-
Notifications
You must be signed in to change notification settings - Fork 5.3k
/
certificate.go
81 lines (72 loc) · 2.71 KB
/
certificate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package certificate
import (
"golang.org/x/net/context"
certificatepkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/certificate"
appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
"github.com/argoproj/argo-cd/v2/server/rbacpolicy"
"github.com/argoproj/argo-cd/v2/util/db"
"github.com/argoproj/argo-cd/v2/util/rbac"
)
// Server provides a Certificate service
type Server struct {
db db.ArgoDB
repoClientset apiclient.Clientset
enf *rbac.Enforcer
}
// NewServer returns a new instance of the Certificate service
func NewServer(
repoClientset apiclient.Clientset,
db db.ArgoDB,
enf *rbac.Enforcer,
) *Server {
return &Server{
db: db,
repoClientset: repoClientset,
enf: enf,
}
}
// TODO: RBAC policies are currently an all-or-nothing approach, so there is no
// fine grained control for certificate manipulation. Either a user has access
// to a given certificate operation (get/create/delete), or it doesn't.
// Returns a list of configured certificates that match the query
func (s *Server) ListCertificates(ctx context.Context, q *certificatepkg.RepositoryCertificateQuery) (*appsv1.RepositoryCertificateList, error) {
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceCertificates, rbacpolicy.ActionGet, ""); err != nil {
return nil, err
}
certList, err := s.db.ListRepoCertificates(ctx, &db.CertificateListSelector{
HostNamePattern: q.GetHostNamePattern(),
CertType: q.GetCertType(),
CertSubType: q.GetCertSubType(),
})
if err != nil {
return nil, err
}
return certList, nil
}
// Batch creates certificates for verifying repositories
func (s *Server) CreateCertificate(ctx context.Context, q *certificatepkg.RepositoryCertificateCreateRequest) (*appsv1.RepositoryCertificateList, error) {
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceCertificates, rbacpolicy.ActionCreate, ""); err != nil {
return nil, err
}
certs, err := s.db.CreateRepoCertificate(ctx, q.Certificates, q.Upsert)
if err != nil {
return nil, err
}
return certs, nil
}
// Batch deletes a list of certificates that match the query
func (s *Server) DeleteCertificate(ctx context.Context, q *certificatepkg.RepositoryCertificateQuery) (*appsv1.RepositoryCertificateList, error) {
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceCertificates, rbacpolicy.ActionDelete, ""); err != nil {
return nil, err
}
certs, err := s.db.RemoveRepoCertificates(ctx, &db.CertificateListSelector{
HostNamePattern: q.GetHostNamePattern(),
CertType: q.GetCertType(),
CertSubType: q.GetCertSubType(),
})
if err != nil {
return nil, err
}
return certs, nil
}