feat(templates): TLS helpers

This commit is contained in:
Mikaël Cluseau 2018-06-19 17:49:09 +11:00
parent d3bb8e3579
commit f95c495a92

View File

@ -8,6 +8,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"log" "log"
"path"
"path/filepath" "path/filepath"
cfsslconfig "github.com/cloudflare/cfssl/config" cfsslconfig "github.com/cloudflare/cfssl/config"
@ -112,11 +113,20 @@ func (ctx *renderContext) Config() (ba []byte, cfg *config.Config, err error) {
return secretData.KeyCert(cluster, req.CA, name, req.Profile, req.Label, certReq) return secretData.KeyCert(cluster, req.CA, name, req.Profile, req.Label, certReq)
} }
asYaml := func(v interface{}) (string, error) {
ba, err := yaml.Marshal(v)
if err != nil {
return "", err
}
return string(ba), nil
}
extraFuncs := map[string]interface{}{ extraFuncs := map[string]interface{}{
"static_pods": func(name string) (string, error) { "static_pods": func(name string) (string, error) {
t := ctx.clusterConfig.StaticPodsTemplate(name) t := ctx.clusterConfig.StaticPodsTemplate(name)
if t == nil { if t == nil {
return "", nil return "", fmt.Errorf("no static pods template named %q", name)
} }
buf := &bytes.Buffer{} buf := &bytes.Buffer{}
@ -129,6 +139,10 @@ func (ctx *renderContext) Config() (ba []byte, cfg *config.Config, err error) {
return buf.String(), nil return buf.String(), nil
}, },
"token": func(name string) (s string, err error) {
return secretData.Token(cluster, name)
},
"ca_key": func(name string) (s string, err error) { "ca_key": func(name string) (s string, err error) {
ca, err := secretData.CA(cluster, name) ca, err := secretData.CA(cluster, name)
if err != nil { if err != nil {
@ -149,6 +163,28 @@ func (ctx *renderContext) Config() (ba []byte, cfg *config.Config, err error) {
return return
}, },
"ca_dir": func(name string) (s string, err error) {
ca, err := secretData.CA(cluster, name)
if err != nil {
return
}
dir := path.Join("etc", "tls-ca", name)
return asYaml([]config.FileDef{
{
Path: path.Join(dir, "ca.crt"),
Mode: 0644,
Content: string(ca.Cert),
},
{
Path: path.Join(dir, "ca.key"),
Mode: 0600,
Content: string(ca.Key),
},
})
},
"tls_key": func(name string) (s string, err error) { "tls_key": func(name string) (s string, err error) {
kc, err := getKeyCert(name) kc, err := getKeyCert(name)
if err != nil { if err != nil {
@ -168,6 +204,44 @@ func (ctx *renderContext) Config() (ba []byte, cfg *config.Config, err error) {
s = string(kc.Cert) s = string(kc.Cert)
return return
}, },
"tls_dir": func(name string) (s string, err error) {
csr := ctx.clusterConfig.CSR(name)
if csr == nil {
err = fmt.Errorf("no CSR named %q", name)
return
}
ca, err := secretData.CA(cluster, csr.CA)
if err != nil {
return
}
kc, err := getKeyCert(name)
if err != nil {
return
}
dir := path.Join("etc", "tls", name)
return asYaml([]config.FileDef{
{
Path: path.Join(dir, "ca.crt"),
Mode: 0644,
Content: string(ca.Cert),
},
{
Path: path.Join(dir, "tls.crt"),
Mode: 0644,
Content: string(kc.Cert),
},
{
Path: path.Join(dir, "tls.key"),
Mode: 0600,
Content: string(kc.Key),
},
})
},
} }
buf := bytes.NewBuffer(make([]byte, 0, 4096)) buf := bytes.NewBuffer(make([]byte, 0, 4096))