direktil/local-server
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

move tls_dir to render context funcs because it needs template host IPs

Browse Source
This commit is contained in:
Mikaël Cluseau
2025-09-25 23:19:35 +02:00
parent 8ae52501c9
commit 436be67bfd
2 changed files with 50 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
cmd/dkl-local-server/cluster-render-context.go
View File

@ -178,36 +178,6 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
s = string(kc.Cert) s = string(kc.Cert)
return return
}, },
"tls_dir": func(dir, cluster, caName, name, profile, label, reqJson string) (s string, err error) {
ca, err := getUsableClusterCA(cluster, caName)
if err != nil {
return
}
kc, err := getKeyCert(cluster, caName, name, profile, label, reqJson)
if err != nil {
return
}
return asYaml([]config.FileDef{
{
Path: path.Join(dir, "ca.crt"),
Mode: 0644,
Content: string(ca.Cert),
},
{
Path: path.Join(dir, "tls.crt"),
Mode: 0644,
Content: string(kc.Cert),
},
{
Path: path.Join(dir, "tls.key"),
Mode: 0600,
Content: string(kc.Key),
},
})
},
} }
} }

50
cmd/dkl-local-server/render-context.go
View File

@ -5,6 +5,7 @@ import (
"crypto/sha1" "crypto/sha1"
"crypto/sha256" "crypto/sha256"
"encoding/hex" "encoding/hex"
"encoding/json"
"fmt" "fmt"
"io" "io"
"log" "log"
@ -13,10 +14,12 @@ import (
"os" "os"
"path" "path"
"path/filepath" "path/filepath"
"strings"
"text/template" "text/template"
"time" "time"
cfsslconfig "github.com/cloudflare/cfssl/config" cfsslconfig "github.com/cloudflare/cfssl/config"
"github.com/cloudflare/cfssl/csr"
restful "github.com/emicklei/go-restful" restful "github.com/emicklei/go-restful"
yaml "gopkg.in/yaml.v2" yaml "gopkg.in/yaml.v2"
@ -165,6 +168,21 @@ func (ctx *renderContext) Tag() (string, error) {
func (ctx *renderContext) TemplateFuncs() map[string]any { func (ctx *renderContext) TemplateFuncs() map[string]any {
funcs := templateFuncs(ctx.SSLConfig) funcs := templateFuncs(ctx.SSLConfig)
// FIXME duplicate from cluster-render-context
getKeyCert := func(cluster, caName, name, profile, label, reqJson string) (kc KeyCert, err error) {
certReq := &csr.CertificateRequest{
KeyRequest: csr.NewKeyRequest(),
}
err = json.Unmarshal([]byte(reqJson), certReq)
if err != nil {
log.Print("CSR unmarshal failed on: ", reqJson)
return
}
return getUsableKeyCert(cluster, caName, name, profile, label, certReq, ctx.SSLConfig)
}
for name, method := range map[string]any{ for name, method := range map[string]any{
"host_ip": func() (s string) { "host_ip": func() (s string) {
return ctx.Host.IPs[0] return ctx.Host.IPs[0]
@ -177,6 +195,38 @@ func (ctx *renderContext) TemplateFuncs() map[string]any {
return hex.EncodeToString(ba[:]) return hex.EncodeToString(ba[:])
}, },
"tls_dir": func(dir, cluster, caName, name, profile, label, reqJson string) (s string, err error) {
ca, err := getUsableClusterCA(cluster, caName)
if err != nil {
return
}
reqJson = strings.ReplaceAll(reqJson, "${host_ip}", ctx.Host.IPs[0])
kc, err := getKeyCert(cluster, caName, name, profile, label, reqJson)
if err != nil {
return
}
return asYaml([]config.FileDef{
{
Path: path.Join(dir, "ca.crt"),
Mode: 0644,
Content: string(ca.Cert),
},
{
Path: path.Join(dir, "tls.crt"),
Mode: 0644,
Content: string(kc.Cert),
},
{
Path: path.Join(dir, "tls.key"),
Mode: 0600,
Content: string(kc.Key),
},
})
},
"ssh_user_ca": func(path, cluster string) (s string, err error) { "ssh_user_ca": func(path, cluster string) (s string, err error) {
userCA, err := sshCAPubKey(cluster) userCA, err := sshCAPubKey(cluster)
return asYaml([]config.FileDef{{ return asYaml([]config.FileDef{{