Documentation ¶
Index ¶
- func AuthorizeNode(ctx context.Context, storage nodeenrollment.Storage, ...) (*types.NodeInformation, error)
- func CreateServerLedActivationToken(ctx context.Context, storage nodeenrollment.Storage, ...) (string, string, error)
- func DecryptWrappedRegistrationInfo(ctx context.Context, reqInfo *types.FetchNodeCredentialsInfo, ...) (*types.WrappingRegistrationFlowInfo, error)
- func FetchNodeCredentials(ctx context.Context, storage nodeenrollment.Storage, ...) (*types.FetchNodeCredentialsResponse, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthorizeNode ¶
func AuthorizeNode( ctx context.Context, storage nodeenrollment.Storage, req *types.FetchNodeCredentialsRequest, opt ...nodeenrollment.Option, ) (*types.NodeInformation, error)
AuthorizeNode authorizes a node via a registration request.
Note: THIS IS NOT A CONCURRENCY SAFE FUNCTION. In most cases, the given storage should ensure concurrency safety; as examples, version numbers could be used within NodeInformation's "state" parameter, or the application using this library could implement a higher-level lock on the API that leads to calling this function. Failing to account for concurrency could mean that two calls to AuthorizeNode running concurrently result in different certificate/encryption parameters being saved on the server vs. sent to the node.
Supported options: WithStorageWrapper (passed through to LoadNodeInformation, LoadRootCertificates, and NodeInformation.Store), WithState (set into the stored NodeInformation), WithNotBeforeClockSkew/WithNotAfterClockSkew (passed through to validateFetchRequest), WithSkipStorage, WithRandomReader
func CreateServerLedActivationToken ¶ added in v0.1.16
func CreateServerLedActivationToken( ctx context.Context, storage nodeenrollment.Storage, req *types.ServerLedRegistrationRequest, opt ...nodeenrollment.Option, ) (string, string, error)
CreateServerLedActivationToken creates and stores a nonce and returns it; this nonce can be used when a node requests to fetch credentials to authorize it. The nonce is a serialized protobuf that also contains the creation time. The serialized value is HMAC'd before storage.
The returned values are the activation token ID (used as the ID for storage) and the token itself.
Supported options: WithRandomReader, WithStorageWrapper (passed through to NodeInformation.Store), WithSkipStorage, WithState (to encode state in the activation token)
func DecryptWrappedRegistrationInfo ¶ added in v0.2.0
func DecryptWrappedRegistrationInfo(ctx context.Context, reqInfo *types.FetchNodeCredentialsInfo, opt ...nodeenrollment.Option) (*types.WrappingRegistrationFlowInfo, error)
DecryptWrappedRegistrationInfo is shared functionality for decrypting wrapped registration information that can be used both within registration and during multi-hop contexts
func FetchNodeCredentials ¶
func FetchNodeCredentials( ctx context.Context, storage nodeenrollment.Storage, req *types.FetchNodeCredentialsRequest, opt ...nodeenrollment.Option, ) (*types.FetchNodeCredentialsResponse, error)
FetchNodeCredentials fetches node credentials based on the submitted information.
Supported options: WithRandomReader, WithRegistrationWrapper, WithStorageWrapper (passed through to LoadNodeInformation, NodeInformation.Store, and LoadRootCertificates), WithNotBeforeClockSkew/WithNotAfterClockSkew/WithState (passed through to validateFetchRequest), WithLogger
Note: If the request nonce is a server-led activation token and it contains state, this will overwrite any state passed in via options to this function; either transfer state via the activation token, or when calling this function.
Types ¶
This section is empty.