direktil/local-server
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ssh acls preliminary support

Browse Source
This commit is contained in:
Mikaël Cluseau 2021-11-14 15:28:40 +01:00
parent 4d92925170
commit 3673a2f361
3 changed files with 98 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
cmd/dkl-local-server/ws-clusters.go
View File

@ -2,8 +2,10 @@ package main
import ( import (
"log" "log"
"sort"
restful "github.com/emicklei/go-restful" restful "github.com/emicklei/go-restful"
"novit.nc/direktil/pkg/localconfig" "novit.nc/direktil/pkg/localconfig"
) )
@ -136,15 +138,33 @@ func wsClusterBootstrapPods(req *restful.Request, resp *restful.Response) {
wsRender(resp, cluster.BootstrapPods, cluster) wsRender(resp, cluster.BootstrapPods, cluster)
} }
func wsClusterCACert(req *restful.Request, resp *restful.Response) { func wsClusterCAs(req *restful.Request, resp *restful.Response) {
cluster := wsReadCluster(req, resp) cs := secretData.clusters[req.PathParameter("cluster-name")]
if cluster == nil { if cs == nil {
wsNotFound(req, resp)
return return
} }
ca, err := secretData.CA(req.PathParameter("cluster"), req.PathParameter("ca-name")) keys := make([]string, 0, len(cs.CAs))
if err != nil { for k := range cs.CAs {
wsError(resp, err) keys = append(keys, k)
}
sort.Strings(keys)
resp.WriteJson(keys, restful.MIME_JSON)
}
func wsClusterCACert(req *restful.Request, resp *restful.Response) {
cs := secretData.clusters[req.PathParameter("cluster-name")]
if cs == nil {
wsNotFound(req, resp)
return
}
ca := cs.CAs[req.PathParameter("ca-name")]
if ca == nil {
wsNotFound(req, resp)
return return
} }
@ -152,18 +172,33 @@ func wsClusterCACert(req *restful.Request, resp *restful.Response) {
} }
func wsClusterSignedCert(req *restful.Request, resp *restful.Response) { func wsClusterSignedCert(req *restful.Request, resp *restful.Response) {
cluster := wsReadCluster(req, resp) cs := secretData.clusters[req.PathParameter("cluster-name")]
if cluster == nil { if cs == nil {
wsNotFound(req, resp)
return return
} }
ca, err := secretData.CA(req.PathParameter("cluster"), req.PathParameter("ca-name")) ca := cs.CAs[req.PathParameter("ca-name")]
if err != nil { if ca == nil {
wsError(resp, err) wsNotFound(req, resp)
return return
} }
kc := ca.Signed[req.QueryParameter("name")] name := req.QueryParameter("name")
if name == "" {
keys := make([]string, 0, len(ca.Signed))
for k := range ca.Signed {
keys = append(keys, k)
}
sort.Strings(keys)
resp.WriteJson(keys, restful.MIME_JSON)
return
}
kc := ca.Signed[name]
if kc == nil { if kc == nil {
wsNotFound(req, resp) wsNotFound(req, resp)
return return

44
cmd/dkl-local-server/ws-ssh-acls.go Normal file
View File

@ -0,0 +1,44 @@
package main
import (
"net/http"
"os"
"path/filepath"
restful "github.com/emicklei/go-restful"
yaml "gopkg.in/yaml.v2"
)
type SSH_ACL struct {
Keys []string
Clusters []string
Groups []string
Hosts []string
}
func loadSSH_ACLs() (acls []SSH_ACL, err error) {
f, err := os.Open(filepath.Join(*dataDir, "ssh-acls.yaml"))
if err != nil {
return
}
defer f.Close()
err = yaml.NewDecoder(f).Decode(&acls)
return
}
func wsSSH_ACL_List(req *restful.Request, resp *restful.Response) {
// TODO
http.NotFound(resp.ResponseWriter, req.Request)
}
func wsSSH_ACL_Get(req *restful.Request, resp *restful.Response) {
// TODO
http.NotFound(resp.ResponseWriter, req.Request)
}
func wsSSH_ACL_Set(req *restful.Request, resp *restful.Response) {
// TODO
http.NotFound(resp.ResponseWriter, req.Request)
}

7
cmd/dkl-local-server/ws.go
View File

@ -9,6 +9,7 @@ import (
"text/template" "text/template"
"github.com/emicklei/go-restful" "github.com/emicklei/go-restful"
"novit.nc/direktil/local-server/pkg/mime" "novit.nc/direktil/local-server/pkg/mime"
"novit.nc/direktil/pkg/localconfig" "novit.nc/direktil/pkg/localconfig"
) )
@ -49,6 +50,8 @@ func registerWS(rest *restful.Container) {
ws.Route(ws.PUT("/clusters/{cluster-name}/passwords/{password-name}").To(wsClusterSetPassword). ws.Route(ws.PUT("/clusters/{cluster-name}/passwords/{password-name}").To(wsClusterSetPassword).
Doc("Set cluster's password")) Doc("Set cluster's password"))
ws.Route(ws.GET("/clusters/{cluster-name}/ca").To(wsClusterCAs).
Doc("Get cluster CAs"))
ws.Route(ws.GET("/clusters/{cluster-name}/ca/{ca-name}/certificate").To(wsClusterCACert). ws.Route(ws.GET("/clusters/{cluster-name}/ca/{ca-name}/certificate").To(wsClusterCACert).
Produces(mime.CACERT). Produces(mime.CACERT).
Doc("Get cluster CA's certificate")) Doc("Get cluster CA's certificate"))
@ -72,6 +75,10 @@ func registerWS(rest *restful.Container) {
}).register(ws, func(rb *restful.RouteBuilder) { }).register(ws, func(rb *restful.RouteBuilder) {
}) })
ws.Route(ws.GET("/ssh-acls").To(wsSSH_ACL_List))
ws.Route(ws.GET("/ssh-acls/{acl-name}").To(wsSSH_ACL_Get))
ws.Route(ws.PUT("/ssh-acls/{acl-name}").To(wsSSH_ACL_Set))
rest.Add(ws) rest.Add(ws)
// Hosts API // Hosts API