This repository has been archived by the owner on Sep 12, 2024. It is now read-only.
forked from docker/machine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
bootstrap.go
75 lines (61 loc) · 2.15 KB
/
bootstrap.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package cert
import (
"errors"
"fmt"
"os"
"github.com/docker/machine/libmachine/auth"
"github.com/docker/machine/libmachine/log"
"github.com/docker/machine/libmachine/mcnutils"
)
func BootstrapCertificates(authOptions *auth.Options) error {
certDir := authOptions.CertDir
caCertPath := authOptions.CaCertPath
caPrivateKeyPath := authOptions.CaPrivateKeyPath
clientCertPath := authOptions.ClientCertPath
clientKeyPath := authOptions.ClientKeyPath
// TODO: I'm not super happy about this use of "org", the user should
// have to specify it explicitly instead of implicitly basing it on
// $USER.
caOrg := mcnutils.GetUsername()
org := caOrg + ".<bootstrap>"
bits := 2048
if _, err := os.Stat(certDir); err != nil {
if os.IsNotExist(err) {
if err := os.MkdirAll(certDir, 0700); err != nil {
return fmt.Errorf("Creating machine certificate dir failed: %s", err)
}
} else {
return err
}
}
if _, err := os.Stat(caCertPath); os.IsNotExist(err) {
log.Infof("Creating CA: %s", caCertPath)
// check if the key path exists; if so, error
if _, err := os.Stat(caPrivateKeyPath); err == nil {
return errors.New("The CA key already exists. Please remove it or specify a different key/cert.")
}
if err := GenerateCACertificate(caCertPath, caPrivateKeyPath, caOrg, bits); err != nil {
return fmt.Errorf("Generating CA certificate failed: %s", err)
}
}
if _, err := os.Stat(clientCertPath); os.IsNotExist(err) {
log.Infof("Creating client certificate: %s", clientCertPath)
if _, err := os.Stat(certDir); err != nil {
if os.IsNotExist(err) {
if err := os.Mkdir(certDir, 0700); err != nil {
return fmt.Errorf("Creating machine client cert dir failed: %s", err)
}
} else {
return err
}
}
// check if the key path exists; if so, error
if _, err := os.Stat(clientKeyPath); err == nil {
return errors.New("The client key already exists. Please remove it or specify a different key/cert.")
}
if err := GenerateCert([]string{""}, clientCertPath, clientKeyPath, caCertPath, caPrivateKeyPath, org, bits); err != nil {
return fmt.Errorf("Generating client certificate failed: %s", err)
}
}
return nil
}