local-server/cmd/dkl-local-server/secrets-migrate.go

package main

import (
	"log"
	"os"

	cfsslconfig "github.com/cloudflare/cfssl/config"
)

func migrateSecrets() {
	if _, err := os.Stat(secretDataPath()); err != nil {
		if os.IsNotExist(err) {
			return
		}

		log.Print("not migrating old secrets: ", err)

		return
	}

	log.Print("migrating old secrets")

	log := log.New(log.Default().Writer(), "secrets migration: ", log.Flags()|log.Lmsgprefix)

	// load secrets
	cfg, err := readConfig()
	if err != nil {
		log.Fatal(err)
		return
	}

	var sslCfg *cfsslconfig.Config

	if len(cfg.SSLConfig) == 0 {
		sslCfg = &cfsslconfig.Config{}
	} else {
		sslCfg, err = cfsslconfig.LoadConfig([]byte(cfg.SSLConfig))
		if err != nil {
			return
		}
	}

	if err := loadSecretData(sslCfg); err != nil {
		log.Fatal(err)
		return
	}

	for clusterName, cluster := range secretData.clusters {
		for k, v := range cluster.Tokens {
			err = clusterTokens.Put(clusterName+"/"+k, v)
			if err != nil {
				log.Fatal(err)
				return
			}
		}

		for k, v := range cluster.Passwords {
			err = clusterPasswords.Put(clusterName+"/"+k, v)
			if err != nil {
				log.Fatal(err)
				return
			}
		}

		for caName, ca := range cluster.CAs {
			clusterCAs.Put(clusterName+"/"+caName, CA{Key: ca.Key, Cert: ca.Cert})

			for signedName, signed := range ca.Signed {
				clusterCASignedKeys.Put(clusterName+"/"+caName+"/"+signedName, *signed)
			}
		}

		// TODO
	}
}
secrets migration & restitution 2023-02-12 10:58:26 +00:00			`package main`

			`import (`
			`"log"`
			`"os"`

			`cfsslconfig "github.com/cloudflare/cfssl/config"`
			`)`

			`func migrateSecrets() {`
			`if _, err := os.Stat(secretDataPath()); err != nil {`
			`if os.IsNotExist(err) {`
			`return`
			`}`

			`log.Print("not migrating old secrets: ", err)`

			`return`
			`}`

			`log.Print("migrating old secrets")`

			`log := log.New(log.Default().Writer(), "secrets migration: ", log.Flags()\|log.Lmsgprefix)`

			`// load secrets`
			`cfg, err := readConfig()`
			`if err != nil {`
			`log.Fatal(err)`
			`return`
			`}`

			`var sslCfg *cfsslconfig.Config`

			`if len(cfg.SSLConfig) == 0 {`
			`sslCfg = &cfsslconfig.Config{}`
			`} else {`
			`sslCfg, err = cfsslconfig.LoadConfig([]byte(cfg.SSLConfig))`
			`if err != nil {`
			`return`
			`}`
			`}`

			`if err := loadSecretData(sslCfg); err != nil {`
			`log.Fatal(err)`
			`return`
			`}`

			`for clusterName, cluster := range secretData.clusters {`
			`for k, v := range cluster.Tokens {`
			`err = clusterTokens.Put(clusterName+"/"+k, v)`
			`if err != nil {`
			`log.Fatal(err)`
			`return`
			`}`
			`}`

			`for k, v := range cluster.Passwords {`
			`err = clusterPasswords.Put(clusterName+"/"+k, v)`
			`if err != nil {`
			`log.Fatal(err)`
			`return`
			`}`
			`}`

			`for caName, ca := range cluster.CAs {`
			`clusterCAs.Put(clusterName+"/"+caName, CA{Key: ca.Key, Cert: ca.Cert})`

			`for signedName, signed := range ca.Signed {`
			`clusterCASignedKeys.Put(clusterName+"/"+caName+"/"+signedName, *signed)`
			`}`
			`}`

			`// TODO`
			`}`
			`}`