feat(debug): add ziti exposure endpoint

.github/workflows/ci.yml

@@ -21,7 +21,7 @@ jobs:
           version: 1.66.0
       - name: Generate protobuf bindings
         run: >-
-          buf generate buf.build/agynio/api --include-imports
+          buf generate "https://github.com/agynio/api.git#branch=noa/ziti-debug-state,subdir=proto" --include-imports
           --path agynio/api/expose/v1
           --path agynio/api/runner/v1
           --path agynio/api/ziti_management/v1

Dockerfile

@@ -22,7 +22,7 @@ RUN --mount=type=cache,target=/go/pkg/mod \
     go mod download
 
 COPY buf.gen.yaml buf.yaml ./
-RUN buf generate buf.build/agynio/api --include-imports \
+RUN buf generate "https://github.com/agynio/api.git#branch=noa/ziti-debug-state,subdir=proto" --include-imports \
     --path agynio/api/expose/v1 \
     --path agynio/api/ziti_management/v1 \
     --path agynio/api/runners/v1 \

charts/expose/values.yaml

@@ -61,17 +61,26 @@ service:
       port: 50051
       targetPort: grpc
       protocol: TCP
+    - name: http
+      port: 8080
+      targetPort: http
+      protocol: TCP
 
 containerPorts:
   - name: grpc
     containerPort: 50051
     protocol: TCP
+  - name: http
+    containerPort: 8080
+    protocol: TCP
 
 command: []
 args: []
 env:
   - name: GRPC_ADDRESS
     value: ":50051"
+  - name: HTTP_ADDRESS
+    value: ":8080"
   - name: DATABASE_URL
     value: ""
   - name: ZITI_MANAGEMENT_ADDRESS
@@ -84,6 +93,10 @@ env:
     value: "authorization:50051"
   - name: RECONCILIATION_INTERVAL
     value: "30s"
+  - name: EXPOSE_DEBUG_ENDPOINTS
+    value: "0"
+  - name: EXPOSE_DEBUG_TOKEN
+    value: ""
 envFrom: []
 extraEnvVars: []
 extraEnvVarsCM: ""

cmd/expose-service/main.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"log"
 	"net"
+	"net/http"
 	"os"
 	"os/signal"
 	"syscall"
@@ -87,6 +88,22 @@ func run() error {
 	grpcServer := grpc.NewServer()
 	exposev1.RegisterExposeServiceServer(grpcServer, server.New(storeClient, zitiClient, runnersClient, authorizationClient))
 
+	var httpServer *http.Server
+	if cfg.DebugEndpointsEnabled {
+		debugLis, err := net.Listen("tcp", cfg.HTTPAddress)
+		if err != nil {
+			return fmt.Errorf("listen for debug http on %s: %w", cfg.HTTPAddress, err)
+		}
+		httpServer = &http.Server{
+			Handler: server.NewDebugHTTPServer(storeClient, zitiClient, cfg.DebugToken).Handler(),
+		}
+		go func() {
+			if err := httpServer.Serve(debugLis); err != nil && !errors.Is(err, http.ErrServerClosed) {
+				log.Printf("debug http server error: %v", err)
+			}
+		}()
+	}
+
 	lis, err := net.Listen("tcp", cfg.GRPCAddress)
 	if err != nil {
 		return fmt.Errorf("listen on %s: %w", cfg.GRPCAddress, err)
@@ -95,11 +112,19 @@ func run() error {
 	go func() {
 		<-ctx.Done()
 		grpcServer.GracefulStop()
+		if httpServer != nil {
+			if err := httpServer.Shutdown(context.Background()); err != nil {
+				log.Printf("debug http server shutdown error: %v", err)
+			}
+		}
 	}()
 
 	go reconciler.New(storeClient, zitiClient, runnersClient, notificationsClient, cfg.ReconciliationInterval).Run(ctx)
 
 	log.Printf("ExposeService listening on %s", cfg.GRPCAddress)
+	if cfg.DebugEndpointsEnabled {
+		log.Printf("Expose debug HTTP listening on %s", cfg.HTTPAddress)
+	}
 
 	if err := grpcServer.Serve(lis); err != nil {
 		if errors.Is(err, grpc.ErrServerStopped) {

internal/config/config.go

@@ -8,12 +8,15 @@ import (
 
 type Config struct {
 	GRPCAddress            string
+	HTTPAddress            string
 	DatabaseURL            string
 	ZitiManagementAddress  string
 	RunnersAddress         string
 	NotificationsAddress   string
 	AuthorizationAddress   string
 	ReconciliationInterval time.Duration
+	DebugEndpointsEnabled  bool
+	DebugToken             string
 }
 
 func FromEnv() (Config, error) {
@@ -22,6 +25,10 @@ func FromEnv() (Config, error) {
 	if cfg.GRPCAddress == "" {
 		cfg.GRPCAddress = ":50051"
 	}
+	cfg.HTTPAddress = os.Getenv("HTTP_ADDRESS")
+	if cfg.HTTPAddress == "" {
+		cfg.HTTPAddress = ":8080"
+	}
 	cfg.DatabaseURL = os.Getenv("DATABASE_URL")
 	if cfg.DatabaseURL == "" {
 		return Config{}, fmt.Errorf("DATABASE_URL must be set")
@@ -47,9 +54,19 @@ func FromEnv() (Config, error) {
 		return Config{}, err
 	}
 	cfg.ReconciliationInterval = interval
+	cfg.DebugEndpointsEnabled = boolFromEnv("EXPOSE_DEBUG_ENDPOINTS")
+	cfg.DebugToken = os.Getenv("EXPOSE_DEBUG_TOKEN")
+	if cfg.DebugEndpointsEnabled && cfg.DebugToken == "" {
+		return Config{}, fmt.Errorf("EXPOSE_DEBUG_TOKEN must be set when EXPOSE_DEBUG_ENDPOINTS is enabled")
+	}
 	return cfg, nil
 }
 
+func boolFromEnv(key string) bool {
+	value := os.Getenv(key)
+	return value == "1" || value == "true" || value == "TRUE" || value == "yes" || value == "YES"
+}
+
 func durationFromEnv(key string, defaultValue time.Duration) (time.Duration, error) {
 	value := os.Getenv(key)
 	if value == "" {

internal/reconciler/reconciler_test.go

@@ -132,6 +132,10 @@ func (m *mockZitiMgmt) DeleteService(ctx context.Context, req *zitimanagementv1.
 	return m.deleteSvc(ctx, req)
 }
 
+func (m *mockZitiMgmt) DebugServiceState(context.Context, *zitimanagementv1.DebugServiceStateRequest, ...grpc.CallOption) (*zitimanagementv1.DebugServiceStateResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "not implemented")
+}
+
 func (m *mockZitiMgmt) CreateDeviceIdentity(context.Context, *zitimanagementv1.CreateDeviceIdentityRequest, ...grpc.CallOption) (*zitimanagementv1.CreateDeviceIdentityResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "not implemented")
 }