From 798b90c35947d6cd72e2eb6c2cb0ef746e90f528 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Wed, 4 Aug 2021 20:15:04 -0700 Subject: [PATCH] Move linkedca configuration to the main package. --- authority/export.go | 70 +++++++++++++++++++++++++-------------------- go.mod | 2 +- go.sum | 4 +-- 3 files changed, 42 insertions(+), 34 deletions(-) diff --git a/authority/export.go b/authority/export.go index b8679ac6..97efac03 100644 --- a/authority/export.go +++ b/authority/export.go @@ -8,8 +8,9 @@ import ( "strings" "github.com/pkg/errors" - step "go.step.sm/cli-utils/config" - "go.step.sm/linkedca/config" + "github.com/smallstep/certificates/authority/provisioner" + "go.step.sm/cli-utils/config" + "go.step.sm/linkedca" "google.golang.org/protobuf/types/known/structpb" ) @@ -18,7 +19,7 @@ import ( // // Note that export will not export neither the pki password nor the certificate // issuer password. -func (a *Authority) Export() (c *config.Configuration, err error) { +func (a *Authority) Export() (c *linkedca.Configuration, err error) { // Recover from panics defer func() { if r := recover(); r != nil { @@ -29,7 +30,7 @@ func (a *Authority) Export() (c *config.Configuration, err error) { files := make(map[string][]byte) // The exported configuration should not include the password in it. - c = &config.Configuration{ + c = &linkedca.Configuration{ Version: "1.0", Root: mustReadFilesOrUris(a.config.Root, files), FederatedRoots: mustReadFilesOrUris(a.config.FederatedRoots, files), @@ -41,36 +42,36 @@ func (a *Authority) Export() (c *config.Configuration, err error) { Db: mustMarshalToStruct(a.config.DB), Logger: mustMarshalToStruct(a.config.Logger), Monitoring: mustMarshalToStruct(a.config.Monitoring), - Authority: &config.Authority{ + Authority: &linkedca.Authority{ Id: a.config.AuthorityConfig.AuthorityID, EnableAdmin: a.config.AuthorityConfig.EnableAdmin, DisableIssuedAtCheck: a.config.AuthorityConfig.DisableIssuedAtCheck, - Backdate: a.config.AuthorityConfig.Backdate.String(), + Backdate: mustDuration(a.config.AuthorityConfig.Backdate), }, Files: files, } // SSH if v := a.config.SSH; v != nil { - c.Ssh = &config.SSH{ + c.Ssh = &linkedca.SSH{ HostKey: mustReadFileOrUri(v.HostKey, files), UserKey: mustReadFileOrUri(v.UserKey, files), AddUserPrincipal: v.AddUserPrincipal, AddUserCommand: v.AddUserCommand, } for _, k := range v.Keys { - typ, ok := config.SSHPublicKey_Type_value[strings.ToUpper(k.Type)] + typ, ok := linkedca.SSHPublicKey_Type_value[strings.ToUpper(k.Type)] if !ok { return nil, errors.Errorf("unsupported ssh key type %s", k.Type) } - c.Ssh.Keys = append(c.Ssh.Keys, &config.SSHPublicKey{ - Type: config.SSHPublicKey_Type(typ), + c.Ssh.Keys = append(c.Ssh.Keys, &linkedca.SSHPublicKey{ + Type: linkedca.SSHPublicKey_Type(typ), Federated: k.Federated, Key: mustMarshalToStruct(k), }) } if b := v.Bastion; b != nil { - c.Ssh.Bastion = &config.Bastion{ + c.Ssh.Bastion = &linkedca.Bastion{ Hostname: b.Hostname, User: b.User, Port: b.Port, @@ -85,15 +86,15 @@ func (a *Authority) Export() (c *config.Configuration, err error) { var typ int32 var ok bool if v.Type == "" { - typ = int32(config.KMS_SOFTKMS) + typ = int32(linkedca.KMS_SOFTKMS) } else { - typ, ok = config.KMS_Type_value[strings.ToUpper(v.Type)] + typ, ok = linkedca.KMS_Type_value[strings.ToUpper(v.Type)] if !ok { return nil, errors.Errorf("unsupported kms type %s", v.Type) } } - c.Kms = &config.KMS{ - Type: config.KMS_Type(typ), + c.Kms = &linkedca.KMS{ + Type: linkedca.KMS_Type(typ), CredentialsFile: v.CredentialsFile, Uri: v.URI, Pin: v.Pin, @@ -111,13 +112,13 @@ func (a *Authority) Export() (c *config.Configuration, err error) { c.Authority.CertificateAuthorityFingerprint = v.CertificateAuthorityFingerprint c.Authority.CredentialsFile = v.CredentialsFile if iss := v.CertificateIssuer; iss != nil { - typ, ok := config.CertificateIssuer_Type_value[strings.ToUpper(iss.Type)] + typ, ok := linkedca.CertificateIssuer_Type_value[strings.ToUpper(iss.Type)] if !ok { return nil, errors.Errorf("unknown certificate issuer type %s", iss.Type) } // The exporte certificate issuer should not include the password. - c.Authority.CertificateIssuer = &config.CertificateIssuer{ - Type: config.CertificateIssuer_Type(typ), + c.Authority.CertificateIssuer = &linkedca.CertificateIssuer{ + Type: linkedca.CertificateIssuer_Type(typ), Provisioner: iss.Provisioner, Certificate: mustReadFileOrUri(iss.Certificate, files), Key: mustReadFileOrUri(iss.Key, files), @@ -150,7 +151,7 @@ func (a *Authority) Export() (c *config.Configuration, err error) { c.Authority.Claims = claimsToLinkedca(a.config.AuthorityConfig.Claims) // Distiguised names template if v := a.config.AuthorityConfig.Template; v != nil { - c.Authority.Template = &config.DistinguishedName{ + c.Authority.Template = &linkedca.DistinguishedName{ Country: v.Country, Organization: v.Organization, OrganizationalUnit: v.OrganizationalUnit, @@ -164,20 +165,20 @@ func (a *Authority) Export() (c *config.Configuration, err error) { // TLS if v := a.config.TLS; v != nil { - c.Tls = &config.TLS{ + c.Tls = &linkedca.TLS{ MinVersion: v.MinVersion.String(), MaxVersion: v.MaxVersion.String(), Renegotiation: v.Renegotiation, } for _, cs := range v.CipherSuites.Value() { - c.Tls.CipherSuites = append(c.Tls.CipherSuites, config.TLS_CiperSuite(cs)) + c.Tls.CipherSuites = append(c.Tls.CipherSuites, linkedca.TLS_CiperSuite(cs)) } } // Templates if v := a.config.Templates; v != nil { - c.Templates = &config.Templates{ - Ssh: &config.SSHTemplate{}, + c.Templates = &linkedca.ConfigTemplates{ + Ssh: &linkedca.SSHConfigTemplate{}, Data: mustMarshalToStruct(v.Data), } // Remove automatically loaded vars @@ -185,12 +186,12 @@ func (a *Authority) Export() (c *config.Configuration, err error) { delete(c.Templates.Data.Fields, "Step") } for _, t := range v.SSH.Host { - typ, ok := config.Template_Type_value[strings.ToUpper(string(t.Type))] + typ, ok := linkedca.ConfigTemplate_Type_value[strings.ToUpper(string(t.Type))] if !ok { return nil, errors.Errorf("unsupported template type %s", t.Type) } - c.Templates.Ssh.Hosts = append(c.Templates.Ssh.Hosts, &config.Template{ - Type: config.Template_Type(typ), + c.Templates.Ssh.Hosts = append(c.Templates.Ssh.Hosts, &linkedca.ConfigTemplate{ + Type: linkedca.ConfigTemplate_Type(typ), Name: t.Name, Template: mustReadFileOrUri(t.TemplatePath, files), Path: t.Path, @@ -200,12 +201,12 @@ func (a *Authority) Export() (c *config.Configuration, err error) { }) } for _, t := range v.SSH.User { - typ, ok := config.Template_Type_value[strings.ToUpper(string(t.Type))] + typ, ok := linkedca.ConfigTemplate_Type_value[strings.ToUpper(string(t.Type))] if !ok { return nil, errors.Errorf("unsupported template type %s", t.Type) } - c.Templates.Ssh.Users = append(c.Templates.Ssh.Users, &config.Template{ - Type: config.Template_Type(typ), + c.Templates.Ssh.Users = append(c.Templates.Ssh.Users, &linkedca.ConfigTemplate{ + Type: linkedca.ConfigTemplate_Type(typ), Name: t.Name, Template: mustReadFileOrUri(t.TemplatePath, files), Path: t.Path, @@ -226,6 +227,13 @@ func mustPassword(s string) []byte { return []byte(s) } +func mustDuration(d *provisioner.Duration) string { + if d == nil || d.Duration == 0 { + return "" + } + return d.String() +} + func mustMarshalToStruct(v interface{}) *structpb.Struct { b, err := json.Marshal(v) if err != nil { @@ -243,7 +251,7 @@ func mustReadFileOrUri(fn string, m map[string][]byte) string { return "" } - stepPath := filepath.ToSlash(step.StepPath()) + stepPath := filepath.ToSlash(config.StepPath()) if !strings.HasSuffix(stepPath, "/") { stepPath += "/" } @@ -255,7 +263,7 @@ func mustReadFileOrUri(fn string, m map[string][]byte) string { panic(err) } if ok { - b, err := ioutil.ReadFile(step.StepAbs(fn)) + b, err := ioutil.ReadFile(config.StepAbs(fn)) if err != nil { panic(errors.Wrapf(err, "error reading %s", fn)) } diff --git a/go.mod b/go.mod index 12933ece..1149ac33 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 go.step.sm/cli-utils v0.4.1 go.step.sm/crypto v0.9.0 - go.step.sm/linkedca v0.4.1-0.20210802195257-6104dc57167d + go.step.sm/linkedca v0.4.1-0.20210805031331-a377303edb9d golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 golang.org/x/net v0.0.0-20210716203947-853a461950ff golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect diff --git a/go.sum b/go.sum index a0996433..555f5b64 100644 --- a/go.sum +++ b/go.sum @@ -528,8 +528,8 @@ go.step.sm/cli-utils v0.4.1 h1:QztRUhGYjOPM1I2Nmi7V6XejQyVtcESmo+sbegxvX7Q= go.step.sm/cli-utils v0.4.1/go.mod h1:hWYVOSlw8W9Pd+BwIbs/aftVVMRms3EG7Q2qLRwc0WA= go.step.sm/crypto v0.9.0 h1:q2AllTSnVj4NRtyEPkGW2ohArLmbGbe6ZAL/VIOKDzA= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= -go.step.sm/linkedca v0.4.1-0.20210802195257-6104dc57167d h1:d5cE1Bgyqw4pW3M7cPD+DndyOgKf41WJIzO+Dnx3q+4= -go.step.sm/linkedca v0.4.1-0.20210802195257-6104dc57167d/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= +go.step.sm/linkedca v0.4.1-0.20210805031331-a377303edb9d h1:bMcTynjdYq1Xmoi0G3NPCfV/aP1/vVQ/p7W3oYhoVXU= +go.step.sm/linkedca v0.4.1-0.20210805031331-a377303edb9d/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=