migration to new secrets nearly complete

2023-02-12 15:18:42 +01:00
parent 3bc20e95cc
commit 11f3c953e2
12 changed files with 482 additions and 559 deletions
--- a/cmd/dkl-local-server/ws-cluster-cas.go
+++ b/cmd/dkl-local-server/ws-cluster-cas.go
@ -1,6 +1,9 @@
 package main

 import (
+	"fmt"
+
+	"github.com/cloudflare/cfssl/log"
 	restful "github.com/emicklei/go-restful"
 )

@ -18,6 +21,51 @@ func wsClusterCA(req *restful.Request, resp *restful.Response) {
 	clusterCAs.WsGet(resp, clusterName+"/"+name)
 }

+func getUsableClusterCA(cluster, name string) (ca CA, err error) {
+	defer func() {
+		if err != nil {
+			err = fmt.Errorf("cluster %s CA %s: %w", cluster, name, err)
+		}
+	}()
+
+	key := cluster + "/" + name
+
+	ca, found, err := clusterCAs.Get(key)
+	if err != nil {
+		return
+	}
+
+	if !found {
+		log.Info("new CA in cluster ", cluster, ": ", name)
+
+		err = ca.Init()
+		if err != nil {
+			return
+		}
+
+		err = clusterCAs.Put(key, ca)
+		if err != nil {
+			return
+		}
+
+		return
+	}
+
+	checkErr := checkCertUsable(ca.Cert)
+	if checkErr != nil {
+		log.Infof("cluster %s: CA %s: regenerating certificate: %v", cluster, name, checkErr)
+
+		err = ca.RenewCert()
+		if err != nil {
+			err = fmt.Errorf("renew: %w", err)
+		}
+
+		err = clusterCAs.Put(key, ca)
+	}
+
+	return
+}
+
 var clusterCASignedKeys = newClusterSecretKV[KeyCert]("CA-signed-keys")

 func wsClusterCASignedKeys(req *restful.Request, resp *restful.Response) {