From 1ea16d80e45acf448132c284e83f6f2daa792e43 Mon Sep 17 00:00:00 2001 From: Brian Picciano Date: Sun, 21 Jul 2024 17:06:27 +0200 Subject: [PATCH] Require host in garage for nebula create-cert command --- go/cmd/entrypoint/nebula.go | 11 ----------- go/cmd/entrypoint/sub_cmd.go | 1 + go/daemon/daemon.go | 25 ++++--------------------- go/daemon/rpc.go | 3 +-- 4 files changed, 6 insertions(+), 34 deletions(-) diff --git a/go/cmd/entrypoint/nebula.go b/go/cmd/entrypoint/nebula.go index 6a57eca..c43fb97 100644 --- a/go/cmd/entrypoint/nebula.go +++ b/go/cmd/entrypoint/nebula.go @@ -6,7 +6,6 @@ import ( "isle/daemon" "isle/jsonutil" "isle/nebula" - "net/netip" "os" ) @@ -17,7 +16,6 @@ var subCmdNebulaCreateCert = subCmd{ var ( flags = subCmdCtx.flagSet(false) hostName nebula.HostName - ip netip.Addr ) hostNameF := flags.VarPF( @@ -31,12 +29,6 @@ var subCmdNebulaCreateCert = subCmd{ `Path to PEM file containing public key which will be embedded in the cert.`, ) - flags.Var( - textUnmarshalerFlag{&ip}, - "ip", - "IP address to create a cert for. If this is not given then the IP associated with the host via its `hosts create` call will be used", - ) - if err := flags.Parse(subCmdCtx.args); err != nil { return fmt.Errorf("parsing flags: %w", err) } @@ -63,9 +55,6 @@ var subCmdNebulaCreateCert = subCmd{ daemon.CreateNebulaCertificateRequest{ HostName: hostName, HostEncryptingPublicKey: hostPub, - Opts: daemon.CreateNebulaCertificateOpts{ - IP: ip, - }, }, ) if err != nil { diff --git a/go/cmd/entrypoint/sub_cmd.go b/go/cmd/entrypoint/sub_cmd.go index 0af7b76..886dd0c 100644 --- a/go/cmd/entrypoint/sub_cmd.go +++ b/go/cmd/entrypoint/sub_cmd.go @@ -92,6 +92,7 @@ func (ctx subCmdCtx) doSubCmd(subCmds ...subCmd) error { subCmdsMap := map[string]subCmd{} for _, subCmd := range subCmds { + // TODO allow subCmd(s) in some cases subCmdsMap[subCmd.name] = subCmd } diff --git a/go/daemon/daemon.go b/go/daemon/daemon.go index 82cc382..4257b3c 100644 --- a/go/daemon/daemon.go +++ b/go/daemon/daemon.go @@ -34,18 +34,6 @@ type CreateHostOpts struct { CanCreateHosts bool } -// CreateNebulaCertificateOpts are optional parameters to the -// CreateNebulaCertificate method. -type CreateNebulaCertificateOpts struct { - - // IP, if given will be used for the host's IP in the created cert. If this - // is given then it is not required that the host have an entry in garage. - // - // TODO once `hosts create` automatically adds the host to garage this can - // be removed. - IP netip.Addr -} - // Daemon presents all functionality required for client frontends to interact // with isle, typically via the unix socket. type Daemon interface { @@ -103,7 +91,6 @@ type Daemon interface { ctx context.Context, hostName nebula.HostName, hostPubKey nebula.EncryptingPublicKey, - opts CreateNebulaCertificateOpts, ) ( nebula.Certificate, error, ) @@ -764,7 +751,6 @@ func (d *daemon) CreateNebulaCertificate( ctx context.Context, hostName nebula.HostName, hostPubKey nebula.EncryptingPublicKey, - opts CreateNebulaCertificateOpts, ) ( nebula.Certificate, error, ) { @@ -773,14 +759,11 @@ func (d *daemon) CreateNebulaCertificate( ) ( nebula.Certificate, error, ) { - ip := opts.IP - if ip == (netip.Addr{}) { - host, ok := currBootstrap.Hosts[hostName] - if !ok { - return nebula.Certificate{}, ErrHostNotFound - } - ip = host.IP() + host, ok := currBootstrap.Hosts[hostName] + if !ok { + return nebula.Certificate{}, ErrHostNotFound } + ip := host.IP() caSigningPrivateKey, err := getNebulaCASigningPrivateKey( ctx, d.secretsStore, diff --git a/go/daemon/rpc.go b/go/daemon/rpc.go index 4abee38..548e439 100644 --- a/go/daemon/rpc.go +++ b/go/daemon/rpc.go @@ -161,7 +161,6 @@ func (r *RPC) CreateHost( type CreateNebulaCertificateRequest struct { HostName nebula.HostName HostEncryptingPublicKey nebula.EncryptingPublicKey - Opts CreateNebulaCertificateOpts } // CreateNebulaCertificateResult wraps the results from the @@ -178,7 +177,7 @@ func (r *RPC) CreateNebulaCertificate( CreateNebulaCertificateResult, error, ) { cert, err := r.daemon.CreateNebulaCertificate( - ctx, req.HostName, req.HostEncryptingPublicKey, req.Opts, + ctx, req.HostName, req.HostEncryptingPublicKey, ) if err != nil { return CreateNebulaCertificateResult{}, err