*: developer machine HSPKI credentials
In addition to k8s certificates, prodaccess now issues HSPKI
certificates, with DN=$username.sso.hswaw.net. These are installed into
XDG_CONFIG_HOME (or os equiv).
//go/pki will now automatically attempt to load these certificates. This
means you can now run any pki-dependant tool with -hspki_disable, and
with automatic mTLS!
Change-Id: I5b28e193e7c968d621bab0d42aabd6f0510fed6d
diff --git a/cluster/prodvider/service.go b/cluster/prodvider/service.go
index 0409884..17dfe6e 100644
--- a/cluster/prodvider/service.go
+++ b/cluster/prodvider/service.go
@@ -69,14 +69,22 @@
return nil, status.Error(codes.Unavailable, "could not set up objects in Kubernetes")
}
- keys, err := p.kubernetesCreds(username)
+ kubernetesKeys, err := p.kubernetesCreds(username)
if err != nil {
glog.Errorf("kubernetesCreds(%q): %v", username, err)
return nil, status.Error(codes.Unavailable, "could not generate k8s keys")
}
+
+ hspkiKeys, err := p.hspkiCreds(username)
+ if err != nil {
+ glog.Errorf("hspkiCreds(%q): %v", username, err)
+ return nil, status.Error(codes.Unavailable, "could not generate hspki keys")
+ }
+
return &pb.AuthenticateResponse{
Result: pb.AuthenticateResponse_RESULT_AUTHENTICATED,
- KubernetesKeys: keys,
+ KubernetesKeys: kubernetesKeys,
+ HspkiKeys: hspkiKeys,
}, nil
}