daemon: update API and use base64 encoded strings for tls data

go.mod

@@ -48,7 +48,7 @@ require (
  github.com/spf13/cobra v1.7.0
  github.com/spf13/pflag v1.0.5
  github.com/vishvananda/netlink v1.2.1-beta.2
- github.com/webmeshproj/api v0.10.6
+ github.com/webmeshproj/api v0.10.7
  golang.org/x/crypto v0.14.0
  golang.org/x/exp v0.0.0-20231006140011-7918f672742d
  golang.org/x/net v0.17.0

go.sum

@@ -1572,8 +1572,8 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0 h1:GDDkbFiaK8jsSDJfjId/PEGEShv6ugrt4kYsC5UIDaQ=
 github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0/go.mod h1:x6AKhvSSexNrVSrViXSHUEbICjmGXhtgABaHIySUSGw=
-github.com/webmeshproj/api v0.10.6 h1:1HPYmC2D4rGo2Du37fRU7eaUVHOxmkNbqktKM6S3RkQ=
-github.com/webmeshproj/api v0.10.6/go.mod h1:St5+xO5NSaqVcTDMk9x8bl+WA5yWX3uuPwao3rofrDw=
+github.com/webmeshproj/api v0.10.7 h1:72WRV3T8GNk3OMOBofEj47UiCNNzzx0iu3fSOgmT/TI=
+github.com/webmeshproj/api v0.10.7/go.mod h1:St5+xO5NSaqVcTDMk9x8bl+WA5yWX3uuPwao3rofrDw=
 github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdznlJHPMoKr0XTrX+IlJs1LH3lyx2nfr1dOlZ79k=
 github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=

pkg/cmd/daemoncmd/connmgr.go

@@ -17,7 +17,6 @@ limitations under the License.
 package daemoncmd
 
 import (
- "encoding/base64"
  "fmt"
  "log/slog"
  "net/netip"
@@ -291,7 +290,7 @@ func (m *ConnManager) buildConnConfig(ctx context.Context, req *v1.ConnectReques
  conf.TLS.Insecure = !req.GetTls().GetEnabled()
  if !conf.TLS.Insecure {
  if len(req.GetTls().GetCaCertData()) != 0 {
- conf.TLS.CAData = base64.StdEncoding.EncodeToString(req.GetTls().GetCaCertData())
+ conf.TLS.CAData = req.GetTls().GetCaCertData()
  }
  conf.TLS.VerifyChainOnly = req.GetTls().GetVerifyChainOnly()
  conf.TLS.InsecureSkipVerify = req.GetTls().GetSkipVerify()
@@ -314,8 +313,8 @@ func (m *ConnManager) buildConnConfig(ctx context.Context, req *v1.ConnectReques
  conf.Auth.LDAP.Username = string(req.GetAuthCredentials()[v1.ConnectRequest_LDAP_USERNAME.String()])
  conf.Auth.LDAP.Password = string(req.GetAuthCredentials()[v1.ConnectRequest_LDAP_PASSWORD.String()])
  case v1.NetworkAuthMethod_MTLS:
- conf.Auth.MTLS.CertData = base64.StdEncoding.EncodeToString(req.GetTls().GetCertData())
- conf.Auth.MTLS.KeyData = base64.StdEncoding.EncodeToString(req.GetTls().GetKeyData())
+ conf.Auth.MTLS.CertData = req.GetTls().GetCertData()
+ conf.Auth.MTLS.KeyData = req.GetTls().GetKeyData()
  case v1.NetworkAuthMethod_ID:
  conf.Auth.IDAuth.Enabled = true
  }
@@ -331,10 +330,10 @@ func (m *ConnManager) buildConnConfig(ctx context.Context, req *v1.ConnectReques
  }
  conf.Services.API.Insecure = !req.GetServices().GetEnableTLS()
  if len(req.GetTls().GetCertData()) != 0 {
- conf.Services.API.TLSCertData = base64.StdEncoding.EncodeToString(req.GetTls().GetCertData())
+ conf.Services.API.TLSCertData = req.GetTls().GetCertData()
  }
  if len(req.GetTls().GetKeyData()) != 0 {
- conf.Services.API.TLSKeyData = base64.StdEncoding.EncodeToString(req.GetTls().GetKeyData())
+ conf.Services.API.TLSKeyData = req.GetTls().GetKeyData()
  }
  conf.Plugins.Configs = make(map[string]config.PluginConfig)
  switch req.GetServices().GetAuthMethod() {
@@ -346,7 +345,7 @@ func (m *ConnManager) buildConnConfig(ctx context.Context, req *v1.ConnectReques
  case v1.NetworkAuthMethod_MTLS:
  conf.Plugins.Configs["mtls"] = config.PluginConfig{
  Config: map[string]any{
- "ca-data": base64.StdEncoding.EncodeToString(req.GetTls().GetCaCertData()),
+ "ca-data": req.GetTls().GetCaCertData(),
  },
  }
  }