isle/go/cmd/entrypoint/nebula.go

package main

import (
	"fmt"
	"isle/jsonutil"
	"isle/nebula"
	"os"
)

var subCmdNebulaShow = subCmd{
	name:  "show",
	descr: "Writes nebula network information to stdout in JSON format",
	do: func(subCmdCtx subCmdCtx) error {

		flags := subCmdCtx.flagSet(false)
		if err := flags.Parse(subCmdCtx.args); err != nil {
			return fmt.Errorf("parsing flags: %w", err)
		}

		hosts, err := subCmdCtx.getHosts()
		if err != nil {
			return fmt.Errorf("getting hosts: %w", err)
		}

		var caPublicCreds nebula.CAPublicCredentials
		err = subCmdCtx.daemonRCPClient.Call(
			subCmdCtx.ctx, &caPublicCreds, "GetNebulaCAPublicCredentials", nil,
		)
		if err != nil {
			return fmt.Errorf("calling GetNebulaCAPublicCredentials: %w", err)
		}

		caCert := caPublicCreds.Cert.Unwrap()
		caCertPEM, err := caCert.MarshalToPEM()
		if err != nil {
			return fmt.Errorf("marshaling CA cert to PEM: %w", err)
		}

		if len(caCert.Details.Subnets) != 1 {
			return fmt.Errorf(
				"malformed ca.crt, contains unexpected subnets %#v",
				caCert.Details.Subnets,
			)
		}

		subnet := caCert.Details.Subnets[0]

		type outLighthouse struct {
			PublicAddr string
			IP         string
		}

		out := struct {
			CACert      string
			SubnetCIDR  string
			Lighthouses []outLighthouse
		}{
			CACert:     string(caCertPEM),
			SubnetCIDR: subnet.String(),
		}

		for _, h := range hosts.Hosts {
			if h.Nebula.PublicAddr == "" {
				continue
			}

			out.Lighthouses = append(out.Lighthouses, outLighthouse{
				PublicAddr: h.Nebula.PublicAddr,
				IP:         h.IP().String(),
			})
		}

		if err := jsonutil.WriteIndented(os.Stdout, out); err != nil {
			return fmt.Errorf("encoding to stdout: %w", err)
		}

		return nil
	},
}

var subCmdNebula = subCmd{
	name:  "nebula",
	descr: "Sub-commands related to the nebula VPN",
	do: func(subCmdCtx subCmdCtx) error {
		return subCmdCtx.doSubCmd(
			subCmdNebulaShow,
		)
	},
}
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`package main`

			`import (`
			`"fmt"`
Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`"isle/jsonutil"`
Fetch nebula CAPublicCredentials from daemon 2024-07-12 14:11:42 +00:00			`"isle/nebula"`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`"os"`
			`)`

			`var subCmdNebulaShow = subCmd{`
			`name: "show",`
Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`descr: "Writes nebula network information to stdout in JSON format",`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`do: func(subCmdCtx subCmdCtx) error {`

			`flags := subCmdCtx.flagSet(false)`
			`if err := flags.Parse(subCmdCtx.args); err != nil {`
			`return fmt.Errorf("parsing flags: %w", err)`
			`}`

Fetch nebula CAPublicCredentials from daemon 2024-07-12 14:11:42 +00:00			`hosts, err := subCmdCtx.getHosts()`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`if err != nil {`
Fetch nebula CAPublicCredentials from daemon 2024-07-12 14:11:42 +00:00			`return fmt.Errorf("getting hosts: %w", err)`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`}`

Fetch nebula CAPublicCredentials from daemon 2024-07-12 14:11:42 +00:00			`var caPublicCreds nebula.CAPublicCredentials`
			`err = subCmdCtx.daemonRCPClient.Call(`
			`subCmdCtx.ctx, &caPublicCreds, "GetNebulaCAPublicCredentials", nil,`
			`)`
			`if err != nil {`
			`return fmt.Errorf("calling GetNebulaCAPublicCredentials: %w", err)`
			`}`

			`caCert := caPublicCreds.Cert.Unwrap()`
Refactor how signing/encryption keys are typed and (un)marshaled 2024-06-15 21:02:24 +00:00			`caCertPEM, err := caCert.MarshalToPEM()`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`if err != nil {`
Refactor how signing/encryption keys are typed and (un)marshaled 2024-06-15 21:02:24 +00:00			`return fmt.Errorf("marshaling CA cert to PEM: %w", err)`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`}`

			`if len(caCert.Details.Subnets) != 1 {`
			`return fmt.Errorf(`
			`"malformed ca.crt, contains unexpected subnets %#v",`
			`caCert.Details.Subnets,`
			`)`
			`}`

			`subnet := caCert.Details.Subnets[0]`

			`type outLighthouse struct {`
Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`PublicAddr string`
			`IP string`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`}`

			`out := struct {`
Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`CACert string`
			`SubnetCIDR string`
			`Lighthouses []outLighthouse`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`}{`
Refactor how signing/encryption keys are typed and (un)marshaled 2024-06-15 21:02:24 +00:00			`CACert: string(caCertPEM),`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`SubnetCIDR: subnet.String(),`
			`}`

Fetch nebula CAPublicCredentials from daemon 2024-07-12 14:11:42 +00:00			`for _, h := range hosts.Hosts {`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`if h.Nebula.PublicAddr == "" {`
			`continue`
			`}`

			`out.Lighthouses = append(out.Lighthouses, outLighthouse{`
			`PublicAddr: h.Nebula.PublicAddr,`
			`IP: h.IP().String(),`
			`})`
			`}`

Use JSON instead of YAML for files which aren't intended for human editing 2024-06-10 16:56:36 +00:00			`if err := jsonutil.WriteIndented(os.Stdout, out); err != nil {`
			`return fmt.Errorf("encoding to stdout: %w", err)`
Add ability to sign nebula public keys, and show nebula network info The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server. 2023-08-27 14:09:03 +00:00			`}`

			`return nil`
			`},`
			`}`

			`var subCmdNebula = subCmd{`
			`name: "nebula",`
			`descr: "Sub-commands related to the nebula VPN",`
			`do: func(subCmdCtx subCmdCtx) error {`
			`return subCmdCtx.doSubCmd(`
			`subCmdNebulaShow,`
			`)`
			`},`
			`}`