Require host in garage for nebula create-cert command

This commit is contained in:
Brian Picciano 2024-07-21 17:06:27 +02:00
parent ee30199c4c
commit 1ea16d80e4
4 changed files with 6 additions and 34 deletions

View File

@ -6,7 +6,6 @@ import (
"isle/daemon"
"isle/jsonutil"
"isle/nebula"
"net/netip"
"os"
)
@ -17,7 +16,6 @@ var subCmdNebulaCreateCert = subCmd{
var (
flags = subCmdCtx.flagSet(false)
hostName nebula.HostName
ip netip.Addr
)
hostNameF := flags.VarPF(
@ -31,12 +29,6 @@ var subCmdNebulaCreateCert = subCmd{
`Path to PEM file containing public key which will be embedded in the cert.`,
)
flags.Var(
textUnmarshalerFlag{&ip},
"ip",
"IP address to create a cert for. If this is not given then the IP associated with the host via its `hosts create` call will be used",
)
if err := flags.Parse(subCmdCtx.args); err != nil {
return fmt.Errorf("parsing flags: %w", err)
}
@ -63,9 +55,6 @@ var subCmdNebulaCreateCert = subCmd{
daemon.CreateNebulaCertificateRequest{
HostName: hostName,
HostEncryptingPublicKey: hostPub,
Opts: daemon.CreateNebulaCertificateOpts{
IP: ip,
},
},
)
if err != nil {

View File

@ -92,6 +92,7 @@ func (ctx subCmdCtx) doSubCmd(subCmds ...subCmd) error {
subCmdsMap := map[string]subCmd{}
for _, subCmd := range subCmds {
// TODO allow subCmd(s) in some cases
subCmdsMap[subCmd.name] = subCmd
}

View File

@ -34,18 +34,6 @@ type CreateHostOpts struct {
CanCreateHosts bool
}
// CreateNebulaCertificateOpts are optional parameters to the
// CreateNebulaCertificate method.
type CreateNebulaCertificateOpts struct {
// IP, if given will be used for the host's IP in the created cert. If this
// is given then it is not required that the host have an entry in garage.
//
// TODO once `hosts create` automatically adds the host to garage this can
// be removed.
IP netip.Addr
}
// Daemon presents all functionality required for client frontends to interact
// with isle, typically via the unix socket.
type Daemon interface {
@ -103,7 +91,6 @@ type Daemon interface {
ctx context.Context,
hostName nebula.HostName,
hostPubKey nebula.EncryptingPublicKey,
opts CreateNebulaCertificateOpts,
) (
nebula.Certificate, error,
)
@ -764,7 +751,6 @@ func (d *daemon) CreateNebulaCertificate(
ctx context.Context,
hostName nebula.HostName,
hostPubKey nebula.EncryptingPublicKey,
opts CreateNebulaCertificateOpts,
) (
nebula.Certificate, error,
) {
@ -773,14 +759,11 @@ func (d *daemon) CreateNebulaCertificate(
) (
nebula.Certificate, error,
) {
ip := opts.IP
if ip == (netip.Addr{}) {
host, ok := currBootstrap.Hosts[hostName]
if !ok {
return nebula.Certificate{}, ErrHostNotFound
}
ip = host.IP()
host, ok := currBootstrap.Hosts[hostName]
if !ok {
return nebula.Certificate{}, ErrHostNotFound
}
ip := host.IP()
caSigningPrivateKey, err := getNebulaCASigningPrivateKey(
ctx, d.secretsStore,

View File

@ -161,7 +161,6 @@ func (r *RPC) CreateHost(
type CreateNebulaCertificateRequest struct {
HostName nebula.HostName
HostEncryptingPublicKey nebula.EncryptingPublicKey
Opts CreateNebulaCertificateOpts
}
// CreateNebulaCertificateResult wraps the results from the
@ -178,7 +177,7 @@ func (r *RPC) CreateNebulaCertificate(
CreateNebulaCertificateResult, error,
) {
cert, err := r.daemon.CreateNebulaCertificate(
ctx, req.HostName, req.HostEncryptingPublicKey, req.Opts,
ctx, req.HostName, req.HostEncryptingPublicKey,
)
if err != nil {
return CreateNebulaCertificateResult{}, err