Merge pull request #504 from open-amt-cloud-toolkit/yamltlsconfig

feat: add yaml support to local tls config
open-amt-cloud-toolkit · May 3, 2024 · bca9a25 · bca9a25
2 parents dd4baa0 + b7aa3af
commit bca9a25
Show file tree

Hide file tree

Showing 7 changed files with 47 additions and 7 deletions.
diff --git a/config.yaml b/config.yaml
@@ -40,3 +40,5 @@ ieee8021xConfigs:
     password: "" # SECRET: can be in this file, a secrets file, or user prompt
     authenticationProtocol: 2 # Extensible Authentication Protocol (ex. EAP-TLS(0))
     caCert: 'testCaCertString'
+tlsConfig:
+  mode: 'Server' # Supported modes are: Server and ServerAndNonTLS
diff --git a/go.mod b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/gorilla/websocket v1.5.1
 	github.com/hirochachacha/go-smb2 v1.1.0
 	github.com/ilyakaznacheev/cleanenv v1.5.0
-	github.com/open-amt-cloud-toolkit/go-wsman-messages/v2 v2.3.1
+	github.com/open-amt-cloud-toolkit/go-wsman-messages/v2 v2.4.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/sys v0.19.0

diff --git a/go.sum b/go.sum
@@ -15,8 +15,8 @@ github.com/ilyakaznacheev/cleanenv v1.5.0 h1:0VNZXggJE2OYdXE87bfSSwGxeiGt9moSR2l
 github.com/ilyakaznacheev/cleanenv v1.5.0/go.mod h1:a5aDzaJrLCQZsazHol1w8InnDcOX0OColm64SlIi6gk=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
-github.com/open-amt-cloud-toolkit/go-wsman-messages/v2 v2.3.1 h1:ZySTqArIfZUJby6YTUMTOxj9qyLYIkU9cw1qNWa/H7E=
-github.com/open-amt-cloud-toolkit/go-wsman-messages/v2 v2.3.1/go.mod h1:jdnbKqKRs4AYG8H7RZF/ss45D93+CfGY7m8esTTbDTs=
+github.com/open-amt-cloud-toolkit/go-wsman-messages/v2 v2.4.0 h1:jdGVWYKtL675RUcfWnK+o1r8plLjgTlUplz7BuinCYs=
+github.com/open-amt-cloud-toolkit/go-wsman-messages/v2 v2.4.0/go.mod h1:jdnbKqKRs4AYG8H7RZF/ss45D93+CfGY7m8esTTbDTs=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=

diff --git a/internal/config/local.go b/internal/config/local.go
@@ -8,12 +8,17 @@ package config
 type (
 	Config struct {
 		Password            string              `yaml:"password"`
+		TlsConfig           TlsConfig           `yaml:"tlsConfig"`
 		WiredConfig         EthernetConfig      `yaml:"wiredConfig"`
 		WifiConfigs         []WifiConfig        `yaml:"wifiConfigs"`
 		Ieee8021xConfigs    []Ieee8021xConfig   `yaml:"ieee8021xConfigs"`
 		ACMSettings         ACMSettings         `yaml:"acmactivate"`
 		EnterpriseAssistant EnterpriseAssistant `yaml:"enterpriseAssistant"`
 	}
+	TlsConfig struct {
+		Delay int    `yaml:"delay" env-default:"3"`
+		Mode  string `yaml:"mode"`
+	}
 	WifiConfig struct {
 		ProfileName          string `yaml:"profileName"`
 		SSID                 string `yaml:"ssid"`

diff --git a/internal/flags/configure.go b/internal/flags/configure.go
@@ -89,7 +89,7 @@ func (f *Flags) printConfigurationUsage() string {
 	usage += "                  Example: " + baseCommand + " " + utils.SubCommandWireless + " -password YourAMTPassword -config wificonfig.yaml\n"
 	usage += "  " + utils.SubCommandEnableWifiPort + "  Enables WiFi port and local profile synchronization settings in AMT. AMT password is required.\n"
 	usage += "                  Example: " + baseCommand + " " + utils.SubCommandEnableWifiPort + " -password YourAMTPassword\n"
-	usage += "  " + utils.SubCommandConfigureTLS + "             Configures TLS in AMT. AMT password is required.\n"
+	usage += "  " + utils.SubCommandConfigureTLS + "             Configures TLS in AMT. AMT password is required.  A config.yml or command line flags must be provided for all settings. This command runs without cloud interaction.\n"
 	usage += "                  Example: " + baseCommand + " " + utils.SubCommandConfigureTLS + " -mode Server -password YourAMTPassword\n"
 	usage += "  " + utils.SubCommandSetMEBx + "            Configures MEBx Password. AMT password is required.\n"
 	usage += "                  Example: " + baseCommand + " " + utils.SubCommandSetMEBx + " -mebxpassword YourMEBxPassword -password YourAMTPassword\n"
@@ -302,6 +302,7 @@ func (f *Flags) handleConfigureTLS() error {
 		return e
 	})
 
+	fs.StringVar(&f.configContent, "config", "", "specify a config file")
 	fs.IntVar(&f.ConfigTLSInfo.DelayInSeconds, "delay", 3, "Delay time in seconds after putting remote TLS settings")
 	fs.StringVar(&f.ConfigTLSInfo.EAAddress, "eaAddress", "", "Enterprise Assistant address")
 	fs.StringVar(&f.ConfigTLSInfo.EAUsername, "eaUsername", "", "Enterprise Assistant username")
@@ -319,6 +320,27 @@ func (f *Flags) handleConfigureTLS() error {
 		fs.Usage()
 		return utils.IncorrectCommandLineParameters
 	}
+	if f.configContent != "" {
+		err := f.handleLocalConfig()
+		if err != nil {
+			return utils.FailedReadingConfiguration
+		}
+		f.ConfigTLSInfo.TLSMode, _ = ParseTLSMode(f.LocalConfig.TlsConfig.Mode)
+		f.ConfigTLSInfo.DelayInSeconds = f.LocalConfig.TlsConfig.Delay
+		f.ConfigTLSInfo.EAAddress = f.LocalConfig.EnterpriseAssistant.EAAddress
+		f.ConfigTLSInfo.EAUsername = f.LocalConfig.EnterpriseAssistant.EAUsername
+		f.ConfigTLSInfo.EAPassword = f.LocalConfig.EnterpriseAssistant.EAPassword
+	}
+	if f.ConfigTLSInfo.EAAddress != "" && f.ConfigTLSInfo.EAUsername != "" {
+		if f.ConfigTLSInfo.EAPassword == "" {
+			err := f.PromptUserInput("Please enter EA password: ", &f.ConfigTLSInfo.EAPassword)
+			if err != nil {
+				return err
+			}
+		}
+		f.LocalConfig.EnterpriseAssistant.EAConfigured = true
+	}
+
 	return nil
 }
 

diff --git a/internal/local/tls.go b/internal/local/tls.go
@@ -252,8 +252,9 @@ func (service *ProvisioningService) EnableTLS() error {
 			}
 		}
 	}
-	// service.Pause(service.flags.ConfigTLSInfo.DelayInSeconds)
-	// time.Sleep(time.Duration(howManySeconds) * time.Second)
+
+	service.Pause(service.flags.ConfigTLSInfo.DelayInSeconds)
+
 	_, err = service.interfacedWsmanMessage.CommitChanges()
 	if err != nil {
 		log.Error("commit changes failed")
@@ -282,7 +283,7 @@ func getTLSSettings(setting tls.SettingDataResponse, tlsMode flags.TLSMode) tls.
 	}
 	if setting.InstanceID == RemoteTLSInstanceId {
 		log.Infof("configuring remote TLS settings mode: %s", tlsMode)
-		if setting.NonSecureConnectionsSupported {
+		if setting.NonSecureConnectionsSupported == nil || *setting.NonSecureConnectionsSupported {
 			data.AcceptNonSecureConnections = tlsMode == flags.TLSModeServerAndNonTLS || tlsMode == flags.TLSModeMutualAndNonTLS
 		}
 		data.MutualAuthentication = tlsMode == flags.TLSModeMutual || tlsMode == flags.TLSModeMutualAndNonTLS

diff --git a/internal/local/utils.go b/internal/local/utils.go
@@ -6,8 +6,10 @@
 package local
 
 import (
+	log "github.com/sirupsen/logrus"
 	"reflect"
 	"strings"
+	"time"
 )
 
 func reflectObjectName(v any) string {
@@ -39,3 +41,11 @@ func checkHandleExists(handles map[string]string, cert string) string {
 	}
 	return ""
 }
+
+func (service *ProvisioningService) Pause(howManySeconds int) {
+	if howManySeconds <= 0 {
+		return
+	}
+	log.Debugf("pausing %d seconds", howManySeconds)
+	time.Sleep(time.Duration(howManySeconds) * time.Second)
+}