admin/felhom-controller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

slice 8A (controller half): bootstrap.json ingestion + pinned agent local-API client (v0.35.0)

Browse Source 
internal/bootstrap: first-run bootstrap.json ingestion (decision (c)) — seed
controller.yaml + skip setup; idempotent + fail-safe. internal/agentapi:
minimal pinned local-API client (leaf-cert SHA-256 pin, fails closed). config
LocalAPIConfig; startup /storage connectivity probe.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
authentik Default Admin
2026-06-10 09:47:54 +02:00
parent 086281b582
commit 2a0d9a1b7a
7 changed files with 608 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
controller/internal/config/config.go
+10
View File
@@ -28,6 +28,16 @@ type Config struct {
Logging LoggingConfig `yaml:"logging"`
Assets AssetsConfig `yaml:"assets"`
System SystemConfig `yaml:"system"`
LocalAPI LocalAPIConfig `yaml:"local_api"`
}
// LocalAPIConfig is the in-guest controller's handle on the host agent's per-guest local API
// (doc 03 §6, slice 8A). The agent mints the token + serves a self-signed leaf; the controller
// reaches it over the bridge, pinning the leaf SHA-256. Seeded from bootstrap.json at first run.
type LocalAPIConfig struct {
Endpoint string `yaml:"endpoint"` // host bridge IP:port, e.g. "192.168.0.162:8443"
Fingerprint string `yaml:"fingerprint"` // agent leaf-cert SHA-256 (hex) to pin
Token string `yaml:"token"` // per-guest bearer; SECRET
}
type SystemConfig struct {