mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Use errors and fmt instead of pkg/errors.

Browse source
This commit is contained in:
Mariano Cano 2022-04-12 14:04:46 -07:00
parent ea5f7f2acc
commit e29c85bbd4
1 changed files with 11 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
cas/vaultcas/vaultcas.go
View file

@ -8,11 +8,12 @@ import (
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"encoding/pem" "encoding/pem"
"errors"
"fmt"
"math/big" "math/big"
"strings" "strings"
"time" "time"
"github.com/pkg/errors"
"github.com/smallstep/certificates/cas/apiv1" "github.com/smallstep/certificates/cas/apiv1"
vault "github.com/hashicorp/vault/api" vault "github.com/hashicorp/vault/api"
@ -73,7 +74,7 @@ func New(ctx context.Context, opts apiv1.Options) (*VaultCAS, error) {
client, err := vault.NewClient(config) client, err := vault.NewClient(config)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "unable to initialize vault client") return nil, fmt.Errorf("unable to initialize vault client: %w", err)
} }
var appRoleAuth *auth.AppRoleAuth var appRoleAuth *auth.AppRoleAuth
@ -92,12 +93,12 @@ func New(ctx context.Context, opts apiv1.Options) (*VaultCAS, error) {
) )
} }
if err != nil { if err != nil {
return nil, errors.Wrap(err, "unable to initialize AppRole auth method") return nil, fmt.Errorf("unable to initialize AppRole auth method: %w", err)
} }
authInfo, err := client.Auth().Login(ctx, appRoleAuth) authInfo, err := client.Auth().Login(ctx, appRoleAuth)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "unable to login to AppRole auth method") return nil, fmt.Errorf("unable to login to AppRole auth method: %w", err)
} }
if authInfo == nil { if authInfo == nil {
return nil, errors.New("no auth info was returned after login") return nil, errors.New("no auth info was returned after login")
@ -135,7 +136,7 @@ func (v *VaultCAS) CreateCertificate(req *apiv1.CreateCertificateRequest) (*apiv
func (v *VaultCAS) GetCertificateAuthority(req *apiv1.GetCertificateAuthorityRequest) (*apiv1.GetCertificateAuthorityResponse, error) { func (v *VaultCAS) GetCertificateAuthority(req *apiv1.GetCertificateAuthorityRequest) (*apiv1.GetCertificateAuthorityResponse, error) {
secret, err := v.client.Logical().Read(v.config.PKI + "/cert/ca_chain") secret, err := v.client.Logical().Read(v.config.PKI + "/cert/ca_chain")
if err != nil { if err != nil {
return nil, errors.Wrap(err, "error reading ca chain") return nil, fmt.Errorf("error reading ca chain: %w", err)
} }
if secret == nil { if secret == nil {
return nil, errors.New("error reading ca chain: response is empty") return nil, errors.New("error reading ca chain: response is empty")
@ -180,7 +181,7 @@ func (v *VaultCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv
if req.SerialNumber != "" { if req.SerialNumber != "" {
var ok bool var ok bool
if sn, ok = new(big.Int).SetString(req.SerialNumber, 10); !ok { if sn, ok = new(big.Int).SetString(req.SerialNumber, 10); !ok {
return nil, errors.Errorf("error parsing serialNumber: %v cannot be converted to big.Int", req.SerialNumber) return nil, fmt.Errorf("error parsing serialNumber: %v cannot be converted to big.Int", req.SerialNumber)
} }
} else { } else {
sn = req.Certificate.SerialNumber sn = req.Certificate.SerialNumber
@ -191,7 +192,7 @@ func (v *VaultCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv
} }
_, err := v.client.Logical().Write(v.config.PKI+"/revoke/", vaultReq) _, err := v.client.Logical().Write(v.config.PKI+"/revoke/", vaultReq)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "error revoking certificate") return nil, fmt.Errorf("error revoking certificate: %w", err)
} }
return &apiv1.RevokeCertificateResponse{ return &apiv1.RevokeCertificateResponse{
@ -211,7 +212,7 @@ func (v *VaultCAS) createCertificate(cr *x509.CertificateRequest, lifetime time.
case cr.PublicKeyAlgorithm == x509.Ed25519: case cr.PublicKeyAlgorithm == x509.Ed25519:
vaultPKIRole = v.config.PKIRoleEd25519 vaultPKIRole = v.config.PKIRoleEd25519
default: default:
return nil, nil, errors.Errorf("unsupported public key algorithm '%v'", cr.PublicKeyAlgorithm) return nil, nil, fmt.Errorf("unsupported public key algorithm %v", cr.PublicKeyAlgorithm)
} }
vaultReq := map[string]interface{}{ vaultReq := map[string]interface{}{
@ -225,7 +226,7 @@ func (v *VaultCAS) createCertificate(cr *x509.CertificateRequest, lifetime time.
secret, err := v.client.Logical().Write(v.config.PKI+"/sign/"+vaultPKIRole, vaultReq) secret, err := v.client.Logical().Write(v.config.PKI+"/sign/"+vaultPKIRole, vaultReq)
if err != nil { if err != nil {
return nil, nil, errors.Wrap(err, "error signing certificate") return nil, nil, fmt.Errorf("error signing certificate: %w", err)
} }
if secret == nil { if secret == nil {
return nil, nil, errors.New("error signing certificate: response is empty") return nil, nil, errors.New("error signing certificate: response is empty")
@ -250,7 +251,7 @@ func loadOptions(config json.RawMessage) (*VaultOptions, error) {
err := json.Unmarshal(config, &vc) err := json.Unmarshal(config, &vc)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "error decoding vaultCAS config") return nil, fmt.Errorf("error decoding vaultCAS config: %w", err)
} }
if vc.PKI == "" { if vc.PKI == "" {