Categorygithub.com/hashicorp/nodeenrollment

modulepackage

0.2.13

Repository: https://github.com/hashicorp/nodeenrollment.git

Documentation: pkg.go.dev

# README

Node Enrollment

IMPORTANT

This is a repo for an internal HashiCorp library to facilitate sharing its functionality across HashiCorp projects. It is public so that our community versions can successfully import and build it, however it should not be considered to be a supported library outside of HashiCorp.

# Packages

multihop

No description provided by the author

net

No description provided by the author

protocol

Protocol provides a listener and dial function that can be used to easily integrate this library into other applications.

registration

No description provided by the author

rotation

No description provided by the author

storage

No description provided by the author

testing

No description provided by the author

tls

No description provided by the author

types

No description provided by the author

util

No description provided by the author

# Functions

ContainsKnownAlpnProto

ContainsKnownAlpnProto performs a simple check to see if one our defined ALPN protos is contained in the given set.

DecryptMessage

DecryptMessage takes any a value encrypted with EncryptMessage and a valid key source that implements X25519KeyProducer and decrypts the message into the given proto.Message.

EncryptMessage

EncryptMessage takes any proto.Message and a valid key source that implements X25519KeyProducer.

GetOpts

GetOpts iterates the inbound Options and returns a struct and any errors.

IsNil

No description provided by the author

KeyIdFromPkix

KeyIdFromPkix derives the library-specific key ID from the PKIX-encoed public key.

SubjectKeyInfoAndKeyIdFromPubKey

SubjectKeyInfoAndKeyIdFromPubKey returns the PKIX-encoded public key and the library-specific key ID derived from it.

WithActivationToken

WithActivationToken is used to pass an activation token; typically this will be to pass a server-generated activation token as the nonce for a request.

WithAlpnProtoPrefix

WithAlpnProtoPrefix is used to convey information about which proto is being used to handle a connection.

WithCertificateLifetime

WithCertificateLifetime allows overriding a default duration for certificate creation.

WithExpectedPublicKey

WithExpectedPublicKey allows indicating a public key that we expect to be the key signed by a certificate.

WithExtraAlpnProtos

WithExtraAlpnProtos is used to allow passing additional ALPN protos in via a ClientHello message, e.g.

WithLogger

WithLogger allows passing in a logger to use for debugging purposes.

WithMaximumServerLedActivationTokenLifetime

WithMaximumActivationTokenLifetime allows overriding a default duration for server-led activation token lifetime.

WithNativeConns

WithNativeConns, if set to true, indicates to use the native protocol package conn type to return from the split listener listeners.

WithNonce

WithNonce is used at various points for encoding nonces in certs or expecting them there.

WithNotAfterClockSkew

WithNotAfterClockSkew allows overriding a default duration for certificate NotAfter clock skew handling.

WithNotBeforeClockSkew

WithNotBeforeClockSkew allows overriding a default duration for certificate NotBefore clock skew handling.

WithRandomReader

WithRandomReader allows specifying a reader to use in place of the default (crypto/rand.Reader).

WithRegistrationWrapper

WithRegistrationWrapper can be used when fetching node credentials to provide registration information.

WithReinitializeRoots

WithReinitializeRoots, if set to true, indicates that the existing roots should be removed entirely before rotation.

WithServerName

WithServerName is used to pass a server name to include in a TLS config.

WithSkipStorage

WithSkipStorage allows indicating that the newly generated resource should not be stored in storage, but simply returned in-memory only, useful for tests or cases where the storage implementation wants to manage storage lifecycle (e.g.

WithState

WithState allows passing state in to some registration functions to round trip to NodeInformation storage.

WithStorageWrapper

WithStorageWrapper will cause the library to wrap any sensitive information (private keys, nonces, etc.) with the given wrapper prior to writing to storage, and to unwrap when reading from storage.

WithTestErrorContains

WithTestErrorContains is used in some tests to pass expected error values.

WithTlsVerifyOptionsFunc

WithTlsVerifyOptionsFunc allows specifying a custom TLS certificate VerifyFunc, useful for testing.

WithWrappingRegistrationFlowApplicationSpecificParams

WithWrappingRegistrationFlowApplicationSpecificParams allows passing extra application specific parameters when using the wrapping registration flow.

# Constants

AuthenticateNodeNextProtoV1Prefix

AuthenticateNodeNextProtoV1Prefix is the ALPN NextProto used when a node is trying to authenticate.

CertificatePreferenceV1Prefix

CertificatePreferenceV1Prefix is the ALPN NextProto used by a node to indicate a certificate preference, since we can't use ServerName.

CommonDnsName

CommonDnsName is a name we can use in the absence of anything more specific.

CurrentId

CurrentId is a const for when we are fetching the "current" value for various purposes.

DefaultCertificateLifetime

DefaultCertificateLifetime is the default duration of a certificate, set to two weeks.

DefaultFetchCredentialsLifetime

The default amount of time for a signed fetch request validity period.

DefaultMaximumServerLedActivationTokenLifetime

This is the default time that an server-led activation token is alive.

DefaultNotAfterClockSkewDuration

DefaultNotAfterClockSkewDuration is the time to subtract from NotBefore to account for some clock skew.

DefaultNotBeforeClockSkewDuration

DefaultNotBeforeClockSkewDuration is the time to subtract from NotBefore to account for some clock skew.

FetchNodeCredsNextProtoV1Prefix

FetchNodeCredsNextProtoV1Prefix is the ALPN NextProto used when a node is trying to fetch credentials.

KeyIdNumWords

KeyIdNumWords is the number of words to generate from a hash of the public key to serve as the key ID.

MissingId

No description provided by the author

NextId

NextId is a const for when we are fetching the "next" value for various purposes.

NonceSize

NonceSize is our defined nonce size, in bytes.

RootsMessageId

The ID that will always be used for storing root certificate messages.

ServerLedActivationTokenPrefix

NodeEnrollment Server-Led Activation Token.

# Variables

ErrNotAuthorized

ErrNotAuthorized is a common error that we can return to indicate that a node is still awaiting authentication after attempting to fetch credentials.

ErrNotFound

ErrNotFound is a common error to use when a value is not found in storage.

# Structs

Options

Options contains various options.

# Interfaces

CleanableStorage

CleanableStorage is an interface that can optionally be implemented by storage implementations to indicate that there is a cleanup function that can be run when storage usage is complete.

MessageWithId

MessageWithId is a proto message that is required to implement a GetId function, which will be immediately satisfied by any message with an `string id = X;` parameter.

MessageWithNodeId

MessageWithNodeId is a proto message that is required to implement a GetNodeId function, which will be immediately satisfied by any message with an `string node_id = X;` parameter.

NodeIdLoader

NodeIdLoader is an interface for to store values.

Storage

Storage is an interface for to store values.

X25519KeyProducer

X25519KeyProducer is an interface that can be satisfied by an underlying type that produces an encryption key via X25519, along with a key identifier used for AAD and embedding in the wrapping data.

# Type aliases

KnownId

No description provided by the author

Option

Option is a function that takes in an options struct and sets values or returns an error.