Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / f58a76906588162b976fdf0a16064e3d5f55da11^! / . / core / nebula / api / main.go
commitf58a76906588162b976fdf0a16064e3d5f55da11[log] [tgz]
authorgiolekva <giolekva@gmail.com>Wed Dec 15 18:05:39 2021 +0400
committergiolekva <giolekva@gmail.com>Wed Dec 15 18:05:39 2021 +0400
tree4dff0e118826df0774c47e27dda7a16ee9f9ff3e
parent313ee2b1737d155125aeab2d5d27c3d640372c29 [diff] [blame]
Client: send join request with signed message to verify validity

diff --git a/core/nebula/api/main.go b/core/nebula/api/main.go
index c0c4817..51302ad 100644
--- a/core/nebula/api/main.go
+++ b/core/nebula/api/main.go

@@ -21,7 +21,7 @@
 var kubeConfig = flag.String("kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
 var masterURL = flag.String("master", "", "The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.")
 var namespace = flag.String("namespace", "", "Namespace where Nebula CA and Node secrets are stored.")
-var caSecretName = flag.String("ca-secret-name", "", "Name of the Nebula CA secret storing certificate information.")
+var caName = flag.String("ca-name", "", "Name of the Nebula CA.")
 
 //go:embed templates/*
 var tmpls embed.FS
@@ -136,13 +136,19 @@
 	}
 }
 
-type verifyReq struct {
+type joinReq struct {
 	Message   []byte `json:"message"`
 	Signature []byte `json:"signature"`
+	Name      string `json:"name"`
+	PublicKey []byte `json:"public_key"`
+	IPCidr    string `json:"ip_cidr"`
 }
 
-func (h *Handler) verify(w http.ResponseWriter, r *http.Request) {
-	var req verifyReq
+type joinResp struct {
+}
+
+func (h *Handler) join(w http.ResponseWriter, r *http.Request) {
+	var req joinReq
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
@@ -156,6 +162,18 @@
 		http.Error(w, "Signature could not be verified", http.StatusBadRequest)
 		return
 	}
+	_, _, err = h.mgr.CreateNode(
+		*namespace,
+		req.Name,
+		*namespace,
+		*caName,
+		req.IPCidr,
+		string(req.PublicKey),
+	)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
 }
 
 func main() {
@@ -177,7 +195,7 @@
 		kubeClient:   kubeClient,
 		nebulaClient: nebulaClient,
 		namespace:    *namespace,
-		caSecretName: *caSecretName,
+		caName:       *caName,
 	}
 	handler := Handler{
 		mgr:   mgr,
@@ -186,7 +204,7 @@
 	r := mux.NewRouter()
 	r.HandleFunc("/api/ip", handler.getNextIP)
 	r.HandleFunc("/api/sign", handler.sign)
-	r.HandleFunc("/api/verify", handler.verify)
+	r.HandleFunc("/api/join", handler.join)
 	r.HandleFunc("/node/{namespace:[a-zA-z0-9-]+}/{name:[a-zA-z0-9-]+}", handler.handleNode)
 	r.HandleFunc("/ca/{namespace:[a-zA-z0-9-]+}/{name:[a-zA-z0-9-]+}", handler.handleCA)
 	r.HandleFunc("/sign-node", handler.handleSignNode)