registration

package
v0.2.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 6, 2024 License: MPL-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthorizeNode 

func AuthorizeNode(
	ctx context.Context,
	storage nodeenrollment.Storage,
	req *types.FetchNodeCredentialsRequest,
	opt ...nodeenrollment.Option,
) (*types.NodeInformation, error)

AuthorizeNode authorizes a node via a registration request.

Note: THIS IS NOT A CONCURRENCY SAFE FUNCTION. In most cases, the given storage should ensure concurrency safety; as examples, version numbers could be used within NodeInformation's "state" parameter, or the application using this library could implement a higher-level lock on the API that leads to calling this function. Failing to account for concurrency could mean that two calls to AuthorizeNode running concurrently result in different certificate/encryption parameters being saved on the server vs. sent to the node.

Supported options: WithStorageWrapper (passed through to LoadNodeInformation, LoadRootCertificates, and NodeInformation.Store), WithState (set into the stored NodeInformation), WithNotBeforeClockSkew/WithNotAfterClockSkew (passed through to validateFetchRequest), WithSkipStorage, WithRandomReader

func CreateServerLedActivationToken added in v0.1.16 

func CreateServerLedActivationToken(
	ctx context.Context,
	storage nodeenrollment.Storage,
	req *types.ServerLedRegistrationRequest,
	opt ...nodeenrollment.Option,
) (string, string, error)

CreateServerLedActivationToken creates and stores a nonce and returns it; this nonce can be used when a node requests to fetch credentials to authorize it. The nonce is a serialized protobuf that also contains the creation time. The serialized value is HMAC'd before storage.

The returned values are the activation token ID (used as the ID for storage) and the token itself.

Supported options: WithRandomReader, WithStorageWrapper (passed through to NodeInformation.Store), WithSkipStorage, WithState (to encode state in the activation token)

func DecryptWrappedRegistrationInfo added in v0.2.0 

func DecryptWrappedRegistrationInfo(ctx context.Context, reqInfo *types.FetchNodeCredentialsInfo, opt ...nodeenrollment.Option) (*types.WrappingRegistrationFlowInfo, error)

DecryptWrappedRegistrationInfo is shared functionality for decrypting wrapped registration information that can be used both within registration and during multi-hop contexts

func FetchNodeCredentials 

func FetchNodeCredentials(
	ctx context.Context,
	storage nodeenrollment.Storage,
	req *types.FetchNodeCredentialsRequest,
	opt ...nodeenrollment.Option,
) (*types.FetchNodeCredentialsResponse, error)

FetchNodeCredentials fetches node credentials based on the submitted information.

Supported options: WithRandomReader, WithRegistrationWrapper, WithStorageWrapper (passed through to LoadNodeInformation, NodeInformation.Store, and LoadRootCertificates), WithNotBeforeClockSkew/WithNotAfterClockSkew/WithState (passed through to validateFetchRequest), WithLogger

Note: If the request nonce is a server-led activation token and it contains state, this will overwrite any state passed in via options to this function; either transfer state via the activation token, or when calling this function.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.