Enroll changes (#174)

* Updated nebula to 1.6.0

* Added `enroll changes` to agent, to check if there is a diff on currently enrolled cert

cmd/agent/enrollment.go

@@ -28,7 +28,7 @@ var enrollCmd = &cobra.Command{
 		}
 		defer agent.Close()
 
-		updateEnrollmentRequest(agent, cmd)
+		updateEnrollmentRequest(agent, cmd, false)
 	},
 }
 
@@ -62,6 +62,38 @@ var enrollStatusCmd = &cobra.Command{
 	},
 }
 
+var enrollChangesCmd = &cobra.Command{
+	Use:   "changes",
+	Short: "Is there enrollment changes",
+	Run: func(cmd *cobra.Command, args []string) {
+		agent, err := NewClient(l, config)
+		if err != nil {
+			fmt.Printf("failed to create client: %s", err)
+			os.Exit(1)
+		}
+		defer agent.Close()
+
+		diff := updateEnrollmentRequest(agent, cmd, true)
+		if diff {
+			l.Info("Agent has changes to the enrollment")
+			os.Exit(2)
+		}
+
+		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel()
+
+		res, err := agent.client.GetEnrollStatus(ctx, &emptypb.Empty{})
+		if err != nil {
+			l.WithError(err).Fatalln("failed to get enrollment status")
+		}
+
+		if res.IsEnrollmentRequested {
+			l.Info("Agent has a waiting enrollment request")
+			os.Exit(3)
+		}
+	},
+}
+
 var enrollWaitCmd = &cobra.Command{
 	Use:   "wait",
 	Short: "Wait for enrollment",
@@ -76,7 +108,7 @@ var enrollWaitCmd = &cobra.Command{
 		ticker := time.NewTicker(10 * time.Second)
 		defer ticker.Stop()
 
-		updateEnrollmentRequest(agent, cmd)
+		updateEnrollmentRequest(agent, cmd, false)
 
 		if isEnrollDone(agent) {
 			return
@@ -102,12 +134,15 @@ func init() {
 	enrollWaitCmd.Flags().StringSliceP("groups", "g", []string{}, "Comma separated list of groups")
 	enrollWaitCmd.Flags().StringP("ip", "i", "", "Requesting for this specific nebula ip")
 	enrollWaitCmd.MarkFlagRequired("token")
+	enrollChangesCmd.Flags().StringP("token", "t", "", "Enrollment token")
+	enrollChangesCmd.Flags().StringSliceP("groups", "g", []string{}, "Comma separated list of groups")
+	enrollChangesCmd.Flags().StringP("ip", "i", "", "Requesting for this specific nebula ip")
+	enrollChangesCmd.MarkFlagRequired("token")
 
-	enrollCmd.AddCommand(enrollStatusCmd)
-	enrollCmd.AddCommand(enrollWaitCmd)
+	enrollCmd.AddCommand(enrollStatusCmd, enrollWaitCmd, enrollChangesCmd)
 }
 
-func updateEnrollmentRequest(agent *agentClient, cmd *cobra.Command) {
+func updateEnrollmentRequest(agent *agentClient, cmd *cobra.Command, dryRun bool) (diff bool) {
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
 
@@ -159,7 +194,7 @@ func updateEnrollmentRequest(agent *agentClient, cmd *cobra.Command) {
 		os.Exit(1)
 	}
 
-	var diff = false
+	diff = false
 
 	if status.EnrollmentRequest != nil {
 		l.Debug("comparing against existing enrollment request")
@@ -203,13 +238,15 @@ func updateEnrollmentRequest(agent *agentClient, cmd *cobra.Command) {
 		diff = true
 	}
 
-	if diff {
+	if diff && !dryRun {
 		l.Info("adding enrollment request")
 		if err := enroll(agent, token, ip, groups); err != nil {
 			l.WithError(err).Fatalln("failed to enroll agent")
 			os.Exit(2)
 		}
 	}
+
+	return diff
 }
 
 func isEnrollDone(agent *agentClient) bool {

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.8.1
-	github.com/slackhq/nebula v1.5.2
+	github.com/slackhq/nebula v1.6.0
 	github.com/spf13/cobra v1.4.0
 	github.com/vektah/gqlparser/v2 v2.4.5
 	golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f
@@ -53,7 +53,7 @@ require (
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.23.0 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+	golang.org/x/net v0.0.0-20220403103023-749bd193bc2b // indirect
 	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect

go.sum

@@ -1321,6 +1321,8 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
 github.com/slackhq/nebula v1.5.2 h1:wuIOHsOnrNw3rQx8yPxXiGu8wAtAxxtUI/K8W7Vj7EI=
 github.com/slackhq/nebula v1.5.2/go.mod h1:xaCM6wqbFk/NRmmUe1bv88fWBm3a1UioXJVIpR52WlE=
+github.com/slackhq/nebula v1.6.0 h1:1M2txSJq5Jef/A68Kw6SwdLS0PMtjhx4X509ZBHtG54=
+github.com/slackhq/nebula v1.6.0/go.mod h1:UmkqnXe4O53QwToSl/gG7sM4BroQwAB7dd4hUaT6MlI=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
@@ -1639,6 +1641,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220403103023-749bd193bc2b h1:vI32FkLJNAWtGD4BwkThwEy6XS7ZLLMHkSkYfF8M0W0=
+golang.org/x/net v0.0.0-20220403103023-749bd193bc2b/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190130055435-99b60b757ec1/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=