metropolis: reduce usage of identity.NodeID Eventually, we want to be able to rotate node keypairs. To allow this, the node ID needs to become independent of the public key. This change is a refactoring which starts this work by reducing the usage of identity.NodeID, the function which derives a node ID from a public key. Change-Id: I5231ed0a7be37c23327fec93481b00c74374af07 Reviewed-on: https://review.monogon.dev/c/monogon/+/3445 Tested-by: Jenkins CI Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

commit: 39d9c24f7167eb853aed0e1865ef8b187adf5bba [log] [tgz]
author: Jan Schär <jan@monogon.tech> Tue Sep 24 13:49:55 2024 +0200
committer: Jan Schär <jan@monogon.tech> Thu Sep 26 11:44:09 2024 +0000
tree: dc8229e272c2f78eac56bdf4fde135809444f255
parent: 8d82f8d261b14b73385ba66e44279c53bb9fef13 [diff] [blame]
diff --git a/metropolis/node/core/rpc/client.go b/metropolis/node/core/rpc/client.go
index 5fc76e3..72122b7 100644
--- a/metropolis/node/core/rpc/client.go
+++ b/metropolis/node/core/rpc/client.go

@@ -39,15 +39,12 @@
 		if err != nil {
 			return fmt.Errorf("server presented unparseable certificate: %w", err)
 		}
-		pkey, err := identity.VerifyNodeInCluster(serverCert, ca)
+		id, err := identity.VerifyNodeInCluster(serverCert, ca)
 		if err != nil {
 			return fmt.Errorf("node certificate verification failed: %w", err)
 		}
-		if nodeID != "" {
-			id := identity.NodeID(pkey)
-			if id != nodeID {
-				return fmt.Errorf("wanted to reach node %q, got %q", nodeID, id)
-			}
+		if nodeID != "" && id != nodeID {
+			return fmt.Errorf("wanted to reach node %q, got %q", nodeID, id)
 		}
 
 		return nil
commit	39d9c24f7167eb853aed0e1865ef8b187adf5bba	[log] [tgz]
author	Jan Schär <jan@monogon.tech>	Tue Sep 24 13:49:55 2024 +0200
committer	Jan Schär <jan@monogon.tech>	Thu Sep 26 11:44:09 2024 +0000
tree	dc8229e272c2f78eac56bdf4fde135809444f255
parent	8d82f8d261b14b73385ba66e44279c53bb9fef13 [diff] [blame]