diff --git a/authority/admin/db.go b/authority/admin/db.go index 8a6339d9..bf34a3c2 100644 --- a/authority/admin/db.go +++ b/authority/admin/db.go @@ -44,6 +44,8 @@ func UnmarshalProvisionerDetails(typ linkedca.Provisioner_Type, data []byte) (*l v.Data = new(linkedca.ProvisionerDetails_SSHPOP) case linkedca.Provisioner_SCEP: v.Data = new(linkedca.ProvisionerDetails_SCEP) + case linkedca.Provisioner_NEBULA: + v.Data = new(linkedca.ProvisionerDetails_Nebula) default: return nil, fmt.Errorf("unsupported provisioner type %s", typ) } diff --git a/authority/provisioners.go b/authority/provisioners.go index 5a0c354f..c7be830e 100644 --- a/authority/provisioners.go +++ b/authority/provisioners.go @@ -710,6 +710,22 @@ func ProvisionerToCertificates(p *linkedca.Provisioner) (provisioner.Interface, Claims: claims, Options: options, }, nil + case *linkedca.ProvisionerDetails_Nebula: + var roots []byte + for i, root := range d.Nebula.GetRoots() { + if i > 0 { + roots = append(roots, '\n') + } + roots = append(roots, root...) + } + return &provisioner.Nebula{ + ID: p.Id, + Type: p.Type.String(), + Name: p.Name, + Roots: roots, + Claims: claims, + Options: options, + }, nil default: return nil, fmt.Errorf("provisioner %s not implemented", p.Type) } @@ -937,6 +953,26 @@ func ProvisionerToLinkedca(p provisioner.Interface) (*linkedca.Provisioner, erro X509Template: x509Template, SshTemplate: sshTemplate, }, nil + case *provisioner.Nebula: + x509Template, sshTemplate, err := provisionerOptionsToLinkedca(p.Options) + if err != nil { + return nil, err + } + return &linkedca.Provisioner{ + Id: p.ID, + Type: linkedca.Provisioner_NEBULA, + Name: p.GetName(), + Details: &linkedca.ProvisionerDetails{ + Data: &linkedca.ProvisionerDetails_Nebula{ + Nebula: &linkedca.NebulaProvisioner{ + Roots: provisionerPEMToLinkedca(p.Roots), + }, + }, + }, + Claims: claimsToLinkedca(p.Claims), + X509Template: x509Template, + SshTemplate: sshTemplate, + }, nil default: return nil, fmt.Errorf("provisioner %s not implemented", p.GetType()) } diff --git a/go.mod b/go.mod index 8e3d456f..23f5142e 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 go.step.sm/cli-utils v0.7.0 go.step.sm/crypto v0.13.1-0.20220104020740-cfaa65f61443 - go.step.sm/linkedca v0.7.0 + go.step.sm/linkedca v0.8.1-0.20220105022833-86b7a26c91f6 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f google.golang.org/api v0.47.0 @@ -48,3 +48,4 @@ require ( // replace github.com/smallstep/nosql => ../nosql // replace go.step.sm/crypto => ../crypto // replace go.step.sm/cli-utils => ../cli-utils +// replace go.step.sm/linkedca => ../linkedca diff --git a/go.sum b/go.sum index 0f4d2a26..b0851c73 100644 --- a/go.sum +++ b/go.sum @@ -607,8 +607,8 @@ go.step.sm/cli-utils v0.7.0/go.mod h1:Ur6bqA/yl636kCUJbp30J7Unv5JJ226eW2KqXPDwF/ go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= go.step.sm/crypto v0.13.1-0.20220104020740-cfaa65f61443 h1:58QFQDVfw/dQuR9iW/dqvstdhrXbPEzImQF5sBVkI0k= go.step.sm/crypto v0.13.1-0.20220104020740-cfaa65f61443/go.mod h1:3G0yQr5lQqfEG0CMYz8apC/qMtjLRQlzflL2AxkcN+g= -go.step.sm/linkedca v0.7.0 h1:ydYigs0CgLFkPGjOO4KJcAcAWbuPP8ECF1IsyHdftYc= -go.step.sm/linkedca v0.7.0/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= +go.step.sm/linkedca v0.8.1-0.20220105022833-86b7a26c91f6 h1:rh+wCqQhMeXqUfb7Kycd8DtO7K0JckYsPZS3nOuEtGA= +go.step.sm/linkedca v0.8.1-0.20220105022833-86b7a26c91f6/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=