Require host in garage for nebula create-cert command

2024-07-21 17:06:27 +02:00 · 2024-07-21 17:06:27 +02:00 · 1ea16d80e4
commit 1ea16d80e4
parent ee30199c4c
4 changed files with 6 additions and 34 deletions
--- a/go/cmd/entrypoint/nebula.go
+++ b/go/cmd/entrypoint/nebula.go
@ -6,7 +6,6 @@ import (
 	"isle/daemon"
 	"isle/jsonutil"
 	"isle/nebula"
-	"net/netip"
 	"os"
 )

@ -17,7 +16,6 @@ var subCmdNebulaCreateCert = subCmd{
 		var (
 			flags    = subCmdCtx.flagSet(false)
 			hostName nebula.HostName
-			ip       netip.Addr
 		)

 		hostNameF := flags.VarPF(
@ -31,12 +29,6 @@ var subCmdNebulaCreateCert = subCmd{
 			`Path to PEM file containing public key which will be embedded in the cert.`,
 		)

-		flags.Var(
-			textUnmarshalerFlag{&ip},
-			"ip",
-			"IP address to create a cert for. If this is not given then the IP associated with the host via its `hosts create` call will be used",
-		)
-
 		if err := flags.Parse(subCmdCtx.args); err != nil {
 			return fmt.Errorf("parsing flags: %w", err)
 		}
@ -63,9 +55,6 @@ var subCmdNebulaCreateCert = subCmd{
 			daemon.CreateNebulaCertificateRequest{
 				HostName:                hostName,
 				HostEncryptingPublicKey: hostPub,
-				Opts: daemon.CreateNebulaCertificateOpts{
-					IP: ip,
-				},
 			},
 		)
 		if err != nil {
--- a/go/cmd/entrypoint/sub_cmd.go
+++ b/go/cmd/entrypoint/sub_cmd.go
@ -92,6 +92,7 @@ func (ctx subCmdCtx) doSubCmd(subCmds ...subCmd) error {

 	subCmdsMap := map[string]subCmd{}
 	for _, subCmd := range subCmds {
+		// TODO allow subCmd(s) in some cases
 		subCmdsMap[subCmd.name] = subCmd
 	}

--- a/go/daemon/daemon.go
+++ b/go/daemon/daemon.go
@ -34,18 +34,6 @@ type CreateHostOpts struct {
 	CanCreateHosts bool
 }

-// CreateNebulaCertificateOpts are optional parameters to the
-// CreateNebulaCertificate method.
-type CreateNebulaCertificateOpts struct {
-
-	// IP, if given will be used for the host's IP in the created cert. If this
-	// is given then it is not required that the host have an entry in garage.
-	//
-	// TODO once `hosts create` automatically adds the host to garage this can
-	// be removed.
-	IP netip.Addr
-}
-
 // Daemon presents all functionality required for client frontends to interact
 // with isle, typically via the unix socket.
 type Daemon interface {
@ -103,7 +91,6 @@ type Daemon interface {
 		ctx context.Context,
 		hostName nebula.HostName,
 		hostPubKey nebula.EncryptingPublicKey,
-		opts CreateNebulaCertificateOpts,
 	) (
 		nebula.Certificate, error,
 	)
@ -764,7 +751,6 @@ func (d *daemon) CreateNebulaCertificate(
 	ctx context.Context,
 	hostName nebula.HostName,
 	hostPubKey nebula.EncryptingPublicKey,
-	opts CreateNebulaCertificateOpts,
 ) (
 	nebula.Certificate, error,
 ) {
@ -773,14 +759,11 @@ func (d *daemon) CreateNebulaCertificate(
 	) (
 		nebula.Certificate, error,
 	) {
-		ip := opts.IP
-		if ip == (netip.Addr{}) {
-			host, ok := currBootstrap.Hosts[hostName]
-			if !ok {
-				return nebula.Certificate{}, ErrHostNotFound
-			}
-			ip = host.IP()
+		host, ok := currBootstrap.Hosts[hostName]
+		if !ok {
+			return nebula.Certificate{}, ErrHostNotFound
 		}
+		ip := host.IP()

 		caSigningPrivateKey, err := getNebulaCASigningPrivateKey(
 			ctx, d.secretsStore,
--- a/go/daemon/rpc.go
+++ b/go/daemon/rpc.go
@ -161,7 +161,6 @@ func (r *RPC) CreateHost(
 type CreateNebulaCertificateRequest struct {
 	HostName                nebula.HostName
 	HostEncryptingPublicKey nebula.EncryptingPublicKey
-	Opts                    CreateNebulaCertificateOpts
 }

 // CreateNebulaCertificateResult wraps the results from the
@ -178,7 +177,7 @@ func (r *RPC) CreateNebulaCertificate(
 	CreateNebulaCertificateResult, error,
 ) {
 	cert, err := r.daemon.CreateNebulaCertificate(
-		ctx, req.HostName, req.HostEncryptingPublicKey, req.Opts,
+		ctx, req.HostName, req.HostEncryptingPublicKey,
 	)
 	if err != nil {
 		return CreateNebulaCertificateResult{}, err