TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Add allow/deny to Nebula provisioner

Browse source
This commit is contained in:
Herman Slatman 2022-01-14 13:06:32 +01:00
parent d9c56d67cc
commit 91d51c2b88
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
authority/provisioner/nebula.go
View file

@ -34,6 +34,7 @@ const (
// https://signal.org/docs/specifications/xeddsa/#xeddsa and implemented by // https://signal.org/docs/specifications/xeddsa/#xeddsa and implemented by
// go.step.sm/crypto/x25519. // go.step.sm/crypto/x25519.
type Nebula struct { type Nebula struct {
*base
ID string `json:"-"` ID string `json:"-"`
Type string `json:"type"` Type string `json:"type"`
Name string `json:"name"` Name string `json:"name"`
@ -47,6 +48,7 @@ type Nebula struct {
// Init verifies and initializes the Nebula provisioner. // Init verifies and initializes the Nebula provisioner.
func (p *Nebula) Init(config Config) error { func (p *Nebula) Init(config Config) error {
p.base = &base{} // prevent nil pointers
switch { switch {
case p.Type == "": case p.Type == "":
return errors.New("provisioner type cannot be empty") return errors.New("provisioner type cannot be empty")
@ -68,6 +70,16 @@ func (p *Nebula) Init(config Config) error {
p.audiences = config.Audiences.WithFragment(p.GetIDForToken()) p.audiences = config.Audiences.WithFragment(p.GetIDForToken())
// Initialize the x509 allow/deny policy engine
if p.x509PolicyEngine, err = newX509PolicyEngine(p.Options.GetX509Options()); err != nil {
return err
}
// Initialize the SSH allow/deny policy engine
if p.sshPolicyEngine, err = newSSHPolicyEngine(p.Options.GetSSHOptions()); err != nil {
return err
}
return nil return nil
} }