feat: ensure google cloud run compatibility (#3388)

* feat: ensure google cloud run compatibility

* from scratch docker image

* fall back to cloud run container id for sonyflake

.gitignore

@@ -59,5 +59,5 @@ openapi/**/*.json
 build/local/cloud.env
 migrations/cockroach/migrate_cloud.go
 .notifications
-
 .artifacts
+/zitadel

build/Dockerfile

@@ -3,15 +3,18 @@
 #######################
 FROM alpine:3 as artifact
 COPY zitadel /app/zitadel
-RUN adduser -D zitadel
+RUN adduser -D zitadel && \
+    chown zitadel /app/zitadel && \
+    chmod +x /app/zitadel
 
 #######################
 ## Scratch Image
 #######################
-FROM  scratch as final
+FROM scratch as final
 COPY --from=artifact /etc/passwd /etc/passwd
 COPY --from=artifact /etc/ssl/certs /etc/ssl/certs
 COPY --from=artifact /app /
 USER zitadel
 HEALTHCHECK NONE
 ENTRYPOINT ["/zitadel"]
+

go.mod

@@ -44,7 +44,6 @@ require (
 	github.com/pquerna/otp v1.3.0
 	github.com/rakyll/statik v0.1.7
 	github.com/rs/cors v1.8.0
-	github.com/sirupsen/logrus v1.8.1
 	github.com/sony/sonyflake v1.0.0
 	github.com/spf13/cobra v1.3.0
 	github.com/spf13/viper v1.10.1
@@ -153,6 +152,7 @@ require (
 	github.com/prometheus/procfs v0.6.0 // indirect
 	github.com/rs/xid v1.2.1 // indirect
 	github.com/satori/go.uuid v1.2.0 // indirect
+	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/spf13/afero v1.8.1 // indirect
 	github.com/spf13/cast v1.4.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect

internal/id/sonyflake.go

@@ -2,7 +2,11 @@ package id
 
 import (
 	"errors"
+	"fmt"
+	"hash/fnv"
+	"io/ioutil"
 	"net"
+	"net/http"
 	"os"
 
 	"strconv"
@@ -26,7 +30,7 @@ func (s *sonyflakeGenerator) Next() (string, error) {
 var (
 	SonyFlakeGenerator = Generator(&sonyflakeGenerator{
 		sonyflake.NewSonyflake(sonyflake.Settings{
-			MachineID: lower16BitPrivateIP,
+			MachineID: machineID,
 			StartTime: time.Date(2019, 4, 29, 0, 0, 0, 0, time.UTC),
 		}),
 	})
@@ -68,6 +72,19 @@ func isPrivateIPv4(ip net.IP) bool {
 		(ip[0] == 10 || ip[0] == 172 && (ip[1] >= 16 && ip[1] < 32) || ip[0] == 192 && ip[1] == 168)
 }
 
+func machineID() (uint16, error) {
+	ip, ipErr := lower16BitPrivateIP()
+	if ipErr == nil {
+		return ip, nil
+	}
+
+	cid, cidErr := cloudRunContainerID()
+	if cidErr != nil {
+		return 0, fmt.Errorf("neighter found a private ip nor a cloud run container instance id: private ip err: %w, cloud run ip err: %s", ipErr, cidErr.Error())
+	}
+	return cid, nil
+}
+
 func lower16BitPrivateIP() (uint16, error) {
 	ip, err := privateIPv4()
 	if err != nil {
@@ -76,3 +93,36 @@ func lower16BitPrivateIP() (uint16, error) {
 
 	return uint16(ip[2])<<8 + uint16(ip[3]), nil
 }
+
+func cloudRunContainerID() (uint16, error) {
+	req, err := http.NewRequest(
+		http.MethodGet,
+		"http://metadata.google.internal/computeMetadata/v1/instance/id",
+		nil,
+	)
+	if err != nil {
+		return 0, err
+	}
+	req.Header.Set("Metadata-Flavor", "Google")
+
+	resp, err := (&http.Client{}).Do(req)
+	if err != nil {
+		return 0, err
+	}
+
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 && resp.StatusCode < 600 {
+		return 0, fmt.Errorf("cloud metadata returned an unsuccessful status code %d", resp.StatusCode)
+	}
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return 0, err
+	}
+
+	h := fnv.New32()
+	if _, err = h.Write(body); err != nil {
+		return 0, err
+	}
+	return uint16(h.Sum32()), nil
+}