secrets migration
This commit is contained in:
Mikaël Cluseau
@ -40,7 +40,8 @@ func migrateSecrets() {
|
||||
}
|
||||
}
|
||||
|
||||
if err := loadSecretData(sslCfg); err != nil {
|
||||
secretData, err := loadSecretData(sslCfg)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
return
|
||||
}
|
||||
@ -66,10 +67,22 @@ func migrateSecrets() {
|
||||
clusterCAs.Put(clusterName+"/"+caName, CA{Key: ca.Key, Cert: ca.Cert})
|
||||
|
||||
for signedName, signed := range ca.Signed {
|
||||
clusterCASignedKeys.Put(clusterName+"/"+caName+"/"+signedName, *signed)
|
||||
err = clusterCASignedKeys.Put(clusterName+"/"+caName+"/"+signedName, *signed)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// TODO
|
||||
for hostName, pairs := range cluster.SSHKeyPairs {
|
||||
err = sshHostKeys.Put(hostName, pairs)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if err := os.Rename(secretDataPath(), secretDataPath()+".migrated"); err != nil {
|
||||
log.Fatal("failed to rename migrated secrets: ", err)
|
||||
}
|
||||
}
|
||||
|
||||
@ -13,11 +13,6 @@ import (
|
||||
"github.com/cloudflare/cfssl/log"
|
||||
)
|
||||
|
||||
var (
|
||||
secretData *SecretData
|
||||
DontSave = false
|
||||
)
|
||||
|
||||
type SecretData struct {
|
||||
clusters map[string]*ClusterSecrets
|
||||
config *config.Config
|
||||
@ -40,10 +35,10 @@ func secretDataPath() string {
|
||||
return filepath.Join(*dataDir, "secret-data.json")
|
||||
}
|
||||
|
||||
func loadSecretData(config *config.Config) (err error) {
|
||||
func loadSecretData(config *config.Config) (sd *SecretData, err error) {
|
||||
log.Info("Loading secret data")
|
||||
|
||||
sd := &SecretData{
|
||||
sd = &SecretData{
|
||||
clusters: make(map[string]*ClusterSecrets),
|
||||
config: config,
|
||||
}
|
||||
@ -52,7 +47,6 @@ func loadSecretData(config *config.Config) (err error) {
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
err = nil
|
||||
secretData = sd
|
||||
return
|
||||
}
|
||||
return
|
||||
@ -62,7 +56,6 @@ func loadSecretData(config *config.Config) (err error) {
|
||||
return
|
||||
}
|
||||
|
||||
secretData = sd
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@ -2,10 +2,6 @@ package main
|
||||
|
||||
import "testing"
|
||||
|
||||
func init() {
|
||||
DontSave = true
|
||||
}
|
||||
|
||||
func TestSSHKeyGet(t *testing.T) {
|
||||
// TODO needs fake secret store
|
||||
// if _, err := getSSHKeyPairs("host"); err != nil {
|
||||
|
||||
@ -2,10 +2,12 @@ package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
"sort"
|
||||
"net/url"
|
||||
"strconv"
|
||||
|
||||
restful "github.com/emicklei/go-restful"
|
||||
|
||||
"novit.tech/direktil/local-server/pkg/mime"
|
||||
"novit.tech/direktil/pkg/localconfig"
|
||||
)
|
||||
|
||||
@ -83,53 +85,39 @@ func wsClusterAddons(req *restful.Request, resp *restful.Response) {
|
||||
}
|
||||
|
||||
func wsClusterCACert(req *restful.Request, resp *restful.Response) {
|
||||
cs := secretData.clusters[req.PathParameter("cluster-name")]
|
||||
if cs == nil {
|
||||
wsNotFound(resp)
|
||||
return
|
||||
}
|
||||
|
||||
ca := cs.CAs[req.PathParameter("ca-name")]
|
||||
if ca == nil {
|
||||
clusterName := req.PathParameter("cluster-name")
|
||||
caName := req.PathParameter("ca-name")
|
||||
|
||||
ca, found, err := clusterCAs.Get(clusterName + "/" + caName)
|
||||
if err != nil {
|
||||
wsError(resp, err)
|
||||
return
|
||||
}
|
||||
if !found {
|
||||
wsNotFound(resp)
|
||||
return
|
||||
}
|
||||
|
||||
resp.Header().Set("Content-Type", mime.CERT)
|
||||
resp.Write(ca.Cert)
|
||||
}
|
||||
|
||||
func wsClusterSignedCert(req *restful.Request, resp *restful.Response) {
|
||||
cs := secretData.clusters[req.PathParameter("cluster-name")]
|
||||
if cs == nil {
|
||||
wsNotFound(resp)
|
||||
return
|
||||
}
|
||||
|
||||
ca := cs.CAs[req.PathParameter("ca-name")]
|
||||
if ca == nil {
|
||||
wsNotFound(resp)
|
||||
return
|
||||
}
|
||||
|
||||
clusterName := req.PathParameter("cluster-name")
|
||||
caName := req.PathParameter("ca-name")
|
||||
name := req.QueryParameter("name")
|
||||
|
||||
if name == "" {
|
||||
keys := make([]string, 0, len(ca.Signed))
|
||||
for k := range ca.Signed {
|
||||
keys = append(keys, k)
|
||||
}
|
||||
|
||||
sort.Strings(keys)
|
||||
|
||||
resp.WriteJson(keys, restful.MIME_JSON)
|
||||
kc, found, err := clusterCASignedKeys.Get(clusterName + "/" + caName + "/" + name)
|
||||
if err != nil {
|
||||
wsError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
kc := ca.Signed[name]
|
||||
if kc == nil {
|
||||
if !found {
|
||||
wsNotFound(resp)
|
||||
return
|
||||
}
|
||||
|
||||
resp.AddHeader("Content-Type", mime.CERT)
|
||||
resp.AddHeader("Content-Disposition", "attachment; filename="+strconv.Quote(clusterName+"_"+caName+"_"+url.PathEscape(name)+".crt"))
|
||||
resp.Write(kc.Cert)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user