From 57da20b7d33dc03d3c06088aca96ad2ea998b5b2 Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 16 Jan 2025 16:20:03 +0100 Subject: [PATCH] implement small changes --- .../internal/joinclient/joinclient.go | 2 +- cli/internal/cmd/ssh.go | 22 +++--- internal/crypto/crypto.go | 4 +- internal/crypto/crypto_test.go | 4 +- joinservice/internal/server/server.go | 12 +-- joinservice/joinproto/join.pb.go | 77 ++++++++++--------- joinservice/joinproto/join.proto | 4 +- 7 files changed, 62 insertions(+), 63 deletions(-) diff --git a/bootstrapper/internal/joinclient/joinclient.go b/bootstrapper/internal/joinclient/joinclient.go index 7c81f1c236..bee52cc788 100644 --- a/bootstrapper/internal/joinclient/joinclient.go +++ b/bootstrapper/internal/joinclient/joinclient.go @@ -272,7 +272,7 @@ func (c *JoinClient) startNodeAndJoin(ticket *joinproto.IssueJoinTicketResponse, } if err := c.fileHandler.Write(constants.SSHCAKeyPath, ticket.EmergencyCaKey, file.OptMkdirAll); err != nil { - return fmt.Errorf("writing ca key: %w", err) + return fmt.Errorf("writing ssh ca key: %w", err) } state := nodestate.NodeState{ diff --git a/cli/internal/cmd/ssh.go b/cli/internal/cmd/ssh.go index 079e8ca900..dea5c302d4 100644 --- a/cli/internal/cmd/ssh.go +++ b/cli/internal/cmd/ssh.go @@ -25,13 +25,6 @@ import ( "golang.org/x/crypto/ssh" ) -var permissions = ssh.Permissions{ - Extensions: map[string]string{ - "permit-port-forwarding": "yes", - "permit-pty": "yes", - }, -} - // NewSSHCmd returns a new cobra.Command for the ssh command. func NewSSHCmd() *cobra.Command { cmd := &cobra.Command{ @@ -41,7 +34,7 @@ func NewSSHCmd() *cobra.Command { Args: cobra.ExactArgs(0), RunE: runSSH, } - cmd.Flags().String("key", "", "The path to an existing ssh public key.") + cmd.Flags().String("key", "", "the path to an existing ssh public key.") must(cmd.MarkFlagRequired("key")) return cmd } @@ -72,7 +65,7 @@ func generateKey(ctx context.Context, keyPath string, fh file.Handler, debugLogg // NOTE(miampf): Since other KMS aren't fully implemented yet, this commands assumes that the cKMS is used and derives the key accordingly. var mastersecret uri.MasterSecret - if err = fh.ReadJSON(fmt.Sprintf("%s.json", constants.ConstellationMasterSecretStoreName), &mastersecret); err != nil { + if err = fh.ReadJSON(constants.MasterSecretFilename, &mastersecret); err != nil { return fmt.Errorf("reading master secret: %s", err) } @@ -81,12 +74,12 @@ func generateKey(ctx context.Context, keyPath string, fh file.Handler, debugLogg if err != nil { return fmt.Errorf("setting up KMS: %s", err) } - key, err := kms.GetDEK(ctx, crypto.DEKPrefix+constants.SSHCAKeySuffix, ed25519.SeedSize) + sshCAKeySeed, err := kms.GetDEK(ctx, crypto.DEKPrefix+constants.SSHCAKeySuffix, ed25519.SeedSize) if err != nil { return fmt.Errorf("retrieving key from KMS: %s", err) } - ca, err := crypto.GenerateEmergencySSHCAKey(key) + ca, err := crypto.GenerateEmergencySSHCAKey(sshCAKeySeed) if err != nil { return fmt.Errorf("generating ssh emergency CA key: %s", err) } @@ -109,7 +102,12 @@ func generateKey(ctx context.Context, keyPath string, fh file.Handler, debugLogg ValidAfter: uint64(time.Now().Unix()), ValidBefore: uint64(time.Now().Add(24 * time.Hour).Unix()), ValidPrincipals: []string{"root"}, - Permissions: permissions, + Permissions: ssh.Permissions{ + Extensions: map[string]string{ + "permit-port-forwarding": "yes", + "permit-pty": "yes", + }, + }, } if err := certificate.SignCert(rand.Reader, ca); err != nil { return fmt.Errorf("signing certificate: %s", err) diff --git a/internal/crypto/crypto.go b/internal/crypto/crypto.go index d208b993a7..0a88ec2f5f 100644 --- a/internal/crypto/crypto.go +++ b/internal/crypto/crypto.go @@ -65,8 +65,8 @@ func GenerateRandomBytes(length int) ([]byte, error) { } // GenerateEmergencySSHCAKey creates a CA that is used to sign keys for emergency ssh access. -func GenerateEmergencySSHCAKey(key []byte) (ssh.Signer, error) { - _, priv, err := ed25519.GenerateKey(bytes.NewReader(key)) +func GenerateEmergencySSHCAKey(seed []byte) (ssh.Signer, error) { + _, priv, err := ed25519.GenerateKey(bytes.NewReader(seed)) if err != nil { return nil, err } diff --git a/internal/crypto/crypto_test.go b/internal/crypto/crypto_test.go index db29a7ed97..12c3bdc9cf 100644 --- a/internal/crypto/crypto_test.go +++ b/internal/crypto/crypto_test.go @@ -155,9 +155,9 @@ func TestGenerateEmergencySSHCAKey(t *testing.T) { _, err := GenerateEmergencySSHCAKey(tc.key) if tc.wantErr { - assert.NotNil(err) + assert.Error(err) } else { - assert.Nil(err) + assert.NoError(err) } }) } diff --git a/joinservice/internal/server/server.go b/joinservice/internal/server/server.go index 5b0a45b9b5..e6fc82b95a 100644 --- a/joinservice/internal/server/server.go +++ b/joinservice/internal/server/server.go @@ -103,14 +103,14 @@ func (s *Server) IssueJoinTicket(ctx context.Context, req *joinproto.IssueJoinTi } log.Info("Requesting emergency SSH CA derivation key") - ssheCADerivationKey, err := s.dataKeyGetter.GetDataKey(ctx, constants.SSHCAKeySuffix, ed25519.SeedSize) + sshCAKeySeed, err := s.dataKeyGetter.GetDataKey(ctx, constants.SSHCAKeySuffix, ed25519.SeedSize) if err != nil { - log.With(slog.Any("error", err)).Error("Failed to get emergency SSH CA derivation key") - return nil, status.Errorf(codes.Internal, "getting emergency SSH CA derivation key: %s", err) + log.With(slog.Any("error", err)).Error("Failed to get seed material to derive SSH CA key") + return nil, status.Errorf(codes.Internal, "getting emergency SSH CA seed material: %s", err) } - ca, err := crypto.GenerateEmergencySSHCAKey(ssheCADerivationKey) + ca, err := crypto.GenerateEmergencySSHCAKey(sshCAKeySeed) if err != nil { - log.With(slog.Any("error", err)).Error("Failed to derive ssh CA key from derivation key") + log.With(slog.Any("error", err)).Error("Failed to derive ssh CA key from seed material") return nil, status.Errorf(codes.Internal, "generating ssh emergency CA key: %s", err) } @@ -181,7 +181,7 @@ func (s *Server) IssueJoinTicket(ctx context.Context, req *joinproto.IssueJoinTi KubeletCert: kubeletCert, ControlPlaneFiles: controlPlaneFiles, KubernetesComponents: components, - EmergencyCaKey: ssh.MarshalAuthorizedKey(ca.PublicKey()), + AuthorizedCaPublicKey: ssh.MarshalAuthorizedKey(ca.PublicKey()), }, nil } diff --git a/joinservice/joinproto/join.pb.go b/joinservice/joinproto/join.pb.go index 882069faa0..088990199c 100644 --- a/joinservice/joinproto/join.pb.go +++ b/joinservice/joinproto/join.pb.go @@ -101,7 +101,7 @@ type IssueJoinTicketResponse struct { ControlPlaneFiles []*ControlPlaneCertOrKey `protobuf:"bytes,8,rep,name=control_plane_files,json=controlPlaneFiles,proto3" json:"control_plane_files,omitempty"` KubernetesVersion string `protobuf:"bytes,9,opt,name=kubernetes_version,json=kubernetesVersion,proto3" json:"kubernetes_version,omitempty"` KubernetesComponents []*components.Component `protobuf:"bytes,10,rep,name=kubernetes_components,json=kubernetesComponents,proto3" json:"kubernetes_components,omitempty"` - EmergencyCaKey []byte `protobuf:"bytes,11,opt,name=emergency_ca_key,json=emergencyCaKey,proto3" json:"emergency_ca_key,omitempty"` + EmergencyCaPubkey []byte `protobuf:"bytes,11,opt,name=emergency_ca_pubkey,json=emergencyCaPubkey,proto3" json:"emergency_ca_pubkey,omitempty"` } func (x *IssueJoinTicketResponse) Reset() { @@ -204,9 +204,9 @@ func (x *IssueJoinTicketResponse) GetKubernetesComponents() []*components.Compon return nil } -func (x *IssueJoinTicketResponse) GetEmergencyCaKey() []byte { +func (x *IssueJoinTicketResponse) GetEmergencyCaPubkey() []byte { if x != nil { - return x.EmergencyCaKey + return x.EmergencyCaPubkey } return nil } @@ -379,7 +379,7 @@ var file_joinservice_joinproto_join_proto_rawDesc = []byte{ 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x69, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x5f, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x69, 0x73, 0x43, 0x6f, - 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x50, 0x6c, 0x61, 0x6e, 0x65, 0x22, 0xb8, 0x04, 0x0a, 0x17, 0x49, + 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x50, 0x6c, 0x61, 0x6e, 0x65, 0x22, 0xbe, 0x04, 0x0a, 0x17, 0x49, 0x73, 0x73, 0x75, 0x65, 0x4a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, @@ -412,40 +412,41 @@ var file_joinservice_joinproto_join_proto_rawDesc = []byte{ 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x52, 0x14, 0x6b, 0x75, 0x62, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x65, - 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x28, 0x0a, 0x10, 0x65, - 0x6d, 0x65, 0x72, 0x67, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x63, 0x61, 0x5f, 0x6b, 0x65, 0x79, 0x18, - 0x0b, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0e, 0x65, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x6e, 0x63, 0x79, - 0x43, 0x61, 0x4b, 0x65, 0x79, 0x22, 0x43, 0x0a, 0x19, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, - 0x5f, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x6f, 0x72, 0x5f, 0x6b, - 0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0x37, 0x0a, 0x18, 0x49, 0x73, - 0x73, 0x75, 0x65, 0x52, 0x65, 0x6a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x75, - 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x64, 0x69, 0x73, 0x6b, 0x55, - 0x75, 0x69, 0x64, 0x22, 0x70, 0x0a, 0x19, 0x49, 0x73, 0x73, 0x75, 0x65, 0x52, 0x65, 0x6a, 0x6f, - 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x24, 0x0a, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x73, 0x74, 0x61, 0x74, 0x65, 0x44, - 0x69, 0x73, 0x6b, 0x4b, 0x65, 0x79, 0x12, 0x2d, 0x0a, 0x12, 0x6d, 0x65, 0x61, 0x73, 0x75, 0x72, - 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x11, 0x6d, 0x65, 0x61, 0x73, 0x75, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, - 0x65, 0x63, 0x72, 0x65, 0x74, 0x32, 0xab, 0x01, 0x0a, 0x03, 0x41, 0x50, 0x49, 0x12, 0x4e, 0x0a, - 0x0f, 0x49, 0x73, 0x73, 0x75, 0x65, 0x4a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, - 0x12, 0x1c, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x4a, 0x6f, 0x69, - 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, - 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x4a, 0x6f, 0x69, 0x6e, 0x54, - 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a, - 0x11, 0x49, 0x73, 0x73, 0x75, 0x65, 0x52, 0x65, 0x6a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, - 0x65, 0x74, 0x12, 0x1e, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x52, - 0x65, 0x6a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x52, - 0x65, 0x6a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x42, 0x3f, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x65, 0x64, 0x67, 0x65, 0x6c, 0x65, 0x73, 0x73, 0x73, 0x79, 0x73, 0x2f, 0x63, 0x6f, - 0x6e, 0x73, 0x74, 0x65, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x76, 0x32, 0x2f, 0x6a, - 0x6f, 0x69, 0x6e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x6a, 0x6f, 0x69, 0x6e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x2e, 0x0a, 0x13, 0x65, + 0x6d, 0x65, 0x72, 0x67, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x63, 0x61, 0x5f, 0x70, 0x75, 0x62, 0x6b, + 0x65, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x65, 0x6d, 0x65, 0x72, 0x67, 0x65, + 0x6e, 0x63, 0x79, 0x43, 0x61, 0x50, 0x75, 0x62, 0x6b, 0x65, 0x79, 0x22, 0x43, 0x0a, 0x19, 0x63, + 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x5f, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x5f, 0x63, 0x65, 0x72, + 0x74, 0x5f, 0x6f, 0x72, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, + 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, + 0x22, 0x37, 0x0a, 0x18, 0x49, 0x73, 0x73, 0x75, 0x65, 0x52, 0x65, 0x6a, 0x6f, 0x69, 0x6e, 0x54, + 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, + 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x08, 0x64, 0x69, 0x73, 0x6b, 0x55, 0x75, 0x69, 0x64, 0x22, 0x70, 0x0a, 0x19, 0x49, 0x73, 0x73, + 0x75, 0x65, 0x52, 0x65, 0x6a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, + 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x44, 0x69, 0x73, 0x6b, 0x4b, 0x65, 0x79, 0x12, 0x2d, 0x0a, 0x12, + 0x6d, 0x65, 0x61, 0x73, 0x75, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x6d, 0x65, 0x61, 0x73, 0x75, 0x72, + 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x32, 0xab, 0x01, 0x0a, 0x03, + 0x41, 0x50, 0x49, 0x12, 0x4e, 0x0a, 0x0f, 0x49, 0x73, 0x73, 0x75, 0x65, 0x4a, 0x6f, 0x69, 0x6e, + 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x1c, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x2e, 0x49, 0x73, + 0x73, 0x75, 0x65, 0x4a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x2e, 0x49, 0x73, 0x73, 0x75, + 0x65, 0x4a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a, 0x11, 0x49, 0x73, 0x73, 0x75, 0x65, 0x52, 0x65, 0x6a, 0x6f, + 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x1e, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x2e, + 0x49, 0x73, 0x73, 0x75, 0x65, 0x52, 0x65, 0x6a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, + 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x2e, + 0x49, 0x73, 0x73, 0x75, 0x65, 0x52, 0x65, 0x6a, 0x6f, 0x69, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, + 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x3f, 0x5a, 0x3d, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x64, 0x67, 0x65, 0x6c, 0x65, 0x73, 0x73, + 0x73, 0x79, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x74, 0x65, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x2f, 0x76, 0x32, 0x2f, 0x6a, 0x6f, 0x69, 0x6e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2f, 0x6a, 0x6f, 0x69, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( diff --git a/joinservice/joinproto/join.proto b/joinservice/joinproto/join.proto index 8458ee7e8e..89c40b8a0b 100644 --- a/joinservice/joinproto/join.proto +++ b/joinservice/joinproto/join.proto @@ -45,8 +45,8 @@ message IssueJoinTicketResponse { string kubernetes_version = 9; // kubernetes_components is a list of components to install on the node. repeated components.Component kubernetes_components = 10; - // emergency_ca_key is an ssh ca key that can be used to connect to a node in case of an emergency. - bytes emergency_ca_key = 11; + // authorized_ca_public_key is an ssh ca key that can be used to connect to a node in case of an emergency. + bytes authorized_ca_public_key = 11; } message control_plane_cert_or_key {