forked from TrueCloudLab/certificates
246 lines
8 KiB
Go
246 lines
8 KiB
Go
package admin
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
|
|
"github.com/pkg/errors"
|
|
"go.step.sm/linkedca"
|
|
)
|
|
|
|
const (
|
|
// DefaultAuthorityID is the default AuthorityID. This will be the ID
|
|
// of the first Authority created, as well as the default AuthorityID
|
|
// if one is not specified in the configuration.
|
|
DefaultAuthorityID = "00000000-0000-0000-0000-000000000000"
|
|
)
|
|
|
|
// ErrNotFound is an error that should be used by the authority.DB interface to
|
|
// indicate that an entity does not exist.
|
|
var ErrNotFound = errors.New("not found")
|
|
|
|
// UnmarshalProvisionerDetails unmarshals details type to the specific provisioner details.
|
|
func UnmarshalProvisionerDetails(typ linkedca.Provisioner_Type, data []byte) (*linkedca.ProvisionerDetails, error) {
|
|
var v linkedca.ProvisionerDetails
|
|
switch typ {
|
|
case linkedca.Provisioner_JWK:
|
|
v.Data = new(linkedca.ProvisionerDetails_JWK)
|
|
case linkedca.Provisioner_OIDC:
|
|
v.Data = new(linkedca.ProvisionerDetails_OIDC)
|
|
case linkedca.Provisioner_GCP:
|
|
v.Data = new(linkedca.ProvisionerDetails_GCP)
|
|
case linkedca.Provisioner_AWS:
|
|
v.Data = new(linkedca.ProvisionerDetails_AWS)
|
|
case linkedca.Provisioner_AZURE:
|
|
v.Data = new(linkedca.ProvisionerDetails_Azure)
|
|
case linkedca.Provisioner_ACME:
|
|
v.Data = new(linkedca.ProvisionerDetails_ACME)
|
|
case linkedca.Provisioner_X5C:
|
|
v.Data = new(linkedca.ProvisionerDetails_X5C)
|
|
case linkedca.Provisioner_K8SSA:
|
|
v.Data = new(linkedca.ProvisionerDetails_K8SSA)
|
|
case linkedca.Provisioner_SSHPOP:
|
|
v.Data = new(linkedca.ProvisionerDetails_SSHPOP)
|
|
case linkedca.Provisioner_SCEP:
|
|
v.Data = new(linkedca.ProvisionerDetails_SCEP)
|
|
case linkedca.Provisioner_NEBULA:
|
|
v.Data = new(linkedca.ProvisionerDetails_Nebula)
|
|
default:
|
|
return nil, fmt.Errorf("unsupported provisioner type %s", typ)
|
|
}
|
|
|
|
if err := json.Unmarshal(data, v.Data); err != nil {
|
|
return nil, err
|
|
}
|
|
return &linkedca.ProvisionerDetails{Data: v.Data}, nil
|
|
}
|
|
|
|
// DB is the DB interface expected by the step-ca Admin API.
|
|
type DB interface {
|
|
CreateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error
|
|
GetProvisioner(ctx context.Context, id string) (*linkedca.Provisioner, error)
|
|
GetProvisioners(ctx context.Context) ([]*linkedca.Provisioner, error)
|
|
UpdateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error
|
|
DeleteProvisioner(ctx context.Context, id string) error
|
|
|
|
CreateAdmin(ctx context.Context, admin *linkedca.Admin) error
|
|
GetAdmin(ctx context.Context, id string) (*linkedca.Admin, error)
|
|
GetAdmins(ctx context.Context) ([]*linkedca.Admin, error)
|
|
UpdateAdmin(ctx context.Context, admin *linkedca.Admin) error
|
|
DeleteAdmin(ctx context.Context, id string) error
|
|
|
|
CreateAuthorityPolicy(ctx context.Context, policy *linkedca.Policy) error
|
|
GetAuthorityPolicy(ctx context.Context) (*linkedca.Policy, error)
|
|
UpdateAuthorityPolicy(ctx context.Context, policy *linkedca.Policy) error
|
|
DeleteAuthorityPolicy(ctx context.Context) error
|
|
}
|
|
|
|
type dbKey struct{}
|
|
|
|
// NewContext adds the given admin database to the context.
|
|
func NewContext(ctx context.Context, db DB) context.Context {
|
|
return context.WithValue(ctx, dbKey{}, db)
|
|
}
|
|
|
|
// FromContext returns the current admin database from the given context.
|
|
func FromContext(ctx context.Context) (db DB, ok bool) {
|
|
db, ok = ctx.Value(dbKey{}).(DB)
|
|
return
|
|
}
|
|
|
|
// MustFromContext returns the current admin database from the given context. It
|
|
// will panic if it's not in the context.
|
|
func MustFromContext(ctx context.Context) DB {
|
|
if db, ok := FromContext(ctx); !ok {
|
|
panic("admin database is not in the context")
|
|
} else {
|
|
return db
|
|
}
|
|
}
|
|
|
|
// MockDB is an implementation of the DB interface that should only be used as
|
|
// a mock in tests.
|
|
type MockDB struct {
|
|
MockCreateProvisioner func(ctx context.Context, prov *linkedca.Provisioner) error
|
|
MockGetProvisioner func(ctx context.Context, id string) (*linkedca.Provisioner, error)
|
|
MockGetProvisioners func(ctx context.Context) ([]*linkedca.Provisioner, error)
|
|
MockUpdateProvisioner func(ctx context.Context, prov *linkedca.Provisioner) error
|
|
MockDeleteProvisioner func(ctx context.Context, id string) error
|
|
|
|
MockCreateAdmin func(ctx context.Context, adm *linkedca.Admin) error
|
|
MockGetAdmin func(ctx context.Context, id string) (*linkedca.Admin, error)
|
|
MockGetAdmins func(ctx context.Context) ([]*linkedca.Admin, error)
|
|
MockUpdateAdmin func(ctx context.Context, adm *linkedca.Admin) error
|
|
MockDeleteAdmin func(ctx context.Context, id string) error
|
|
|
|
MockCreateAuthorityPolicy func(ctx context.Context, policy *linkedca.Policy) error
|
|
MockGetAuthorityPolicy func(ctx context.Context) (*linkedca.Policy, error)
|
|
MockUpdateAuthorityPolicy func(ctx context.Context, policy *linkedca.Policy) error
|
|
MockDeleteAuthorityPolicy func(ctx context.Context) error
|
|
|
|
MockError error
|
|
MockRet1 interface{}
|
|
}
|
|
|
|
// CreateProvisioner mock.
|
|
func (m *MockDB) CreateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error {
|
|
if m.MockCreateProvisioner != nil {
|
|
return m.MockCreateProvisioner(ctx, prov)
|
|
} else if m.MockError != nil {
|
|
return m.MockError
|
|
}
|
|
return m.MockError
|
|
}
|
|
|
|
// GetProvisioner mock.
|
|
func (m *MockDB) GetProvisioner(ctx context.Context, id string) (*linkedca.Provisioner, error) {
|
|
if m.MockGetProvisioner != nil {
|
|
return m.MockGetProvisioner(ctx, id)
|
|
} else if m.MockError != nil {
|
|
return nil, m.MockError
|
|
}
|
|
return m.MockRet1.(*linkedca.Provisioner), m.MockError
|
|
}
|
|
|
|
// GetProvisioners mock
|
|
func (m *MockDB) GetProvisioners(ctx context.Context) ([]*linkedca.Provisioner, error) {
|
|
if m.MockGetProvisioners != nil {
|
|
return m.MockGetProvisioners(ctx)
|
|
} else if m.MockError != nil {
|
|
return nil, m.MockError
|
|
}
|
|
return m.MockRet1.([]*linkedca.Provisioner), m.MockError
|
|
}
|
|
|
|
// UpdateProvisioner mock
|
|
func (m *MockDB) UpdateProvisioner(ctx context.Context, prov *linkedca.Provisioner) error {
|
|
if m.MockUpdateProvisioner != nil {
|
|
return m.MockUpdateProvisioner(ctx, prov)
|
|
}
|
|
return m.MockError
|
|
}
|
|
|
|
// DeleteProvisioner mock
|
|
func (m *MockDB) DeleteProvisioner(ctx context.Context, id string) error {
|
|
if m.MockDeleteProvisioner != nil {
|
|
return m.MockDeleteProvisioner(ctx, id)
|
|
}
|
|
return m.MockError
|
|
}
|
|
|
|
// CreateAdmin mock
|
|
func (m *MockDB) CreateAdmin(ctx context.Context, admin *linkedca.Admin) error {
|
|
if m.MockCreateAdmin != nil {
|
|
return m.MockCreateAdmin(ctx, admin)
|
|
}
|
|
return m.MockError
|
|
}
|
|
|
|
// GetAdmin mock.
|
|
func (m *MockDB) GetAdmin(ctx context.Context, id string) (*linkedca.Admin, error) {
|
|
if m.MockGetAdmin != nil {
|
|
return m.MockGetAdmin(ctx, id)
|
|
} else if m.MockError != nil {
|
|
return nil, m.MockError
|
|
}
|
|
return m.MockRet1.(*linkedca.Admin), m.MockError
|
|
}
|
|
|
|
// GetAdmins mock
|
|
func (m *MockDB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) {
|
|
if m.MockGetAdmins != nil {
|
|
return m.MockGetAdmins(ctx)
|
|
} else if m.MockError != nil {
|
|
return nil, m.MockError
|
|
}
|
|
return m.MockRet1.([]*linkedca.Admin), m.MockError
|
|
}
|
|
|
|
// UpdateAdmin mock
|
|
func (m *MockDB) UpdateAdmin(ctx context.Context, adm *linkedca.Admin) error {
|
|
if m.MockUpdateAdmin != nil {
|
|
return m.MockUpdateAdmin(ctx, adm)
|
|
}
|
|
return m.MockError
|
|
}
|
|
|
|
// DeleteAdmin mock
|
|
func (m *MockDB) DeleteAdmin(ctx context.Context, id string) error {
|
|
if m.MockDeleteAdmin != nil {
|
|
return m.MockDeleteAdmin(ctx, id)
|
|
}
|
|
return m.MockError
|
|
}
|
|
|
|
// CreateAuthorityPolicy mock
|
|
func (m *MockDB) CreateAuthorityPolicy(ctx context.Context, policy *linkedca.Policy) error {
|
|
if m.MockCreateAuthorityPolicy != nil {
|
|
return m.MockCreateAuthorityPolicy(ctx, policy)
|
|
}
|
|
return m.MockError
|
|
}
|
|
|
|
// GetAuthorityPolicy mock
|
|
func (m *MockDB) GetAuthorityPolicy(ctx context.Context) (*linkedca.Policy, error) {
|
|
if m.MockGetAuthorityPolicy != nil {
|
|
return m.MockGetAuthorityPolicy(ctx)
|
|
}
|
|
return m.MockRet1.(*linkedca.Policy), m.MockError
|
|
}
|
|
|
|
// UpdateAuthorityPolicy mock
|
|
func (m *MockDB) UpdateAuthorityPolicy(ctx context.Context, policy *linkedca.Policy) error {
|
|
if m.MockUpdateAuthorityPolicy != nil {
|
|
return m.MockUpdateAuthorityPolicy(ctx, policy)
|
|
}
|
|
return m.MockError
|
|
}
|
|
|
|
// DeleteAuthorityPolicy mock
|
|
func (m *MockDB) DeleteAuthorityPolicy(ctx context.Context) error {
|
|
if m.MockDeleteAuthorityPolicy != nil {
|
|
return m.MockDeleteAuthorityPolicy(ctx)
|
|
}
|
|
return m.MockError
|
|
}
|