/
actions_certs.go
74 lines (62 loc) · 2.43 KB
/
actions_certs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package cluster
import (
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"github.com/pkg/errors"
"github.com/rancher/norman/api/access"
"github.com/rancher/norman/types"
mgmtv3 "github.com/rancher/types/apis/management.cattle.io/v3"
client "github.com/rancher/types/client/management/v3"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func (a ActionHandler) RotateCertificates(actionName string, action *types.Action, apiContext *types.APIContext) error {
rtn := map[string]interface{}{
"type": "rotateCertificateOutput",
"message": "rotating certificates for all components",
}
var mgmtCluster mgmtv3.Cluster
if err := access.ByID(apiContext, apiContext.Version, apiContext.Type, apiContext.ID, &mgmtCluster); err != nil {
rtn["message"] = "none existent Cluster"
apiContext.WriteResponse(http.StatusBadRequest, rtn)
return errors.Wrapf(err, "failed to get Cluster by ID %s", apiContext.ID)
}
cluster, err := a.ClusterClient.Get(apiContext.ID, v1.GetOptions{})
if err != nil {
rtn["message"] = "none existent Cluster"
apiContext.WriteResponse(http.StatusBadRequest, rtn)
return errors.Wrapf(err, "failed to get Cluster by ID %s", apiContext.ID)
}
data, err := ioutil.ReadAll(apiContext.Request.Body)
if err != nil {
rtn["message"] = "reading request body error"
apiContext.WriteResponse(http.StatusBadRequest, rtn)
return errors.Wrapf(err, "failed to read request body")
}
input := client.RotateCertificateInput{}
if err = json.Unmarshal(data, &input); err != nil {
rtn["message"] = "failed to parse request content"
apiContext.WriteResponse(http.StatusBadRequest, rtn)
return errors.Wrap(err, "unmarshaling input error")
}
rotateCerts := &mgmtv3.RotateCertificates{
CACertificates: input.CACertificates,
Services: []string{input.Services},
}
cluster.Spec.RancherKubernetesEngineConfig.RotateCertificates = rotateCerts
if _, err := a.ClusterClient.Update(cluster); err != nil {
rtn["message"] = "failed to update cluster object"
apiContext.WriteResponse(http.StatusInternalServerError, rtn)
return errors.Wrapf(err, "unable to update Cluster %s", cluster.Name)
}
if input.CACertificates {
rtn["message"] = "rotating CA certificates and all components"
} else if len(input.Services) > 0 {
rtn["message"] = fmt.Sprintf("rotating %s certificates", input.Services)
} else {
rtn["message"] = "rotating certificates for all components"
}
apiContext.WriteResponse(http.StatusOK, rtn)
return nil
}