From 00e57db60f407fb075d9824e1a9577d280594eb6 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 13 May 2022 10:06:21 -0400 Subject: [PATCH] Adapt to library changes --- go.mod | 3 ++- go.sum | 6 ++++-- internal/daemon/controller/intercepting_listener.go | 9 ++++++++- internal/daemon/worker/worker.go | 5 ++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 99b4f6fd0b..7e131b4b4b 100644 --- a/go.mod +++ b/go.mod @@ -89,7 +89,7 @@ require ( require github.com/hashicorp/go-dbw v0.0.0-20211215222256-2ff0d37184ff // this is a branch and should be updated before merging -require github.com/hashicorp/nodeenrollment v0.0.0-20220510203232-823dc46c13f6 +require github.com/hashicorp/nodeenrollment v0.0.0-20220513140413-5b932ff6843f require ( github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect @@ -170,6 +170,7 @@ require ( github.com/prometheus/procfs v0.7.3 // indirect github.com/rogpeppe/go-internal v1.8.1 // indirect github.com/russross/blackfriday/v2 v2.0.1 // indirect + github.com/sethvargo/go-diceware v0.3.0 // indirect github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect github.com/sirupsen/logrus v1.7.0 // indirect github.com/urfave/cli/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index 274db287a6..29a6525fd2 100644 --- a/go.sum +++ b/go.sum @@ -425,8 +425,8 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/nodeenrollment v0.0.0-20220510203232-823dc46c13f6 h1:q/Q2txuhRC13sPEU/iRx5fcex60igDpLiFs7f8Izcr4= -github.com/hashicorp/nodeenrollment v0.0.0-20220510203232-823dc46c13f6/go.mod h1:yOOykLWw4G7O1Z7+6X3gzXcQCb/5au1Zna4d1nlQLmM= +github.com/hashicorp/nodeenrollment v0.0.0-20220513140413-5b932ff6843f h1:HZzIMCecyDlRB8uWy/UIIC5RjfdORDKf6bpi0KLhcu0= +github.com/hashicorp/nodeenrollment v0.0.0-20220513140413-5b932ff6843f/go.mod h1:8l3RSuZJAibZKnqX6tvLaeoFzPhDf4oCRVsyFjU5Soc= github.com/hashicorp/vault/api v1.3.1 h1:pkDkcgTh47PRjY1NEFeofqR4W/HkNUi9qIakESO2aRM= github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M= @@ -734,6 +734,8 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/sethvargo/go-diceware v0.3.0 h1:UVVEfmN/uF50JfWAN7nbY6CiAlp5xeSx+5U0lWKkMCQ= +github.com/sethvargo/go-diceware v0.3.0/go.mod h1:lH5Q/oSPMivseNdhMERAC7Ti5oOPqsaVddU1BcN1CY0= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= diff --git a/internal/daemon/controller/intercepting_listener.go b/internal/daemon/controller/intercepting_listener.go index 55306f150b..cf97474d06 100644 --- a/internal/daemon/controller/intercepting_listener.go +++ b/internal/daemon/controller/intercepting_listener.go @@ -80,7 +80,14 @@ func (m *interceptingListener) Accept() (net.Conn, error) { tlsConn := conn.(*tls.Conn) switch { case nodeauth.ContainsNodeAuthAlpnProto(tlsConn.ConnectionState().NegotiatedProtocol): - event.WriteSysEvent(ctx, op, "worker successfully authed", "key_id", nodee.KeyIdFromPkix(tlsConn.ConnectionState().PeerCertificates[0].SubjectKeyId)) + keyId, err := nodee.KeyIdFromPkix(tlsConn.ConnectionState().PeerCertificates[0].SubjectKeyId) + if err != nil { + if err := conn.Close(); err != nil { + event.WriteError(ctx, op, err, event.WithInfoMsg("error closing worker connection")) + } + return nil, newTempError(fmt.Errorf("error deriving key id from newly-authenticated node: %w", err)) + } + event.WriteSysEvent(ctx, op, "worker successfully authed", "key_id", keyId) return conn, nil case strings.HasPrefix(tlsConn.ConnectionState().NegotiatedProtocol, "v1workerauth"): diff --git a/internal/daemon/worker/worker.go b/internal/daemon/worker/worker.go index b4573220af..3ec5c76164 100644 --- a/internal/daemon/worker/worker.go +++ b/internal/daemon/worker/worker.go @@ -190,7 +190,10 @@ func (w *Worker) Start() error { if err := nodeCreds.GenerateRegistrationParameters(w.baseContext, w.NodeeFileStorage); err != nil { return err } - w.NodeeKeyId = nodee.KeyIdFromPkix(nodeCreds.CertificatePublicKeyPkix) + w.NodeeKeyId, err = nodee.KeyIdFromPkix(nodeCreds.CertificatePublicKeyPkix) + if err != nil { + return fmt.Errorf("error deriving key id: %w", err) + } if err := w.startControllerConnections(); err != nil { return fmt.Errorf("error making controller connections: %w", err)