self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 10:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/lib/auth/register.go
Ev Kontsevoy 0b26b7fc47 Teleport Host Certificates support multiple roles now 
Teleport CA-signed host certificates used to support only one
server role per cert.

This commit adds the ability to store multiple roles in a
certificate, paving the road for multi-role node support in
a near future.
2016-05-10 20:27:18 -07:00

107 lines
2.5 KiB
Go
Raw Blame History

/*
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package auth
import (
"io/ioutil"
"strings"
"github.com/gravitational/teleport"
"github.com/gravitational/teleport/lib/utils"
"github.com/gravitational/trace"
)
// LocalRegister is used in standalone mode to register roles without
// connecting to remote clients and provisioning tokens
func LocalRegister(dataDir string, id IdentityID, authServer *AuthServer) error {
keys, err := authServer.GenerateServerKeys(id.HostUUID, teleport.Roles{id.Role})
if err != nil {
return trace.Wrap(err)
}
return writeKeys(dataDir, id, keys.Key, keys.Cert)
}
// Register is used by auth service clients (other services, like proxy or SSH) when a new node
// joins the cluster
func Register(dataDir, token string, id IdentityID, servers []utils.NetAddr) error {
tok, err := readToken(token)
if err != nil {
return trace.Wrap(err)
}
method, err := NewTokenAuth(id.HostUUID, tok)
if err != nil {
return trace.Wrap(err)
}
client, err := NewTunClient(
"auth.client.register",
servers,
id.HostUUID,
method)
if err != nil {
return trace.Wrap(err)
}
defer client.Close()
keys, err := client.RegisterUsingToken(tok, id.HostUUID, id.Role)
if err != nil {
return trace.Wrap(err)
}
return writeKeys(dataDir, id, keys.Key, keys.Cert)
}
func RegisterNewAuth(domainName, token string, servers []utils.NetAddr) error {
tok, err := readToken(token)
if err != nil {
return trace.Wrap(err)
}
method, err := NewTokenAuth(domainName, tok)
if err != nil {
return trace.Wrap(err)
}
client, err := NewTunClient(
"auth.server.register",
servers,
domainName,
method)
if err != nil {
return trace.Wrap(err)
}
defer client.Close()
return client.RegisterNewAuthServer(tok)
}
func readToken(token string) (string, error) {
if !strings.HasPrefix(token, "/") {
return token, nil
}
// treat it as a file
out, err := ioutil.ReadFile(token)
if err != nil {
return "", nil
}
return string(out), nil
}
type PackedKeys struct {
Key []byte `json:"key"`
Cert []byte `json:"cert"`
}
Reference in a new issue View git blame Copy permalink