|
|
|
@ -148,7 +148,7 @@ func (a *Authority) generateProvisionerConfig(ctx context.Context) (provisioner.
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// StoreProvisioner stores an provisioner.Interface to the authority.
|
|
|
|
|
// StoreProvisioner stores a provisioner to the authority.
|
|
|
|
|
func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisioner) error {
|
|
|
|
|
a.adminMutex.Lock()
|
|
|
|
|
defer a.adminMutex.Unlock()
|
|
|
|
@ -198,7 +198,7 @@ func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := a.provisioners.Store(certProv); err != nil {
|
|
|
|
|
if err := a.reloadAdminResources(ctx); err != nil {
|
|
|
|
|
if err := a.ReloadAdminResources(ctx); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner store")
|
|
|
|
|
}
|
|
|
|
|
return admin.WrapErrorISE(err, "error storing provisioner in authority cache")
|
|
|
|
@ -234,7 +234,7 @@ func (a *Authority) UpdateProvisioner(ctx context.Context, nu *linkedca.Provisio
|
|
|
|
|
return admin.WrapErrorISE(err, "error updating provisioner '%s' in authority cache", nu.Name)
|
|
|
|
|
}
|
|
|
|
|
if err := a.adminDB.UpdateProvisioner(ctx, nu); err != nil {
|
|
|
|
|
if err := a.reloadAdminResources(ctx); err != nil {
|
|
|
|
|
if err := a.ReloadAdminResources(ctx); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner update")
|
|
|
|
|
}
|
|
|
|
|
return admin.WrapErrorISE(err, "error updating provisioner '%s'", nu.Name)
|
|
|
|
@ -254,10 +254,11 @@ func (a *Authority) RemoveProvisioner(ctx context.Context, id string) error {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
provName, provID := p.GetName(), p.GetID()
|
|
|
|
|
if a.IsAdminAPIEnabled() {
|
|
|
|
|
// Validate
|
|
|
|
|
// - Check that there will be SUPER_ADMINs that remain after we
|
|
|
|
|
// remove this provisioner.
|
|
|
|
|
if a.admins.SuperCount() == a.admins.SuperCountByProvisioner(provName) {
|
|
|
|
|
if a.IsAdminAPIEnabled() && a.admins.SuperCount() == a.admins.SuperCountByProvisioner(provName) {
|
|
|
|
|
return admin.NewError(admin.ErrorBadRequestType,
|
|
|
|
|
"cannot remove provisioner %s because no super admins will remain", provName)
|
|
|
|
|
}
|
|
|
|
@ -271,14 +272,15 @@ func (a *Authority) RemoveProvisioner(ctx context.Context, id string) error {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Remove provisioner from authority caches.
|
|
|
|
|
if err := a.provisioners.Remove(provID); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error removing admin from authority cache")
|
|
|
|
|
return admin.WrapErrorISE(err, "error removing provisioner from authority cache")
|
|
|
|
|
}
|
|
|
|
|
// Remove provisioner from database.
|
|
|
|
|
if err := a.adminDB.DeleteProvisioner(ctx, provID); err != nil {
|
|
|
|
|
if err := a.reloadAdminResources(ctx); err != nil {
|
|
|
|
|
if err := a.ReloadAdminResources(ctx); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner remove")
|
|
|
|
|
}
|
|
|
|
|
return admin.WrapErrorISE(err, "error deleting provisioner %s", provName)
|
|
|
|
|