use new join service for bot joins

Author: nklaassen

lib/join/joinclient/join.go

@@ -35,8 +35,12 @@ import (
 	"github.com/gravitational/teleport/lib/join/joinv1"
 )
 
-type JoinParams = authjoin.RegisterParams
-type JoinResult = authjoin.RegisterResult
+type (
+	JoinParams   = authjoin.RegisterParams
+	JoinResult   = authjoin.RegisterResult
+	AzureParams  = authjoin.AzureParams
+	GitlabParams = authjoin.GitlabParams
+)
 
 // Join is used to join a cluster. A host or bot calls this with the name of a
 // provision token to get its initial certificates.
@@ -126,7 +130,7 @@ func joinWithClient(ctx context.Context, params JoinParams, client *joinv1.Clien
 	switch params.JoinMethod {
 	case types.JoinMethodUnspecified:
 		// leave joinMethodPtr nil to let the server pick based on the token
-	case types.JoinMethodToken:
+	case types.JoinMethodToken, types.JoinMethodBoundKeypair:
 		joinMethod := string(params.JoinMethod)
 		joinMethodPtr = &joinMethod
 	default:

lib/join/joinv1/server.go

@@ -27,16 +27,21 @@ import (
 	"github.com/gravitational/teleport"
 	joinv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/join/v1"
 	"github.com/gravitational/teleport/api/metadata"
-	"github.com/gravitational/teleport/lib/join"
 	"github.com/gravitational/teleport/lib/join/internal/diagnostic"
 	"github.com/gravitational/teleport/lib/join/internal/messages"
 	logutils "github.com/gravitational/teleport/lib/utils/log"
 )
 
 var log = logutils.NewPackageLogger(teleport.ComponentKey, "joinv1")
 
+// messageServer describes the protocol-agnostic join server, referenced in
+// this package as an interface so that it doesn't need to import lib/join.
+type messageServer interface {
+	Join(messages.ServerStream) error
+}
+
 // RegisterJoinServiceServer registers the Join gRPC service.
-func RegisterJoinServiceServer(s grpc.ServiceRegistrar, server *join.Server) {
+func RegisterJoinServiceServer(s grpc.ServiceRegistrar, server messageServer) {
 	joinv1.RegisterJoinServiceServer(s, &joinServer{
 		server: server,
 	})
@@ -50,7 +55,7 @@ func RegisterJoinServiceServer(s grpc.ServiceRegistrar, server *join.Server) {
 type joinServer struct {
 	joinv1.UnsafeJoinServiceServer
 
-	server *join.Server
+	server messageServer
 }
 
 // Join is a bidirectional streaming RPC that implements all join methods.

lib/join/server.go

@@ -146,7 +146,7 @@ func (s *Server) Join(stream messages.ServerStream) (err error) {
 	// Set any diagnostic info we can get from the token.
 	diag.Set(func(i *diagnostic.Info) {
 		i.SafeTokenName = provisionToken.GetSafeName()
-		i.TokenJoinMethod = string(provisionToken.GetJoinMethod())
+		i.TokenJoinMethod = string(configuredJoinMethod(provisionToken))
 		i.TokenExpires = provisionToken.Expiry()
 		i.BotName = provisionToken.GetBotName()
 	})
@@ -281,7 +281,7 @@ func (s *Server) authenticate(ctx context.Context, diag *diagnostic.Diagnostic,
 }
 
 func checkJoinMethod(provisionToken types.ProvisionToken, requestedJoinMethod *string) (types.JoinMethod, error) {
-	tokenJoinMethod := provisionToken.GetJoinMethod()
+	tokenJoinMethod := configuredJoinMethod(provisionToken)
 	if requestedJoinMethod == nil {
 		// Auto join method mode, the client didn't specify so use whatever is on the token.
 		return tokenJoinMethod, nil
@@ -347,7 +347,7 @@ func (s *Server) makeHostResult(
 	hostParams *messages.HostParams,
 	provisionToken types.ProvisionToken,
 ) (*messages.HostResult, error) {
-	certsParams, err := makeHostCertsParams(ctx, diag, authCtx, hostParams, provisionToken.GetJoinMethod())
+	certsParams, err := makeHostCertsParams(ctx, diag, authCtx, hostParams, configuredJoinMethod(provisionToken))
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -601,3 +601,11 @@ func makeAuditEvent(d *diagnostic.Diagnostic) apievents.AuditEvent {
 		NodeName:     info.NodeName,
 	}
 }
+
+func configuredJoinMethod(token types.ProvisionToken) types.JoinMethod {
+	method := token.GetJoinMethod()
+	if method == types.JoinMethodUnspecified {
+		return types.JoinMethodToken
+	}
+	return method
+}

lib/tbot/internal/identity/service.go

@@ -37,12 +37,12 @@ import (
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils/keys"
 	"github.com/gravitational/teleport/api/utils/retryutils"
-	"github.com/gravitational/teleport/lib/auth/join"
 	"github.com/gravitational/teleport/lib/auth/join/boundkeypair"
 	"github.com/gravitational/teleport/lib/auth/state"
 	libclient "github.com/gravitational/teleport/lib/client"
 	"github.com/gravitational/teleport/lib/cryptosuites"
 	"github.com/gravitational/teleport/lib/defaults"
+	"github.com/gravitational/teleport/lib/join/joinclient"
 	"github.com/gravitational/teleport/lib/tbot/bot/connection"
 	"github.com/gravitational/teleport/lib/tbot/bot/destination"
 	"github.com/gravitational/teleport/lib/tbot/bot/onboarding"
@@ -672,7 +672,7 @@ func botIdentityFromToken(
 	}
 
 	expires := time.Now().Add(cfg.TTL)
-	params := join.RegisterParams{
+	params := joinclient.JoinParams{
 		Token: token,
 		ID: state.IdentityID{
 			Role: types.RoleBot,
@@ -714,13 +714,13 @@ func botIdentityFromToken(
 
 	switch params.JoinMethod {
 	case types.JoinMethodAzure:
-		params.AzureParams = join.AzureParams{
+		params.AzureParams = joinclient.AzureParams{
 			ClientID: cfg.Onboarding.Azure.ClientID,
 		}
 	case types.JoinMethodTerraformCloud:
 		params.TerraformCloudAudienceTag = cfg.Onboarding.Terraform.AudienceTag
 	case types.JoinMethodGitLab:
-		params.GitlabParams = join.GitlabParams{
+		params.GitlabParams = joinclient.GitlabParams{
 			EnvVarName: cfg.Onboarding.Gitlab.TokenEnvVarName,
 		}
 	case types.JoinMethodBoundKeypair:
@@ -745,7 +745,7 @@ func botIdentityFromToken(
 		params.BoundKeypairParams = boundKeypairState.ToJoinParams(joinSecret)
 	}
 
-	result, err := join.Register(ctx, params)
+	result, err := joinclient.Join(ctx, params)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}