This repository has been archived by the owner on Mar 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 70
/
ship_context.go
194 lines (166 loc) · 5.13 KB
/
ship_context.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
package templates
import (
"strings"
"text/template"
"github.com/go-kit/kit/log"
"github.com/replicatedhq/ship/pkg/state"
"github.com/replicatedhq/ship/pkg/util"
)
var amazonEKSPaths map[string]string
var googleGKEPaths map[string]string
var azureAKSPaths map[string]string
// ShipContext is the context for builder functions that depend on what assets have been created.
type ShipContext struct {
Logger log.Logger
Manager state.Manager
}
func (bb *BuilderBuilder) NewShipContext() (*ShipContext, error) {
shipCtx := &ShipContext{
Logger: bb.Logger,
Manager: bb.Manager,
}
return shipCtx, nil
}
// FuncMap represents the available functions in the ShipCtx.
func (ctx ShipContext) FuncMap() template.FuncMap {
return template.FuncMap{
"AmazonEKS": ctx.amazonEKS,
"GoogleGKE": ctx.googleGKE,
"AzureAKS": ctx.azureAKS,
"GetCaKey": ctx.makeCaKey,
"GetCaCert": ctx.getCaCert,
"GetKey": ctx.makeCertKey,
"GetCert": ctx.getCert,
}
}
// amazonEKS returns the path within the InstallerPrefixPath that the kubeconfig for the named cluster can be found at
func (ctx ShipContext) amazonEKS(name string) string {
return amazonEKSPaths[name]
}
// AddAmazonEKSPath adds a kubeconfig path to the cache
func AddAmazonEKSPath(name string, path string) {
if amazonEKSPaths == nil {
amazonEKSPaths = make(map[string]string)
}
amazonEKSPaths[name] = path
}
// googleGKE returns the path within the InstallerPrefixPath that the kubeconfig for the named cluster can be found at
func (ctx ShipContext) googleGKE(name string) string {
return googleGKEPaths[name]
}
// AddGoogleGKEPath adds a kubeconfig path to the cache
func AddGoogleGKEPath(name string, path string) {
if googleGKEPaths == nil {
googleGKEPaths = make(map[string]string)
}
googleGKEPaths[name] = path
}
// azureAKS returns the path within the InstallerPrefixPath that the kubeconfig for the named cluster can be found at
func (ctx ShipContext) azureAKS(name string) string {
return azureAKSPaths[name]
}
// AddAzureAKSPath adds a kubeconfig path to the cache
func AddAzureAKSPath(name string, path string) {
if azureAKSPaths == nil {
azureAKSPaths = make(map[string]string)
}
azureAKSPaths[name] = path
}
// Certificate generation functions
// certs can be rsa or ecdsa, with a default of rsa-2048. Acceptable entries are rsa-n (where n is the number of bits),
// P256, P384, or P521.
func (ctx ShipContext) makeCaKey(caName string, caType string) string {
// check if the CA exists - if it does, use the existing one
// if it does not, make a new one
currentState, err := ctx.Manager.TryLoad()
if err != nil {
ctx.Logger.Log("method", "makeCaKey", "action", "tryLoad", "error", err)
return ""
}
CAs := currentState.CurrentCAs()
if CAs != nil {
if ca, ok := CAs[caName]; ok {
return ca.Key
}
}
newCA, err := util.MakeCA(caType)
if err != nil {
ctx.Logger.Log("method", "makeCaKey", "action", "makeCA", "error", err)
return ""
}
err = ctx.Manager.AddCA(caName, newCA)
if err != nil {
ctx.Logger.Log("method", "makeCaKey", "action", "saveCA", "error", err)
return ""
}
return newCA.Key
}
func (ctx ShipContext) getCaCert(caName string) string {
currentState, err := ctx.Manager.TryLoad()
if err != nil {
ctx.Logger.Log("method", "getCaCert", "action", "tryLoad", "error", err)
return ""
}
CAs := currentState.CurrentCAs()
if CAs != nil {
if ca, ok := CAs[caName]; ok {
return ca.Cert
}
}
ctx.Logger.Log("method", "getCaCert", "error", "certNotPresent")
return ""
}
// certs can be rsa or ecdsa, with a default of rsa-2048. Acceptable entries are rsa-n (where n is the number of bits),
// P256, P384, or P521.
func (ctx ShipContext) makeCertKey(certName string, caName string, hosts string, certType string) string {
// try to find existing cert to use
currentState, err := ctx.Manager.TryLoad()
if err != nil {
ctx.Logger.Log("method", "makeCertKey", "action", "tryLoad", "error", err)
return ""
}
certs := currentState.CurrentCerts()
if certs != nil {
if cert, ok := certs[certName]; ok {
return cert.Key
}
}
// cert does not yet exist - get CA and make a cert with it
caKey := ctx.makeCaKey(caName, certType)
if caKey == "" {
ctx.Logger.Log("method", "makeCertKey", "error", "caKeyNotPresent")
return ""
}
caCert := ctx.getCaCert(caName)
if caCert == "" {
ctx.Logger.Log("method", "makeCertKey", "error", "caCertNotPresent")
return ""
}
hostList := strings.Split(hosts, ",")
newCert, err := util.MakeCert(hostList, certType, caCert, caKey)
if err != nil {
ctx.Logger.Log("method", "makeCertKey", "action", "makeCert", "error", err)
return ""
}
err = ctx.Manager.AddCert(certName, newCert)
if err != nil {
ctx.Logger.Log("method", "makeCertKey", "action", "saveCA", "error", err)
return ""
}
return newCert.Key
}
func (ctx ShipContext) getCert(certName string) string {
currentState, err := ctx.Manager.TryLoad()
if err != nil {
ctx.Logger.Log("method", "getCert", "action", "tryLoad", "error", err)
return ""
}
Certs := currentState.CurrentCerts()
if Certs != nil {
if cert, ok := Certs[certName]; ok {
return cert.Cert
}
}
ctx.Logger.Log("method", "getCert", "error", "certNotPresent")
return ""
}