From 74a007bfdda188651c6329c288e76bdb4d53a799 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 23 Sep 2022 09:14:00 -0400 Subject: [PATCH] Adapt to new nodeenrollment X25519KeyProducer interface (#2491) --- go.mod | 2 +- go.sum | 4 ++-- internal/daemon/worker/auth_rotation.go | 11 +++-------- 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index d993b9240c..b27f877d0a 100644 --- a/go.mod +++ b/go.mod @@ -92,7 +92,7 @@ require github.com/hashicorp/go-dbw v0.0.0-20220725170111-b7cb3aa3d628 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/hashicorp/go-kms-wrapping/extras/kms/v2 v2.0.0-20220711120347-32232bae6803 - github.com/hashicorp/nodeenrollment v0.1.16 + github.com/hashicorp/nodeenrollment v0.1.17-0.20220923113407-c95515d04322 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e ) diff --git a/go.sum b/go.sum index 8f7969b4fd..43bf69f5c8 100644 --- a/go.sum +++ b/go.sum @@ -743,8 +743,8 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/nodeenrollment v0.1.16 h1:TZ+lN7uvkW733OZE25Wo1FgkC0zwcQo1eo3NtEnHLkw= -github.com/hashicorp/nodeenrollment v0.1.16/go.mod h1:N5gYsm8mWiDfIw/j+1IQ6NBO1cWCmhPpvQ9GB1QUnsU= +github.com/hashicorp/nodeenrollment v0.1.17-0.20220923113407-c95515d04322 h1:rxhn6I2qDclJTCbcZ5GHbspFadA0+jZj7nOgpkTok5Y= +github.com/hashicorp/nodeenrollment v0.1.17-0.20220923113407-c95515d04322/go.mod h1:N5gYsm8mWiDfIw/j+1IQ6NBO1cWCmhPpvQ9GB1QUnsU= github.com/hashicorp/vault/api v1.3.1 h1:pkDkcgTh47PRjY1NEFeofqR4W/HkNUi9qIakESO2aRM= github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M= diff --git a/internal/daemon/worker/auth_rotation.go b/internal/daemon/worker/auth_rotation.go index 6decf0f92a..ad6e2c44c9 100644 --- a/internal/daemon/worker/auth_rotation.go +++ b/internal/daemon/worker/auth_rotation.go @@ -122,17 +122,13 @@ func rotateWorkerAuth(ctx context.Context, w *Worker, currentNodeCreds *types.No randReaderOpt := nodeenrollment.WithRandomReader(w.conf.SecureRandomReader) // Ensure we can get some needed values prior to actually doing generation - currentKeyId, err := nodeenrollment.KeyIdFromPkix(currentNodeCreds.CertificatePublicKeyPkix) - if err != nil { - return berrors.Wrap(ctx, err, op) - } client := w.controllerMultihopConn.Load() if client == nil { - return berrors.Wrap(ctx, err, op) + return berrors.New(ctx, berrors.Internal, op, "nil multihop client") } multihopClient, ok := client.(multihop.MultihopServiceClient) if !ok { - return berrors.Wrap(ctx, err, op) + return berrors.New(ctx, berrors.Internal, op, "multihop client is not the right type") } // Generate a new set of credentials but don't persist them yet @@ -154,7 +150,7 @@ func rotateWorkerAuth(ctx context.Context, w *Worker, currentNodeCreds *types.No } // Encrypt the values to the server - encFetchReq, err := nodeenrollment.EncryptMessage(ctx, currentKeyId, fetchReq, currentNodeCreds, randReaderOpt) + encFetchReq, err := nodeenrollment.EncryptMessage(ctx, fetchReq, currentNodeCreds, randReaderOpt) if err != nil { return berrors.Wrap(ctx, err, op) } @@ -171,7 +167,6 @@ func rotateWorkerAuth(ctx context.Context, w *Worker, currentNodeCreds *types.No fetchResp := new(types.FetchNodeCredentialsResponse) if err := nodeenrollment.DecryptMessage( ctx, - currentKeyId, resp.EncryptedFetchNodeCredentialsResponse, currentNodeCreds, fetchResp,