-
Notifications
You must be signed in to change notification settings - Fork 5.1k
/
gpgkey.go
120 lines (100 loc) · 3.43 KB
/
gpgkey.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package gpgkey
import (
"fmt"
"strings"
"golang.org/x/net/context"
gpgkeypkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/gpgkey"
appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
"github.com/argoproj/argo-cd/v2/server/rbacpolicy"
"github.com/argoproj/argo-cd/v2/util/db"
"github.com/argoproj/argo-cd/v2/util/gpg"
"github.com/argoproj/argo-cd/v2/util/rbac"
)
// Server provides a service of type GPGKeyService
type Server struct {
db db.ArgoDB
repoClientset apiclient.Clientset
enf *rbac.Enforcer
}
// NewServer returns a new instance of the service with type GPGKeyService
func NewServer(
repoClientset apiclient.Clientset,
db db.ArgoDB,
enf *rbac.Enforcer,
) *Server {
return &Server{
db: db,
repoClientset: repoClientset,
enf: enf,
}
}
// ListGnuPGPublicKeys returns a list of GnuPG public keys in the configuration
func (s *Server) List(ctx context.Context, q *gpgkeypkg.GnuPGPublicKeyQuery) (*appsv1.GnuPGPublicKeyList, error) {
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceGPGKeys, rbacpolicy.ActionGet, ""); err != nil {
return nil, err
}
keys, err := s.db.ListConfiguredGPGPublicKeys(ctx)
if err != nil {
return nil, err
}
keyList := &appsv1.GnuPGPublicKeyList{}
for _, v := range keys {
// Remove key's data from list result to save some bytes
v.KeyData = ""
keyList.Items = append(keyList.Items, *v)
}
return keyList, nil
}
// GetGnuPGPublicKey retrieves a single GPG public key from the configuration
func (s *Server) Get(ctx context.Context, q *gpgkeypkg.GnuPGPublicKeyQuery) (*appsv1.GnuPGPublicKey, error) {
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceGPGKeys, rbacpolicy.ActionGet, ""); err != nil {
return nil, err
}
keyID := gpg.KeyID(q.KeyID)
if keyID == "" {
return nil, fmt.Errorf("KeyID is malformed or empty")
}
keys, err := s.db.ListConfiguredGPGPublicKeys(ctx)
if err != nil {
return nil, err
}
if key, ok := keys[keyID]; ok {
return key, nil
}
return nil, fmt.Errorf("No such key: %s", keyID)
}
// CreateGnuPGPublicKey adds one or more GPG public keys to the server's configuration
func (s *Server) Create(ctx context.Context, q *gpgkeypkg.GnuPGPublicKeyCreateRequest) (*gpgkeypkg.GnuPGPublicKeyCreateResponse, error) {
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceGPGKeys, rbacpolicy.ActionCreate, ""); err != nil {
return nil, err
}
keyData := strings.TrimSpace(q.Publickey.KeyData)
if keyData == "" {
return nil, fmt.Errorf("Submitted key data is empty")
}
added, skipped, err := s.db.AddGPGPublicKey(ctx, q.Publickey.KeyData)
if err != nil {
return nil, err
}
items := make([]appsv1.GnuPGPublicKey, 0)
for _, k := range added {
items = append(items, *k)
}
response := &gpgkeypkg.GnuPGPublicKeyCreateResponse{
Created: &appsv1.GnuPGPublicKeyList{Items: items},
Skipped: skipped,
}
return response, nil
}
// DeleteGnuPGPublicKey removes a single GPG public key from the server's configuration
func (s *Server) Delete(ctx context.Context, q *gpgkeypkg.GnuPGPublicKeyQuery) (*gpgkeypkg.GnuPGPublicKeyResponse, error) {
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceGPGKeys, rbacpolicy.ActionDelete, ""); err != nil {
return nil, err
}
err := s.db.DeleteGPGPublicKey(ctx, q.KeyID)
if err != nil {
return nil, err
}
return &gpgkeypkg.GnuPGPublicKeyResponse{}, nil
}