certmanager updates

2024-08-10 10:19:56 +02:00
parent a21b4e2db9
commit 1cdbd2b034
29 changed files with 2341 additions and 1088 deletions
--- a/pkg/client/certman.go
+++ b/pkg/client/certman.go
@@ -1,159 +0,0 @@
-package client
-
-import (
-	"context"
-	"time"
-
-	"certmanager/pkg/auxgrpc"
-	cmapi "certmanager/pkg/cmctl"
-)
-
-func (cont *Control) CreateIssuerPair(ctx context.Context, param *cmapi.CreateIssuerPairParams) (*cmapi.CreateIssuerPairResult, error) {
-	var err error
-	res := &cmapi.CreateIssuerPairResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.CreateIssuerPair(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
-
-func (cont *Control) ImportIssuerPair(ctx context.Context, param *cmapi.ImportIssuerPairParams) (*cmapi.ImportIssuerPairResult, error) {
-	var err error
-	res := &cmapi.ImportIssuerPairResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.ImportIssuerPair(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
-
-func (cont *Control) RevokeIssuerPair(ctx context.Context, param *cmapi.RevokeIssuerPairParams) (*cmapi.RevokeIssuerPairResult, error) {
-	var err error
-	res := &cmapi.RevokeIssuerPairResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.RevokeIssuerPair(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
-
-func (cont *Control) UnrevokeIssuerPair(ctx context.Context, param *cmapi.UnrevokeIssuerPairParams) (*cmapi.UnrevokeIssuerPairResult, error) {
-	var err error
-	res := &cmapi.UnrevokeIssuerPairResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.UnrevokeIssuerPair(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
-
-func (cont *Control) ListIssuerPairs(ctx context.Context, param *cmapi.ListIssuerPairsParams) (*cmapi.ListIssuerPairsResult, error) {
-	var err error
-	res := &cmapi.ListIssuerPairsResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.ListIssuerPairs(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
-
-func (cont *Control) GetIssuerCertificate(ctx context.Context, param *cmapi.GetIssuerCertificateParams) (*cmapi.GetIssuerCertificateResult, error) {
-	var err error
-	res := &cmapi.GetIssuerCertificateResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.GetIssuerCertificate(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
-
-func (cont *Control) CreateServicePair(ctx context.Context, param *cmapi.CreateServicePairParams) (*cmapi.CreateServicePairResult, error) {
-	var err error
-	res := &cmapi.CreateServicePairResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.CreateServicePair(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
-
-func (cont *Control) RevokeServicePair(ctx context.Context, param *cmapi.RevokeServicePairParams) (*cmapi.RevokeServicePairResult, error) {
-	var err error
-	res := &cmapi.RevokeServicePairResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.RevokeServicePair(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
-
-func (cont *Control) ListServicePairs(ctx context.Context, param *cmapi.ListServicePairsParams) (*cmapi.ListServicePairsResult, error) {
-	var err error
-	res := &cmapi.ListServicePairsResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.ListServicePairs(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
-
-func (cont *Control) GetServicePair(ctx context.Context, param *cmapi.GetServicePairParams) (*cmapi.GetServicePairResult, error) {
-	var err error
-	res := &cmapi.GetServicePairResult{}
-
-	const timeout time.Duration = 50 * time.Second
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-	res, err = cont.client.GetServicePair(ctx, param)
-	err = auxgrpc.FmtError(err)
-	if err != nil {
-		return res, err
-	}
-	return res, err
-}
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@@ -0,0 +1,51 @@
+package client
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"time"
+
+	"certmanager/pkg/cmctl"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
+
+const (
+	DefaultWrpcPort int = 20311
+	DefaultGrpcPort int = 20312
+)
+
+type Access struct {
+	Hostname string
+	Port     int
+	Username string
+	Password string
+}
+
+func NewClient(access *Access) (cmctl.ControlClient, error) {
+	var err error
+	var cli cmctl.ControlClient
+
+	tlsConfig := &tls.Config{
+		InsecureSkipVerify: true,
+	}
+	const dialTimeout time.Duration = 1 * time.Second
+	const idleTimeout time.Duration = 5 * time.Second
+
+	authCred := NewAuthCredential(access.Username, access.Password)
+	dialOpts := []grpc.DialOption{
+		grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)),
+		grpc.WithPerRPCCredentials(authCred),
+		grpc.WithBlock(),
+		grpc.WithIdleTimeout(idleTimeout),
+	}
+	address := fmt.Sprintf("%s:%d", access.Hostname, access.Port)
+	ctx, _ := context.WithTimeout(context.Background(), dialTimeout)
+	conn, err := grpc.DialContext(ctx, address, dialOpts...)
+	if err != nil {
+		return cli, fmt.Errorf("Dial error: %v", err)
+	}
+	cli = cmctl.NewControlClient(conn)
+	return cli, err
+}
--- a/pkg/client/control.go
+++ b/pkg/client/control.go
@@ -6,27 +6,15 @@ import (
 	"fmt"
 	"time"

-	cmapi "certmanager/pkg/cmctl"
+	"certmanager/pkg/cmctl"

 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )

-const (
-	DefaultWrpcPort int = 20311
-	DefaultGrpcPort int = 20312
-)
-
-type Access struct {
-	Hostname string
-	Port     int
-	Username string
-	Password string
-}
-
 type Control struct {
 	conn   *grpc.ClientConn
-	client cmapi.ControlClient
+	client cmctl.ControlClient
 }

 func NewControl(access *Access) (*Control, error) {
@@ -54,7 +42,7 @@ func NewControl(access *Access) (*Control, error) {
 		return cont, fmt.Errorf("Dial error: %v", err)
 	}
 	cont.conn = conn
-	cont.client = cmapi.NewControlClient(conn)
+	cont.client = cmctl.NewControlClient(conn)
 	if cont.client == nil {
 		return cont, fmt.Errorf("Nil control client")
 	}
@@ -66,30 +54,3 @@ func (cont *Control) Close() {
 		cont.conn.Close()
 	}
 }
-
-func NewClient(access *Access) (cmapi.ControlClient, error) {
-	var err error
-	var cli cmapi.ControlClient
-
-	tlsConfig := &tls.Config{
-		InsecureSkipVerify: true,
-	}
-	const dialTimeout time.Duration = 1 * time.Second
-	const idleTimeout time.Duration = 5 * time.Second
-
-	authCred := NewAuthCredential(access.Username, access.Password)
-	dialOpts := []grpc.DialOption{
-		grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)),
-		grpc.WithPerRPCCredentials(authCred),
-		grpc.WithBlock(),
-		grpc.WithIdleTimeout(idleTimeout),
-	}
-	address := fmt.Sprintf("%s:%d", access.Hostname, access.Port)
-	ctx, _ := context.WithTimeout(context.Background(), dialTimeout)
-	conn, err := grpc.DialContext(ctx, address, dialOpts...)
-	if err != nil {
-		return cli, fmt.Errorf("Dial error: %v", err)
-	}
-	cli = cmapi.NewControlClient(conn)
-	return cli, err
-}
--- a/pkg/cm509/x509.go
+++ b/pkg/cm509/x509.go
@@ -3,6 +3,7 @@ package cm509
 import (
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/base64"
@@ -13,6 +14,23 @@ import (
 	"time"
 )

+func DoubleEncodedCertKeyMatch(cert, key string) error {
+	var err error
+	certPEM, err := base64.StdEncoding.DecodeString(cert)
+	if err != nil {
+		return err
+	}
+	keyPEM, err := base64.StdEncoding.DecodeString(key)
+	if err != nil {
+		return err
+	}
+	_, err = tls.X509KeyPair(certPEM, keyPEM)
+	if err != nil {
+		return err
+	}
+	return err
+}
+
 type CreateIssuerPairParams struct {
 	CommonName string
 	SignerCert string
--- a/pkg/cmctl/cmctl.pb.go
+++ b/pkg/cmctl/cmctl.pb.go
--- a/pkg/cmctl/cmctl_grpc.pb.go
+++ b/pkg/cmctl/cmctl_grpc.pb.go
@@ -31,6 +31,11 @@ const (
 	Control_UnrevokeServicePair_FullMethodName  = "/certmanagercontrol.Control/unrevokeServicePair"
 	Control_ListServicePairs_FullMethodName     = "/certmanagercontrol.Control/listServicePairs"
 	Control_GetServicePair_FullMethodName       = "/certmanagercontrol.Control/getServicePair"
+	Control_CreateAccount_FullMethodName        = "/certmanagercontrol.Control/createAccount"
+	Control_DeleteAccount_FullMethodName        = "/certmanagercontrol.Control/deleteAccount"
+	Control_UpdateAccount_FullMethodName        = "/certmanagercontrol.Control/updateAccount"
+	Control_GetAccount_FullMethodName           = "/certmanagercontrol.Control/getAccount"
+	Control_ListAccounts_FullMethodName         = "/certmanagercontrol.Control/listAccounts"
 )

 // ControlClient is the client API for Control service.
@@ -49,6 +54,11 @@ type ControlClient interface {
 	UnrevokeServicePair(ctx context.Context, in *UnrevokeServicePairParams, opts ...grpc.CallOption) (*UnrevokeServicePairResult, error)
 	ListServicePairs(ctx context.Context, in *ListServicePairsParams, opts ...grpc.CallOption) (*ListServicePairsResult, error)
 	GetServicePair(ctx context.Context, in *GetServicePairParams, opts ...grpc.CallOption) (*GetServicePairResult, error)
+	CreateAccount(ctx context.Context, in *CreateAccountParams, opts ...grpc.CallOption) (*CreateAccountResult, error)
+	DeleteAccount(ctx context.Context, in *DeleteAccountParams, opts ...grpc.CallOption) (*DeleteAccountResult, error)
+	UpdateAccount(ctx context.Context, in *UpdateAccountParams, opts ...grpc.CallOption) (*UpdateAccountResult, error)
+	GetAccount(ctx context.Context, in *GetAccountParams, opts ...grpc.CallOption) (*GetAccountResult, error)
+	ListAccounts(ctx context.Context, in *ListAccountsParams, opts ...grpc.CallOption) (*ListAccountsResult, error)
 }

 type controlClient struct {
@@ -167,6 +177,51 @@ func (c *controlClient) GetServicePair(ctx context.Context, in *GetServicePairPa
 	return out, nil
 }

+func (c *controlClient) CreateAccount(ctx context.Context, in *CreateAccountParams, opts ...grpc.CallOption) (*CreateAccountResult, error) {
+	out := new(CreateAccountResult)
+	err := c.cc.Invoke(ctx, Control_CreateAccount_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *controlClient) DeleteAccount(ctx context.Context, in *DeleteAccountParams, opts ...grpc.CallOption) (*DeleteAccountResult, error) {
+	out := new(DeleteAccountResult)
+	err := c.cc.Invoke(ctx, Control_DeleteAccount_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *controlClient) UpdateAccount(ctx context.Context, in *UpdateAccountParams, opts ...grpc.CallOption) (*UpdateAccountResult, error) {
+	out := new(UpdateAccountResult)
+	err := c.cc.Invoke(ctx, Control_UpdateAccount_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *controlClient) GetAccount(ctx context.Context, in *GetAccountParams, opts ...grpc.CallOption) (*GetAccountResult, error) {
+	out := new(GetAccountResult)
+	err := c.cc.Invoke(ctx, Control_GetAccount_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *controlClient) ListAccounts(ctx context.Context, in *ListAccountsParams, opts ...grpc.CallOption) (*ListAccountsResult, error) {
+	out := new(ListAccountsResult)
+	err := c.cc.Invoke(ctx, Control_ListAccounts_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // ControlServer is the server API for Control service.
 // All implementations must embed UnimplementedControlServer
 // for forward compatibility
@@ -183,6 +238,11 @@ type ControlServer interface {
 	UnrevokeServicePair(context.Context, *UnrevokeServicePairParams) (*UnrevokeServicePairResult, error)
 	ListServicePairs(context.Context, *ListServicePairsParams) (*ListServicePairsResult, error)
 	GetServicePair(context.Context, *GetServicePairParams) (*GetServicePairResult, error)
+	CreateAccount(context.Context, *CreateAccountParams) (*CreateAccountResult, error)
+	DeleteAccount(context.Context, *DeleteAccountParams) (*DeleteAccountResult, error)
+	UpdateAccount(context.Context, *UpdateAccountParams) (*UpdateAccountResult, error)
+	GetAccount(context.Context, *GetAccountParams) (*GetAccountResult, error)
+	ListAccounts(context.Context, *ListAccountsParams) (*ListAccountsResult, error)
 	mustEmbedUnimplementedControlServer()
 }

@@ -226,6 +286,21 @@ func (UnimplementedControlServer) ListServicePairs(context.Context, *ListService
 func (UnimplementedControlServer) GetServicePair(context.Context, *GetServicePairParams) (*GetServicePairResult, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetServicePair not implemented")
 }
+func (UnimplementedControlServer) CreateAccount(context.Context, *CreateAccountParams) (*CreateAccountResult, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateAccount not implemented")
+}
+func (UnimplementedControlServer) DeleteAccount(context.Context, *DeleteAccountParams) (*DeleteAccountResult, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteAccount not implemented")
+}
+func (UnimplementedControlServer) UpdateAccount(context.Context, *UpdateAccountParams) (*UpdateAccountResult, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateAccount not implemented")
+}
+func (UnimplementedControlServer) GetAccount(context.Context, *GetAccountParams) (*GetAccountResult, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetAccount not implemented")
+}
+func (UnimplementedControlServer) ListAccounts(context.Context, *ListAccountsParams) (*ListAccountsResult, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListAccounts not implemented")
+}
 func (UnimplementedControlServer) mustEmbedUnimplementedControlServer() {}

 // UnsafeControlServer may be embedded to opt out of forward compatibility for this service.
@@ -455,6 +530,96 @@ func _Control_GetServicePair_Handler(srv interface{}, ctx context.Context, dec f
 	return interceptor(ctx, in, info, handler)
 }

+func _Control_CreateAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateAccountParams)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).CreateAccount(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: Control_CreateAccount_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).CreateAccount(ctx, req.(*CreateAccountParams))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Control_DeleteAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteAccountParams)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).DeleteAccount(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: Control_DeleteAccount_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).DeleteAccount(ctx, req.(*DeleteAccountParams))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Control_UpdateAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateAccountParams)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).UpdateAccount(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: Control_UpdateAccount_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).UpdateAccount(ctx, req.(*UpdateAccountParams))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Control_GetAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAccountParams)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).GetAccount(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: Control_GetAccount_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).GetAccount(ctx, req.(*GetAccountParams))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Control_ListAccounts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListAccountsParams)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ControlServer).ListAccounts(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: Control_ListAccounts_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ControlServer).ListAccounts(ctx, req.(*ListAccountsParams))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 // Control_ServiceDesc is the grpc.ServiceDesc for Control service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@@ -510,6 +675,26 @@ var Control_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "getServicePair",
 			Handler:    _Control_GetServicePair_Handler,
 		},
+		{
+			MethodName: "createAccount",
+			Handler:    _Control_CreateAccount_Handler,
+		},
+		{
+			MethodName: "deleteAccount",
+			Handler:    _Control_DeleteAccount_Handler,
+		},
+		{
+			MethodName: "updateAccount",
+			Handler:    _Control_UpdateAccount_Handler,
+		},
+		{
+			MethodName: "getAccount",
+			Handler:    _Control_GetAccount_Handler,
+		},
+		{
+			MethodName: "listAccounts",
+			Handler:    _Control_ListAccounts_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "cmctl.proto",