forked from TrueCloudLab/certificates
Add allow/deny to Nebula provisioner
This commit is contained in:
parent
d9c56d67cc
commit
91d51c2b88
1 changed files with 12 additions and 0 deletions
|
@ -34,6 +34,7 @@ const (
|
|||
// https://signal.org/docs/specifications/xeddsa/#xeddsa and implemented by
|
||||
// go.step.sm/crypto/x25519.
|
||||
type Nebula struct {
|
||||
*base
|
||||
ID string `json:"-"`
|
||||
Type string `json:"type"`
|
||||
Name string `json:"name"`
|
||||
|
@ -47,6 +48,7 @@ type Nebula struct {
|
|||
|
||||
// Init verifies and initializes the Nebula provisioner.
|
||||
func (p *Nebula) Init(config Config) error {
|
||||
p.base = &base{} // prevent nil pointers
|
||||
switch {
|
||||
case p.Type == "":
|
||||
return errors.New("provisioner type cannot be empty")
|
||||
|
@ -68,6 +70,16 @@ func (p *Nebula) Init(config Config) error {
|
|||
|
||||
p.audiences = config.Audiences.WithFragment(p.GetIDForToken())
|
||||
|
||||
// Initialize the x509 allow/deny policy engine
|
||||
if p.x509PolicyEngine, err = newX509PolicyEngine(p.Options.GetX509Options()); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Initialize the SSH allow/deny policy engine
|
||||
if p.sshPolicyEngine, err = newSSHPolicyEngine(p.Options.GetSSHOptions()); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue