diff --git a/kms/kms.toml b/kms/kms.toml index 1f354066..d3976150 100644 --- a/kms/kms.toml +++ b/kms/kms.toml @@ -45,6 +45,7 @@ gateway_app_id = "any" [core.onboard] enabled = true auto_bootstrap_domain = "" +auto_onboard_url = "" quote_enabled = true address = "0.0.0.0" port = 8000 diff --git a/kms/src/config.rs b/kms/src/config.rs index 36874e1b..bf0774be 100644 --- a/kms/src/config.rs +++ b/kms/src/config.rs @@ -120,4 +120,5 @@ pub(crate) struct OnboardConfig { pub enabled: bool, pub quote_enabled: bool, pub auto_bootstrap_domain: String, + pub auto_onboard_url: String, } diff --git a/kms/src/main.rs b/kms/src/main.rs index eddfbdc9..bfab1e77 100644 --- a/kms/src/main.rs +++ b/kms/src/main.rs @@ -52,7 +52,10 @@ async fn run_onboard_service(kms_config: KmsConfig, figment: Figment) -> Result< "OK" } - if !kms_config.onboard.auto_bootstrap_domain.is_empty() { + if !kms_config.onboard.auto_onboard_url.is_empty() { + onboard_service::auto_onboard_keys(&kms_config).await?; + return Ok(()); + } else if !kms_config.onboard.auto_bootstrap_domain.is_empty() { onboard_service::bootstrap_keys(&kms_config).await?; return Ok(()); } diff --git a/kms/src/onboard_service.rs b/kms/src/onboard_service.rs index 4fb77dd2..b946e965 100644 --- a/kms/src/onboard_service.rs +++ b/kms/src/onboard_service.rs @@ -327,6 +327,29 @@ pub(crate) async fn update_certs(cfg: &KmsConfig) -> Result<()> { Ok(()) } +pub(crate) async fn auto_onboard_keys(cfg: &KmsConfig) -> Result<()> { + let source_url = cfg + .onboard + .auto_onboard_url + .trim_end_matches('/') + .to_string(); + let source_url = if source_url.ends_with("/prpc") { + source_url + } else { + format!("{source_url}/prpc") + }; + let keys = Keys::onboard( + &source_url, + &cfg.onboard.auto_bootstrap_domain, + cfg.onboard.quote_enabled, + cfg.pccs_url.clone(), + ) + .await + .context("failed to auto-onboard from source KMS")?; + keys.store(cfg)?; + Ok(()) +} + pub(crate) async fn bootstrap_keys(cfg: &KmsConfig) -> Result<()> { let keys = Keys::generate( &cfg.onboard.auto_bootstrap_domain,