mirror of
https://github.com/siderolabs/talos.git
synced 2025-11-04 02:11:12 +01:00
ce63abb219
Talos now supports new type of encryption keys which rely on Sealing/Unsealing randomly generated bytes with a KMS server:
```
systemDiskEncryption:
ephemeral:
keys:
- kms:
endpoint: https://1.2.3.4:443
slot: 0
```
gRPC API definitions and a simple reference implementation of the KMS server can be found in this
[repository](https://github.com/siderolabs/kms-client/blob/main/cmd/kms-server/main.go).
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
50 lines
1.1 KiB
Go
50 lines
1.1 KiB
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
// Package endpoint has common tools for parsing http API endpoints.
|
|
package endpoint
|
|
|
|
import (
|
|
"net/url"
|
|
"regexp"
|
|
)
|
|
|
|
var urlSchemeMatcher = regexp.MustCompile(`[a-zA-z]+://`)
|
|
|
|
// Endpoint defines all params parsed from the API endpoint.
|
|
type Endpoint struct {
|
|
Host string
|
|
Insecure bool
|
|
params url.Values
|
|
}
|
|
|
|
// Parse parses the endpoint from string.
|
|
func Parse(sideroLinkParam string) (Endpoint, error) {
|
|
if !urlSchemeMatcher.MatchString(sideroLinkParam) {
|
|
sideroLinkParam = "grpc://" + sideroLinkParam
|
|
}
|
|
|
|
u, err := url.Parse(sideroLinkParam)
|
|
if err != nil {
|
|
return Endpoint{}, err
|
|
}
|
|
|
|
result := Endpoint{
|
|
Host: u.Host,
|
|
Insecure: u.Scheme == "grpc",
|
|
params: u.Query(),
|
|
}
|
|
|
|
if u.Port() == "" && u.Scheme == "https" {
|
|
result.Host += ":443"
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
// GetParam reads param from the query.
|
|
func (e *Endpoint) GetParam(name string) string {
|
|
return e.params.Get(name)
|
|
}
|