package main import ( "fmt" "github.com/cloudflare/cfssl/log" restful "github.com/emicklei/go-restful" ) var clusterCAs = newClusterSecretKV[CA]("CAs") func wsClusterCAs(req *restful.Request, resp *restful.Response) { clusterName := req.PathParameter("cluster-name") clusterCAs.WsList(resp, clusterName+"/") } func wsClusterCA(req *restful.Request, resp *restful.Response) { clusterName := req.PathParameter("cluster-name") name := req.PathParameter("ca-name") clusterCAs.WsGet(resp, clusterName+"/"+name) } func getUsableClusterCA(cluster, name string) (ca CA, err error) { defer func() { if err != nil { err = fmt.Errorf("cluster %s CA %s: %w", cluster, name, err) } }() key := cluster + "/" + name ca, found, err := clusterCAs.Get(key) if err != nil { return } if !found { log.Info("new CA in cluster ", cluster, ": ", name) err = ca.Init() if err != nil { return } err = clusterCAs.Put(key, ca) if err != nil { return } return } checkErr := checkCertUsable(ca.Cert) if checkErr != nil { log.Infof("cluster %s: CA %s: regenerating certificate: %v", cluster, name, checkErr) err = ca.RenewCert() if err != nil { err = fmt.Errorf("renew: %w", err) } err = clusterCAs.Put(key, ca) } return } var clusterCASignedKeys = newClusterSecretKV[KeyCert]("CA-signed-keys") func wsClusterCASignedKeys(req *restful.Request, resp *restful.Response) { clusterName := req.PathParameter("cluster-name") caName := req.PathParameter("ca-name") clusterCASignedKeys.WsList(resp, clusterName+"/"+caName+"/") } func wsClusterCASignedKey(req *restful.Request, resp *restful.Response) { clusterName := req.PathParameter("cluster-name") caName := req.PathParameter("ca-name") name := req.PathParameter("signed-name") clusterCASignedKeys.WsGet(resp, clusterName+"/"+caName+"/"+name) }