local-server/cmd/dkl-local-server/ws-cluster-cas.go

package main

import (
	"fmt"

	"github.com/cloudflare/cfssl/log"
	restful "github.com/emicklei/go-restful"
)

var clusterCAs = newClusterSecretKV[CA]("CAs")

func wsClusterCAs(req *restful.Request, resp *restful.Response) {
	clusterName := req.PathParameter("cluster-name")
	clusterCAs.WsList(resp, clusterName+"/")
}

func wsClusterCA(req *restful.Request, resp *restful.Response) {
	clusterName := req.PathParameter("cluster-name")
	name := req.PathParameter("ca-name")

	clusterCAs.WsGet(resp, clusterName+"/"+name)
}

func getUsableClusterCA(cluster, name string) (ca CA, err error) {
	defer func() {
		if err != nil {
			err = fmt.Errorf("cluster %s CA %s: %w", cluster, name, err)
		}
	}()

	key := cluster + "/" + name

	ca, found, err := clusterCAs.Get(key)
	if err != nil {
		return
	}

	if !found {
		log.Info("new CA in cluster ", cluster, ": ", name)

		err = ca.Init()
		if err != nil {
			return
		}

		err = clusterCAs.Put(key, ca)
		if err != nil {
			return
		}

		return
	}

	checkErr := checkCertUsable(ca.Cert)
	if checkErr != nil {
		log.Infof("cluster %s: CA %s: regenerating certificate: %v", cluster, name, checkErr)

		err = ca.RenewCert()
		if err != nil {
			err = fmt.Errorf("renew: %w", err)
		}

		err = clusterCAs.Put(key, ca)
	}

	return
}

var clusterCASignedKeys = newClusterSecretKV[KeyCert]("CA-signed-keys")

func wsClusterCASignedKeys(req *restful.Request, resp *restful.Response) {
	clusterName := req.PathParameter("cluster-name")
	caName := req.PathParameter("ca-name")
	clusterCASignedKeys.WsList(resp, clusterName+"/"+caName+"/")
}

func wsClusterCASignedKey(req *restful.Request, resp *restful.Response) {
	clusterName := req.PathParameter("cluster-name")
	caName := req.PathParameter("ca-name")
	name := req.PathParameter("signed-name")

	clusterCASignedKeys.WsGet(resp, clusterName+"/"+caName+"/"+name)
}
secrets migration & restitution 2023-02-12 10:58:26 +00:00			`package main`

			`import (`
migration to new secrets nearly complete 2023-02-12 14:18:42 +00:00			`"fmt"`

			`"github.com/cloudflare/cfssl/log"`
secrets migration & restitution 2023-02-12 10:58:26 +00:00			`restful "github.com/emicklei/go-restful"`
			`)`

			`var clusterCAs = newClusterSecretKV[CA]("CAs")`

			`func wsClusterCAs(req restful.Request, resp restful.Response) {`
			`clusterName := req.PathParameter("cluster-name")`
			`clusterCAs.WsList(resp, clusterName+"/")`
			`}`

			`func wsClusterCA(req restful.Request, resp restful.Response) {`
			`clusterName := req.PathParameter("cluster-name")`
			`name := req.PathParameter("ca-name")`

			`clusterCAs.WsGet(resp, clusterName+"/"+name)`
			`}`

migration to new secrets nearly complete 2023-02-12 14:18:42 +00:00			`func getUsableClusterCA(cluster, name string) (ca CA, err error) {`
			`defer func() {`
			`if err != nil {`
			`err = fmt.Errorf("cluster %s CA %s: %w", cluster, name, err)`
			`}`
			`}()`

			`key := cluster + "/" + name`

			`ca, found, err := clusterCAs.Get(key)`
			`if err != nil {`
			`return`
			`}`

			`if !found {`
			`log.Info("new CA in cluster ", cluster, ": ", name)`

			`err = ca.Init()`
			`if err != nil {`
			`return`
			`}`

			`err = clusterCAs.Put(key, ca)`
			`if err != nil {`
			`return`
			`}`

			`return`
			`}`

			`checkErr := checkCertUsable(ca.Cert)`
			`if checkErr != nil {`
			`log.Infof("cluster %s: CA %s: regenerating certificate: %v", cluster, name, checkErr)`

			`err = ca.RenewCert()`
			`if err != nil {`
			`err = fmt.Errorf("renew: %w", err)`
			`}`

			`err = clusterCAs.Put(key, ca)`
			`}`

			`return`
			`}`

secrets migration & restitution 2023-02-12 10:58:26 +00:00			`var clusterCASignedKeys = newClusterSecretKV[KeyCert]("CA-signed-keys")`

			`func wsClusterCASignedKeys(req restful.Request, resp restful.Response) {`
			`clusterName := req.PathParameter("cluster-name")`
			`caName := req.PathParameter("ca-name")`
			`clusterCASignedKeys.WsList(resp, clusterName+"/"+caName+"/")`
			`}`

			`func wsClusterCASignedKey(req restful.Request, resp restful.Response) {`
			`clusterName := req.PathParameter("cluster-name")`
			`caName := req.PathParameter("ca-name")`
			`name := req.PathParameter("signed-name")`

			`clusterCASignedKeys.WsGet(resp, clusterName+"/"+caName+"/"+name)`
			`}`