git-echo/linux_patch_api
Private
Public Access
1
0
Fork 0
Code Releases 32 Wiki Activity

feat: add self-enrollment workflow for automated PKI provisioning
Some checks failed
CI/CD Pipeline / Code Format (push) Failing after 1s
Details
CI/CD Pipeline / Clippy Lints (push) Failing after 43s
Details
CI/CD Pipeline / Enrollment Tests (push) Has been skipped
Details
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Has been skipped
Details
CI/CD Pipeline / All Unit Tests (push) Successful in 1m14s
Details
CI/CD Pipeline / Build Debian Package (push) Has been skipped
Details
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Has been skipped
Details
CI/CD Pipeline / Build RPM Package (push) Has been skipped
Details
CI/CD Pipeline / Build Alpine Package (push) Has been skipped
Details
CI/CD Pipeline / Build Arch Package (push) Has been skipped
Details
CI/CD Pipeline / Security Audit (push) Successful in 5s
Details

Browse Source 
- Phase 1: CLI args (--enroll flag), enroll module skeleton, config support
- Phase 2: Registration request, polling loop (24h timeout), main.rs integration
- Phase 3: PKI extraction, atomic cert writing, whitelist auto-append, mTLS transition
- Phase 4: E2E test suite, README/DEPLOYMENT docs, CI pipeline
- Phase 5: SPEC.md, API_DOCUMENTATION.md, CHANGELOG.md, ROADMAP.md sync

Security review: APPROVED (0 critical, 0 high findings)
Cross-distro compatible: Debian/Ubuntu, RHEL/CentOS/Fedora, Alpine, Arch Linux
This commit is contained in:
Echo
2026-05-17 05:30:42 +00:00
parent d297c8d3b1
commit 9a129170f8
25 changed files with 4610 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/config/loader.rs
View File

@ -3,7 +3,7 @@
//! Loads and parses YAML configuration files.
use anyhow::{Context, Result};
use serde::Deserialize;
use serde::{Deserialize, Serialize};
/// Server configuration
#[derive(Debug, Deserialize, Clone)]
@ -103,6 +103,27 @@ fn default_backend() -> String {
"auto".to_string()
}
/// Enrollment polling configuration
#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct EnrollmentConfig {
#[serde(default)]
pub manager_url: String,
#[serde(default)]
pub polling_token: String,
#[serde(default = "default_polling_interval")]
pub polling_interval_seconds: u64,
#[serde(default = "default_max_poll_attempts")]
pub max_poll_attempts: u32,
}
fn default_polling_interval() -> u64 {
60
}
fn default_max_poll_attempts() -> u32 {
1440
}
/// Application configuration
#[derive(Debug, Deserialize, Clone)]
pub struct AppConfig {
@ -115,6 +136,8 @@ pub struct AppConfig {
pub whitelist: Option<WhitelistConfig>,
#[serde(default)]
pub package_manager: Option<PackageManagerConfig>,
#[serde(default)]
pub enrollment: Option<EnrollmentConfig>,
}
impl AppConfig {
@ -263,6 +286,7 @@ mod tests {
path: "/etc/linux_patch_api/whitelist.yaml".to_string(),
}),
package_manager: None,
enrollment: None,
};
assert!(config.tls_config().is_some());