Offer)
-			fmt.Printf("Status:     %s\n", insDsc.Status)
-			fmt.Printf("Creator:    %s\n", insDsc.Creator)
-			fmt.Printf("Admin:      %s\n", insDsc.Admin)
-			switch insDsc.NodeID {
-			case nil:
-				fmt.Printf("Node ID:    <none>\n")
-			default:
-				fmt.Printf("Node ID:    %s\n", insDsc.NodeID)
-			}
-
-			fmt.Printf("Created at: %s\n", time.Unix(int64(insDsc.CreatedAt), 0))
-			fmt.Printf("Updated at: %s\n", time.Unix(int64(insDsc.UpdatedAt), 0))
-			fmt.Printf("Paid until: %s\n", time.Unix(int64(insDsc.PaidUntil), 0))
-
-			if len(insDsc.Metadata) > 0 {
-				fmt.Printf("Metadata:\n")
-				for key, value := range insDsc.Metadata {
-					fmt.Printf("  %s: %s\n", key, value)
-				}
-			}
-
-			fmt.Printf("Resources:\n")
-
-			fmt.Printf("  TEE:     ")
-			switch insDsc.Resources.TEE {
-			case roflmarket.TeeTypeSGX:
-				fmt.Printf("Intel SGX\n")
-			case roflmarket.TeeTypeTDX:
-				fmt.Printf("Intel TDX\n")
-			default:
-				fmt.Printf("[unknown: %d]\n", insDsc.Resources.TEE)
-			}
-
-			fmt.Printf("  Memory:  %d MiB\n", insDsc.Resources.Memory)
-			fmt.Printf("  vCPUs:   %d\n", insDsc.Resources.CPUCount)
-			fmt.Printf("  Storage: %d MiB\n", insDsc.Resources.Storage)
-			if insDsc.Resources.GPU != nil {
-				fmt.Printf("  GPU:\n")
-				if insDsc.Resources.GPU.Model != "" {
-					fmt.Printf("    Model: %s\n", insDsc.Resources.GPU.Model)
-				} else {
-					fmt.Printf("    Model: <any>\n")
-				}
-				fmt.Printf("    Count: %d\n", insDsc.Resources.GPU.Count)
-			}
-
-			switch insDsc.Deployment {
-			default:
-				fmt.Printf("Deployment:\n")
-				fmt.Printf("  App ID: %s\n", insDsc.Deployment.AppID)
-
-				if len(insDsc.Deployment.Metadata) > 0 {
-					fmt.Printf("  Metadata:\n")
-					for key, value := range insDsc.Deployment.Metadata {
-						fmt.Printf("    %s: %s\n", key, value)
-					}
-				}
-			case nil:
-				fmt.Printf("Deployment: <no current deployment>\n")
-			}
-
-			// Show commands.
-			fmt.Printf("Commands:\n")
-			if len(insCmds) > 0 {
-				for _, qc := range insCmds {
-					fmt.Printf("  - ID: %s\n", qc.ID)
-
-					var cmd scheduler.Command
-					err := cbor.Unmarshal(qc.Cmd, &cmd)
-					switch err {
-					case nil:
-						// Decodable scheduler command.
-						fmt.Printf("    Method: %s\n", cmd.Method)
-						fmt.Printf("    Args:\n")
-
-						switch cmd.Method {
-						case scheduler.MethodDeploy:
-							showCommandArgs(npa, cmd.Args, scheduler.DeployRequest{})
-						case scheduler.MethodRestart:
-							showCommandArgs(npa, cmd.Args, scheduler.RestartRequest{})
-						case scheduler.MethodTerminate:
-							showCommandArgs(npa, cmd.Args, scheduler.TerminateRequest{})
-						default:
-							showCommandArgs(npa, cmd.Args, make(map[string]interface{}))
-						}
-					default:
-						// Unknown command format.
-						fmt.Printf("    <unknown format: %X>\n", qc.Cmd)
-					}
-				}
-			} else {
-				fmt.Printf("  <no queued commands>\n")
-			}
-		},
-	}
-
 	restartCmd = &cobra.Command{
 		Use:   "restart [<machine-name>]",
 		Short: "Restart a running machine or start a stopped one",
@@ -401,9 +270,6 @@ func showCommandArgs[V any](npa *common.NPASelection, raw []byte, args V) {
 }
 
 func init() {
-	showCmd.Flags().AddFlagSet(common.SelectorFlags)
-	showCmd.Flags().AddFlagSet(roflCommon.DeploymentFlags)
-
 	restartCmd.Flags().AddFlagSet(common.SelectorFlags)
 	restartCmd.Flags().AddFlagSet(common.RuntimeTxFlags)
 	restartCmd.Flags().AddFlagSet(roflCommon.DeploymentFlags)