kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
48863bda8a9b15dae2cd63f25b23b6c871d3419a
nomad/api/node_identity.go
James Rasell 3b0b7db1a1 client: Add client identity API, CLI, and RPC workflow. (#26543) 
The Nomad clients store their Nomad identity in memory and within
their state store. While active, it is not possible to dump the
state to view the stored identity token, so having a way to view
the current claims while running aids debugging and operations.

This change adds a client identity workflow, allowing operators
to view the current claims of the nodes identity. It does not
return any of the signing key material.
2025-08-19 08:25:51 +01:00

74 lines
1.8 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// NodeIdentityGetRequest represents the request to retrieve the node identity
// claims for a specific node.
type NodeIdentityGetRequest struct {
NodeID string
}
// NodeIdentityGetResponse represents the response containing the node identity
// claims.
type NodeIdentityGetResponse struct {
Claims map[string]any
}
type NodeIdentityRenewRequest struct {
NodeID string
}
type NodeIdentityRenewResponse struct{}
type NodeIdentity struct {
client *Client
}
func (n *Nodes) Identity() *NodeIdentity {
return &NodeIdentity{client: n.client}
}
// Get retrieves the node identity claims for the node specified within the
// request object.
//
// The request uses query options to control the forwarding behavior of the
// request only. Parameters such as Filter, WaitTime, and WaitIndex are not used
// and ignored.
func (n *NodeIdentity) Get(req *NodeIdentityGetRequest, qo *QueryOptions) (*NodeIdentityGetResponse, error) {
if qo == nil {
qo = &QueryOptions{}
}
if qo.Params == nil {
qo.Params = make(map[string]string)
}
if req.NodeID != "" {
qo.Params["node_id"] = req.NodeID
}
var out NodeIdentityGetResponse
if _, err := n.client.query("/v1/client/identity", &out, qo); err != nil {
return nil, err
}
return &out, nil
}
// Renew instructs the node to request a new identity from the server at its
// next heartbeat.
//
// The request uses query options to control the forwarding behavior of the
// request only. Parameters such as Filter, WaitTime, and WaitIndex are not used
// and ignored.
func (n *NodeIdentity) Renew(req *NodeIdentityRenewRequest, qo *QueryOptions) (*NodeIdentityRenewResponse, error) {
var out NodeIdentityRenewResponse
_, err := n.client.postQuery("/v1/client/identity/renew", req, &out, qo)
if err != nil {
return nil, err
}
return &out, nil
}
Reference in New Issue View Git Blame Copy Permalink