From 55af4a18a241988e2e7fff7c60a1ec61d5055d92 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Thu, 31 Mar 2022 10:49:08 +0200 Subject: [PATCH] feat: ensure google cloud run compatibility (#3388) * feat: ensure google cloud run compatibility * from scratch docker image * fall back to cloud run container id for sonyflake --- .gitignore | 2 +- build/Dockerfile | 7 ++++-- go.mod | 2 +- internal/id/sonyflake.go | 52 +++++++++++++++++++++++++++++++++++++++- 4 files changed, 58 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 50fafd030a..4e0f1b0f0a 100644 --- a/.gitignore +++ b/.gitignore @@ -59,5 +59,5 @@ openapi/**/*.json build/local/cloud.env migrations/cockroach/migrate_cloud.go .notifications - .artifacts +/zitadel diff --git a/build/Dockerfile b/build/Dockerfile index 162281f491..7f99893b6f 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -3,15 +3,18 @@ ####################### FROM alpine:3 as artifact COPY zitadel /app/zitadel -RUN adduser -D zitadel +RUN adduser -D zitadel && \ + chown zitadel /app/zitadel && \ + chmod +x /app/zitadel ####################### ## Scratch Image ####################### -FROM scratch as final +FROM scratch as final COPY --from=artifact /etc/passwd /etc/passwd COPY --from=artifact /etc/ssl/certs /etc/ssl/certs COPY --from=artifact /app / USER zitadel HEALTHCHECK NONE ENTRYPOINT ["/zitadel"] + diff --git a/go.mod b/go.mod index 31ce1b3101..26dd1bd721 100644 --- a/go.mod +++ b/go.mod @@ -44,7 +44,6 @@ require ( github.com/pquerna/otp v1.3.0 github.com/rakyll/statik v0.1.7 github.com/rs/cors v1.8.0 - github.com/sirupsen/logrus v1.8.1 github.com/sony/sonyflake v1.0.0 github.com/spf13/cobra v1.3.0 github.com/spf13/viper v1.10.1 @@ -153,6 +152,7 @@ require ( github.com/prometheus/procfs v0.6.0 // indirect github.com/rs/xid v1.2.1 // indirect github.com/satori/go.uuid v1.2.0 // indirect + github.com/sirupsen/logrus v1.8.1 // indirect github.com/spf13/afero v1.8.1 // indirect github.com/spf13/cast v1.4.1 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect diff --git a/internal/id/sonyflake.go b/internal/id/sonyflake.go index c6cb4e9c7e..6fe768c236 100644 --- a/internal/id/sonyflake.go +++ b/internal/id/sonyflake.go @@ -2,7 +2,11 @@ package id import ( "errors" + "fmt" + "hash/fnv" + "io/ioutil" "net" + "net/http" "os" "strconv" @@ -26,7 +30,7 @@ func (s *sonyflakeGenerator) Next() (string, error) { var ( SonyFlakeGenerator = Generator(&sonyflakeGenerator{ sonyflake.NewSonyflake(sonyflake.Settings{ - MachineID: lower16BitPrivateIP, + MachineID: machineID, StartTime: time.Date(2019, 4, 29, 0, 0, 0, 0, time.UTC), }), }) @@ -68,6 +72,19 @@ func isPrivateIPv4(ip net.IP) bool { (ip[0] == 10 || ip[0] == 172 && (ip[1] >= 16 && ip[1] < 32) || ip[0] == 192 && ip[1] == 168) } +func machineID() (uint16, error) { + ip, ipErr := lower16BitPrivateIP() + if ipErr == nil { + return ip, nil + } + + cid, cidErr := cloudRunContainerID() + if cidErr != nil { + return 0, fmt.Errorf("neighter found a private ip nor a cloud run container instance id: private ip err: %w, cloud run ip err: %s", ipErr, cidErr.Error()) + } + return cid, nil +} + func lower16BitPrivateIP() (uint16, error) { ip, err := privateIPv4() if err != nil { @@ -76,3 +93,36 @@ func lower16BitPrivateIP() (uint16, error) { return uint16(ip[2])<<8 + uint16(ip[3]), nil } + +func cloudRunContainerID() (uint16, error) { + req, err := http.NewRequest( + http.MethodGet, + "http://metadata.google.internal/computeMetadata/v1/instance/id", + nil, + ) + if err != nil { + return 0, err + } + req.Header.Set("Metadata-Flavor", "Google") + + resp, err := (&http.Client{}).Do(req) + if err != nil { + return 0, err + } + + defer resp.Body.Close() + + if resp.StatusCode >= 400 && resp.StatusCode < 600 { + return 0, fmt.Errorf("cloud metadata returned an unsuccessful status code %d", resp.StatusCode) + } + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + return 0, err + } + + h := fnv.New32() + if _, err = h.Write(body); err != nil { + return 0, err + } + return uint16(h.Sum32()), nil +}