This repository has been archived by the owner on Jan 19, 2022. It is now read-only.
/
config.go
101 lines (90 loc) · 2.57 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package main
import (
"crypto/x509"
"encoding/json"
"encoding/pem"
"io/ioutil"
"os"
"github.com/atlassian/kubetoken"
"github.com/pkg/errors"
)
type Context struct {
CAClusterCert string `json:"caclustercert"` // path to ca cert for kubernetes clusters
CACert string `json:"cacert"` // path to ca cert for kubetoken
PrivKey string `json:"privkey"` // path to ca cert private key for kubetoken
caClusterCertPEM []byte // contents of the CAClusterCert file, as PEM.
caCertPEM []byte // contents of the CACert file, as PEM.
Clusters map[string]string `json:"clusters"`
kubetoken.Signer `json:"-"`
}
type Environment struct {
Name string `json:"name"`
Customer string `json:"customer"`
Environment string `json:"env"`
Contexts []Context `json:"contexts"`
}
type Config struct {
Environments []Environment `json:"environments"`
}
func loadConfig(p string) (*Config, error) {
f, err := os.Open(p)
if err != nil {
return nil, err
}
defer f.Close()
var config Config
dec := json.NewDecoder(f)
if err := dec.Decode(&config); err != nil {
return nil, err
}
return &config, nil
}
func loadCertificates(c *Config) error {
for i := range c.Environments {
e := &c.Environments[i]
for j := range e.Contexts {
ctx := &e.Contexts[j]
caCertPEM, err := ioutil.ReadFile(ctx.CACert)
if err != nil {
return errors.WithMessage(err, ctx.CACert)
}
privKeyPEM, err := ioutil.ReadFile(ctx.PrivKey)
if err != nil {
return errors.WithMessage(err, ctx.PrivKey)
}
block, _ := pem.Decode(caCertPEM)
if block == nil {
return errors.Errorf("%v: pem decode caCertPEM failed", ctx.CACert)
}
ctx.Signer.Cert, err = x509.ParseCertificate(block.Bytes)
ctx.caCertPEM = caCertPEM
if err != nil {
return err
}
block, _ = pem.Decode(privKeyPEM)
if block == nil {
return errors.Errorf("%v: pem decode privKeyPEM failed", ctx.PrivKey)
}
ctx.Signer.PrivKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return err
}
if ctx.CAClusterCert != "" {
caClusterCertPEM, err := ioutil.ReadFile(ctx.CAClusterCert)
if err != nil {
return errors.WithMessage(err, ctx.CAClusterCert)
}
block, _ = pem.Decode(caClusterCertPEM)
if block == nil {
return errors.Errorf("%v: pem decode caClusterCertPEM failed", ctx.CAClusterCert)
}
ctx.caClusterCertPEM = caClusterCertPEM
} else {
// If CAClusterCert is not set, use kubetoken CA as the cluster CA
ctx.CAClusterCert = ctx.CACert
ctx.caClusterCertPEM = ctx.caCertPEM
}
}
}
return nil
}