/
acm.go
118 lines (103 loc) · 2.86 KB
/
acm.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package aws
import (
"context"
"strings"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/acm"
"github.com/k11n/konstellation/pkg/cloud/types"
"github.com/k11n/konstellation/pkg/utils/async"
)
type ACMService struct {
session *session.Session
ACM *acm.ACM
}
func NewACMService(s *session.Session) *ACMService {
return &ACMService{
session: s,
ACM: acm.New(s),
}
}
func (a *ACMService) ListCertificates(ctx context.Context) (certificates []*types.Certificate, err error) {
out, err := a.ACM.ListCertificatesWithContext(ctx, &acm.ListCertificatesInput{})
if err != nil {
return
}
wp := async.NewWorkerPool()
for i := range out.CertificateSummaryList {
summary := out.CertificateSummaryList[i]
wp.AddTask(func() (interface{}, error) {
res, err := a.ACM.DescribeCertificateWithContext(ctx, &acm.DescribeCertificateInput{
CertificateArn: summary.CertificateArn,
})
if err != nil {
return nil, err
}
return certificateFromDetails(res.Certificate), nil
})
}
wp.StopWait()
for _, t := range wp.GetTasks() {
if t.Err != nil {
return nil, t.Err
}
certificates = append(certificates, t.Result.(*types.Certificate))
}
return
}
func (a *ACMService) ImportCertificate(ctx context.Context, cert []byte, pkey []byte, chain []byte, existingID string) (certificate *types.Certificate, err error) {
input := &acm.ImportCertificateInput{
Certificate: cert,
PrivateKey: pkey,
CertificateChain: chain,
}
if existingID != "" {
input.SetCertificateArn(existingID)
}
out, err := a.ACM.ImportCertificateWithContext(ctx, input)
if err != nil {
return
}
res, err := a.ACM.DescribeCertificateWithContext(ctx, &acm.DescribeCertificateInput{
CertificateArn: out.CertificateArn,
})
if err != nil {
return
}
certificate = certificateFromDetails(res.Certificate)
return
}
func certificateFromDetails(acmCert *acm.CertificateDetail) *types.Certificate {
cert := &types.Certificate{
Domain: *acmCert.DomainName,
ProviderID: *acmCert.CertificateArn,
CloudProvider: "aws",
ExpiresAt: acmCert.NotAfter,
}
// extract ID from provider ID
parts := strings.Split(cert.ProviderID, "/")
cert.ID = parts[1]
if acmCert.Status == nil {
cert.Status = types.CertificateStatusNotReady
return cert
}
switch *acmCert.Status {
case "PENDING_VALIDATION", "INACTIVE":
cert.Status = types.CertificateStatusNotReady
case "ISSUED":
cert.Status = types.CertificateStatusReady
case "EXPIRED":
cert.Status = types.CertificateStatusExpired
case "VALIDATION_TIMED_OUT", "REVOKED", "FAILED":
cert.Status = types.CertificateStatusError
}
if acmCert.Issuer != nil {
cert.Issuer = *acmCert.Issuer
}
if acmCert.KeyAlgorithm != nil {
cert.KeyAlgorithm = *acmCert.KeyAlgorithm
}
if acmCert.SignatureAlgorithm != nil {
cert.SignatureAlgorithm = *acmCert.SignatureAlgorithm
}
return cert
}