From b91affdd34ae30e6c6e3ef61ea2fa8ac30944aed Mon Sep 17 00:00:00 2001 From: max furman Date: Mon, 25 Apr 2022 10:23:07 -0700 Subject: [PATCH] exposing authority configuration for provisioner cli commands --- authority/admin/db.go | 46 +++++++++++++++++++++++++++++++++ authority/admins.go | 6 ++--- authority/authority.go | 26 ++++++++++++++++--- authority/provisioners.go | 8 +++--- ca/adminClient.go | 24 +++++++++--------- ca/client.go | 53 ++++++++++++++++++++------------------- 6 files changed, 115 insertions(+), 48 deletions(-) diff --git a/authority/admin/db.go b/authority/admin/db.go index bf34a3c2..6e4e7c49 100644 --- a/authority/admin/db.go +++ b/authority/admin/db.go @@ -71,6 +71,52 @@ type DB interface { DeleteAdmin(ctx context.Context, id string) error } +type NoDB struct{} + +func NewNoDB() *NoDB { + return &NoDB{} +} + +func (n *NoDB) CreateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { + return nil +} + +func (n *NoDB) GetProvisioner(ctx context.Context, id string) (*linkedca.Provisioner, error) { + return nil, nil +} + +func (n *NoDB) GetProvisioners(ctx context.Context) ([]*linkedca.Provisioner, error) { + return nil, nil +} + +func (n *NoDB) UpdateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { + return nil +} + +func (n *NoDB) DeleteProvisioner(ctx context.Context, id string) error { + return nil +} + +func (n *NoDB) CreateAdmin(ctx context.Context, admin *linkedca.Admin) error { + return nil +} + +func (n *NoDB) GetAdmin(ctx context.Context, id string) (*linkedca.Admin, error) { + return nil, nil +} + +func (n *NoDB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) { + return nil, nil +} + +func (n *NoDB) UpdateAdmin(ctx context.Context, prov *linkedca.Admin) error { + return nil +} + +func (n *NoDB) DeleteAdmin(ctx context.Context, id string) error { + return nil +} + // MockDB is an implementation of the DB interface that should only be used as // a mock in tests. type MockDB struct { diff --git a/authority/admins.go b/authority/admins.go index b975297a..c8e1ac66 100644 --- a/authority/admins.go +++ b/authority/admins.go @@ -49,7 +49,7 @@ func (a *Authority) StoreAdmin(ctx context.Context, adm *linkedca.Admin, prov pr return admin.WrapErrorISE(err, "error creating admin") } if err := a.admins.Store(adm, prov); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed admin store") } return admin.WrapErrorISE(err, "error storing admin in authority cache") @@ -66,7 +66,7 @@ func (a *Authority) UpdateAdmin(ctx context.Context, id string, nu *linkedca.Adm return nil, admin.WrapErrorISE(err, "error updating cached admin %s", id) } if err := a.adminDB.UpdateAdmin(ctx, adm); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return nil, admin.WrapErrorISE(err, "error reloading admin resources on failed admin update") } return nil, admin.WrapErrorISE(err, "error updating admin %s", id) @@ -88,7 +88,7 @@ func (a *Authority) removeAdmin(ctx context.Context, id string) error { return admin.WrapErrorISE(err, "error removing admin %s from authority cache", id) } if err := a.adminDB.DeleteAdmin(ctx, id); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed admin remove") } return admin.WrapErrorISE(err, "error deleting admin %s", id) diff --git a/authority/authority.go b/authority/authority.go index 9db38e14..2c10b626 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -115,6 +115,20 @@ func New(cfg *config.Config, opts ...Option) (*Authority, error) { return a, nil } +// FromOptions creates an Authority exclusively using the passed in options +// and does not intialize the Authority. +func FromOptions(opts ...Option) (*Authority, error) { + var a = new(Authority) + + // Apply options. + for _, fn := range opts { + if err := fn(a); err != nil { + return nil, err + } + } + return a, nil +} + // NewEmbedded initializes an authority that can be embedded in a different // project without the limitations of the config. func NewEmbedded(opts ...Option) (*Authority, error) { @@ -153,8 +167,8 @@ func NewEmbedded(opts ...Option) (*Authority, error) { return a, nil } -// reloadAdminResources reloads admins and provisioners from the DB. -func (a *Authority) reloadAdminResources(ctx context.Context) error { +// ReloadAdminResources reloads admins and provisioners from the DB. +func (a *Authority) ReloadAdminResources(ctx context.Context) error { var ( provList provisioner.List adminList []*linkedca.Admin @@ -551,7 +565,7 @@ func (a *Authority) init() error { } // Load Provisioners and Admins - if err := a.reloadAdminResources(context.Background()); err != nil { + if err := a.ReloadAdminResources(context.Background()); err != nil { return err } @@ -587,6 +601,12 @@ func (a *Authority) GetAdminDatabase() admin.DB { return a.adminDB } +// GetConfig returns the config. +func (a *Authority) GetConfig() *config.Config { + return a.config +} + +// GetInfo returns information about the authority. func (a *Authority) GetInfo() Info { ai := Info{ StartTime: a.startTime, diff --git a/authority/provisioners.go b/authority/provisioners.go index 63fb630b..5944f007 100644 --- a/authority/provisioners.go +++ b/authority/provisioners.go @@ -145,7 +145,7 @@ func (a *Authority) generateProvisionerConfig(ctx context.Context) (provisioner. } -// StoreProvisioner stores an provisioner.Interface to the authority. +// StoreProvisioner stores a provisioner to the authority. func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { a.adminMutex.Lock() defer a.adminMutex.Unlock() @@ -191,7 +191,7 @@ func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisi } if err := a.provisioners.Store(certProv); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner store") } return admin.WrapErrorISE(err, "error storing provisioner in authority cache") @@ -223,7 +223,7 @@ func (a *Authority) UpdateProvisioner(ctx context.Context, nu *linkedca.Provisio return admin.WrapErrorISE(err, "error updating provisioner '%s' in authority cache", nu.Name) } if err := a.adminDB.UpdateProvisioner(ctx, nu); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner update") } return admin.WrapErrorISE(err, "error updating provisioner '%s'", nu.Name) @@ -267,7 +267,7 @@ func (a *Authority) RemoveProvisioner(ctx context.Context, id string) error { } // Remove provisioner from database. if err := a.adminDB.DeleteProvisioner(ctx, provID); err != nil { - if err := a.reloadAdminResources(ctx); err != nil { + if err := a.ReloadAdminResources(ctx); err != nil { return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner remove") } return admin.WrapErrorISE(err, "error deleting provisioner %s", provName) diff --git a/ca/adminClient.go b/ca/adminClient.go index 72f62dd8..e898a898 100644 --- a/ca/adminClient.go +++ b/ca/adminClient.go @@ -363,19 +363,19 @@ retry: // GetProvisioner performs the GET /admin/provisioners/{name} request to the CA. func (c *AdminClient) GetProvisioner(opts ...ProvisionerOption) (*linkedca.Provisioner, error) { var retried bool - o := new(provisionerOptions) - if err := o.apply(opts); err != nil { + o := new(ProvisionerOptions) + if err := o.Apply(opts); err != nil { return nil, err } var u *url.URL switch { - case len(o.id) > 0: + case len(o.ID) > 0: u = c.endpoint.ResolveReference(&url.URL{ Path: "/admin/provisioners/id", RawQuery: o.rawQuery(), }) - case len(o.name) > 0: - u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.name)}) + case len(o.Name) > 0: + u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.Name)}) default: return nil, errors.New("must set either name or id in method options") } @@ -410,8 +410,8 @@ retry: // GetProvisionersPaginate performs the GET /admin/provisioners request to the CA. func (c *AdminClient) GetProvisionersPaginate(opts ...ProvisionerOption) (*adminAPI.GetProvisionersResponse, error) { var retried bool - o := new(provisionerOptions) - if err := o.apply(opts); err != nil { + o := new(ProvisionerOptions) + if err := o.Apply(opts); err != nil { return nil, err } u := c.endpoint.ResolveReference(&url.URL{ @@ -472,19 +472,19 @@ func (c *AdminClient) RemoveProvisioner(opts ...ProvisionerOption) error { retried bool ) - o := new(provisionerOptions) - if err := o.apply(opts); err != nil { + o := new(ProvisionerOptions) + if err := o.Apply(opts); err != nil { return err } switch { - case len(o.id) > 0: + case len(o.ID) > 0: u = c.endpoint.ResolveReference(&url.URL{ Path: path.Join(adminURLPrefix, "provisioners/id"), RawQuery: o.rawQuery(), }) - case len(o.name) > 0: - u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.name)}) + case len(o.Name) > 0: + u = c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "provisioners", o.Name)}) default: return errors.New("must set either name or id in method options") } diff --git a/ca/client.go b/ca/client.go index 0bd93195..3871c749 100644 --- a/ca/client.go +++ b/ca/client.go @@ -425,16 +425,17 @@ func parseEndpoint(endpoint string) (*url.URL, error) { } // ProvisionerOption is the type of options passed to the Provisioner method. -type ProvisionerOption func(o *provisionerOptions) error +type ProvisionerOption func(o *ProvisionerOptions) error -type provisionerOptions struct { - cursor string - limit int - id string - name string +// ProvisionerOptions stores options for the provisioner CRUD API. +type ProvisionerOptions struct { + Cursor string + Limit int + ID string + Name string } -func (o *provisionerOptions) apply(opts []ProvisionerOption) (err error) { +func (o *ProvisionerOptions) Apply(opts []ProvisionerOption) (err error) { for _, fn := range opts { if err = fn(o); err != nil { return @@ -443,51 +444,51 @@ func (o *provisionerOptions) apply(opts []ProvisionerOption) (err error) { return } -func (o *provisionerOptions) rawQuery() string { +func (o *ProvisionerOptions) rawQuery() string { v := url.Values{} - if len(o.cursor) > 0 { - v.Set("cursor", o.cursor) + if len(o.Cursor) > 0 { + v.Set("cursor", o.Cursor) } - if o.limit > 0 { - v.Set("limit", strconv.Itoa(o.limit)) + if o.Limit > 0 { + v.Set("limit", strconv.Itoa(o.Limit)) } - if len(o.id) > 0 { - v.Set("id", o.id) + if len(o.ID) > 0 { + v.Set("id", o.ID) } - if len(o.name) > 0 { - v.Set("name", o.name) + if len(o.Name) > 0 { + v.Set("name", o.Name) } return v.Encode() } // WithProvisionerCursor will request the provisioners starting with the given cursor. func WithProvisionerCursor(cursor string) ProvisionerOption { - return func(o *provisionerOptions) error { - o.cursor = cursor + return func(o *ProvisionerOptions) error { + o.Cursor = cursor return nil } } // WithProvisionerLimit will request the given number of provisioners. func WithProvisionerLimit(limit int) ProvisionerOption { - return func(o *provisionerOptions) error { - o.limit = limit + return func(o *ProvisionerOptions) error { + o.Limit = limit return nil } } // WithProvisionerID will request the given provisioner. func WithProvisionerID(id string) ProvisionerOption { - return func(o *provisionerOptions) error { - o.id = id + return func(o *ProvisionerOptions) error { + o.ID = id return nil } } // WithProvisionerName will request the given provisioner. func WithProvisionerName(name string) ProvisionerOption { - return func(o *provisionerOptions) error { - o.name = name + return func(o *ProvisionerOptions) error { + o.Name = name return nil } } @@ -810,8 +811,8 @@ retry: // paginate the provisioners. func (c *Client) Provisioners(opts ...ProvisionerOption) (*api.ProvisionersResponse, error) { var retried bool - o := new(provisionerOptions) - if err := o.apply(opts); err != nil { + o := new(ProvisionerOptions) + if err := o.Apply(opts); err != nil { return nil, err } u := c.endpoint.ResolveReference(&url.URL{