Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 8535cb5bc5437960430ff94d3ea7280ccf931340^! / . / metropolis / cli / metroctl / core / rpc.go
commit8535cb5bc5437960430ff94d3ea7280ccf931340[log] [tgz]
authorSerge Bazanski <serge@monogon.tech>Wed Mar 29 14:15:08 2023 +0200
committerSerge Bazanski <serge@monogon.tech>Wed Mar 29 17:18:22 2023 +0000
tree57edb5cf064ad8b43aef52c1bbb974dd5cce7c26
parent30fd15406e2c9cba7391f6af96c775b313a115fa [diff] [blame]
m/n/core/rpc: implement node verification in authenticated connections

The current API of NewAuthenticatedCredentials is not easily extensible,
so switch over to such an API now.

This then adds a WantRemoteNode option which verifies that the remote
connection is established to a node with a given ID.

Change-Id: Ie9f6b33d8b032729181bae5591eba9856ea2f523
Reviewed-on: https://review.monogon.dev/c/monogon/+/1427
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

diff --git a/metropolis/cli/metroctl/core/rpc.go b/metropolis/cli/metroctl/core/rpc.go
index 8d7565f..00f1f01 100644
--- a/metropolis/cli/metroctl/core/rpc.go
+++ b/metropolis/cli/metroctl/core/rpc.go

@@ -58,7 +58,7 @@
 			Certificate: [][]byte{ocert.Raw},
 			PrivateKey:  opkey,
 		}
-		creds := rpc.NewAuthenticatedCredentials(tlsc, nil)
+		creds := rpc.NewAuthenticatedCredentials(tlsc, rpc.WantInsecure())
 		dialOpts = append(dialOpts, grpc.WithTransportCredentials(creds))
 	}