Add back the ability to specify IP for nebula create-cert
This commit is contained in:
parent
0f42d9367c
commit
5de93e3711
@ -6,6 +6,7 @@ import (
|
|||||||
"isle/daemon"
|
"isle/daemon"
|
||||||
"isle/jsonutil"
|
"isle/jsonutil"
|
||||||
"isle/nebula"
|
"isle/nebula"
|
||||||
|
"net/netip"
|
||||||
"os"
|
"os"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -16,6 +17,7 @@ var subCmdNebulaCreateCert = subCmd{
|
|||||||
var (
|
var (
|
||||||
flags = subCmdCtx.flagSet(false)
|
flags = subCmdCtx.flagSet(false)
|
||||||
hostName nebula.HostName
|
hostName nebula.HostName
|
||||||
|
ip netip.Addr
|
||||||
)
|
)
|
||||||
|
|
||||||
hostNameF := flags.VarPF(
|
hostNameF := flags.VarPF(
|
||||||
@ -29,6 +31,12 @@ var subCmdNebulaCreateCert = subCmd{
|
|||||||
`Path to PEM file containing public key which will be embedded in the cert.`,
|
`Path to PEM file containing public key which will be embedded in the cert.`,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
flags.Var(
|
||||||
|
textUnmarshalerFlag{&ip},
|
||||||
|
"ip",
|
||||||
|
"IP address to create a cert for. If this is not given then the IP associated with the host via its `hosts create` call will be used",
|
||||||
|
)
|
||||||
|
|
||||||
if err := flags.Parse(subCmdCtx.args); err != nil {
|
if err := flags.Parse(subCmdCtx.args); err != nil {
|
||||||
return fmt.Errorf("parsing flags: %w", err)
|
return fmt.Errorf("parsing flags: %w", err)
|
||||||
}
|
}
|
||||||
@ -55,6 +63,9 @@ var subCmdNebulaCreateCert = subCmd{
|
|||||||
daemon.CreateNebulaCertificateRequest{
|
daemon.CreateNebulaCertificateRequest{
|
||||||
HostName: hostName,
|
HostName: hostName,
|
||||||
HostEncryptingPublicKey: hostPub,
|
HostEncryptingPublicKey: hostPub,
|
||||||
|
Opts: daemon.CreateNebulaCertificateOpts{
|
||||||
|
IP: ip,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -29,6 +29,18 @@ type CreateHostOpts struct {
|
|||||||
CanCreateHosts bool
|
CanCreateHosts bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CreateNebulaCertificateOpts are optional parameters to the
|
||||||
|
// CreateNebulaCertificate method.
|
||||||
|
type CreateNebulaCertificateOpts struct {
|
||||||
|
|
||||||
|
// IP, if given will be used for the host's IP in the created cert. If this
|
||||||
|
// is given then it is not required that the host have an entry in garage.
|
||||||
|
//
|
||||||
|
// TODO once `hosts create` automatically adds the host to garage this can
|
||||||
|
// be removed.
|
||||||
|
IP netip.Addr
|
||||||
|
}
|
||||||
|
|
||||||
// Daemon presents all functionality required for client frontends to interact
|
// Daemon presents all functionality required for client frontends to interact
|
||||||
// with isle, typically via the unix socket.
|
// with isle, typically via the unix socket.
|
||||||
type Daemon interface {
|
type Daemon interface {
|
||||||
@ -87,6 +99,7 @@ type Daemon interface {
|
|||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
hostName nebula.HostName,
|
hostName nebula.HostName,
|
||||||
hostPubKey nebula.EncryptingPublicKey,
|
hostPubKey nebula.EncryptingPublicKey,
|
||||||
|
opts CreateNebulaCertificateOpts,
|
||||||
) (
|
) (
|
||||||
nebula.Certificate, error,
|
nebula.Certificate, error,
|
||||||
)
|
)
|
||||||
@ -735,6 +748,7 @@ func (d *daemon) CreateNebulaCertificate(
|
|||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
hostName nebula.HostName,
|
hostName nebula.HostName,
|
||||||
hostPubKey nebula.EncryptingPublicKey,
|
hostPubKey nebula.EncryptingPublicKey,
|
||||||
|
opts CreateNebulaCertificateOpts,
|
||||||
) (
|
) (
|
||||||
nebula.Certificate, error,
|
nebula.Certificate, error,
|
||||||
) {
|
) {
|
||||||
@ -743,10 +757,14 @@ func (d *daemon) CreateNebulaCertificate(
|
|||||||
) (
|
) (
|
||||||
nebula.Certificate, error,
|
nebula.Certificate, error,
|
||||||
) {
|
) {
|
||||||
|
ip := opts.IP
|
||||||
|
if ip == (netip.Addr{}) {
|
||||||
host, ok := currBootstrap.Hosts[hostName]
|
host, ok := currBootstrap.Hosts[hostName]
|
||||||
if !ok {
|
if !ok {
|
||||||
return nebula.Certificate{}, ErrHostNotFound
|
return nebula.Certificate{}, ErrHostNotFound
|
||||||
}
|
}
|
||||||
|
ip = host.IP()
|
||||||
|
}
|
||||||
|
|
||||||
caSigningPrivateKey, err := getNebulaCASigningPrivateKey(
|
caSigningPrivateKey, err := getNebulaCASigningPrivateKey(
|
||||||
ctx, d.secretsStore,
|
ctx, d.secretsStore,
|
||||||
@ -757,7 +775,7 @@ func (d *daemon) CreateNebulaCertificate(
|
|||||||
|
|
||||||
caCreds := makeCACreds(currBootstrap, caSigningPrivateKey)
|
caCreds := makeCACreds(currBootstrap, caSigningPrivateKey)
|
||||||
|
|
||||||
return nebula.NewHostCert(caCreds, hostPubKey, hostName, host.IP())
|
return nebula.NewHostCert(caCreds, hostPubKey, hostName, ip)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -163,6 +163,7 @@ func (r *RPC) CreateHost(
|
|||||||
type CreateNebulaCertificateRequest struct {
|
type CreateNebulaCertificateRequest struct {
|
||||||
HostName nebula.HostName
|
HostName nebula.HostName
|
||||||
HostEncryptingPublicKey nebula.EncryptingPublicKey
|
HostEncryptingPublicKey nebula.EncryptingPublicKey
|
||||||
|
Opts CreateNebulaCertificateOpts
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateNebulaCertificateResult wraps the results from the
|
// CreateNebulaCertificateResult wraps the results from the
|
||||||
@ -179,7 +180,7 @@ func (r *RPC) CreateNebulaCertificate(
|
|||||||
CreateNebulaCertificateResult, error,
|
CreateNebulaCertificateResult, error,
|
||||||
) {
|
) {
|
||||||
cert, err := r.daemon.CreateNebulaCertificate(
|
cert, err := r.daemon.CreateNebulaCertificate(
|
||||||
ctx, req.HostName, req.HostEncryptingPublicKey,
|
ctx, req.HostName, req.HostEncryptingPublicKey, req.Opts,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return CreateNebulaCertificateResult{}, err
|
return CreateNebulaCertificateResult{}, err
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user