isle/go/cmd/entrypoint/nebula.go

package main

import (
	"fmt"
	"isle/jsonutil"
	"os"

	"github.com/slackhq/nebula/cert"
)

var subCmdNebulaShow = subCmd{
	name:  "show",
	descr: "Writes nebula network information to stdout in JSON format",
	do: func(subCmdCtx subCmdCtx) error {

		flags := subCmdCtx.flagSet(false)
		if err := flags.Parse(subCmdCtx.args); err != nil {
			return fmt.Errorf("parsing flags: %w", err)
		}

		hostBootstrap, err := loadHostBootstrap()
		if err != nil {
			return fmt.Errorf("loading host bootstrap: %w", err)
		}

		caPublicCreds := hostBootstrap.CAPublicCredentials
		caCert, _, err := cert.UnmarshalNebulaCertificateFromPEM([]byte(caPublicCreds.CertPEM))
		if err != nil {
			return fmt.Errorf("unmarshaling ca.crt: %w", err)
		}

		if len(caCert.Details.Subnets) != 1 {
			return fmt.Errorf(
				"malformed ca.crt, contains unexpected subnets %#v",
				caCert.Details.Subnets,
			)
		}

		subnet := caCert.Details.Subnets[0]

		type outLighthouse struct {
			PublicAddr string
			IP         string
		}

		out := struct {
			CACert      string
			SubnetCIDR  string
			Lighthouses []outLighthouse
		}{
			CACert:     caPublicCreds.CertPEM,
			SubnetCIDR: subnet.String(),
		}

		for _, h := range hostBootstrap.Hosts {
			if h.Nebula.PublicAddr == "" {
				continue
			}

			out.Lighthouses = append(out.Lighthouses, outLighthouse{
				PublicAddr: h.Nebula.PublicAddr,
				IP:         h.IP().String(),
			})
		}

		if err := jsonutil.WriteIndented(os.Stdout, out); err != nil {
			return fmt.Errorf("encoding to stdout: %w", err)
		}

		return nil
	},
}

var subCmdNebula = subCmd{
	name:  "nebula",
	descr: "Sub-commands related to the nebula VPN",
	do: func(subCmdCtx subCmdCtx) error {
		return subCmdCtx.doSubCmd(
			subCmdNebulaShow,
		)
	},
}
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`package main`

			`import (`
			`"fmt"`
Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`"isle/jsonutil"`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`"os"`

			`"github.com/slackhq/nebula/cert"`
			`)`

			`var subCmdNebulaShow = subCmd{`
			`name: "show",`
Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`descr: "Writes nebula network information to stdout in JSON format",`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`do: func(subCmdCtx subCmdCtx) error {`

			`flags := subCmdCtx.flagSet(false)`
			`if err := flags.Parse(subCmdCtx.args); err != nil {`
			`return fmt.Errorf("parsing flags: %w", err)`
			`}`

			`hostBootstrap, err := loadHostBootstrap()`
			`if err != nil {`
			`return fmt.Errorf("loading host bootstrap: %w", err)`
			`}`

Refactor how host data is signed, now it's simpler and probably more secure 2024-06-10 20:31:29 +00:00			`caPublicCreds := hostBootstrap.CAPublicCredentials`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`caCert, _, err := cert.UnmarshalNebulaCertificateFromPEM([]byte(caPublicCreds.CertPEM))`
			`if err != nil {`
			`return fmt.Errorf("unmarshaling ca.crt: %w", err)`
			`}`

			`if len(caCert.Details.Subnets) != 1 {`
			`return fmt.Errorf(`
			`"malformed ca.crt, contains unexpected subnets %#v",`
			`caCert.Details.Subnets,`
			`)`
			`}`

			`subnet := caCert.Details.Subnets[0]`

			`type outLighthouse struct {`
Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`PublicAddr string`
			`IP string`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`}`

			`out := struct {`
Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`CACert string`
			`SubnetCIDR string`
			`Lighthouses []outLighthouse`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`}{`
			`CACert: caPublicCreds.CertPEM,`
			`SubnetCIDR: subnet.String(),`
			`}`

			`for _, h := range hostBootstrap.Hosts {`
			`if h.Nebula.PublicAddr == "" {`
			`continue`
			`}`

			`out.Lighthouses = append(out.Lighthouses, outLighthouse{`
			`PublicAddr: h.Nebula.PublicAddr,`
			`IP: h.IP().String(),`
			`})`
			`}`

Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`if err := jsonutil.WriteIndented(os.Stdout, out); err != nil {`
			`return fmt.Errorf("encoding to stdout: %w", err)`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`}`

			`return nil`
			`},`
			`}`

			`var subCmdNebula = subCmd{`
			`name: "nebula",`
			`descr: "Sub-commands related to the nebula VPN",`
			`do: func(subCmdCtx subCmdCtx) error {`
			`return subCmdCtx.doSubCmd(`
			`subCmdNebulaShow,`
			`)`
			`},`
			`}`