Update against new nodee conn type (#2245)

4 years ago · 1596ff3d1c
parent 6b48346bf3
commit 1596ff3d1c
4 changed files with 29 additions and 6 deletions
--- a/go.mod
+++ b/go.mod
@ -92,7 +92,7 @@ require github.com/hashicorp/go-dbw v0.0.0-20220412153211-c470aec9369f // this i
 require (
 	github.com/DATA-DOG/go-sqlmock v1.5.0
 	github.com/hashicorp/go-kms-wrapping/extras/kms/v2 v2.0.0-20220515130442-cac0b5ac133b
-	github.com/hashicorp/nodeenrollment v0.1.4
+	github.com/hashicorp/nodeenrollment v0.1.6
 )

 require (
--- a/go.sum
+++ b/go.sum
@ -740,8 +740,8 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/nodeenrollment v0.1.4 h1:pUgT+mai1+auTiI7RQDrKorxAApymmZgr3azhaxMQiY=
-github.com/hashicorp/nodeenrollment v0.1.4/go.mod h1:LIPKi+g0g/vl3xhpbzugCalHSxX1PMeqnatkAsxRgyM=
+github.com/hashicorp/nodeenrollment v0.1.6 h1:TAOpvU7y28vRB1Nk7pzfUPuJxX07SwBZwTJQgPQQbPI=
+github.com/hashicorp/nodeenrollment v0.1.6/go.mod h1:LIPKi+g0g/vl3xhpbzugCalHSxX1PMeqnatkAsxRgyM=
 github.com/hashicorp/vault/api v1.3.1 h1:pkDkcgTh47PRjY1NEFeofqR4W/HkNUi9qIakESO2aRM=
 github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw=
 github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M=
--- a/internal/daemon/controller/intercepting_listener.go
+++ b/internal/daemon/controller/intercepting_listener.go
@ -9,6 +9,7 @@ import (

 	"github.com/hashicorp/boundary/internal/observability/event"
 	nodee "github.com/hashicorp/nodeenrollment"
+	"github.com/hashicorp/nodeenrollment/protocol"
 )

 // tempError is an error that satisfies the temporary error interface that is
@ -76,7 +77,20 @@ func (m *interceptingListener) Accept() (net.Conn, error) {
 		return nil, newTempError(err)
 	}

-	tlsConn := conn.(*tls.Conn)
+	var tlsConn *tls.Conn
+	switch c := conn.(type) {
+	case *protocol.Conn:
+		// If we so choose, at this point we can pull out the client's
+		// NextProtos with c.ClientNextProtos
+		tlsConn = c.Conn
+	case *tls.Conn:
+		tlsConn = c
+	default:
+		err := fmt.Errorf("unknown connection type %T received", c)
+		event.WriteError(ctx, op, err)
+		return nil, newTempError(err)
+	}
+
 	switch {
 	case nodee.ContainsKnownAlpnProto(tlsConn.ConnectionState().NegotiatedProtocol):
 		keyId, err := nodee.KeyIdFromPkix(tlsConn.ConnectionState().PeerCertificates[0].SubjectKeyId)
--- a/internal/daemon/worker/listeners.go
+++ b/internal/daemon/worker/listeners.go
@ -290,8 +290,17 @@ func (e *eventingListener) Accept() (net.Conn, error) {

 	// This is all best-effort; anything going wrong here shouldn't disrupt the
 	// connection, so on error simply stop trying to get to an event
-	tlsConn, ok := conn.(*tls.Conn)
-	if ok && len(tlsConn.ConnectionState().PeerCertificates) > 0 {
+	var tlsConn *tls.Conn
+	switch c := conn.(type) {
+	case *protocol.Conn:
+		// If we so choose, at this point we can pull out the client's
+		// NextProtos with c.ClientNextProtos
+		tlsConn = c.Conn
+	case *tls.Conn:
+		tlsConn = c
+	}
+
+	if tlsConn != nil && len(tlsConn.ConnectionState().PeerCertificates) > 0 {
 		keyId, err := nodee.KeyIdFromPkix(tlsConn.ConnectionState().PeerCertificates[0].SubjectKeyId)
 		if err == nil {
 			event.WriteSysEvent(e.ctx, op, "worker successfully authenticated", "key_id", keyId)