Skip to content

Restructure (6): Store interface for local truststore access #590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
roosterfish merged 11 commits into from
Jan 20, 2026
Merged

Restructure (6): Store interface for local truststore access #590

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
4943e0b
microcluster/types: Add Store interface
roosterfish Jan 20, 2026
2a14cdc
microcluster/types: Add Location and Remote types representing trusts…
roosterfish Jan 20, 2026
65e5072
internal/state: Replace Remotes with new Store interface
roosterfish Jan 20, 2026
56048e1
internal/trust: Remove the types which where moved to the public package
roosterfish Jan 20, 2026
e92d478
internal/trust: Implement the new Store interface for internal trusts…
roosterfish Jan 20, 2026
a9232cb
internal/trust: Use new truststore implementation
roosterfish Jan 20, 2026
704ddee
internal/daemon: Use new truststore implementation
roosterfish Jan 20, 2026
5bdff58
internal/recover: Use new truststore implementation
roosterfish Jan 20, 2026
c8e5f6a
internal/rest/resources: Use new truststore implementation
roosterfish Jan 20, 2026
ce5d2fa
internal/rest: Use new truststore implementation
roosterfish Jan 20, 2026
9d988f4
internal/state: Use new truststore implementation
roosterfish Jan 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions internal/daemon/daemon.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -500,7 +500,7 @@ func (d *Daemon) initServer(resources ...rest.Resources) *http.Server {

return &http.Server{
Handler: mux,
ErrorLog: log.New(newLogFilter(d.log(), state.Remotes().Addresses), "", 0),
ErrorLog: log.New(newLogFilter(d.log(), state.Truststore().RemoteAddresses), "", 0),
// Set a base context for the server.
// This allows passing the logger on the daemon's shutdown context on to each handler.
BaseContext: func(_ net.Listener) context.Context {
Expand All @@ -510,7 +510,7 @@ func (d *Daemon) initServer(resources ...rest.Resources) *http.Server {
}

// setConfig applies and commits to memory the supplied daemon configuration.
func (d *Daemon) setConfig(newConfig trust.Location) error {
func (d *Daemon) setConfig(newConfig types.Location) error {
d.config.SetAddress(newConfig.Address)
d.config.SetName(newConfig.Name)

Expand All @@ -535,8 +535,8 @@ func (d *Daemon) StartAPI(ctx context.Context, bootstrap bool, initConfig map[st
return fmt.Errorf("Failed to parse listen address when bootstrapping API: %w", err)
}

localNode := trust.Remote{
Location: trust.Location{Name: d.config.GetName(), Address: addrPort},
localNode := types.Remote{
Location: types.Location{Name: d.config.GetName(), Address: addrPort},
Certificate: types.X509Certificate{Certificate: serverCert},
}

Expand Down Expand Up @@ -619,7 +619,7 @@ func (d *Daemon) StartAPI(ctx context.Context, bootstrap bool, initConfig map[st
return fmt.Errorf("Failed to join cluster: %w", err)
}
} else {
err = d.db.StartWithCluster(d.Extensions, d.Address(), d.trustStore.Remotes().Addresses())
err = d.db.StartWithCluster(d.Extensions, d.Address(), d.trustStore.Remotes().RemoteAddresses())
if err != nil {
return fmt.Errorf("Failed to re-establish cluster connection: %w", err)
}
Expand All @@ -636,7 +636,7 @@ func (d *Daemon) StartAPI(ctx context.Context, bootstrap bool, initConfig map[st
return err
}

clients, err := d.trustStore.Remotes().Cluster(false, d.ServerCert(), publicKey)
clients, err := d.trustStore.Remotes().RemoteClients(false, d.ServerCert(), publicKey)
if err != nil {
return err
}
Expand Down
2 changes: 1 addition & 1 deletion internal/recover/recover.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ func RecoverFromQuorumLoss(ctx context.Context, filesystem types.OS, members []t
return "", err
}

clients, err := remotes.Cluster(false, serverCert, clusterKey)
clients, err := remotes.RemoteClients(false, serverCert, clusterKey)
if err != nil {
return "", err
}
Expand Down
15 changes: 7 additions & 8 deletions internal/rest/resources/cluster.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ import (
"github.com/canonical/microcluster/v3/internal/rest/access"
internalClient "github.com/canonical/microcluster/v3/internal/rest/client"
internalState "github.com/canonical/microcluster/v3/internal/state"
"github.com/canonical/microcluster/v3/internal/trust"
"github.com/canonical/microcluster/v3/internal/utils"
"github.com/canonical/microcluster/v3/microcluster/rest"
"github.com/canonical/microcluster/v3/microcluster/rest/response"
Expand Down Expand Up @@ -94,7 +93,7 @@ func clusterPost(s state.State, r *http.Request) response.Response {
}

// Check if any of the remote's addresses are currently in use.
existingRemote := s.Remotes().RemoteByAddress(req.Address)
existingRemote := s.Truststore().RemoteByAddress(req.Address)
if existingRemote != nil {
return response.SmartError(fmt.Errorf("Remote with address %q exists", req.Address.String()))
}
Expand Down Expand Up @@ -168,7 +167,7 @@ func clusterPost(s state.State, r *http.Request) response.Response {
return response.SmartError(err)
}

remotes := s.Remotes()
remotes := s.Truststore()
clusterMembers := make([]types.ClusterMemberLocal, 0, remotes.Count())
for _, clusterMember := range remotes.RemotesByName() {
clusterMember := types.ClusterMemberLocal{
Expand All @@ -194,13 +193,13 @@ func clusterPost(s state.State, r *http.Request) response.Response {
ClusterMembers: clusterMembers,
}

newRemote := trust.Remote{
Location: trust.Location{Name: req.Name, Address: req.Address},
newRemote := types.Remote{
Location: types.Location{Name: req.Name, Address: req.Address},
Certificate: req.Certificate,
}

// Add the cluster member to our local store for authentication.
err = s.Remotes().Add(s.FileSystem().TrustDir(), newRemote)
err = s.Truststore().Add(s.FileSystem().TrustDir(), newRemote)
if err != nil {
return response.SmartError(err)
}
Expand Down Expand Up @@ -423,7 +422,7 @@ func clusterMemberDelete(s state.State, r *http.Request) response.Response {
return response.SmartError(err)
}

allRemotes := s.Remotes().RemotesByName()
allRemotes := s.Truststore().RemotesByName()
remote, ok := allRemotes[name]
if !ok {
return response.SmartError(fmt.Errorf("No remote exists with the given name %q", name))
Expand Down Expand Up @@ -703,7 +702,7 @@ func clusterMemberDelete(s state.State, r *http.Request) response.Response {
}

// Run the PostRemove hook on all other members.
remotes := s.Remotes()
remotes := s.Truststore()
err = clients.Query(ctx, true, func(ctx context.Context, c types.Client) error {
c.SetClusterNotification()
addrPort, err := types.ParseAddrPort(c.URL().Host)
Expand Down
21 changes: 10 additions & 11 deletions internal/rest/resources/control.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
"github.com/canonical/microcluster/v3/internal/rest/access"
internalClient "github.com/canonical/microcluster/v3/internal/rest/client"
internalState "github.com/canonical/microcluster/v3/internal/state"
"github.com/canonical/microcluster/v3/internal/trust"
"github.com/canonical/microcluster/v3/internal/utils"
"github.com/canonical/microcluster/v3/microcluster/rest"
"github.com/canonical/microcluster/v3/microcluster/rest/response"
Expand Down Expand Up @@ -59,7 +58,7 @@ func controlPost(state state.State, r *http.Request) response.Response {
return response.SmartError(err)
}

daemonConfig := trust.Location{Address: req.Address, Name: req.Name}
daemonConfig := types.Location{Address: req.Address, Name: req.Name}
err = intState.SetConfig(daemonConfig)
if err != nil {
return response.SmartError(err)
Expand Down Expand Up @@ -164,7 +163,7 @@ func controlPost(state state.State, r *http.Request) response.Response {
}

var joinAddrs []string
var localClusterMember *trust.Remote
var localClusterMember *types.Remote
if req.JoinToken != "" {
joinInfo, localClusterMember, err = joinWithToken(state, r, req)
if err != nil {
Expand All @@ -187,7 +186,7 @@ func controlPost(state state.State, r *http.Request) response.Response {
return response.EmptySyncResponse
}

func joinWithToken(state state.State, r *http.Request, req *types.Control) (*types.TokenResponse, *trust.Remote, error) {
func joinWithToken(state state.State, r *http.Request, req *types.Control) (*types.TokenResponse, *types.Remote, error) {
token, err := types.DecodeToken(req.JoinToken)
if err != nil {
return nil, nil, err
Expand All @@ -204,8 +203,8 @@ func joinWithToken(state state.State, r *http.Request, req *types.Control) (*typ
}

// Add the local node to the list of clusterMembers.
daemonConfig := &trust.Location{Address: req.Address, Name: req.Name}
localClusterMember := trust.Remote{
daemonConfig := &types.Location{Address: req.Address, Name: req.Name}
localClusterMember := types.Remote{
Location: *daemonConfig,
Certificate: types.X509Certificate{Certificate: serverCert},
}
Expand Down Expand Up @@ -290,7 +289,7 @@ func writeCert(dir, prefix string, cert, key, ca []byte) error {
return nil
}

func setupLocalMember(state state.State, localClusterMember *trust.Remote, joinInfo *types.TokenResponse) ([]string, error) {
func setupLocalMember(state state.State, localClusterMember *types.Remote, joinInfo *types.TokenResponse) ([]string, error) {
// Set up cluster certificate.
err := writeCert(state.FileSystem().StateDir(), string(types.ClusterCertificateName), []byte(joinInfo.ClusterCert.String()), []byte(joinInfo.ClusterKey), nil)
if err != nil {
Expand All @@ -312,10 +311,10 @@ func setupLocalMember(state state.State, localClusterMember *trust.Remote, joinI
}

joinAddrs := types.AddrPorts{}
clusterMembers := make([]trust.Remote, 0, len(joinInfo.ClusterMembers)+1)
clusterMembers := make([]types.Remote, 0, len(joinInfo.ClusterMembers)+1)
for _, clusterMember := range joinInfo.ClusterMembers {
remote := trust.Remote{
Location: trust.Location{Name: clusterMember.Name, Address: clusterMember.Address},
remote := types.Remote{
Location: types.Location{Name: clusterMember.Name, Address: clusterMember.Address},
Certificate: clusterMember.Certificate,
}

Expand All @@ -324,7 +323,7 @@ func setupLocalMember(state state.State, localClusterMember *trust.Remote, joinI
}

clusterMembers = append(clusterMembers, *localClusterMember)
err = state.Remotes().Add(state.FileSystem().TrustDir(), clusterMembers...)
err = state.Truststore().Add(state.FileSystem().TrustDir(), clusterMembers...)
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion internal/rest/resources/daemon.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ func daemonServersPut(s state.State, r *http.Request) response.Response {
}

// Run the OnDaemonConfigUpdate hook on all other members.
remotes := s.Remotes()
remotes := s.Truststore()
err = clients.Query(r.Context(), true, func(ctx context.Context, c types.Client) error {
c.SetClusterNotification()
addrPort, err := types.ParseAddrPort(c.URL().Host)
Expand Down
4 changes: 2 additions & 2 deletions internal/rest/resources/heartbeat.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func heartbeatPost(s state.State, r *http.Request) response.Response {
clusterMemberList = append(clusterMemberList, clusterMember)
}

err = s.Remotes().Replace(s.FileSystem().TrustDir(), clusterMemberList...)
err = s.Truststore().Replace(s.FileSystem().TrustDir(), clusterMemberList...)
if err != nil {
return response.SmartError(err)
}
Expand Down Expand Up @@ -166,7 +166,7 @@ func beginHeartbeat(ctx context.Context, s state.State, hbReq types.HeartbeatInf
logger.Debug("Beginning new heartbeat round", slog.String("address", s.Address().Host))

// Update local record of cluster members from the database, including any pending nodes for authentication.
err = s.Remotes().Replace(s.FileSystem().TrustDir(), clusterMembers...)
err = s.Truststore().Replace(s.FileSystem().TrustDir(), clusterMembers...)
if err != nil {
return response.SmartError(err)
}
Expand Down
4 changes: 2 additions & 2 deletions internal/rest/resources/tokens.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ func tokensPost(state state.State, r *http.Request) response.Response {
}

joinAddresses := []types.AddrPort{}
for _, addr := range state.Remotes().Addresses() {
for _, addr := range state.Truststore().RemoteAddresses() {
joinAddresses = append(joinAddresses, addr)
}

Expand Down Expand Up @@ -138,7 +138,7 @@ func tokensGet(state state.State, r *http.Request) response.Response {
}

joinAddresses := []types.AddrPort{}
for _, addr := range state.Remotes().Addresses() {
for _, addr := range state.Truststore().RemoteAddresses() {
joinAddresses = append(joinAddresses, addr)
}

Expand Down
11 changes: 5 additions & 6 deletions internal/rest/resources/truststore.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ import (
"github.com/canonical/microcluster/v3/internal/log"
"github.com/canonical/microcluster/v3/internal/rest/access"
internalClient "github.com/canonical/microcluster/v3/internal/rest/client"
"github.com/canonical/microcluster/v3/internal/trust"
"github.com/canonical/microcluster/v3/microcluster/rest"
"github.com/canonical/microcluster/v3/microcluster/rest/response"
"github.com/canonical/microcluster/v3/microcluster/types"
Expand Down Expand Up @@ -45,8 +44,8 @@ func trustPost(s state.State, r *http.Request) response.Response {
return response.BadRequest(err)
}

newRemote := trust.Remote{
Location: trust.Location{Name: req.Name, Address: req.Address},
newRemote := types.Remote{
Location: types.Location{Name: req.Name, Address: req.Address},
Certificate: req.Certificate,
}

Expand Down Expand Up @@ -103,7 +102,7 @@ func trustPost(s state.State, r *http.Request) response.Response {
}

// At this point, the node has joined dqlite so we can add a local record for it if we haven't already from a heartbeat (or if we are the leader).
remotes := s.Remotes()
remotes := s.Truststore()
_, ok := remotes.RemotesByName()[newRemote.Name]
if !ok {
err = remotes.Add(s.FileSystem().TrustDir(), newRemote)
Expand All @@ -124,7 +123,7 @@ func trustDelete(s state.State, r *http.Request) response.Response {
ctx, cancel := context.WithTimeout(r.Context(), 30*time.Second)
defer cancel()

remotesMap := s.Remotes().RemotesByName()
remotesMap := s.Truststore().RemotesByName()
nodeToRemove, ok := remotesMap[name]
if !ok {
return response.SmartError(fmt.Errorf("No truststore entry found for node with name %q", name))
Expand All @@ -149,7 +148,7 @@ func trustDelete(s state.State, r *http.Request) response.Response {
}
}

remotes := s.Remotes()
remotes := s.Truststore()
remotesMap = remotes.RemotesByName()
delete(remotesMap, name)

Expand Down
2 changes: 1 addition & 1 deletion internal/rest/rest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -273,7 +273,7 @@ func HandleEndpoint(state state.State, mux *mux.Router, version string, e rest.E
handleRequest = handleDatabaseRequest
}

trusted, err := access.Authenticate(state, r, state.Address().Host, state.Remotes().CertificatesNative())
trusted, err := access.Authenticate(state, r, state.Address().Host, state.Truststore().RemoteCertificatesNative())
if err != nil && !errors.As(err, &access.ErrInvalidHost{}) {
resp = response.Forbidden(fmt.Errorf("Failed to authenticate request: %w", err))
} else {
Expand Down
18 changes: 9 additions & 9 deletions internal/state/state.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ type State interface {
Database() db.DB

// Local truststore access.
Remotes() *trust.Remotes
Truststore() types.Store

// Returns a connector for interconnection with the cluster.
Connect() types.Connector
Expand Down Expand Up @@ -79,7 +79,7 @@ type InternalState struct {
LocalConfig func() *internalConfig.DaemonConfig

// SetConfig Applies and commits to memory the supplied daemon configuration.
SetConfig func(trust.Location) error
SetConfig func(types.Location) error

// Initialize APIs and bootstrap/join database.
StartAPI func(ctx context.Context, bootstrap bool, initConfig map[string]string, joinAddresses ...string) error
Expand Down Expand Up @@ -149,8 +149,8 @@ func (s *InternalState) Database() db.DB {
return s.InternalDatabase
}

// Remotes returns the local record of cluster members in the truststore.
func (s *InternalState) Remotes() *trust.Remotes {
// Truststore returns the local record of cluster members in the truststore.
func (s *InternalState) Truststore() types.Store {
return s.InternalRemotes()
}

Expand Down Expand Up @@ -182,8 +182,8 @@ func (s *InternalState) Cluster(isNotification bool) (types.Clients, error) {

// Use trust store instead of database - it's updated on heartbeats
// and is more likely to reflect current reachable cluster state
remotes := s.Remotes()
allClients, err := remotes.Cluster(isNotification, s.ServerCert(), publicKey)
remotes := s.Truststore()
allClients, err := remotes.RemoteClients(isNotification, s.ServerCert(), publicKey)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -319,7 +319,7 @@ func (s *InternalState) CheckMembershipConsistency(ctx context.Context) error {
}

// getMembershipData retrieves membership information from all sources.
func (s *InternalState) getMembershipData(ctx context.Context) ([]cluster.CoreClusterMember, map[string]trust.Remote, []dqliteClient.NodeInfo, error) {
func (s *InternalState) getMembershipData(ctx context.Context) ([]cluster.CoreClusterMember, map[string]types.Remote, []dqliteClient.NodeInfo, error) {
// Get database core cluster members
var coreClusterMembers []cluster.CoreClusterMember
err := s.Database().Transaction(ctx, func(ctx context.Context, tx *sql.Tx) error {
Expand All @@ -332,7 +332,7 @@ func (s *InternalState) getMembershipData(ctx context.Context) ([]cluster.CoreCl
}

// Get truststore remotes
truststoreRemotes := s.Remotes().RemotesByName()
truststoreRemotes := s.Truststore().RemotesByName()

// Get dqlite cluster info
leaderClient, err := s.Database().Leader(ctx)
Expand All @@ -350,7 +350,7 @@ func (s *InternalState) getMembershipData(ctx context.Context) ([]cluster.CoreCl
}

// checkMembershipConsistency checks consistency across all three membership sources using addresses.
func (s *InternalState) checkMembershipConsistency(coreClusterMembers []cluster.CoreClusterMember, truststoreRemotes map[string]trust.Remote, dqliteNodes []dqliteClient.NodeInfo) error {
func (s *InternalState) checkMembershipConsistency(coreClusterMembers []cluster.CoreClusterMember, truststoreRemotes map[string]types.Remote, dqliteNodes []dqliteClient.NodeInfo) error {
// Collect addresses from each source into sorted slices
var coreClusterAddresses []string
for _, member := range coreClusterMembers {
Expand Down
Loading