command/keys: use key command implemented

10 years ago · 1ac6b10aed
parent 222adc92a0
commit 1ac6b10aed
4 changed files with 64 additions and 19 deletions
--- a/command/agent/agent.go
+++ b/command/agent/agent.go
@ -777,3 +777,22 @@ func (a *Agent) InstallKeyLAN(key string) (*serf.KeyResponse, error) {
 	km := a.client.KeyManagerLAN()
 	return km.InstallKey(key)
 }
+
+// UseKeyWAN changes the primary WAN gossip encryption key on server nodes
+func (a *Agent) UseKeyWAN(key string) (*serf.KeyResponse, error) {
+	if a.server != nil {
+		km := a.server.KeyManagerWAN()
+		return km.UseKey(key)
+	}
+	return nil, fmt.Errorf("WAN keyring not available on client node")
+}
+
+// UseKeyLAN changes the primary LAN gossip encryption key on all nodes
+func (a *Agent) UseKeyLAN(key string) (*serf.KeyResponse, error) {
+	if a.server != nil {
+		km := a.server.KeyManagerLAN()
+		return km.UseKey(key)
+	}
+	km := a.client.KeyManagerLAN()
+	return km.UseKey(key)
+}
--- a/command/agent/rpc.go
+++ b/command/agent/rpc.go
@ -397,15 +397,12 @@ func (i *AgentRPC) handleRequest(client *rpcClient, reqHeader *requestHeader) er
 		return i.handleListKeys(client, seq, command)

 	case installKeyLANCommand, installKeyWANCommand:
-		return i.handleInstallKey(client, seq, command)
+		return i.handleGossipKeyChange(client, seq, command)

-		/*
-			case useKeyLANCommand:
-				return i.handleUseKeyLAN(client, seq)
-
-			case useKeyWANCommand:
-				return i.handleUseKeyWAN(client, seq)
+	case useKeyLANCommand, useKeyWANCommand:
+		return i.handleGossipKeyChange(client, seq, command)

+		/*
 			case removeKeyLANCommand:
 				return i.handleRemoveKeyLAN(client, seq)

@ -650,7 +647,7 @@ func (i *AgentRPC) handleListKeys(client *rpcClient, seq uint64, cmd string) err
 	return client.Send(&header, &resp)
 }

-func (i *AgentRPC) handleInstallKey(client *rpcClient, seq uint64, cmd string) error {
+func (i *AgentRPC) handleGossipKeyChange(client *rpcClient, seq uint64, cmd string) error {
 	var req keyRequest
 	var resp keyResponse
 	var queryResp *serf.KeyResponse
@ -663,8 +660,12 @@ func (i *AgentRPC) handleInstallKey(client *rpcClient, seq uint64, cmd string) e
 	switch cmd {
 	case installKeyWANCommand:
 		queryResp, err = i.agent.InstallKeyWAN(req.Key)
-	default:
+	case installKeyLANCommand:
 		queryResp, err = i.agent.InstallKeyLAN(req.Key)
+	case useKeyWANCommand:
+		queryResp, err = i.agent.UseKeyWAN(req.Key)
+	case useKeyLANCommand:
+		queryResp, err = i.agent.UseKeyLAN(req.Key)
 	}

 	header := responseHeader{
--- a/command/agent/rpc_client.go
+++ b/command/agent/rpc_client.go
@ -199,21 +199,24 @@ func (c *RPCClient) ListKeysWAN() (map[string]int, int, map[string]string, error
 }

 func (c *RPCClient) InstallKeyWAN(key string) (map[string]string, error) {
-	header := requestHeader{
-		Command: installKeyWANCommand,
-		Seq:     c.getSeq(),
-	}
+	return c.changeGossipKey(key, installKeyWANCommand)
+}

-	req := keyRequest{key}
+func (c *RPCClient) InstallKeyLAN(key string) (map[string]string, error) {
+	return c.changeGossipKey(key, installKeyLANCommand)
+}

-	resp := new(keyResponse)
-	err := c.genericRPC(&header, &req, resp)
-	return resp.Messages, err
+func (c *RPCClient) UseKeyWAN(key string) (map[string]string, error) {
+	return c.changeGossipKey(key, useKeyWANCommand)
 }

-func (c *RPCClient) InstallKeyLAN(key string) (map[string]string, error) {
+func (c *RPCClient) UseKeyLAN(key string) (map[string]string, error) {
+	return c.changeGossipKey(key, useKeyLANCommand)
+}
+
+func (c *RPCClient) changeGossipKey(key, cmd string) (map[string]string, error) {
 	header := requestHeader{
-		Command: installKeyLANCommand,
+		Command: cmd,
 		Seq:     c.getSeq(),
 	}

--- a/command/keys.go
+++ b/command/keys.go
@ -128,6 +128,28 @@ func (c *KeysCommand) Run(args []string) int {
 	}

 	if useKey != "" {
+		if wan {
+			c.Ui.Info("Changing primary encryption key on WAN members...")
+			failures, err = client.UseKeyWAN(useKey)
+		} else {
+			c.Ui.Info("Changing primary encryption key on LAN members...")
+			failures, err = client.UseKeyLAN(useKey)
+		}
+
+		if err != nil {
+			if len(failures) > 0 {
+				for node, msg := range failures {
+					out = append(out, fmt.Sprintf("failed: %s | %s", node, msg))
+				}
+				c.Ui.Error(columnize.SimpleFormat(out))
+			}
+			c.Ui.Error("")
+			c.Ui.Error(fmt.Sprintf("Error changing primary key: %s", err))
+			return 1
+		}
+
+		c.Ui.Info("Successfully changed primary key!")
+
 		return 0
 	}