forked from cloudfoundry/bosh-bootloader
-
Notifications
You must be signed in to change notification settings - Fork 0
/
manager.go
89 lines (72 loc) · 2.16 KB
/
manager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package aws
import (
"errors"
"fmt"
"github.com/cloudfoundry/bosh-bootloader/aws"
"github.com/cloudfoundry/bosh-bootloader/aws/ec2"
"github.com/cloudfoundry/bosh-bootloader/keypair"
"github.com/cloudfoundry/bosh-bootloader/storage"
)
type Manager struct {
keyPairSynchronizer keyPairSynchronizer
keyPairDeleter keyPairDeleter
clientProvider clientProvider
}
type keyPairSynchronizer interface {
Sync(ec2.KeyPair) (ec2.KeyPair, error)
}
type keyPairDeleter interface {
Delete(keyPairName string) error
}
type clientProvider interface {
SetConfig(config aws.Config)
}
func NewManager(keyPairSynchronizer keyPairSynchronizer, keyPairDeleter keyPairDeleter, clientProvider clientProvider) Manager {
return Manager{
keyPairSynchronizer: keyPairSynchronizer,
keyPairDeleter: keyPairDeleter,
clientProvider: clientProvider,
}
}
func (m Manager) Sync(state storage.State) (storage.State, error) {
if state.EnvID == "" {
return storage.State{}, errors.New("env id must be set to generate a keypair")
}
if state.KeyPair.Name == "" {
state.KeyPair.Name = fmt.Sprintf("keypair-%s", state.EnvID)
}
keyPair, err := m.keyPairSynchronizer.Sync(ec2.KeyPair{
Name: state.KeyPair.Name,
PublicKey: state.KeyPair.PublicKey,
PrivateKey: state.KeyPair.PrivateKey,
})
if err != nil {
return storage.State{}, keypair.NewManagerError(state, err)
}
state.KeyPair.PrivateKey = keyPair.PrivateKey
state.KeyPair.PublicKey = keyPair.PublicKey
return state, nil
}
func (m Manager) Rotate(state storage.State) (storage.State, error) {
if state.KeyPair.IsEmpty() {
return storage.State{}, errors.New("no key found to rotate")
}
m.clientProvider.SetConfig(aws.Config{
AccessKeyID: state.AWS.AccessKeyID,
SecretAccessKey: state.AWS.SecretAccessKey,
Region: state.AWS.Region,
})
err := m.keyPairDeleter.Delete(state.KeyPair.Name)
if err != nil {
return storage.State{}, err
}
keyPair, err := m.keyPairSynchronizer.Sync(ec2.KeyPair{
Name: state.KeyPair.Name,
})
if err != nil {
return storage.State{}, err
}
state.KeyPair.PrivateKey = keyPair.PrivateKey
state.KeyPair.PublicKey = keyPair.PublicKey
return state, nil
}