Change Authn socket to Control socket

Author: Brian McCallister

cmd/epithet-agent/config.go

@@ -74,10 +74,10 @@ func parse(un unmarshal, body []byte) (map[string]*config, error) {
 }
 
 type config struct {
-	CA        string `json:"ca_url" yaml:"ca_url" toml:"ca_url"`
-	AgentSock string `json:"agent_sock" yaml:"agent_sock" toml:"agent_sock"`
-	AuthnSock string `json:"authn_sock" yaml:"authn_sock" toml:"authn_sock"`
-	Name      string
+	CA          string `json:"ca_url" yaml:"ca_url" toml:"ca_url"`
+	AgentSock   string `json:"agent_sock" yaml:"agent_sock" toml:"agent_sock"`
+	ControlSock string `json:"control_sock" yaml:"control_sock" toml:"control_sock"`
+	Name        string
 }
 
 func (c *config) init(name string) error {
@@ -87,8 +87,8 @@ func (c *config) init(name string) error {
 		c.AgentSock = fmt.Sprintf("~/.epithet/%s.agent.sock", name)
 	}
 
-	if c.AuthnSock == "" {
-		c.AuthnSock = fmt.Sprintf("~/.epithet/%s.authn.sock", name)
+	if c.ControlSock == "" {
+		c.ControlSock = fmt.Sprintf("~/.epithet/%s.control.sock", name)
 	}
 
 	_, err := url.Parse(c.CA)

cmd/epithet-agent/epithet-agent.go

@@ -67,12 +67,12 @@ func run(cc *cobra.Command, args []string) error {
 		a, err := agent.Start(
 			caClient,
 			agent.WithAgentSocketPath(cfg.AgentSock),
-			agent.WithAuthnSocketPath(cfg.AuthnSock),
+			agent.WithControlSocketPath(cfg.ControlSock),
 		)
 		if err != nil {
 			return fmt.Errorf("unable to start agent %s: %w", name, err)
 		}
-		log.Infof("started agent [%s] [authn=%s] [agent=%s]", name, a.AuthnSocketPath(), a.AgentSocketPath())
+		log.Infof("started agent [%s] [authn=%s] [agent=%s]", name, a.ControlSocketPath(), a.AgentSocketPath())
 		defer a.Close()
 	}
 

pkg/agent/agent.go

@@ -36,8 +36,8 @@ type Agent struct {
 	agentSocketPath string
 	agentListener   net.Listener
 
-	authnSocketPath string
-	grpcServer      *grpc.Server
+	controlSocketPath string
+	grpcServer        *grpc.Server
 
 	publicKey  sshcert.RawPublicKey
 	privateKey sshcert.RawPrivateKey
@@ -100,10 +100,10 @@ func WithAgentSocketPath(path string) Option {
 	})
 }
 
-// WithAuthnSocketPath specifies the SSH_AUTH_SOCK path to create
-func WithAuthnSocketPath(path string) Option {
+// WithControlSocketPath specifies the control socket (API) for the agent
+func WithControlSocketPath(path string) Option {
 	return optionFunc(func(a *Agent) error {
-		a.authnSocketPath = path
+		a.controlSocketPath = path
 		return nil
 	})
 }
@@ -227,24 +227,24 @@ func (a *Agent) listenAndServeAgent(listener net.Listener) {
 }
 
 func (a *Agent) startAuthnListener() error {
-	if a.authnSocketPath == "" {
+	if a.controlSocketPath == "" {
 		f, err := ioutil.TempFile("", "epithet-authn.*")
 		if err != nil {
 			a.Close()
 			return fmt.Errorf("unable to create authn socket: %w", err)
 		}
-		a.authnSocketPath = f.Name()
+		a.controlSocketPath = f.Name()
 		f.Close()
 		os.Remove(f.Name())
 	}
 
-	authnListener, err := net.Listen("unix", a.authnSocketPath)
+	authnListener, err := net.Listen("unix", a.controlSocketPath)
 	if err != nil {
 		a.Close()
-		return fmt.Errorf("unable to listen on %s: %w", a.authnSocketPath, err)
+		return fmt.Errorf("unable to listen on %s: %w", a.controlSocketPath, err)
 	}
 
-	err = os.Chmod(a.authnSocketPath, 0600)
+	err = os.Chmod(a.controlSocketPath, 0600)
 	if err != nil {
 		a.Close()
 		return fmt.Errorf("unable to set permissions on authn socket: %w", err)
@@ -268,9 +268,9 @@ func (a *Agent) AgentSocketPath() string {
 	return a.agentSocketPath
 }
 
-// AuthnSocketPath returns the path for the SSH_AUTH_SOCKET
-func (a *Agent) AuthnSocketPath() string {
-	return a.authnSocketPath
+// ControlSocketPath returns the path for the SSH_AUTH_SOCKET
+func (a *Agent) ControlSocketPath() string {
+	return a.controlSocketPath
 }
 
 // IsAgentStopped lets you test if an error indicates that the agent has been stopped

test/integration_test.go

@@ -54,7 +54,7 @@ func Test_EndToEnd(t *testing.T) {
 	require.NoError(err)
 	defer a.Close()
 
-	authnClient, err := rpc.NewClient(a.AuthnSocketPath())
+	authnClient, err := rpc.NewClient(a.ControlSocketPath())
 	require.NoError(err)
 
 	_, err = authnClient.Authenticate(context.Background(), &rpc.AuthnRequest{