mirror of
https://github.com/siderolabs/talos.git
synced 2025-10-11 15:41:11 +02:00
96aa9638f7
There's a cyclic dependency on siderolink library which imports talos machinery back. We will fix that after we get talos pushed under a new name. Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
51 lines
1.1 KiB
Go
51 lines
1.1 KiB
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package server
|
|
|
|
import (
|
|
"context"
|
|
"net"
|
|
"net/netip"
|
|
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/peer"
|
|
"google.golang.org/grpc/status"
|
|
|
|
"github.com/siderolabs/talos/pkg/machinery/resources/network"
|
|
)
|
|
|
|
func verifyPeer(ctx context.Context, condition func(netip.Addr) bool) bool {
|
|
remotePeer, ok := peer.FromContext(ctx)
|
|
if !ok {
|
|
return false
|
|
}
|
|
|
|
if remotePeer.Addr.Network() != "tcp" {
|
|
return false
|
|
}
|
|
|
|
ip, _, err := net.SplitHostPort(remotePeer.Addr.String())
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
addr, err := netip.ParseAddr(ip)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return condition(addr)
|
|
}
|
|
|
|
func assertPeerSideroLink(ctx context.Context) error {
|
|
if !verifyPeer(ctx, func(addr netip.Addr) bool {
|
|
return network.IsULA(addr, network.ULASideroLink)
|
|
}) {
|
|
return status.Error(codes.Unimplemented, "API is not implemented in maintenance mode")
|
|
}
|
|
|
|
return nil
|
|
}
|