-
Notifications
You must be signed in to change notification settings - Fork 9
/
naming.go
110 lines (88 loc) · 2.88 KB
/
naming.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
// Copyright 2022 Namespace Labs Inc; All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
package fnapi
import (
"context"
"namespacelabs.dev/foundation/internal/certificates"
"namespacelabs.dev/foundation/schema"
"namespacelabs.dev/foundation/std/tasks"
)
var NamingForceStored = false
type IssueRequest struct {
UserAuth *UserAuth `json:"user_auth"`
NameRequest NameRequest `json:"name_request"`
Resource NameResource `json:"previous"`
}
type NameRequest struct {
FQDN string `json:"fqdn,omitempty"`
Subdomain string `json:"subdomain,omitempty"`
NoTLS bool `json:"noTls"`
Org string `json:"org,omitempty"`
}
type IssueResponse struct {
Resource NameResource `json:"resource"`
}
type NameResource struct {
ID ResourceID `json:"id"`
Certificate NameCertificate `json:"certificate"`
}
type ResourceID struct {
Opaque []byte `json:"opaque"`
}
type NameCertificate struct {
PrivateKey []byte `json:"private_key"`
CertificateBundle []byte `json:"certificate_bundle"`
CertificateURL string `json:"certificate_url"`
}
// JSON annotations below are used for the Arg() serialization below.
type AllocateOpts struct {
Scope schema.PackageName `json:"-"`
FQDN string `json:"fqdn,omitempty"`
Subdomain string `json:"subdomain,omitempty"`
NoTLS bool `json:"-"`
Org string `json:"org,omitempty"`
Stored *NameResource `json:"-"`
}
func AllocateName(ctx context.Context, opts AllocateOpts) (*NameResource, error) {
action := tasks.Action("dns.allocate-name")
if opts.Scope != "" {
action = action.Scope(opts.Scope)
}
return tasks.Return(ctx, action.Arg("opts", opts), func(ctx context.Context) (*NameResource, error) {
if NamingForceStored && opts.Stored != nil {
tasks.Attachments(ctx).AddResult("force_stored", true)
return opts.Stored, nil
}
req := IssueRequest{
NameRequest: NameRequest{
FQDN: opts.FQDN,
Subdomain: opts.Subdomain,
NoTLS: opts.NoTLS,
Org: opts.Org,
},
}
if opts.Stored != nil {
req.Resource = *opts.Stored
}
var nr IssueResponse
if err := (Call[IssueRequest]{
Endpoint: EndpointAddress,
Method: "nsl.naming.NamingService/Issue",
PreAuthenticateRequest: func(ua *UserAuth, rt *IssueRequest) error {
rt.UserAuth = ua
return nil
},
}).Do(ctx, req, DecodeJSONResponse(&nr)); err != nil {
return nil, err
}
res := &nr.Resource
if len(res.Certificate.CertificateBundle) > 0 {
tasks.Attachments(ctx).Attach(tasks.Output("certificate.pem", "application/x-pem-file"), res.Certificate.CertificateBundle)
if _, ts, err := certificates.CertIsValid(res.Certificate.CertificateBundle); err == nil {
tasks.Attachments(ctx).AddResult("notAfter", ts)
}
}
return res, nil
})
}