chore: refactor ingester and reconciler components (#345)

Author: mfiedorowicz

diode-server/cmd/ingester/main.go

@@ -2,13 +2,17 @@ package main
 
 import (
 	"context"
+	"fmt"
 	"os"
 
 	"github.com/getsentry/sentry-go"
 	"github.com/kelseyhightower/envconfig"
+	"github.com/redis/go-redis/v9"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/metric"
+	"google.golang.org/grpc"
 
+	"github.com/netboxlabs/diode/diode-server/authutil"
 	"github.com/netboxlabs/diode/diode-server/ingester"
 	"github.com/netboxlabs/diode/diode-server/server"
 	"github.com/netboxlabs/diode/diode-server/telemetry"
@@ -57,7 +61,19 @@ func main() {
 	}
 	startupCounter.Add(ctx, 1)
 
-	ingesterComponent, err := ingester.New(ctx, s.Logger(), cfg, meter)
+	redisStreamClient := redis.NewClient(&redis.Options{
+		Addr:     fmt.Sprintf("%s:%s", cfg.RedisHost, cfg.RedisPort),
+		Password: cfg.RedisPassword,
+		DB:       cfg.RedisStreamDB,
+	})
+
+	if _, err := redisStreamClient.Ping(ctx).Result(); err != nil {
+		s.Logger().Error("failed to connect to redis stream", "redisStream", redisStreamClient.String(), "error", err)
+		os.Exit(1)
+	}
+
+	authorizer := authutil.NewUnverifiedJWTAuthorizer(s.Logger())
+	ingesterComponent, err := ingester.New(ctx, s.Logger(), cfg, redisStreamClient, meter, serverInterceptors(authorizer)...)
 	if err != nil {
 		s.Logger().Error("failed to instantiate ingester component", "error", err)
 		os.Exit(1)
@@ -75,3 +91,14 @@ func main() {
 		os.Exit(1)
 	}
 }
+
+func serverInterceptors(authorizer authutil.Authorizer) []grpc.UnaryServerInterceptor {
+	return []grpc.UnaryServerInterceptor{
+		func(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
+			if err := authorizer.RequireScopesContext(ctx, []string{authutil.ScopeDiodeIngest}); err != nil {
+				return nil, err
+			}
+			return handler(ctx, req)
+		},
+	}
+}

diode-server/cmd/reconciler/main.go

@@ -11,8 +11,10 @@ import (
 	_ "github.com/jackc/pgx/v5/stdlib" // pgx to database/sql compatibility
 	"github.com/kelseyhightower/envconfig"
 	"github.com/pressly/goose/v3"
+	"github.com/redis/go-redis/v9"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/metric"
+	"google.golang.org/grpc"
 
 	"github.com/netboxlabs/diode/diode-server/authutil"
 	"github.com/netboxlabs/diode/diode-server/dbstore/postgres"
@@ -76,6 +78,28 @@ func main() {
 		}
 	}
 
+	redisClient := redis.NewClient(&redis.Options{
+		Addr:     fmt.Sprintf("%s:%s", cfg.RedisHost, cfg.RedisPort),
+		Password: cfg.RedisPassword,
+		DB:       cfg.RedisDB,
+	})
+
+	if _, err := redisClient.Ping(ctx).Result(); err != nil {
+		s.Logger().Error("failed to connect to redis", "redis", redisClient.String(), "error", err)
+		os.Exit(1)
+	}
+
+	redisStreamClient := redis.NewClient(&redis.Options{
+		Addr:     fmt.Sprintf("%s:%s", cfg.RedisHost, cfg.RedisPort),
+		Password: cfg.RedisPassword,
+		DB:       cfg.RedisStreamDB,
+	})
+
+	if _, err := redisStreamClient.Ping(ctx).Result(); err != nil {
+		s.Logger().Error("failed to connect to redis stream", "redisStream", redisStreamClient.String(), "error", err)
+		os.Exit(1)
+	}
+
 	dbPool, err := pgxpool.New(ctx, dbURL)
 	if err != nil {
 		s.Logger().Error("failed to connect to postgres database", "error", err)
@@ -102,7 +126,7 @@ func main() {
 		s.Logger().Error("failed to create ingestion processor metrics", "error", err)
 		os.Exit(1)
 	}
-	ingestionProcessor, err := reconciler.NewIngestionProcessor(ctx, s.Logger(), ops, ingestionMetrics)
+	ingestionProcessor, err := reconciler.NewIngestionProcessor(ctx, s.Logger(), redisClient, redisStreamClient, reconciler.DefaultRedisStreamID, reconciler.DefaultRedisConsumerGroup, ops, ingestionMetrics)
 	if err != nil {
 		s.Logger().Error("failed to instantiate ingestion processor", "error", err)
 		os.Exit(1)
@@ -114,8 +138,7 @@ func main() {
 	}
 
 	authorizer := authutil.NewUnverifiedJWTAuthorizer(s.Logger())
-
-	gRPCServer, err := reconciler.NewServer(ctx, s.Logger(), repository, authorizer)
+	gRPCServer, err := reconciler.NewServer(ctx, s.Logger(), repository, serverInterceptors(authorizer)...)
 	if err != nil {
 		s.Logger().Error("failed to instantiate gRPC server", "error", err)
 		os.Exit(1)
@@ -156,3 +179,17 @@ func runDBMigrations(ctx context.Context, logger *slog.Logger, dbURL string) err
 
 	return nil
 }
+
+func serverInterceptors(authorizer authutil.Authorizer) []grpc.UnaryServerInterceptor {
+	return []grpc.UnaryServerInterceptor{
+		func(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
+			// TODO: this is applied to all rpcs but could be checked per rpc
+			// if the permissions differ (all are reads currently)
+			if err := authorizer.RequireScopesContext(ctx, []string{authutil.ScopeDiodeRead}); err != nil {
+				return nil, err
+			}
+
+			return handler(ctx, req)
+		},
+	}
+}

diode-server/ingester/component.go

@@ -16,16 +16,12 @@ import (
 	"google.golang.org/grpc/reflection"
 	"google.golang.org/protobuf/proto"
 
-	"github.com/netboxlabs/diode/diode-server/authutil"
 	"github.com/netboxlabs/diode/diode-server/gen/diode/v1/diodepb"
+	"github.com/netboxlabs/diode/diode-server/reconciler"
 	"github.com/netboxlabs/diode/diode-server/sentry"
 	"github.com/netboxlabs/diode/diode-server/telemetry"
 )
 
-const (
-	streamID = "diode.v1.ingest-stream"
-)
-
 // Component asynchronously ingests data from the distributor
 type Component struct {
 	diodepb.UnimplementedIngesterServiceServer
@@ -41,31 +37,19 @@ type Component struct {
 }
 
 // New creates a new ingester component
-func New(ctx context.Context, logger *slog.Logger, cfg Config, meter metric.Meter) (*Component, error) {
+func New(ctx context.Context, logger *slog.Logger, cfg Config, redisStreamClient *redis.Client, meter metric.Meter, serverInterceptors ...grpc.UnaryServerInterceptor) (*Component, error) {
 	grpcListener, err := net.Listen("tcp", fmt.Sprintf(":%d", cfg.GRPCPort))
 	if err != nil {
 		return nil, fmt.Errorf("failed to listen on port %d: %v", cfg.GRPCPort, err)
 	}
 
-	redisStreamClient := redis.NewClient(&redis.Options{
-		Addr:     fmt.Sprintf("%s:%s", cfg.RedisHost, cfg.RedisPort),
-		Password: cfg.RedisPassword,
-		DB:       cfg.RedisStreamDB,
-	})
-
-	if _, err := redisStreamClient.Ping(ctx).Result(); err != nil {
-		return nil, fmt.Errorf("failed connection to %s: %v", redisStreamClient.String(), err)
-	}
-
 	hostname, err := os.Hostname()
 	if err != nil {
 		return nil, fmt.Errorf("failed to get hostname: %v", err)
 	}
 
-	authorizer := authutil.NewUnverifiedJWTAuthorizer(logger)
-
 	grpcServer := grpc.NewServer(
-		grpc.ChainUnaryInterceptor(newAuthUnaryInterceptor(authorizer)),
+		grpc.ChainUnaryInterceptor(serverInterceptors...),
 		grpc.StatsHandler(otelgrpc.NewServerHandler()),
 	)
 
@@ -157,11 +141,13 @@ func (c *Component) Ingest(ctx context.Context, in *diodepb.IngestRequest) (*dio
 		}
 	}
 
-	msg := map[string]interface{}{
+	msg := map[string]any{
 		"request":      encodedRequest,
 		"ingestion_ts": time.Now().UnixNano(),
 	}
 
+	streamID := c.GetRedisStreamID()
+
 	if err := c.redisStreamClient.XAdd(ctx, &redis.XAddArgs{
 		Stream: streamID,
 		Values: msg,
@@ -204,12 +190,7 @@ func validateRequest(in *diodepb.IngestRequest) error {
 	return nil
 }
 
-func newAuthUnaryInterceptor(authorizer authutil.Authorizer) grpc.UnaryServerInterceptor {
-	return func(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
-		if err := authorizer.RequireScopesContext(ctx, []string{authutil.ScopeDiodeIngest}); err != nil {
-			return nil, err
-		}
-
-		return handler(ctx, req)
-	}
+// GetRedisStreamID returns the redis stream ID to add ingested data into
+func (c *Component) GetRedisStreamID() string {
+	return reconciler.DefaultRedisStreamID
 }

diode-server/ingester/component_test.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/alicebob/miniredis/v2"
 	"github.com/kelseyhightower/envconfig"
+	"github.com/redis/go-redis/v9"
 	"github.com/stretchr/testify/require"
 	"go.opentelemetry.io/otel"
 	"google.golang.org/grpc"
@@ -73,7 +74,16 @@ const bufSize = 1024 * 1024
 func startReconcilerServer(ctx context.Context, t *testing.T) *reconciler.Server {
 	logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelDebug, AddSource: false}))
 	mockRepository := mocks.NewRepository(t)
-	server, err := reconciler.NewServer(ctx, logger, mockRepository, authutil.NewUnverifiedJWTAuthorizer(logger))
+	authorizer := authutil.NewUnverifiedJWTAuthorizer(logger)
+	serverInterceptors := []grpc.UnaryServerInterceptor{
+		func(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
+			if err := authorizer.RequireScopesContext(ctx, []string{authutil.ScopeDiodeRead}); err != nil {
+				return nil, err
+			}
+			return handler(ctx, req)
+		},
+	}
+	server, err := reconciler.NewServer(ctx, logger, mockRepository, serverInterceptors...)
 	require.NoError(t, err)
 
 	errChan := make(chan error, 1)
@@ -90,7 +100,7 @@ func startReconcilerServer(ctx context.Context, t *testing.T) *reconciler.Server
 	return server
 }
 
-func startTestComponent(ctx context.Context, t *testing.T) (*ingester.Component, *grpc.ClientConn) {
+func startTestComponent(ctx context.Context, t *testing.T, r *miniredis.Miniredis) (*ingester.Component, *grpc.ClientConn) {
 	grpcPort, _ := getFreePort()
 	_ = os.Setenv("GRPC_PORT", grpcPort)
 
@@ -104,7 +114,23 @@ func startTestComponent(ctx context.Context, t *testing.T) (*ingester.Component,
 	logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelDebug, AddSource: false}))
 
 	meter := otel.GetMeterProvider().Meter("test.ingester")
-	component, err := ingester.New(ctx, logger, cfg, meter)
+
+	redisStreamClient := redis.NewClient(&redis.Options{
+		Addr: r.Addr(),
+		DB:   1,
+	})
+
+	authorizer := authutil.NewUnverifiedJWTAuthorizer(logger)
+	serverInterceptors := []grpc.UnaryServerInterceptor{
+		func(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
+			if err := authorizer.RequireScopesContext(ctx, []string{authutil.ScopeDiodeIngest}); err != nil {
+				return nil, err
+			}
+			return handler(ctx, req)
+		},
+	}
+
+	component, err := ingester.New(ctx, logger, cfg, redisStreamClient, meter, serverInterceptors...)
 	require.NoError(t, err)
 
 	pb.RegisterIngesterServiceServer(s, component)
@@ -148,7 +174,25 @@ func TestNewComponent(t *testing.T) {
 	require.NoError(t, err)
 
 	meter := otel.GetMeterProvider().Meter("test.ingester")
-	component, err := ingester.New(ctx, logger, cfg, meter)
+
+	redisStreamClient := redis.NewClient(&redis.Options{
+		Addr: r.Addr(),
+		DB:   1,
+	})
+	defer func() {
+		_ = redisStreamClient.Close()
+	}()
+	authorizer := authutil.NewUnverifiedJWTAuthorizer(logger)
+	serverInterceptors := []grpc.UnaryServerInterceptor{
+		func(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
+			if err := authorizer.RequireScopesContext(ctx, []string{authutil.ScopeDiodeIngest}); err != nil {
+				return nil, err
+			}
+			return handler(ctx, req)
+		},
+	}
+
+	component, err := ingester.New(ctx, logger, cfg, redisStreamClient, meter, serverInterceptors...)
 
 	require.NoError(t, err)
 	require.NotNil(t, component)
@@ -328,7 +372,7 @@ func TestIngest(t *testing.T) {
 			defer teardownEnv()
 
 			server := startReconcilerServer(ctx, t)
-			component, conn := startTestComponent(ctx, t)
+			component, conn := startTestComponent(ctx, t, r)
 
 			client := pb.NewIngesterServiceClient(conn)
 			resp, err := client.Ingest(ctx, tt.request)