commit 1846450067dc73e906f77a41e7e8f23095dc45e7
author Mateusz Zalega <mateusz@monogon.tech> Thu Jul 14 16:18:26 2022 +0200
committer Mateusz Zalega <mateusz@monogon.tech> Thu Aug 25 11:26:58 2022 +0000
tree 141ce55ffe297fa273203b8e04b7db44f42918af
parent b2cac08ef541db9969425fe5ef1c04660679e180

m/c/metroctl: takeownership: use cluster resolver

This updates takeownership to use the new cluster resolver.

Change-Id: I9fd546eb07a8909dc6c7fafd682ad6c4ab936151
Reviewed-on: https://review.monogon.dev/c/monogon/+/838
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>
Tested-by: Jenkins CI

metropolis/cli/metroctl/credentials.go

diff --git a/metropolis/cli/metroctl/credentials.go b/metropolis/cli/metroctl/credentials.go
index a8885bb..2160bea 100644
--- a/metropolis/cli/metroctl/credentials.go
+++ b/metropolis/cli/metroctl/credentials.go
@@ -12,33 +12,43 @@
 
 var noCredentialsError = errors.New("owner certificate or key does not exist")
 
-// getCredentials returns Metropolis credentials (if any) from the current
+// getOwnerKey returns the cluster owner's key, if one exists, from the current
 // metroctl config directory.
-func getCredentials() (cert *x509.Certificate, key ed25519.PrivateKey, err error) {
+func getOwnerKey() (ed25519.PrivateKey, error) {
 	ownerPrivateKeyPEM, err := os.ReadFile(filepath.Join(flags.configPath, "owner-key.pem"))
 	if os.IsNotExist(err) {
-		return nil, nil, noCredentialsError
+		return nil, noCredentialsError
 	} else if err != nil {
-		return nil, nil, fmt.Errorf("failed to load owner private key: %w", err)
+		return nil, fmt.Errorf("failed to load owner private key: %w", err)
 	}
 	block, _ := pem.Decode(ownerPrivateKeyPEM)
 	if block == nil {
-		return nil, nil, errors.New("owner-key.pem contains invalid PEM armoring")
+		return nil, errors.New("owner-key.pem contains invalid PEM armoring")
 	}
 	if block.Type != ownerKeyType {
-		return nil, nil, fmt.Errorf("owner-key.pem contains a PEM block that's not a %v", ownerKeyType)
+		return nil, fmt.Errorf("owner-key.pem contains a PEM block that's not a %v", ownerKeyType)
 	}
 	if len(block.Bytes) != ed25519.PrivateKeySize {
-		return nil, nil, errors.New("owner-key.pem contains a non-Ed25519 key")
+		return nil, errors.New("owner-key.pem contains a non-Ed25519 key")
 	}
-	key = block.Bytes
+	return block.Bytes, nil
+}
+
+// getCredentials returns Metropolis credentials (if any) from the current
+// metroctl config directory.
+func getCredentials() (cert *x509.Certificate, key ed25519.PrivateKey, err error) {
+	key, err = getOwnerKey()
+	if err != nil {
+		return nil, nil, err
+	}
+
 	ownerCertPEM, err := os.ReadFile(filepath.Join(flags.configPath, "owner.pem"))
 	if os.IsNotExist(err) {
 		return nil, nil, noCredentialsError
 	} else if err != nil {
 		return nil, nil, fmt.Errorf("failed to load owner certificate: %w", err)
 	}
-	block, _ = pem.Decode(ownerCertPEM)
+	block, _ := pem.Decode(ownerCertPEM)
 	if block == nil {
 		return nil, nil, errors.New("owner.pem contains invalid PEM armoring")
 	}