From 1596ff3d1c60a9339b2bbd751b0aea46ba80e9fb Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 8 Jul 2022 14:14:17 -0400 Subject: [PATCH] Update against new nodee conn type (#2245) --- go.mod | 2 +- go.sum | 4 ++-- .../daemon/controller/intercepting_listener.go | 16 +++++++++++++++- internal/daemon/worker/listeners.go | 13 +++++++++++-- 4 files changed, 29 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 1cc54f7b51..e156162a06 100644 --- a/go.mod +++ b/go.mod @@ -92,7 +92,7 @@ require github.com/hashicorp/go-dbw v0.0.0-20220412153211-c470aec9369f // this i require ( github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/hashicorp/go-kms-wrapping/extras/kms/v2 v2.0.0-20220515130442-cac0b5ac133b - github.com/hashicorp/nodeenrollment v0.1.4 + github.com/hashicorp/nodeenrollment v0.1.6 ) require ( diff --git a/go.sum b/go.sum index 2424930a40..36a04f8e98 100644 --- a/go.sum +++ b/go.sum @@ -740,8 +740,8 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/nodeenrollment v0.1.4 h1:pUgT+mai1+auTiI7RQDrKorxAApymmZgr3azhaxMQiY= -github.com/hashicorp/nodeenrollment v0.1.4/go.mod h1:LIPKi+g0g/vl3xhpbzugCalHSxX1PMeqnatkAsxRgyM= +github.com/hashicorp/nodeenrollment v0.1.6 h1:TAOpvU7y28vRB1Nk7pzfUPuJxX07SwBZwTJQgPQQbPI= +github.com/hashicorp/nodeenrollment v0.1.6/go.mod h1:LIPKi+g0g/vl3xhpbzugCalHSxX1PMeqnatkAsxRgyM= github.com/hashicorp/vault/api v1.3.1 h1:pkDkcgTh47PRjY1NEFeofqR4W/HkNUi9qIakESO2aRM= github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M= diff --git a/internal/daemon/controller/intercepting_listener.go b/internal/daemon/controller/intercepting_listener.go index b427fdd4d3..a479a1fb3d 100644 --- a/internal/daemon/controller/intercepting_listener.go +++ b/internal/daemon/controller/intercepting_listener.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/boundary/internal/observability/event" nodee "github.com/hashicorp/nodeenrollment" + "github.com/hashicorp/nodeenrollment/protocol" ) // tempError is an error that satisfies the temporary error interface that is @@ -76,7 +77,20 @@ func (m *interceptingListener) Accept() (net.Conn, error) { return nil, newTempError(err) } - tlsConn := conn.(*tls.Conn) + var tlsConn *tls.Conn + switch c := conn.(type) { + case *protocol.Conn: + // If we so choose, at this point we can pull out the client's + // NextProtos with c.ClientNextProtos + tlsConn = c.Conn + case *tls.Conn: + tlsConn = c + default: + err := fmt.Errorf("unknown connection type %T received", c) + event.WriteError(ctx, op, err) + return nil, newTempError(err) + } + switch { case nodee.ContainsKnownAlpnProto(tlsConn.ConnectionState().NegotiatedProtocol): keyId, err := nodee.KeyIdFromPkix(tlsConn.ConnectionState().PeerCertificates[0].SubjectKeyId) diff --git a/internal/daemon/worker/listeners.go b/internal/daemon/worker/listeners.go index 15c357e5e8..f81984a121 100644 --- a/internal/daemon/worker/listeners.go +++ b/internal/daemon/worker/listeners.go @@ -290,8 +290,17 @@ func (e *eventingListener) Accept() (net.Conn, error) { // This is all best-effort; anything going wrong here shouldn't disrupt the // connection, so on error simply stop trying to get to an event - tlsConn, ok := conn.(*tls.Conn) - if ok && len(tlsConn.ConnectionState().PeerCertificates) > 0 { + var tlsConn *tls.Conn + switch c := conn.(type) { + case *protocol.Conn: + // If we so choose, at this point we can pull out the client's + // NextProtos with c.ClientNextProtos + tlsConn = c.Conn + case *tls.Conn: + tlsConn = c + } + + if tlsConn != nil && len(tlsConn.ConnectionState().PeerCertificates) > 0 { keyId, err := nodee.KeyIdFromPkix(tlsConn.ConnectionState().PeerCertificates[0].SubjectKeyId) if err == nil { event.WriteSysEvent(e.ctx, op, "worker successfully authenticated", "key_id", keyId)