aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add a bit more useful worker auth output (#4308)

Browse Source
pull/4311/head
Jeff Mitchell 2 years ago committed by GitHub
parent 95ad3eab48
commit 84c0e94097
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File

21
internal/daemon/worker/auth_rotation.go
Unescape View File

@ -132,8 +132,15 @@ func (w *Worker) startAuthRotationTicking(cancelCtx context.Context) {
event.WriteError(cancelCtx, op, fmt.Errorf("error deriving pkix string from leaf certificate public key in current worker auth bundle: %w", err))
continue
}
certId, err := nodeenrollment.KeyIdFromPkix(bundle.CertificateDer)
if err != nil {
event.WriteError(cancelCtx, op, fmt.Errorf("error deriving cert id from certificate in current worker auth bundle: %w", err))
continue
}
args = append(args,
fmt.Sprintf("leaf_cert_%s_id", str), certKeyId,
fmt.Sprintf("leaf_cert_%s_cert_id", str), certId,
fmt.Sprintf("leaf_cert_%s_key_id", str), certKeyId,
fmt.Sprintf("leaf_cert_%s_not_before", str), cert.NotBefore.Format(time.RFC3339),
fmt.Sprintf("leaf_cert_%s_not_after", str), cert.NotAfter.Format(time.RFC3339),
)
@ -153,7 +160,7 @@ func (w *Worker) startAuthRotationTicking(cancelCtx context.Context) {
continue
}
args = append(args,
fmt.Sprintf("ca_cert_%s_id", str), caCertKeyId,
fmt.Sprintf("ca_cert_%s_key_id", str), caCertKeyId,
fmt.Sprintf("ca_cert_%s_not_before", str), caCert.NotBefore.Format(time.RFC3339),
fmt.Sprintf("ca_cert_%s_not_after", str), caCert.NotAfter.Format(time.RFC3339),
)
@ -322,8 +329,14 @@ func rotateWorkerAuth(ctx context.Context, w *Worker, currentNodeCreds *types.No
event.WriteError(ctx, op, fmt.Errorf("error deriving pkix string from leaf certificate public key in current worker auth bundle: %w", err))
continue
}
certId, err := nodeenrollment.KeyIdFromPkix(bundle.CertificateDer)
if err != nil {
event.WriteError(ctx, op, fmt.Errorf("error deriving cert id from certificate in current worker auth bundle: %w", err))
continue
}
args = append(args,
fmt.Sprintf("leaf_cert_%s_id", str), certKeyId,
fmt.Sprintf("leaf_cert_%s_cert_id", str), certId,
fmt.Sprintf("leaf_cert_%s_key_id", str), certKeyId,
fmt.Sprintf("leaf_cert_%s_not_before", str), cert.NotBefore.Format(time.RFC3339),
fmt.Sprintf("leaf_cert_%s_not_after", str), cert.NotAfter.Format(time.RFC3339),
)
@ -343,7 +356,7 @@ func rotateWorkerAuth(ctx context.Context, w *Worker, currentNodeCreds *types.No
continue
}
args = append(args,
fmt.Sprintf("ca_cert_%s_id", str), caCertKeyId,
fmt.Sprintf("ca_cert_%s_key_id", str), caCertKeyId,
fmt.Sprintf("ca_cert_%s_not_before", str), caCert.NotBefore.Format(time.RFC3339),
fmt.Sprintf("ca_cert_%s_not_after", str), caCert.NotAfter.Format(time.RFC3339),
)

Write Preview
Loading…
Cancel
Save