89 lines
1.7 KiB
Go
89 lines
1.7 KiB
Go
package main
|
|
|
|
import (
|
|
"log"
|
|
"os"
|
|
|
|
cfsslconfig "github.com/cloudflare/cfssl/config"
|
|
)
|
|
|
|
func migrateSecrets() {
|
|
if _, err := os.Stat(secretDataPath()); err != nil {
|
|
if os.IsNotExist(err) {
|
|
return
|
|
}
|
|
|
|
log.Print("not migrating old secrets: ", err)
|
|
|
|
return
|
|
}
|
|
|
|
log.Print("migrating old secrets")
|
|
|
|
log := log.New(log.Default().Writer(), "secrets migration: ", log.Flags()|log.Lmsgprefix)
|
|
|
|
// load secrets
|
|
cfg, err := readConfig()
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
return
|
|
}
|
|
|
|
var sslCfg *cfsslconfig.Config
|
|
|
|
if len(cfg.SSLConfig) == 0 {
|
|
sslCfg = &cfsslconfig.Config{}
|
|
} else {
|
|
sslCfg, err = cfsslconfig.LoadConfig([]byte(cfg.SSLConfig))
|
|
if err != nil {
|
|
return
|
|
}
|
|
}
|
|
|
|
secretData, err := loadSecretData(sslCfg)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
return
|
|
}
|
|
|
|
for clusterName, cluster := range secretData.clusters {
|
|
for k, v := range cluster.Tokens {
|
|
err = clusterTokens.Put(clusterName+"/"+k, v)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
return
|
|
}
|
|
}
|
|
|
|
for k, v := range cluster.Passwords {
|
|
err = clusterPasswords.Put(clusterName+"/"+k, v)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
return
|
|
}
|
|
}
|
|
|
|
for caName, ca := range cluster.CAs {
|
|
clusterCAs.Put(clusterName+"/"+caName, CA{Key: ca.Key, Cert: ca.Cert})
|
|
|
|
for signedName, signed := range ca.Signed {
|
|
err = clusterCASignedKeys.Put(clusterName+"/"+caName+"/"+signedName, *signed)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
}
|
|
}
|
|
|
|
for hostName, pairs := range cluster.SSHKeyPairs {
|
|
err = sshHostKeys.Put(hostName, pairs)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
}
|
|
}
|
|
|
|
if err := os.Rename(secretDataPath(), secretDataPath()+".migrated"); err != nil {
|
|
log.Fatal("failed to rename migrated secrets: ", err)
|
|
}
|
|
}
|