Require host in garage for nebula create-cert command
This commit is contained in:
parent
ee30199c4c
commit
1ea16d80e4
@ -6,7 +6,6 @@ import (
|
|||||||
"isle/daemon"
|
"isle/daemon"
|
||||||
"isle/jsonutil"
|
"isle/jsonutil"
|
||||||
"isle/nebula"
|
"isle/nebula"
|
||||||
"net/netip"
|
|
||||||
"os"
|
"os"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -17,7 +16,6 @@ var subCmdNebulaCreateCert = subCmd{
|
|||||||
var (
|
var (
|
||||||
flags = subCmdCtx.flagSet(false)
|
flags = subCmdCtx.flagSet(false)
|
||||||
hostName nebula.HostName
|
hostName nebula.HostName
|
||||||
ip netip.Addr
|
|
||||||
)
|
)
|
||||||
|
|
||||||
hostNameF := flags.VarPF(
|
hostNameF := flags.VarPF(
|
||||||
@ -31,12 +29,6 @@ var subCmdNebulaCreateCert = subCmd{
|
|||||||
`Path to PEM file containing public key which will be embedded in the cert.`,
|
`Path to PEM file containing public key which will be embedded in the cert.`,
|
||||||
)
|
)
|
||||||
|
|
||||||
flags.Var(
|
|
||||||
textUnmarshalerFlag{&ip},
|
|
||||||
"ip",
|
|
||||||
"IP address to create a cert for. If this is not given then the IP associated with the host via its `hosts create` call will be used",
|
|
||||||
)
|
|
||||||
|
|
||||||
if err := flags.Parse(subCmdCtx.args); err != nil {
|
if err := flags.Parse(subCmdCtx.args); err != nil {
|
||||||
return fmt.Errorf("parsing flags: %w", err)
|
return fmt.Errorf("parsing flags: %w", err)
|
||||||
}
|
}
|
||||||
@ -63,9 +55,6 @@ var subCmdNebulaCreateCert = subCmd{
|
|||||||
daemon.CreateNebulaCertificateRequest{
|
daemon.CreateNebulaCertificateRequest{
|
||||||
HostName: hostName,
|
HostName: hostName,
|
||||||
HostEncryptingPublicKey: hostPub,
|
HostEncryptingPublicKey: hostPub,
|
||||||
Opts: daemon.CreateNebulaCertificateOpts{
|
|
||||||
IP: ip,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -92,6 +92,7 @@ func (ctx subCmdCtx) doSubCmd(subCmds ...subCmd) error {
|
|||||||
|
|
||||||
subCmdsMap := map[string]subCmd{}
|
subCmdsMap := map[string]subCmd{}
|
||||||
for _, subCmd := range subCmds {
|
for _, subCmd := range subCmds {
|
||||||
|
// TODO allow subCmd(s) in some cases
|
||||||
subCmdsMap[subCmd.name] = subCmd
|
subCmdsMap[subCmd.name] = subCmd
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -34,18 +34,6 @@ type CreateHostOpts struct {
|
|||||||
CanCreateHosts bool
|
CanCreateHosts bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateNebulaCertificateOpts are optional parameters to the
|
|
||||||
// CreateNebulaCertificate method.
|
|
||||||
type CreateNebulaCertificateOpts struct {
|
|
||||||
|
|
||||||
// IP, if given will be used for the host's IP in the created cert. If this
|
|
||||||
// is given then it is not required that the host have an entry in garage.
|
|
||||||
//
|
|
||||||
// TODO once `hosts create` automatically adds the host to garage this can
|
|
||||||
// be removed.
|
|
||||||
IP netip.Addr
|
|
||||||
}
|
|
||||||
|
|
||||||
// Daemon presents all functionality required for client frontends to interact
|
// Daemon presents all functionality required for client frontends to interact
|
||||||
// with isle, typically via the unix socket.
|
// with isle, typically via the unix socket.
|
||||||
type Daemon interface {
|
type Daemon interface {
|
||||||
@ -103,7 +91,6 @@ type Daemon interface {
|
|||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
hostName nebula.HostName,
|
hostName nebula.HostName,
|
||||||
hostPubKey nebula.EncryptingPublicKey,
|
hostPubKey nebula.EncryptingPublicKey,
|
||||||
opts CreateNebulaCertificateOpts,
|
|
||||||
) (
|
) (
|
||||||
nebula.Certificate, error,
|
nebula.Certificate, error,
|
||||||
)
|
)
|
||||||
@ -764,7 +751,6 @@ func (d *daemon) CreateNebulaCertificate(
|
|||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
hostName nebula.HostName,
|
hostName nebula.HostName,
|
||||||
hostPubKey nebula.EncryptingPublicKey,
|
hostPubKey nebula.EncryptingPublicKey,
|
||||||
opts CreateNebulaCertificateOpts,
|
|
||||||
) (
|
) (
|
||||||
nebula.Certificate, error,
|
nebula.Certificate, error,
|
||||||
) {
|
) {
|
||||||
@ -773,14 +759,11 @@ func (d *daemon) CreateNebulaCertificate(
|
|||||||
) (
|
) (
|
||||||
nebula.Certificate, error,
|
nebula.Certificate, error,
|
||||||
) {
|
) {
|
||||||
ip := opts.IP
|
|
||||||
if ip == (netip.Addr{}) {
|
|
||||||
host, ok := currBootstrap.Hosts[hostName]
|
host, ok := currBootstrap.Hosts[hostName]
|
||||||
if !ok {
|
if !ok {
|
||||||
return nebula.Certificate{}, ErrHostNotFound
|
return nebula.Certificate{}, ErrHostNotFound
|
||||||
}
|
}
|
||||||
ip = host.IP()
|
ip := host.IP()
|
||||||
}
|
|
||||||
|
|
||||||
caSigningPrivateKey, err := getNebulaCASigningPrivateKey(
|
caSigningPrivateKey, err := getNebulaCASigningPrivateKey(
|
||||||
ctx, d.secretsStore,
|
ctx, d.secretsStore,
|
||||||
|
|||||||
@ -161,7 +161,6 @@ func (r *RPC) CreateHost(
|
|||||||
type CreateNebulaCertificateRequest struct {
|
type CreateNebulaCertificateRequest struct {
|
||||||
HostName nebula.HostName
|
HostName nebula.HostName
|
||||||
HostEncryptingPublicKey nebula.EncryptingPublicKey
|
HostEncryptingPublicKey nebula.EncryptingPublicKey
|
||||||
Opts CreateNebulaCertificateOpts
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateNebulaCertificateResult wraps the results from the
|
// CreateNebulaCertificateResult wraps the results from the
|
||||||
@ -178,7 +177,7 @@ func (r *RPC) CreateNebulaCertificate(
|
|||||||
CreateNebulaCertificateResult, error,
|
CreateNebulaCertificateResult, error,
|
||||||
) {
|
) {
|
||||||
cert, err := r.daemon.CreateNebulaCertificate(
|
cert, err := r.daemon.CreateNebulaCertificate(
|
||||||
ctx, req.HostName, req.HostEncryptingPublicKey, req.Opts,
|
ctx, req.HostName, req.HostEncryptingPublicKey,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return CreateNebulaCertificateResult{}, err
|
return CreateNebulaCertificateResult{}, err
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user