88 lines
2.5 KiB
Go
88 lines
2.5 KiB
Go
package bootstrap
|
|
|
|
import (
|
|
"fmt"
|
|
"isle/nebula"
|
|
"net"
|
|
)
|
|
|
|
// NebulaHost describes the nebula configuration of a Host which is relevant for
|
|
// other hosts to know.
|
|
type NebulaHost struct {
|
|
PublicAddr string
|
|
}
|
|
|
|
// GarageHost describes a single garage instance in the GarageHost.
|
|
type GarageHostInstance struct {
|
|
ID string
|
|
RPCPort int
|
|
S3APIPort int
|
|
}
|
|
|
|
// GarageHost describes the garage configuration of a Host which is relevant for
|
|
// other hosts to know.
|
|
type GarageHost struct {
|
|
Instances []GarageHostInstance
|
|
}
|
|
|
|
// HostAssigned are all fields related to a host which were assigned to it by an
|
|
// admin.
|
|
type HostAssigned struct {
|
|
Name string
|
|
PublicCredentials nebula.HostPublicCredentials
|
|
}
|
|
|
|
// HostConfigured are all the fields a host can configure for itself.
|
|
type HostConfigured struct {
|
|
Nebula NebulaHost `json:",omitempty"`
|
|
Garage GarageHost `json:",omitempty"`
|
|
}
|
|
|
|
// AuthenticatedHost wraps all the data about a host which other hosts may know
|
|
// about it, such that those hosts can authenticate that the data is valid and
|
|
// approved by an admin.
|
|
type AuthenticatedHost struct {
|
|
Assigned nebula.Signed[HostAssigned] // signed by CA
|
|
Configured nebula.Signed[HostConfigured] // signed by host
|
|
}
|
|
|
|
// Unwrap attempts to authenticate and unwrap the Host embedded in this
|
|
// instance. nebula.ErrInvalidSignature is returned if any signatures are
|
|
// invalid.
|
|
func (ah AuthenticatedHost) Unwrap(caCreds nebula.CAPublicCredentials) (Host, error) {
|
|
assigned, err := ah.Assigned.Unwrap(caCreds.SigningKey)
|
|
if err != nil {
|
|
return Host{}, fmt.Errorf("unwrapping assigned fields using CA public key: %w", err)
|
|
}
|
|
|
|
configured, err := ah.Configured.Unwrap(assigned.PublicCredentials.SigningKey)
|
|
if err != nil {
|
|
return Host{}, fmt.Errorf("unwrapping configured fields using host public key: %w", err)
|
|
}
|
|
|
|
return Host{assigned, configured}, nil
|
|
}
|
|
|
|
// Host contains all data bout a host which other hosts may know about it.
|
|
//
|
|
// A Host should only be obtained over the network as an AuthenticatedHost, and
|
|
// subsequently Unwrapped.
|
|
type Host struct {
|
|
HostAssigned
|
|
HostConfigured
|
|
}
|
|
|
|
// IP returns the IP address encoded in the Host's nebula certificate, or panics
|
|
// if there is an error.
|
|
//
|
|
// This assumes that the Host and its data has already been verified against the
|
|
// CA signing key.
|
|
func (h Host) IP() net.IP {
|
|
ip, err := nebula.IPFromHostCertPEM(h.PublicCredentials.CertPEM)
|
|
if err != nil {
|
|
panic(fmt.Errorf("could not parse IP out of cert for host %q: %w", h.Name, err))
|
|
}
|
|
|
|
return ip
|
|
}
|