secrets migration & restitution

2023-02-12 11:58:26 +01:00
parent 1aefc5d2b7
commit 3bc20e95cc
13 changed files with 473 additions and 130 deletions
--- a/cmd/dkl-local-server/ws-clusters.go
+++ b/cmd/dkl-local-server/ws-clusters.go
@ -9,6 +9,13 @@ import (
 	"novit.tech/direktil/pkg/localconfig"
 )

+var clusterSecretKVs = []string{}
+
+func newClusterSecretKV[T any](name string) KVSecrets[T] {
+    clusterSecretKVs = append(clusterSecretKVs, name)
+    return KVSecrets[T]{"clusters/"+name}
+}
+
 func wsListClusters(req *restful.Request, resp *restful.Response) {
 	cfg := wsReadConfig(resp)
 	if cfg == nil {
@ -64,97 +71,6 @@ func wsClusterAddons(req *restful.Request, resp *restful.Response) {
 	wsRender(resp, cluster.Addons, cluster)
 }

-func wsClusterPasswords(req *restful.Request, resp *restful.Response) {
-	cluster := wsReadCluster(req, resp)
-	if cluster == nil {
-		return
-	}
-
-	resp.WriteEntity(secretData.Passwords(cluster.Name))
-}
-
-func wsClusterPassword(req *restful.Request, resp *restful.Response) {
-	cluster := wsReadCluster(req, resp)
-	if cluster == nil {
-		return
-	}
-
-	name := req.PathParameter("password-name")
-
-	resp.WriteEntity(secretData.Password(cluster.Name, name))
-}
-
-func wsClusterSetPassword(req *restful.Request, resp *restful.Response) {
-	cluster := wsReadCluster(req, resp)
-	if cluster == nil {
-		return
-	}
-
-	name := req.PathParameter("password-name")
-
-	var password string
-	if err := req.ReadEntity(&password); err != nil {
-		wsError(resp, err) // FIXME this is a BadRequest
-		return
-	}
-
-	secretData.SetPassword(cluster.Name, name, password)
-
-	if err := secretData.Save(); err != nil {
-		wsError(resp, err)
-		return
-	}
-}
-
-func wsClusterToken(req *restful.Request, resp *restful.Response) {
-	cluster := wsReadCluster(req, resp)
-	if cluster == nil {
-		return
-	}
-
-	name := req.PathParameter("token-name")
-
-	token, err := secretData.Token(cluster.Name, name)
-	if err != nil {
-		wsError(resp, err)
-		return
-	}
-
-	resp.WriteEntity(token)
-}
-
-func wsClusterBootstrapPods(req *restful.Request, resp *restful.Response) {
-	cluster := wsReadCluster(req, resp)
-	if cluster == nil {
-		return
-	}
-
-	if len(cluster.BootstrapPods) == 0 {
-		log.Printf("cluster %q has no bootstrap pods defined", cluster.Name)
-		wsNotFound(req, resp)
-		return
-	}
-
-	wsRender(resp, cluster.BootstrapPods, cluster)
-}
-
-func wsClusterCAs(req *restful.Request, resp *restful.Response) {
-	cs := secretData.clusters[req.PathParameter("cluster-name")]
-	if cs == nil {
-		wsNotFound(req, resp)
-		return
-	}
-
-	keys := make([]string, 0, len(cs.CAs))
-	for k := range cs.CAs {
-		keys = append(keys, k)
-	}
-
-	sort.Strings(keys)
-
-	resp.WriteJson(keys, restful.MIME_JSON)
-}
-
 func wsClusterCACert(req *restful.Request, resp *restful.Response) {
 	cs := secretData.clusters[req.PathParameter("cluster-name")]
 	if cs == nil {