From 1726076ea2bc1d1c9466f544af4cf574edee7d2f Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 25 May 2021 16:52:06 -0700 Subject: [PATCH] wip --- authority/admin/collection.go | 9 -- authority/config/config.go | 4 +- authority/mgmt/config.go | 42 ++------- authority/mgmt/db.go | 20 +++++ authority/mgmt/db/nosql/admin.go | 93 ++++++++++---------- authority/mgmt/db/nosql/authConfig.go | 117 ------------------------- authority/mgmt/db/nosql/provisioner.go | 86 +++++++++--------- authority/mgmt/provisioner.go | 43 --------- linkedca/provisioners.go | 38 ++++++++ 9 files changed, 154 insertions(+), 298 deletions(-) delete mode 100644 authority/mgmt/db/nosql/authConfig.go create mode 100644 linkedca/provisioners.go diff --git a/authority/admin/collection.go b/authority/admin/collection.go index 11ba35fc..e9d41113 100644 --- a/authority/admin/collection.go +++ b/authority/admin/collection.go @@ -178,12 +178,3 @@ func loadAdmin(m *sync.Map, key string) (*linkedca.Admin, bool) { } return adm, true } - -/* -// provisionerSum returns the SHA1 of the provisioners ID. From this we will -// create the unique and sorted id. -func provisionerSum(p Interface) []byte { - sum := sha1.Sum([]byte(p.GetID())) - return sum[:] -} -*/ diff --git a/authority/config/config.go b/authority/config/config.go index 9fbf18e0..55041142 100644 --- a/authority/config/config.go +++ b/authority/config/config.go @@ -8,11 +8,11 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/certificates/authority/admin" "github.com/smallstep/certificates/authority/provisioner" cas "github.com/smallstep/certificates/cas/apiv1" "github.com/smallstep/certificates/db" kms "github.com/smallstep/certificates/kms/apiv1" + "github.com/smallstep/certificates/linkedca" "github.com/smallstep/certificates/templates" ) @@ -96,7 +96,7 @@ type AuthConfig struct { *cas.Options AuthorityID string `json:"authorityID,omitempty"` Provisioners provisioner.List `json:"provisioners"` - Admins []*admin.Admin `json:"-"` + Admins []*linkedca.Admin `json:"-"` Template *ASN1DN `json:"template,omitempty"` Claims *provisioner.Claims `json:"claims,omitempty"` DisableIssuedAtCheck bool `json:"disableIssuedAtCheck,omitempty"` diff --git a/authority/mgmt/config.go b/authority/mgmt/config.go index 4df53b75..ba821fc7 100644 --- a/authority/mgmt/config.go +++ b/authority/mgmt/config.go @@ -2,6 +2,7 @@ package mgmt import ( "github.com/smallstep/certificates/authority/config" + "github.com/smallstep/certificates/linkedca" ) const ( @@ -11,49 +12,22 @@ const ( DefaultAuthorityID = "00000000-0000-0000-0000-000000000000" ) -// Claims encapsulates all x509 and ssh claims applied to the authority -// configuration. E.g. maxTLSCertDuration, defaultSSHCertDuration, etc. -type Claims struct { - X509 *X509Claims `json:"x509Claims"` - SSH *SSHClaims `json:"sshClaims"` - DisableRenewal bool `json:"disableRenewal"` -} - -// X509Claims are the x509 claims applied to the authority. -type X509Claims struct { - Durations *Durations `json:"durations"` -} - -// SSHClaims are the ssh claims applied to the authority. -type SSHClaims struct { - Enabled bool `json:"enabled"` - UserDurations *Durations `json:"userDurations"` - HostDurations *Durations `json:"hostDurations"` -} - -// Durations represents min, max, default, duration. -type Durations struct { - Min string `json:"min"` - Max string `json:"max"` - Default string `json:"default"` -} - -func NewDefaultClaims() *Claims { - return &Claims{ - X509: &X509Claims{ - Durations: &Durations{ +func NewDefaultClaims() *linkedca.Claims { + return &linkedca.Claims{ + X509: &linkedca.X509Claims{ + Durations: &linkedca.Durations{ Min: config.GlobalProvisionerClaims.MinTLSDur.String(), Max: config.GlobalProvisionerClaims.MaxTLSDur.String(), Default: config.GlobalProvisionerClaims.DefaultTLSDur.String(), }, }, - SSH: &SSHClaims{ - UserDurations: &Durations{ + Ssh: &linkedca.SSHClaims{ + UserDurations: &linkedca.Durations{ Min: config.GlobalProvisionerClaims.MinUserSSHDur.String(), Max: config.GlobalProvisionerClaims.MaxUserSSHDur.String(), Default: config.GlobalProvisionerClaims.DefaultUserSSHDur.String(), }, - HostDurations: &Durations{ + HostDurations: &linkedca.Durations{ Min: config.GlobalProvisionerClaims.MinHostSSHDur.String(), Max: config.GlobalProvisionerClaims.MaxHostSSHDur.String(), Default: config.GlobalProvisionerClaims.DefaultHostSSHDur.String(), diff --git a/authority/mgmt/db.go b/authority/mgmt/db.go index 9716bb00..64ed39a2 100644 --- a/authority/mgmt/db.go +++ b/authority/mgmt/db.go @@ -17,11 +17,13 @@ type DB interface { GetProvisioner(ctx context.Context, id string) (*linkedca.Provisioner, error) GetProvisioners(ctx context.Context) ([]*linkedca.Provisioner, error) UpdateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error + DeleteProvisioner(ctx context.Context, id string) error CreateAdmin(ctx context.Context, admin *linkedca.Admin) error GetAdmin(ctx context.Context, id string) (*linkedca.Admin, error) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) UpdateAdmin(ctx context.Context, admin *linkedca.Admin) error + DeleteAdmin(ctx context.Context, id string) error } // MockDB is an implementation of the DB interface that should only be used as @@ -31,11 +33,13 @@ type MockDB struct { MockGetProvisioner func(ctx context.Context, id string) (*linkedca.Provisioner, error) MockGetProvisioners func(ctx context.Context) ([]*linkedca.Provisioner, error) MockUpdateProvisioner func(ctx context.Context, prov *linkedca.Provisioner) error + MockDeleteProvisioner func(ctx context.Context, id string) error MockCreateAdmin func(ctx context.Context, adm *linkedca.Admin) error MockGetAdmin func(ctx context.Context, id string) (*linkedca.Admin, error) MockGetAdmins func(ctx context.Context) ([]*linkedca.Admin, error) MockUpdateAdmin func(ctx context.Context, adm *linkedca.Admin) error + MockDeleteAdmin func(ctx context.Context, id string) error MockError error MockRet1 interface{} @@ -79,6 +83,14 @@ func (m *MockDB) UpdateProvisioner(ctx context.Context, prov *linkedca.Provision return m.MockError } +// DeleteProvisioner mock +func (m *MockDB) DeleteProvisioner(ctx context.Context, id string) error { + if m.MockDeleteProvisioner != nil { + return m.MockDeleteProvisioner(ctx, id) + } + return m.MockError +} + // CreateAdmin mock func (m *MockDB) CreateAdmin(ctx context.Context, admin *linkedca.Admin) error { if m.MockCreateAdmin != nil { @@ -114,3 +126,11 @@ func (m *MockDB) UpdateAdmin(ctx context.Context, adm *linkedca.Admin) error { } return m.MockError } + +// DeleteAdmin mock +func (m *MockDB) DeleteAdmin(ctx context.Context, id string) error { + if m.MockDeleteAdmin != nil { + return m.MockDeleteAdmin(ctx, id) + } + return m.MockError +} diff --git a/authority/mgmt/db/nosql/admin.go b/authority/mgmt/db/nosql/admin.go index 9732b3f0..8fd0fea5 100644 --- a/authority/mgmt/db/nosql/admin.go +++ b/authority/mgmt/db/nosql/admin.go @@ -6,21 +6,20 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/certificates/authority/admin" "github.com/smallstep/certificates/authority/mgmt" - "github.com/smallstep/certificates/authority/status" + "github.com/smallstep/certificates/linkedca" "github.com/smallstep/nosql" ) // dbAdmin is the database representation of the Admin type. type dbAdmin struct { - ID string `json:"id"` - AuthorityID string `json:"authorityID"` - ProvisionerID string `json:"provisionerID"` - Subject string `json:"subject"` - Type admin.Type `json:"type"` - CreatedAt time.Time `json:"createdAt"` - DeletedAt time.Time `json:"deletedAt"` + ID string `json:"id"` + AuthorityID string `json:"authorityID"` + ProvisionerID string `json:"provisionerID"` + Subject string `json:"subject"` + Type linkedca.Admin_Type `json:"type"` + CreatedAt time.Time `json:"createdAt"` + DeletedAt time.Time `json:"deletedAt"` } func (dbp *dbAdmin) clone() *dbAdmin { @@ -59,30 +58,28 @@ func unmarshalDBAdmin(data []byte, id string) (*dbAdmin, error) { if err := json.Unmarshal(data, dba); err != nil { return nil, errors.Wrapf(err, "error unmarshaling admin %s into dbAdmin", id) } + if !dba.DeletedAt.IsZero() { + return nil, mgmt.NewError(mgmt.ErrorDeletedType, "admin %s is deleted", id) + } return dba, nil } -func unmarshalAdmin(data []byte, id string) (*mgmt.Admin, error) { - var dba = new(dbAdmin) - if err := json.Unmarshal(data, dba); err != nil { - return nil, errors.Wrapf(err, "error unmarshaling admin %s into dbAdmin", id) +func unmarshalAdmin(data []byte, id string) (*linkedca.Admin, error) { + dba, err := unmarshalDBAdmin(data, id) + if err != nil { + return nil, err } - adm := &mgmt.Admin{ - ID: dba.ID, - AuthorityID: dba.AuthorityID, - ProvisionerID: dba.ProvisionerID, + return &linkedca.Admin{ + Id: dba.ID, + AuthorityId: dba.AuthorityID, + ProvisionerId: dba.ProvisionerID, Subject: dba.Subject, Type: dba.Type, - Status: status.Active, - } - if !dba.DeletedAt.IsZero() { - adm.Status = status.Deleted - } - return adm, nil + }, nil } // GetAdmin retrieves and unmarshals a admin from the database. -func (db *DB) GetAdmin(ctx context.Context, id string) (*mgmt.Admin, error) { +func (db *DB) GetAdmin(ctx context.Context, id string) (*linkedca.Admin, error) { data, err := db.getDBAdminBytes(ctx, id) if err != nil { return nil, err @@ -91,12 +88,9 @@ func (db *DB) GetAdmin(ctx context.Context, id string) (*mgmt.Admin, error) { if err != nil { return nil, err } - if adm.Status == status.Deleted { - return nil, mgmt.NewError(mgmt.ErrorDeletedType, "admin %s is deleted", adm.ID) - } - if adm.AuthorityID != db.authorityID { + if adm.AuthorityId != db.authorityID { return nil, mgmt.NewError(mgmt.ErrorAuthorityMismatchType, - "admin %s is not owned by authority %s", adm.ID, db.authorityID) + "admin %s is not owned by authority %s", adm.Id, db.authorityID) } return adm, nil @@ -105,21 +99,18 @@ func (db *DB) GetAdmin(ctx context.Context, id string) (*mgmt.Admin, error) { // GetAdmins retrieves and unmarshals all active (not deleted) admins // from the database. // TODO should we be paginating? -func (db *DB) GetAdmins(ctx context.Context) ([]*mgmt.Admin, error) { +func (db *DB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) { dbEntries, err := db.db.List(authorityAdminsTable) if err != nil { return nil, errors.Wrap(err, "error loading admins") } - var admins = []*mgmt.Admin{} + var admins = []*linkedca.Admin{} for _, entry := range dbEntries { adm, err := unmarshalAdmin(entry.Value, string(entry.Key)) if err != nil { return nil, err } - if adm.Status == status.Deleted { - continue - } - if adm.AuthorityID != db.authorityID { + if adm.AuthorityId != db.authorityID { continue } admins = append(admins, adm) @@ -128,18 +119,18 @@ func (db *DB) GetAdmins(ctx context.Context) ([]*mgmt.Admin, error) { } // CreateAdmin stores a new admin to the database. -func (db *DB) CreateAdmin(ctx context.Context, adm *mgmt.Admin) error { +func (db *DB) CreateAdmin(ctx context.Context, adm *linkedca.Admin) error { var err error - adm.ID, err = randID() + adm.Id, err = randID() if err != nil { return mgmt.WrapErrorISE(err, "error generating random id for admin") } - adm.AuthorityID = db.authorityID + adm.AuthorityId = db.authorityID dba := &dbAdmin{ - ID: adm.ID, + ID: adm.Id, AuthorityID: db.authorityID, - ProvisionerID: adm.ProvisionerID, + ProvisionerID: adm.ProvisionerId, Subject: adm.Subject, Type: adm.Type, CreatedAt: clock.Now(), @@ -149,19 +140,27 @@ func (db *DB) CreateAdmin(ctx context.Context, adm *mgmt.Admin) error { } // UpdateAdmin saves an updated admin to the database. -func (db *DB) UpdateAdmin(ctx context.Context, adm *mgmt.Admin) error { - old, err := db.getDBAdmin(ctx, adm.ID) +func (db *DB) UpdateAdmin(ctx context.Context, adm *linkedca.Admin) error { + old, err := db.getDBAdmin(ctx, adm.Id) if err != nil { return err } nu := old.clone() - - // If the admin was active but is now deleted ... - if old.DeletedAt.IsZero() && adm.Status == status.Deleted { - nu.DeletedAt = clock.Now() - } nu.Type = adm.Type return db.save(ctx, old.ID, nu, old, "admin", authorityAdminsTable) } + +// DeleteAdmin saves an updated admin to the database. +func (db *DB) DeleteAdmin(ctx context.Context, id string) error { + old, err := db.getDBAdmin(ctx, id) + if err != nil { + return err + } + + nu := old.clone() + nu.DeletedAt = clock.Now() + + return db.save(ctx, old.ID, nu, old, "admin", authorityAdminsTable) +} diff --git a/authority/mgmt/db/nosql/authConfig.go b/authority/mgmt/db/nosql/authConfig.go deleted file mode 100644 index 222e729d..00000000 --- a/authority/mgmt/db/nosql/authConfig.go +++ /dev/null @@ -1,117 +0,0 @@ -package nosql - -import ( - "context" - "encoding/json" - "time" - - "github.com/pkg/errors" - "github.com/smallstep/certificates/authority/config" - "github.com/smallstep/certificates/authority/mgmt" - "github.com/smallstep/certificates/authority/status" - "github.com/smallstep/nosql" -) - -type dbAuthConfig struct { - ID string `json:"id"` - ASN1DN *config.ASN1DN `json:"asn1dn"` - Claims *mgmt.Claims `json:"claims"` - Backdate string `json:"backdate,omitempty"` - CreatedAt time.Time `json:"createdAt"` - DeletedAt time.Time `json:"deletedAt"` -} - -func (dbp *dbAuthConfig) clone() *dbAuthConfig { - u := *dbp - return &u -} - -func (db *DB) getDBAuthConfigBytes(ctx context.Context, id string) ([]byte, error) { - data, err := db.db.Get(authorityConfigsTable, []byte(id)) - if nosql.IsErrNotFound(err) { - return nil, mgmt.NewError(mgmt.ErrorNotFoundType, "authConfig %s not found", id) - } else if err != nil { - return nil, errors.Wrapf(err, "error loading authConfig %s", id) - } - return data, nil -} - -func (db *DB) getDBAuthConfig(ctx context.Context, id string) (*dbAuthConfig, error) { - data, err := db.getDBAuthConfigBytes(ctx, id) - if err != nil { - return nil, err - } - - var dba = new(dbAuthConfig) - if err = json.Unmarshal(data, dba); err != nil { - return nil, errors.Wrapf(err, "error unmarshaling authority %s into dbAuthConfig", id) - } - - return dba, nil -} - -// GetAuthConfig retrieves an AuthConfig configuration from the DB. -func (db *DB) GetAuthConfig(ctx context.Context, id string) (*mgmt.AuthConfig, error) { - dba, err := db.getDBAuthConfig(ctx, id) - if err != nil { - return nil, err - } - - provs, err := db.GetProvisioners(ctx) - if err != nil { - return nil, err - } - admins, err := db.GetAdmins(ctx) - if err != nil { - return nil, err - } - - return &mgmt.AuthConfig{ - ID: dba.ID, - Admins: admins, - Provisioners: provs, - ASN1DN: dba.ASN1DN, - Backdate: dba.Backdate, - Claims: dba.Claims, - }, nil -} - -// CreateAuthConfig stores a new provisioner to the database. -func (db *DB) CreateAuthConfig(ctx context.Context, ac *mgmt.AuthConfig) error { - var err error - if ac.ID == "" { - ac.ID, err = randID() - if err != nil { - return errors.Wrap(err, "error generating random id for provisioner") - } - } - - dba := &dbAuthConfig{ - ID: ac.ID, - ASN1DN: ac.ASN1DN, - Claims: ac.Claims, - Backdate: ac.Backdate, - CreatedAt: clock.Now(), - } - - return db.save(ctx, dba.ID, dba, nil, "authConfig", authorityConfigsTable) -} - -// UpdateAuthConfig saves an updated provisioner to the database. -func (db *DB) UpdateAuthConfig(ctx context.Context, ac *mgmt.AuthConfig) error { - old, err := db.getDBAuthConfig(ctx, ac.ID) - if err != nil { - return err - } - - nu := old.clone() - - // If the authority was active but is now deleted ... - if old.DeletedAt.IsZero() && ac.Status == status.Deleted { - nu.DeletedAt = clock.Now() - } - nu.Claims = ac.Claims - nu.Backdate = ac.Backdate - - return db.save(ctx, old.ID, nu, old, "authConfig", authorityProvisionersTable) -} diff --git a/authority/mgmt/db/nosql/provisioner.go b/authority/mgmt/db/nosql/provisioner.go index 2c2d65b0..473736e8 100644 --- a/authority/mgmt/db/nosql/provisioner.go +++ b/authority/mgmt/db/nosql/provisioner.go @@ -7,25 +7,25 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority/mgmt" - "github.com/smallstep/certificates/authority/status" + "github.com/smallstep/certificates/linkedca" "github.com/smallstep/nosql" ) // dbProvisioner is the database representation of a Provisioner type. type dbProvisioner struct { - ID string `json:"id"` - AuthorityID string `json:"authorityID"` - Type string `json:"type"` + ID string `json:"id"` + AuthorityID string `json:"authorityID"` + Type linkedca.Provisioner_Type `json:"type"` // Name is the key - Name string `json:"name"` - Claims *mgmt.Claims `json:"claims"` - Details []byte `json:"details"` - X509Template string `json:"x509Template"` - X509TemplateData []byte `json:"x509TemplateData"` - SSHTemplate string `json:"sshTemplate"` - SSHTemplateData []byte `json:"sshTemplateData"` - CreatedAt time.Time `json:"createdAt"` - DeletedAt time.Time `json:"deletedAt"` + Name string `json:"name"` + Claims *linkedca.Claims `json:"claims"` + Details []byte `json:"details"` + X509Template []byte `json:"x509Template"` + X509TemplateData []byte `json:"x509TemplateData"` + SSHTemplate []byte `json:"sshTemplate"` + SSHTemplateData []byte `json:"sshTemplateData"` + CreatedAt time.Time `json:"createdAt"` + DeletedAt time.Time `json:"deletedAt"` } type provisionerNameID struct { @@ -68,7 +68,7 @@ func (db *DB) getDBProvisioner(ctx context.Context, id string) (*dbProvisioner, } // GetProvisioner retrieves and unmarshals a provisioner from the database. -func (db *DB) GetProvisioner(ctx context.Context, id string) (*mgmt.Provisioner, error) { +func (db *DB) GetProvisioner(ctx context.Context, id string) (*linkedca.Provisioner, error) { data, err := db.getDBProvisionerBytes(ctx, id) if err != nil { return nil, err @@ -78,12 +78,9 @@ func (db *DB) GetProvisioner(ctx context.Context, id string) (*mgmt.Provisioner, if err != nil { return nil, err } - if prov.Status == status.Deleted { - return nil, mgmt.NewError(mgmt.ErrorDeletedType, "provisioner %s is deleted", prov.ID) - } - if prov.AuthorityID != db.authorityID { + if prov.AuthorityId != db.authorityID { return nil, mgmt.NewError(mgmt.ErrorAuthorityMismatchType, - "provisioner %s is not owned by authority %s", prov.ID, db.authorityID) + "provisioner %s is not owned by authority %s", prov.Id, db.authorityID) } return prov, nil } @@ -93,56 +90,52 @@ func unmarshalDBProvisioner(data []byte, name string) (*dbProvisioner, error) { if err := json.Unmarshal(data, dbp); err != nil { return nil, errors.Wrapf(err, "error unmarshaling provisioner %s into dbProvisioner", name) } + if !dbp.DeletedAt.IsZero() { + return nil, mgmt.NewError(mgmt.ErrorDeletedType, "provisioner %s is deleted", name) + } return dbp, nil } -func unmarshalProvisioner(data []byte, name string) (*mgmt.Provisioner, error) { +func unmarshalProvisioner(data []byte, name string) (*linkedca.Provisioner, error) { dbp, err := unmarshalDBProvisioner(data, name) if err != nil { return nil, err } - details, err := mgmt.UnmarshalProvisionerDetails(dbp.Details) + details, err := linkedca.UnmarshalProvisionerDetails(dbp.Type, dbp.Details) if err != nil { return nil, err } - prov := &mgmt.Provisioner{ - ID: dbp.ID, - AuthorityID: dbp.AuthorityID, + prov := &linkedca.Provisioner{ + Id: dbp.ID, + AuthorityId: dbp.AuthorityID, Type: dbp.Type, Name: dbp.Name, Claims: dbp.Claims, Details: details, - Status: status.Active, X509Template: dbp.X509Template, X509TemplateData: dbp.X509TemplateData, - SSHTemplate: dbp.SSHTemplate, - SSHTemplateData: dbp.SSHTemplateData, - } - if !dbp.DeletedAt.IsZero() { - prov.Status = status.Deleted + SshTemplate: dbp.SSHTemplate, + SshTemplateData: dbp.SSHTemplateData, } return prov, nil } // GetProvisioners retrieves and unmarshals all active (not deleted) provisioners // from the database. -func (db *DB) GetProvisioners(ctx context.Context) ([]*mgmt.Provisioner, error) { +func (db *DB) GetProvisioners(ctx context.Context) ([]*linkedca.Provisioner, error) { dbEntries, err := db.db.List(authorityProvisionersTable) if err != nil { return nil, mgmt.WrapErrorISE(err, "error loading provisioners") } - var provs []*mgmt.Provisioner + var provs []*linkedca.Provisioner for _, entry := range dbEntries { prov, err := unmarshalProvisioner(entry.Value, string(entry.Key)) if err != nil { return nil, err } - if prov.Status == status.Deleted { - continue - } - if prov.AuthorityID != db.authorityID { + if prov.AuthorityId != db.authorityID { continue } provs = append(provs, prov) @@ -151,9 +144,9 @@ func (db *DB) GetProvisioners(ctx context.Context) ([]*mgmt.Provisioner, error) } // CreateProvisioner stores a new provisioner to the database. -func (db *DB) CreateProvisioner(ctx context.Context, prov *mgmt.Provisioner) error { +func (db *DB) CreateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { var err error - prov.ID, err = randID() + prov.Id, err = randID() if err != nil { return errors.Wrap(err, "error generating random id for provisioner") } @@ -164,7 +157,7 @@ func (db *DB) CreateProvisioner(ctx context.Context, prov *mgmt.Provisioner) err } dbp := &dbProvisioner{ - ID: prov.ID, + ID: prov.Id, AuthorityID: db.authorityID, Type: prov.Type, Name: prov.Name, @@ -172,12 +165,12 @@ func (db *DB) CreateProvisioner(ctx context.Context, prov *mgmt.Provisioner) err Details: details, X509Template: prov.X509Template, X509TemplateData: prov.X509TemplateData, - SSHTemplate: prov.SSHTemplate, - SSHTemplateData: prov.SSHTemplateData, + SSHTemplate: prov.SshTemplate, + SSHTemplateData: prov.SshTemplateData, CreatedAt: clock.Now(), } - if err := db.save(ctx, prov.ID, dbp, nil, "provisioner", authorityProvisionersTable); err != nil { + if err := db.save(ctx, prov.Id, dbp, nil, "provisioner", authorityProvisionersTable); err != nil { return mgmt.WrapErrorISE(err, "error creating provisioner %s", prov.Name) } @@ -185,8 +178,8 @@ func (db *DB) CreateProvisioner(ctx context.Context, prov *mgmt.Provisioner) err } // UpdateProvisioner saves an updated provisioner to the database. -func (db *DB) UpdateProvisioner(ctx context.Context, prov *mgmt.Provisioner) error { - old, err := db.getDBProvisioner(ctx, prov.ID) +func (db *DB) UpdateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error { + old, err := db.getDBProvisioner(ctx, prov.Id) if err != nil { return err } @@ -202,9 +195,10 @@ func (db *DB) UpdateProvisioner(ctx context.Context, prov *mgmt.Provisioner) err } nu.X509Template = prov.X509Template nu.X509TemplateData = prov.X509TemplateData - nu.SSHTemplateData = prov.SSHTemplateData + nu.SSHTemplate = prov.SshTemplate + nu.SSHTemplateData = prov.SshTemplateData - if err := db.save(ctx, prov.ID, nu, old, "provisioner", authorityProvisionersTable); err != nil { + if err := db.save(ctx, prov.Id, nu, old, "provisioner", authorityProvisionersTable); err != nil { return mgmt.WrapErrorISE(err, "error updating provisioner %s", prov.Name) } diff --git a/authority/mgmt/provisioner.go b/authority/mgmt/provisioner.go index 3c3042d0..74e442f4 100644 --- a/authority/mgmt/provisioner.go +++ b/authority/mgmt/provisioner.go @@ -246,46 +246,3 @@ func claimsToCertificates(c *linkedca.Claims) (*provisioner.Claims, error) { EnableSSHCA: &c.Ssh.Enabled, }, nil } - -/* -type detailsType struct { - Type ProvisionerType -} - -// UnmarshalProvisionerDetails unmarshals bytes into the proper details type. -func UnmarshalProvisionerDetails(data json.RawMessage) (ProvisionerDetails, error) { - dt := new(detailsType) - if err := json.Unmarshal(data, dt); err != nil { - return nil, WrapErrorISE(err, "error unmarshaling provisioner details") - } - - var v ProvisionerDetails - switch dt.Type { - case ProvisionerTypeJWK: - v = new(ProvisionerDetailsJWK) - case ProvisionerTypeOIDC: - v = new(ProvisionerDetailsOIDC) - case ProvisionerTypeGCP: - v = new(ProvisionerDetailsGCP) - case ProvisionerTypeAWS: - v = new(ProvisionerDetailsAWS) - case ProvisionerTypeAZURE: - v = new(ProvisionerDetailsAzure) - case ProvisionerTypeACME: - v = new(ProvisionerDetailsACME) - case ProvisionerTypeX5C: - v = new(ProvisionerDetailsX5C) - case ProvisionerTypeK8SSA: - v = new(ProvisionerDetailsK8SSA) - case ProvisionerTypeSSHPOP: - v = new(ProvisionerDetailsSSHPOP) - default: - return nil, fmt.Errorf("unsupported provisioner type %s", dt.Type) - } - - if err := json.Unmarshal(data, v); err != nil { - return nil, err - } - return v, nil -} -*/ diff --git a/linkedca/provisioners.go b/linkedca/provisioners.go new file mode 100644 index 00000000..ea46f342 --- /dev/null +++ b/linkedca/provisioners.go @@ -0,0 +1,38 @@ +package linkedca + +import ( + "encoding/json" + "fmt" +) + +// UnmarshalProvisionerDetails unmarshals details type to the specific provisioner details. +func UnmarshalProvisionerDetails(typ Provisioner_Type, data []byte) (*ProvisionerDetails, error) { + var v isProvisionerDetails_Data + switch typ { + case Provisioner_JWK: + v = new(ProvisionerDetails_JWK) + case Provisioner_OIDC: + v = new(ProvisionerDetails_OIDC) + case Provisioner_GCP: + v = new(ProvisionerDetails_GCP) + case Provisioner_AWS: + v = new(ProvisionerDetails_AWS) + case Provisioner_AZURE: + v = new(ProvisionerDetails_Azure) + case Provisioner_ACME: + v = new(ProvisionerDetails_ACME) + case Provisioner_X5C: + v = new(ProvisionerDetails_X5C) + case Provisioner_K8SSA: + v = new(ProvisionerDetails_K8SSA) + case Provisioner_SSHPOP: + v = new(ProvisionerDetails_SSHPOP) + default: + return nil, fmt.Errorf("unsupported provisioner type %s", typ) + } + + if err := json.Unmarshal(data, v); err != nil { + return nil, err + } + return &ProvisionerDetails{Data: v}, nil +}