diff --git a/pkg/cacerts/cacerts.go b/pkg/cacerts/cacerts.go index c9cd74d..08bc867 100644 --- a/pkg/cacerts/cacerts.go +++ b/pkg/cacerts/cacerts.go @@ -99,7 +99,7 @@ func get(server, token, path string, clusterToken bool) ([]byte, string, error) data, err := ioutil.ReadAll(resp.Body) if resp.StatusCode != http.StatusOK { - return nil, "", fmt.Errorf("%s: %s", resp.Status, data) + return nil, "", fmt.Errorf("%s: %s", data, resp.Status) } return data, caChecksum, err } diff --git a/pkg/config/remote.go b/pkg/config/remote.go index f4cac67..67aa876 100644 --- a/pkg/config/remote.go +++ b/pkg/config/remote.go @@ -18,12 +18,12 @@ func processRemote(cfg Config) (Config, error) { logrus.Infof("server and token set but required role is not set. Trying to bootstrapping config from machine inventory") resp, _, err := cacerts.MachineGet(cfg.Server, cfg.Token, "/v1-rancheros/inventory") if err != nil { - return cfg, fmt.Errorf("bootstrapping config from machine inventory: %w", err) + return cfg, fmt.Errorf("from machine inventory: %w", err) } config := map[string]interface{}{} if err := json.Unmarshal(resp, &config); err != nil { - return cfg, fmt.Errorf("decoding inventory response: %w", err) + return cfg, fmt.Errorf("inventory response: %s: %w", resp, err) } currentConfig, err := convert.EncodeToMap(cfg) diff --git a/pkg/rancherd/rancher.go b/pkg/rancherd/rancher.go index d5e080e..751a8e3 100644 --- a/pkg/rancherd/rancher.go +++ b/pkg/rancherd/rancher.go @@ -60,7 +60,7 @@ func (r *Rancherd) Info(ctx context.Context) error { func (r *Rancherd) Upgrade(ctx context.Context, upgradeConfig UpgradeConfig) error { cfg, err := config.Load(r.cfg.ConfigPath) if err != nil { - return fmt.Errorf("loading config from %s: %w", r.cfg.ConfigPath, err) + return fmt.Errorf("loading config: %w", err) } rancherVersion, err := versions.RancherVersion(upgradeConfig.RancherVersion) @@ -145,7 +145,7 @@ func (r *Rancherd) Upgrade(ctx context.Context, upgradeConfig UpgradeConfig) err func (r *Rancherd) execute(ctx context.Context) error { cfg, err := config.Load(r.cfg.ConfigPath) if err != nil { - return fmt.Errorf("loading config from %s: %w", r.cfg.ConfigPath, err) + return fmt.Errorf("loading config: %w", err) } if err := r.setWorking(cfg); err != nil { diff --git a/pkg/tpm/get.go b/pkg/tpm/get.go index f39a268..23e4870 100644 --- a/pkg/tpm/get.go +++ b/pkg/tpm/get.go @@ -12,6 +12,7 @@ import ( "github.com/google/go-attestation/attest" "github.com/gorilla/websocket" + "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -34,6 +35,11 @@ func Get(cacerts []byte, url string, header http.Header) ([]byte, error) { return nil, err } + hash, err := GetPubHash() + if err != nil { + return nil, err + } + token, err := getToken(attestationData) if err != nil { return nil, err @@ -44,9 +50,15 @@ func Get(cacerts []byte, url string, header http.Header) ([]byte, error) { } header.Add("Authorization", token) wsURL := strings.Replace(url, "http", "ws", 1) - logrus.Infof("Dialing %s with Authorization: %s", wsURL, token) - conn, _, err := dialer.Dial(wsURL, header) + logrus.Infof("Using TPMHash %s to dial %s", hash, wsURL) + conn, resp, err := dialer.Dial(wsURL, header) if err != nil { + if resp != nil && resp.StatusCode == http.StatusUnauthorized { + data, err := ioutil.ReadAll(resp.Body) + if err == nil { + return nil, errors.New(string(data)) + } + } return nil, err } defer conn.Close() @@ -61,7 +73,7 @@ func Get(cacerts []byte, url string, header http.Header) ([]byte, error) { return nil, fmt.Errorf("unmarshaling Challenge: %w", err) } - resp, err := getChallengeResponse(challenge.EC, aikBytes) + challengeResp, err := getChallengeResponse(challenge.EC, aikBytes) if err != nil { return nil, err } @@ -72,7 +84,7 @@ func Get(cacerts []byte, url string, header http.Header) ([]byte, error) { } defer writer.Close() - if err := json.NewEncoder(writer).Encode(resp); err != nil { + if err := json.NewEncoder(writer).Encode(challengeResp); err != nil { return nil, fmt.Errorf("encoding ChallengeResponse: %w", err) }