This repository has been archived by the owner on Apr 14, 2023. It is now read-only.
/
sslpolicy.go
117 lines (100 loc) · 3.2 KB
/
sslpolicy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package sslpolicy
import (
"errors"
"fmt"
"log"
"time"
"google.golang.org/api/compute/v1"
"google.golang.org/api/googleapi"
)
// NewSslPolicy returns instance of the configuration options
// necessary to create our globally enforced SSL Policy.
func NewSslPolicy(name, profile, version string) compute.SslPolicy {
return compute.SslPolicy{
Description: fmt.Sprintf("TLS policy: %s features and above TLS %s only.", profile, version),
Name: name,
Profile: profile,
MinTlsVersion: version,
}
}
func pollOperationStatus(config *Config, svc *compute.Service, operation *compute.Operation) error {
operSvc := compute.NewGlobalOperationsService(svc)
statusCall := operSvc.Get(config.Project(), operation.Name)
operation, _ = statusCall.Do()
for timeout := time.After(10 * time.Second); operation.Status != "DONE"; {
select {
case <-timeout:
return errors.New("polling SSLPolicy creation operation timed out")
default:
time.Sleep(2 * time.Second)
statusCall := operSvc.Get(config.Project(), operation.Name)
var err error
operation, err = statusCall.Do()
if err != nil {
return err
}
log.Printf("STATUS: create %s is %s", config.PolicyName(), operation.Status)
}
}
return nil
}
func pollSSLPolicy(config *Config, policySvc *compute.SslPoliciesService) (*compute.SslPolicy, error) {
var (
currPolicy *compute.SslPolicy
err error
)
for timeout := time.After(10 * time.Second); ; {
select {
case <-timeout:
return nil, errors.New("polling SSL Policy timed out")
default:
getPolicyCall := policySvc.Get(config.Project(), config.PolicyName())
currPolicy, err = getPolicyCall.Do()
if err == nil {
log.Printf("SSLPolicy %s exists", config.PolicyName())
return currPolicy, nil
}
log.Printf("Polling %s status: %d", config.PolicyName(), err.(*googleapi.Error).Code)
time.Sleep(1 * time.Second)
}
}
}
// AssertPolicy ensures that a policy exists
// that matches our expectations.
func AssertPolicy(config *Config, svc *compute.Service) (*compute.SslPolicy, error) {
policySvc := compute.NewSslPoliciesService(svc)
getPolicyCall := policySvc.Get(config.Project(), config.PolicyName())
currPolicy, err := getPolicyCall.Do()
switch err.(type) {
case *googleapi.Error:
if err.(*googleapi.Error).Code == 404 {
// Clean out the old error from above.
// := causes variable shadowing on err
err = nil
log.Printf("SSLPolicy %s not found, creating...", config.PolicyName())
sslPolicy := NewSslPolicy(config.PolicyName(), config.SslProfile(), config.TlsVersion())
createPolicyCall := policySvc.Insert(config.Project(), &sslPolicy)
operation, err := createPolicyCall.Do()
if err != nil {
return nil, err
}
// Log any warning from the operation.
for _, warning := range operation.Warnings {
log.Printf("WARNING: %s", warning.Message)
}
err = pollOperationStatus(config, svc, operation)
if err != nil {
log.Fatalf("Create SSLPolicy operation failed: %v", err)
}
currPolicy, err = pollSSLPolicy(config, policySvc)
if err != nil {
log.Fatalf("Could not find SSLPolicy after creation: %v", err)
}
}
}
if err != nil {
return nil, err
}
log.Print(currPolicy)
return currPolicy, nil
}