diff --git a/cmd/dkl-local-server/secrets-migrate.go b/cmd/dkl-local-server/secrets-migrate.go
index aabf079..5496cd6 100644
--- a/cmd/dkl-local-server/secrets-migrate.go
+++ b/cmd/dkl-local-server/secrets-migrate.go
@@ -40,7 +40,8 @@ func migrateSecrets() {
}
}
- if err := loadSecretData(sslCfg); err != nil {
+ secretData, err := loadSecretData(sslCfg)
+ if err != nil {
log.Fatal(err)
return
}
@@ -66,10 +67,22 @@ func migrateSecrets() {
clusterCAs.Put(clusterName+"/"+caName, CA{Key: ca.Key, Cert: ca.Cert})
for signedName, signed := range ca.Signed {
- clusterCASignedKeys.Put(clusterName+"/"+caName+"/"+signedName, *signed)
+ err = clusterCASignedKeys.Put(clusterName+"/"+caName+"/"+signedName, *signed)
+ if err != nil {
+ log.Fatal(err)
+ }
}
}
- // TODO
+ for hostName, pairs := range cluster.SSHKeyPairs {
+ err = sshHostKeys.Put(hostName, pairs)
+ if err != nil {
+ log.Fatal(err)
+ }
+ }
+ }
+
+ if err := os.Rename(secretDataPath(), secretDataPath()+".migrated"); err != nil {
+ log.Fatal("failed to rename migrated secrets: ", err)
}
}
diff --git a/cmd/dkl-local-server/secrets.go b/cmd/dkl-local-server/secrets.go
index b5b1f40..bcc750e 100644
--- a/cmd/dkl-local-server/secrets.go
+++ b/cmd/dkl-local-server/secrets.go
@@ -13,11 +13,6 @@ import (
"github.com/cloudflare/cfssl/log"
)
-var (
- secretData *SecretData
- DontSave = false
-)
-
type SecretData struct {
clusters map[string]*ClusterSecrets
config *config.Config
@@ -40,10 +35,10 @@ func secretDataPath() string {
return filepath.Join(*dataDir, "secret-data.json")
}
-func loadSecretData(config *config.Config) (err error) {
+func loadSecretData(config *config.Config) (sd *SecretData, err error) {
log.Info("Loading secret data")
- sd := &SecretData{
+ sd = &SecretData{
clusters: make(map[string]*ClusterSecrets),
config: config,
}
@@ -52,7 +47,6 @@ func loadSecretData(config *config.Config) (err error) {
if err != nil {
if os.IsNotExist(err) {
err = nil
- secretData = sd
return
}
return
@@ -62,7 +56,6 @@ func loadSecretData(config *config.Config) (err error) {
return
}
- secretData = sd
return
}
diff --git a/cmd/dkl-local-server/ssh-secrets_test.go b/cmd/dkl-local-server/ssh-secrets_test.go
index 1cc3a57..845fc79 100644
--- a/cmd/dkl-local-server/ssh-secrets_test.go
+++ b/cmd/dkl-local-server/ssh-secrets_test.go
@@ -2,10 +2,6 @@ package main
import "testing"
-func init() {
- DontSave = true
-}
-
func TestSSHKeyGet(t *testing.T) {
// TODO needs fake secret store
// if _, err := getSSHKeyPairs("host"); err != nil {
diff --git a/cmd/dkl-local-server/ws-clusters.go b/cmd/dkl-local-server/ws-clusters.go
index b218b7a..b380763 100644
--- a/cmd/dkl-local-server/ws-clusters.go
+++ b/cmd/dkl-local-server/ws-clusters.go
@@ -2,10 +2,12 @@ package main
import (
"log"
- "sort"
+ "net/url"
+ "strconv"
restful "github.com/emicklei/go-restful"
+ "novit.tech/direktil/local-server/pkg/mime"
"novit.tech/direktil/pkg/localconfig"
)
@@ -83,53 +85,39 @@ func wsClusterAddons(req *restful.Request, resp *restful.Response) {
}
func wsClusterCACert(req *restful.Request, resp *restful.Response) {
- cs := secretData.clusters[req.PathParameter("cluster-name")]
- if cs == nil {
- wsNotFound(resp)
- return
- }
-
- ca := cs.CAs[req.PathParameter("ca-name")]
- if ca == nil {
+ clusterName := req.PathParameter("cluster-name")
+ caName := req.PathParameter("ca-name")
+
+ ca, found, err := clusterCAs.Get(clusterName + "/" + caName)
+ if err != nil {
+ wsError(resp, err)
+ return
+ }
+ if !found {
wsNotFound(resp)
return
}
+ resp.Header().Set("Content-Type", mime.CERT)
resp.Write(ca.Cert)
}
func wsClusterSignedCert(req *restful.Request, resp *restful.Response) {
- cs := secretData.clusters[req.PathParameter("cluster-name")]
- if cs == nil {
- wsNotFound(resp)
- return
- }
-
- ca := cs.CAs[req.PathParameter("ca-name")]
- if ca == nil {
- wsNotFound(resp)
- return
- }
-
+ clusterName := req.PathParameter("cluster-name")
+ caName := req.PathParameter("ca-name")
name := req.QueryParameter("name")
- if name == "" {
- keys := make([]string, 0, len(ca.Signed))
- for k := range ca.Signed {
- keys = append(keys, k)
- }
-
- sort.Strings(keys)
-
- resp.WriteJson(keys, restful.MIME_JSON)
+ kc, found, err := clusterCASignedKeys.Get(clusterName + "/" + caName + "/" + name)
+ if err != nil {
+ wsError(resp, err)
return
}
-
- kc := ca.Signed[name]
- if kc == nil {
+ if !found {
wsNotFound(resp)
return
}
+ resp.AddHeader("Content-Type", mime.CERT)
+ resp.AddHeader("Content-Disposition", "attachment; filename="+strconv.Quote(clusterName+"_"+caName+"_"+url.PathEscape(name)+".crt"))
resp.Write(kc.Cert)
}
diff --git a/html/ui/app.css b/html/ui/app.css
index af19ca9..8ed48a0 100644
--- a/html/ui/app.css
+++ b/html/ui/app.css
@@ -18,6 +18,10 @@
overflow: auto;
}
+.cluster {
+ max-width: 50%;
+}
+
#store-infos {
display: flex;
flex-flow: row wrap;
diff --git a/html/ui/js/Cluster.js b/html/ui/js/Cluster.js
index b956b11..ca8329e 100644
--- a/html/ui/js/Cluster.js
+++ b/html/ui/js/Cluster.js
@@ -21,17 +21,15 @@ export default {
CAs
-
- {{ ca.Name }}:
-
-
- {{" "}}signed
-
- {{" "}}
-
-
-
-
+ | Name | Certificate | Signed certificates |
|---|
+
+ | {{ ca.Name }} |
+ |
+
+ {{" "}}
+
+ |
+
`
}
diff --git a/html/ui/style.css b/html/ui/style.css
index 368ea0e..70dc771 100644
--- a/html/ui/style.css
+++ b/html/ui/style.css
@@ -124,6 +124,9 @@ header .utils > * {
.sheets section {
margin: 2pt 6pt 6pt 6pt;
}
+.sheets > *:last-child > table:last-child > tr:last-child > td {
+ border-bottom: none;
+}
.notif {
display: inline-block;