From 90a761d4a4e82961dab5104cf06d5cf7c7c9afd2 Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Fri, 24 May 2024 17:13:29 -0600 Subject: [PATCH 1/6] feat(cloud-provisioning): Refactors Provision endpoint Updates examples to reflect the refactoring --- cmd/vcert/cmdCloudKeystores.go | 31 +- cmd/vcert/utils.go | 27 +- examples/provision/main.go | 36 +- .../main.go | 38 +- examples/provisionWithServiceAccount/main.go | 36 +- pkg/domain/cloudproviders.go | 85 ++++- pkg/domain/provisioning.go | 30 ++ pkg/endpoint/endpoint.go | 3 +- pkg/endpoint/provisioning.go | 49 --- pkg/venafi/cloud/cloudproviders.go | 339 ++++++------------ pkg/venafi/fake/connector.go | 3 +- pkg/venafi/firefly/connector.go | 3 +- pkg/venafi/tpp/connector.go | 3 +- .../cloudproviders/cloudproviders.go | 43 ++- 14 files changed, 324 insertions(+), 402 deletions(-) rename examples/{provisionWithRequest => provisionWithCertificateRequest}/main.go (63%) create mode 100644 pkg/domain/provisioning.go delete mode 100644 pkg/endpoint/provisioning.go diff --git a/cmd/vcert/cmdCloudKeystores.go b/cmd/vcert/cmdCloudKeystores.go index 1d8b53c3..95b9010d 100644 --- a/cmd/vcert/cmdCloudKeystores.go +++ b/cmd/vcert/cmdCloudKeystores.go @@ -9,7 +9,7 @@ import ( "github.com/urfave/cli/v2" "github.com/Venafi/vcert/v5" - "github.com/Venafi/vcert/v5/pkg/endpoint" + "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/venafi/cloud" ) @@ -49,8 +49,8 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error { logf("Successfully connected to %s", cfg.ConnectorType) } - var req = &endpoint.ProvisioningRequest{} - var options *endpoint.ProvisioningOptions + var req = &domain.ProvisioningRequest{} + var options *domain.ProvisioningOptions log.Printf("fetching keystore information for provided keystore information from flags. KeystoreID: %s, KeystoreName: %s, ProviderName: %s", flags.keystoreID, flags.keystoreName, flags.providerName) getKeystoreReq := buildGetCloudKeystoreRequest(&flags) @@ -76,19 +76,24 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error { } result := ProvisioningResult{ - ARN: metadata.GetAWSCertificateMetadata().GetARN(), - AzureID: metadata.GetAzureCertificateMetadata().GetID(), - AzureName: metadata.GetAzureCertificateMetadata().GetName(), - AzureVersion: metadata.GetAzureCertificateMetadata().GetVersion(), - GcpID: metadata.GetGCPCertificateMetadata().GetID(), - GcpName: metadata.GetGCPCertificateMetadata().GetName(), + MachineIdentityId: metadata.MachineIdentityID, + MachineIdentityActionType: metadata.MachineIdentityActionType, + } + switch metadata.CloudKeystoreType { + case domain.CloudKeystoreTypeACM: + result.ARN = metadata.ARN + case domain.CloudKeystoreTypeAKV: + result.AzureID = metadata.CertificateID + result.AzureName = metadata.CertificateName + result.AzureVersion = metadata.CertificateVersion + case domain.CloudKeystoreTypeGCM: + result.GcpID = metadata.CertificateID + result.GcpName = metadata.CertificateName + default: + return fmt.Errorf("unknown keystore metadata type: %s", metadata.CloudKeystoreType) } - - result.MachineIdentityId = metadata.GetMachineIdentityMetadata().GetID() - result.MachineIdentityActionType = metadata.GetMachineIdentityMetadata().GetActionType() err = result.Flush(flags.provisionFormat) - if err != nil { return fmt.Errorf("failed to output the results: %s", err) } diff --git a/cmd/vcert/utils.go b/cmd/vcert/utils.go index 51dff434..abe674b5 100644 --- a/cmd/vcert/utils.go +++ b/cmd/vcert/utils.go @@ -40,8 +40,6 @@ import ( "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/endpoint" "github.com/Venafi/vcert/v5/pkg/util" - "github.com/Venafi/vcert/v5/pkg/venafi/cloud" - "github.com/Venafi/vcert/v5/pkg/webclient/cloudproviders" ) const ( @@ -620,29 +618,20 @@ func randRunes(n int) string { } // fillProvisioningRequest populates the provisioning request payload with values from command flags -func fillProvisioningRequest(req *endpoint.ProvisioningRequest, keystore domain.CloudKeystore, cf *commandFlags) (*endpoint.ProvisioningRequest, *endpoint.ProvisioningOptions) { +func fillProvisioningRequest(req *domain.ProvisioningRequest, keystore domain.CloudKeystore, cf *commandFlags) (*domain.ProvisioningRequest, *domain.ProvisioningOptions) { req.CertificateID = cleanEmptyStringPointer(cf.certificateID) req.Keystore = &keystore req.PickupID = &(cf.pickupID) - var options endpoint.ProvisioningOptions - if cf.keystoreCertName != "" { - switch keystore.Type { - case string(cloudproviders.CloudKeystoreTypeAkv): - optionsAkv := &cloud.CloudProvisioningAzureOptions{ - Name: &cf.keystoreCertName, - } - options = endpoint.ProvisioningOptions(optionsAkv) - case string(cloudproviders.CloudKeystoreTypeGcm): - optionsGcp := &cloud.CloudProvisioningGCPOptions{ - ID: &cf.keystoreCertName, - } - options = endpoint.ProvisioningOptions(optionsGcp) - } - return req, &options + if cf.keystoreCertName == "" { + return req, nil + } + + options := &domain.ProvisioningOptions{ + CloudCertificateName: cf.keystoreCertName, } + return req, options - return req, nil } func buildGetCloudKeystoreRequest(flags *commandFlags) domain.GetCloudKeystoreRequest { diff --git a/examples/provision/main.go b/examples/provision/main.go index d336cfde..f007d0b3 100644 --- a/examples/provision/main.go +++ b/examples/provision/main.go @@ -5,8 +5,8 @@ import ( "os" "github.com/Venafi/vcert/v5" + "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/endpoint" - "github.com/Venafi/vcert/v5/pkg/venafi/cloud" ) const ( @@ -44,21 +44,11 @@ func main() { keystoreID := "" certName := "" // e.g. test2-venafi-com - // The ID is the Certificate name for Google, hence we send it as name - optionsGcp := &cloud.CloudProvisioningGCPOptions{ - ID: &certName, + optionsInput := domain.ProvisioningOptions{ + CloudCertificateName: certName, } - optionsInput := endpoint.ProvisioningOptions(optionsGcp) - - // Example for Azure Options - //optionsAzure := &cloud.CloudProvisioningAzureOptions{ - // Name: &certName, - //} - // - //optionsInput := endpoint.ProvisioningOptions(optionsAzure) - - req := &endpoint.ProvisioningRequest{ + req := &domain.ProvisioningRequest{ CertificateID: &certificateID, KeystoreID: &keystoreID, } @@ -69,10 +59,16 @@ func main() { } // Example to get values from other keystores machine identities metadata - //log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.GetAWSCertificateMetadata().GetARN()) - //log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.GetAzureCertificateMetadata().GetID()) - //log.Printf("Certificate Azure Metadata Name:\n%v", certMetaData.GetAzureCertificateMetadata().GetName()) - //log.Printf("Certificate Azure Metadata Version:\n%v", certMetaData.GetAzureCertificateMetadata().GetVersion()) - log.Printf("Certificate GCP Metadata ID:\n%v", certMetaData.GetGCPCertificateMetadata().GetID()) - log.Printf("Certificate GCP Metadata Name:\n%v", certMetaData.GetGCPCertificateMetadata().GetName()) + if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeACM { + log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.ARN) + } + if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeAKV { + log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.CertificateID) + log.Printf("Certificate Azure Metadata Name:\n%v", certMetaData.CertificateName) + log.Printf("Certificate Azure Metadata Version:\n%v", certMetaData.CertificateVersion) + } + if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeGCM { + log.Printf("Certificate GCP Metadata ID:\n%v", certMetaData.CertificateID) + log.Printf("Certificate GCP Metadata Name:\n%v", certMetaData.CertificateName) + } } diff --git a/examples/provisionWithRequest/main.go b/examples/provisionWithCertificateRequest/main.go similarity index 63% rename from examples/provisionWithRequest/main.go rename to examples/provisionWithCertificateRequest/main.go index 06a80540..ccaf4aee 100644 --- a/examples/provisionWithRequest/main.go +++ b/examples/provisionWithCertificateRequest/main.go @@ -7,8 +7,8 @@ import ( "github.com/Venafi/vcert/v5" "github.com/Venafi/vcert/v5/pkg/certificate" + "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/endpoint" - "github.com/Venafi/vcert/v5/pkg/venafi/cloud" ) const ( @@ -72,21 +72,11 @@ func main() { providerName := "" certName := "" // e.g. test2-venafi-com - // The ID is the Certificate name for Google, hence we send it as name - optionsGcp := &cloud.CloudProvisioningGCPOptions{ - ID: &certName, + optionsInput := domain.ProvisioningOptions{ + CloudCertificateName: certName, } - // Example for Azure Options - // optionsAzure := &cloud.CloudProvisioningAzureOptions{ - // Name: &certName, - // } - // - // optionsInput := endpoint.ProvisioningOptions(optionsAzure) - - optionsInput := endpoint.ProvisioningOptions(optionsGcp) - - req := &endpoint.ProvisioningRequest{ + req := &domain.ProvisioningRequest{ KeystoreName: &keystoreName, ProviderName: &providerName, PickupID: &requestID, @@ -98,12 +88,16 @@ func main() { } // Example to get values from other keystores machine identities metadata - //log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.GetAWSCertificateMetadata().GetARN()) - //log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.GetAzureCertificateMetadata().GetID()) - //log.Printf("Certificate Azure Metadata Name:\n%v", certMetaData.GetAzureCertificateMetadata().GetName()) - //log.Printf("Certificate Azure Metadata Version:\n%v", certMetaData.GetAzureCertificateMetadata().GetVersion()) - log.Printf("Certificate GCP Metadata ID:\n%v", certMetaData.GetGCPCertificateMetadata().GetID()) - log.Printf("Certificate GCP Metadata Name:\n%v", certMetaData.GetGCPCertificateMetadata().GetName()) - log.Printf("Certificate Machine Identity Metadata ID:\n%v", certMetaData.GetMachineIdentityMetadata().GetID()) - log.Printf("Certificate Machine Identity Action Type:\n%v", certMetaData.GetMachineIdentityMetadata().GetActionType()) + if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeACM { + log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.ARN) + } + if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeAKV { + log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.CertificateID) + log.Printf("Certificate Azure Metadata Name:\n%v", certMetaData.CertificateName) + log.Printf("Certificate Azure Metadata Version:\n%v", certMetaData.CertificateVersion) + } + if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeGCM { + log.Printf("Certificate GCP Metadata ID:\n%v", certMetaData.CertificateID) + log.Printf("Certificate GCP Metadata Name:\n%v", certMetaData.CertificateName) + } } diff --git a/examples/provisionWithServiceAccount/main.go b/examples/provisionWithServiceAccount/main.go index e9f356ea..fc538b50 100644 --- a/examples/provisionWithServiceAccount/main.go +++ b/examples/provisionWithServiceAccount/main.go @@ -7,8 +7,8 @@ import ( "github.com/Venafi/vcert/v5" "github.com/Venafi/vcert/v5/pkg/certificate" + "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/endpoint" - "github.com/Venafi/vcert/v5/pkg/venafi/cloud" ) const ( @@ -86,21 +86,11 @@ func main() { providerName := "" certName := "" // e.g. test2-venafi-com - // The ID is the Certificate name for Google, hence we send it as name - optionsGcp := &cloud.CloudProvisioningGCPOptions{ - ID: &certName, + optionsInput := domain.ProvisioningOptions{ + CloudCertificateName: certName, } - // Example for Azure Options - // optionsAzure := &cloud.CloudProvisioningAzureOptions{ - // Name: &certName, - // } - // - // optionsInput := endpoint.ProvisioningOptions(optionsAzure) - - optionsInput := endpoint.ProvisioningOptions(optionsGcp) - - req := &endpoint.ProvisioningRequest{ + req := &domain.ProvisioningRequest{ KeystoreName: &keystoreName, ProviderName: &providerName, PickupID: &requestID, @@ -112,10 +102,16 @@ func main() { } // Example to get values from other keystores machine identities metadata - //log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.GetAWSCertificateMetadata().GetARN()) - //log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.GetAzureCertificateMetadata().GetID()) - //log.Printf("Certificate Azure Metadata Name:\n%v", certMetaData.GetAzureCertificateMetadata().GetName()) - //log.Printf("Certificate Azure Metadata Version:\n%v", certMetaData.GetAzureCertificateMetadata().GetVersion()) - log.Printf("Certificate GCP Metadata ID:\n%v", certMetaData.GetGCPCertificateMetadata().GetID()) - log.Printf("Certificate GCP Metadata Name:\n%v", certMetaData.GetGCPCertificateMetadata().GetName()) + if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeACM { + log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.ARN) + } + if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeAKV { + log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.CertificateID) + log.Printf("Certificate Azure Metadata Name:\n%v", certMetaData.CertificateName) + log.Printf("Certificate Azure Metadata Version:\n%v", certMetaData.CertificateVersion) + } + if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeGCM { + log.Printf("Certificate GCP Metadata ID:\n%v", certMetaData.CertificateID) + log.Printf("Certificate GCP Metadata Name:\n%v", certMetaData.CertificateName) + } } diff --git a/pkg/domain/cloudproviders.go b/pkg/domain/cloudproviders.go index 859118de..d5c096fc 100644 --- a/pkg/domain/cloudproviders.go +++ b/pkg/domain/cloudproviders.go @@ -1,11 +1,16 @@ package domain -import "github.com/google/uuid" +import ( + "strings" + + "github.com/google/uuid" +) type CloudProviderStatus int const ( - CloudProviderStatusValidated = iota + CloudProviderStatusUnknown CloudProviderStatus = iota + CloudProviderStatusValidated CloudProviderStatusNotValidated CloudProviderStatusValidatedStr = "VALIDATED" @@ -19,15 +24,29 @@ func (cps CloudProviderStatus) String() string { return CloudProviderStatusValidatedStr case CloudProviderStatusNotValidated: return CloudProviderStatusNotValidatedStr + case CloudProviderStatusUnknown: + fallthrough default: return CloudProviderStatusUnknownStr } } +func GetCloudProviderStatus(status string) CloudProviderStatus { + switch strings.ToUpper(status) { + case CloudProviderStatusValidatedStr: + return CloudProviderStatusValidated + case CloudProviderStatusNotValidatedStr: + return CloudProviderStatusNotValidated + default: + return CloudProviderStatusUnknown + } +} + type CloudProviderType int const ( - CloudProviderTypeAWS = iota + CloudProviderTypeUnknown CloudProviderType = iota + CloudProviderTypeAWS CloudProviderTypeAzure CloudProviderTypeGCP @@ -37,14 +56,16 @@ const ( CloudProviderTypeUnknownStr = "UNKNOWN" ) -func (cps CloudProviderType) String() string { - switch cps { +func (cpt CloudProviderType) String() string { + switch cpt { case CloudProviderTypeAWS: return CloudProviderTypeAWSStr case CloudProviderTypeAzure: return CloudProviderTypeAzureStr case CloudProviderTypeGCP: return CloudProviderTypeGCPStr + case CloudProviderTypeUnknown: + fallthrough default: return CloudProviderTypeUnknownStr } @@ -53,8 +74,8 @@ func (cps CloudProviderType) String() string { type CloudProvider struct { ID string Name string - Type string - Status string + Type CloudProviderType + Status CloudProviderStatus StatusDetails string KeystoresCount int } @@ -65,10 +86,39 @@ type GetCloudProviderRequest struct { Type CloudProviderType } +type CloudKeystoreType int + +const ( + CloudKeystoreTypeUnknown CloudKeystoreType = iota + CloudKeystoreTypeACM + CloudKeystoreTypeAKV + CloudKeystoreTypeGCM + + CloudKeystoreTypeACMStr = "ACM" + CloudKeystoreTypeAKVStr = "AKV" + CloudKeystoreTypeGCMStr = "GCM" + CloudKeystoreTypeUnknownStr = "UNKNOWN" +) + +func (ckt CloudKeystoreType) String() string { + switch ckt { + case CloudKeystoreTypeACM: + return CloudKeystoreTypeACMStr + case CloudKeystoreTypeAKV: + return CloudKeystoreTypeAKVStr + case CloudKeystoreTypeGCM: + return CloudKeystoreTypeGCMStr + case CloudKeystoreTypeUnknown: + fallthrough + default: + return CloudKeystoreTypeUnknownStr + } +} + type CloudKeystore struct { ID string Name string - Type string + Type CloudKeystoreType MachineIdentitiesCount int } @@ -104,11 +154,6 @@ const ( MachineIdentityStatusValidatedStr = "VALIDATED" MachineIdentityStatusMissingStr = "MISSING" MachineIdentityStatusFailedStr = "FAILED" - - CloudMetadataACM = "ACM" - CloudMetadataGCM = "GCM" - CloudMetadataAKV = "AKV" - CloudMetadataUnknown = "UNKNOWN" ) func (mis MachineIdentityStatus) String() string { @@ -127,6 +172,8 @@ func (mis MachineIdentityStatus) String() string { return MachineIdentityStatusMissingStr case MachineIdentityStatusFailed: return MachineIdentityStatusFailedStr + case MachineIdentityStatusUnknown: + fallthrough default: return MachineIdentityStatusUnknownStr } @@ -142,20 +189,20 @@ func NewCertificateCloudMetadata(values map[string]interface{}) CertificateCloud } } -func (ccm *CertificateCloudMetadata) GetType() string { +func (ccm *CertificateCloudMetadata) GetKeystoreType() CloudKeystoreType { typ := ccm.GetValue("__typename") if typ == nil { - return CloudMetadataUnknown + return CloudKeystoreTypeUnknown } switch typ { case "AWSCertificateMetadata": - return CloudMetadataACM + return CloudKeystoreTypeACM case "AzureCertificateMetadata": - return CloudMetadataAKV + return CloudKeystoreTypeAKV case "GCPCertificateMetadata": - return CloudMetadataGCM + return CloudKeystoreTypeGCM default: - return CloudMetadataUnknown + return CloudKeystoreTypeUnknown } } diff --git a/pkg/domain/provisioning.go b/pkg/domain/provisioning.go new file mode 100644 index 00000000..628e374b --- /dev/null +++ b/pkg/domain/provisioning.go @@ -0,0 +1,30 @@ +package domain + +import ( + "time" +) + +type ProvisioningRequest struct { + MachineIdentityID *string + CertificateID *string + PickupID *string + KeystoreID *string + KeystoreName *string + ProviderName *string + Timeout time.Duration + Keystore *CloudKeystore +} + +type ProvisioningMetadata struct { + CloudKeystoreType CloudKeystoreType + ARN string + CertificateID string + CertificateName string + CertificateVersion string + MachineIdentityID string + MachineIdentityActionType string +} + +type ProvisioningOptions struct { + CloudCertificateName string +} diff --git a/pkg/endpoint/endpoint.go b/pkg/endpoint/endpoint.go index 31fb6441..a0fb40c0 100644 --- a/pkg/endpoint/endpoint.go +++ b/pkg/endpoint/endpoint.go @@ -30,6 +30,7 @@ import ( "time" "github.com/Venafi/vcert/v5/pkg/certificate" + "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/policy" ) @@ -102,7 +103,7 @@ type Connector interface { RequestCertificate(req *certificate.Request) (requestID string, err error) // RetrieveCertificate immediately returns an enrolled certificate. Otherwise, RetrieveCertificate waits and retries during req.Timeout. RetrieveCertificate(req *certificate.Request) (certificates *certificate.PEMCollection, err error) - ProvisionCertificate(req *ProvisioningRequest, options *ProvisioningOptions) (provisioningMetadata ProvisioningMetadata, err error) + ProvisionCertificate(req *domain.ProvisioningRequest, options *domain.ProvisioningOptions) (*domain.ProvisioningMetadata, error) IsCSRServiceGenerated(req *certificate.Request) (bool, error) RevokeCertificate(req *certificate.RevocationRequest) error RenewCertificate(req *certificate.RenewalRequest) (requestID string, err error) diff --git a/pkg/endpoint/provisioning.go b/pkg/endpoint/provisioning.go deleted file mode 100644 index c3dc7180..00000000 --- a/pkg/endpoint/provisioning.go +++ /dev/null @@ -1,49 +0,0 @@ -package endpoint - -import ( - "time" - - "github.com/Venafi/vcert/v5/pkg/domain" -) - -type ProvisioningRequest struct { - MachineIdentityID *string - CertificateID *string - PickupID *string - KeystoreID *string - KeystoreName *string - ProviderName *string - Timeout time.Duration - Keystore *domain.CloudKeystore -} - -type ProvisioningMetadata interface { - GetAWSCertificateMetadata() AWSCertificateMetadata - GetAzureCertificateMetadata() AzureCertificateMetadata - GetGCPCertificateMetadata() GCPCertificateMetadata - GetMachineIdentityMetadata() MachineIdentityMetadata -} - -type AWSCertificateMetadata interface { - GetARN() string -} - -type AzureCertificateMetadata interface { - GetID() string - GetName() string - GetVersion() string -} - -type GCPCertificateMetadata interface { - GetID() string - GetName() string -} - -type MachineIdentityMetadata interface { - GetID() string - GetActionType() string -} - -type ProvisioningOptions interface { - GetType() string -} diff --git a/pkg/venafi/cloud/cloudproviders.go b/pkg/venafi/cloud/cloudproviders.go index 4c57be6f..c4080dea 100644 --- a/pkg/venafi/cloud/cloudproviders.go +++ b/pkg/venafi/cloud/cloudproviders.go @@ -12,7 +12,6 @@ import ( "github.com/google/uuid" "github.com/Venafi/vcert/v5/pkg/domain" - "github.com/Venafi/vcert/v5/pkg/endpoint" "github.com/Venafi/vcert/v5/pkg/httputils" "github.com/Venafi/vcert/v5/pkg/util" "github.com/Venafi/vcert/v5/pkg/webclient/cloudproviders" @@ -28,83 +27,6 @@ type CloudKeystoreProvisioningResult struct { Error error `json:"error"` } -const ( - KeystoreTypeACM = "ACM" - KeystoreTypeAKV = "AKV" - KeystoreTypeGCM = "GCM" -) - -type CloudProvisioningMetadata struct { - awsMetadata CloudAwsMetadata - azureMetadata CloudAzureMetadata - gcpMetadata CloudGcpMetadata - machineMetadata MachineIdentityMetadata -} - -func (cpm *CloudProvisioningMetadata) GetAWSCertificateMetadata() endpoint.AWSCertificateMetadata { - return &cpm.awsMetadata -} - -func (cpm *CloudProvisioningMetadata) GetAzureCertificateMetadata() endpoint.AzureCertificateMetadata { - return &cpm.azureMetadata -} - -func (cpm *CloudProvisioningMetadata) GetGCPCertificateMetadata() endpoint.GCPCertificateMetadata { - return &cpm.gcpMetadata -} - -func (cpm *CloudProvisioningMetadata) GetMachineIdentityMetadata() endpoint.MachineIdentityMetadata { - return &cpm.machineMetadata -} - -type CloudAwsMetadata struct { - result CloudKeystoreProvisioningResult -} - -func (cawm *CloudAwsMetadata) GetARN() string { - return cawm.result.Arn -} - -type CloudGcpMetadata struct { - result CloudKeystoreProvisioningResult -} - -func (cgm *CloudGcpMetadata) GetID() string { - return cgm.result.CloudProviderCertificateID -} - -func (cgm *CloudGcpMetadata) GetName() string { - return cgm.result.CloudCertificateName -} - -type CloudAzureMetadata struct { - result CloudKeystoreProvisioningResult -} - -func (cam *CloudAzureMetadata) GetName() string { - return cam.result.CloudCertificateName -} - -func (cam *CloudAzureMetadata) GetVersion() string { - return cam.result.CloudCertificateVersion -} - -func (cam *CloudAzureMetadata) GetID() string { - return cam.result.CloudProviderCertificateID -} - -type MachineIdentityMetadata struct { - result CloudKeystoreProvisioningResult -} - -func (mim *MachineIdentityMetadata) GetID() string { - return mim.result.MachineIdentityId -} - -func (mim *MachineIdentityMetadata) GetActionType() string { - return mim.result.MachineIdentityActionType -} - // GCMCertificateScope Indicates the Scope for a certificate provisioned to GCP Certificate Manager type GCMCertificateScope string @@ -118,119 +40,7 @@ const ( GCMCertificateScopeEdgeCache GCMCertificateScope = "EDGE_CACHE" ) -type CertificateTagOption struct { - Name string - Value string -} - -type CloudProvisioningAzureOptions struct { - Name *string - Enabled *bool - Exportable *bool - Reusekey *bool - Tags []*CertificateTagOption -} - -func (cpao CloudProvisioningAzureOptions) GetType() string { - return KeystoreTypeAKV -} - -type CloudProvisioningGCPOptions struct { - ID *string - Description *string - Scope *GCMCertificateScope - Labels []*CertificateTagOption -} - -func (cpgo CloudProvisioningGCPOptions) GetType() string { - return KeystoreTypeGCM -} - -func setProvisioningOptions(options *endpoint.ProvisioningOptions) (*cloudproviders.CertificateProvisioningOptionsInput, error) { - var cloudOptions *cloudproviders.CertificateProvisioningOptionsInput - if options == nil { - return nil, fmt.Errorf("options for provisioning cannot be null when trying to set them") - } - dataOptions, err := json.Marshal(options) - if err != nil { - return nil, err - } - - graphqlAzureOptions := &cloudproviders.CertificateProvisioningAzureOptionsInput{} - graphqlGCPOptions := &cloudproviders.CertificateProvisioningGCPOptionsInput{} - - if options != nil { - switch (*options).GetType() { - case string(cloudproviders.CloudKeystoreTypeAcm): - // nothing - case string(cloudproviders.CloudKeystoreTypeAkv): - err = json.Unmarshal(dataOptions, graphqlAzureOptions) - if err != nil { - return nil, err - } - case string(cloudproviders.CloudKeystoreTypeGcm): - err = json.Unmarshal(dataOptions, graphqlGCPOptions) - if err != nil { - return nil, err - } - default: - return nil, fmt.Errorf("unknown cloud keystore type: %s", (*options).GetType()) - } - } - - cloudOptions = &cloudproviders.CertificateProvisioningOptionsInput{ - AwsOptions: nil, - AzureOptions: graphqlAzureOptions, - GcpOptions: graphqlGCPOptions, - } - return cloudOptions, nil -} - -func (c *Connector) validateIfCertIsVCPGeneratedByID(certificateId string) error { - cert, err := c.getCertificates(certificateId) - if err != nil { - return fmt.Errorf("error trying to get certificate details for cert with ID: %s, error: %s", certificateId, err.Error()) - } - if cert.DekHash == "" { - return fmt.Errorf("error trying to provisioning certificate with ID: %s. Provided certificate is not VCP generated", certificateId) - } - return nil -} - -func (c *Connector) getGraphqlClient() graphql.Client { - graphqlURL := c.getURL(urlGraphql) - - // We provide every type of auth here. - // The logic to decide which auth is inside struct's function: RoundTrip - httpclient := &http.Client{ - Transport: &httputils.AuthedTransportApi{ - ApiKey: c.apiKey, - AccessToken: c.accessToken, - Wrapped: http.DefaultTransport, - }, - Timeout: 30 * time.Second, - } - - client := graphql.NewClient(graphqlURL, httpclient) - return client -} - -func (c *Connector) getGraphqlHTTPClient() *http.Client { - // We provide every type of auth here. - // The logic to decide which auth to use is inside struct's function: RoundTrip - httpclient := &http.Client{ - Transport: &httputils.AuthedTransportApi{ - ApiKey: c.apiKey, - AccessToken: c.accessToken, - Wrapped: http.DefaultTransport, - UserAgent: util.DefaultUserAgent, - }, - Timeout: 30 * time.Second, - } - return httpclient -} - -func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, options *endpoint.ProvisioningOptions) (provisioningMetadata endpoint.ProvisioningMetadata, err error) { +func (c *Connector) ProvisionCertificate(req *domain.ProvisioningRequest, options *domain.ProvisioningOptions) (*domain.ProvisioningMetadata, error) { log.Printf("Starting Provisioning Flow") if req == nil { @@ -259,28 +69,15 @@ func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, opti // Is certificate generated by VCP? log.Printf("Validating if certificate is generated by VCP") - err = c.validateIfCertIsVCPGeneratedByID(*(reqData.CertificateID)) + err := c.validateIfCertIsVCPGeneratedByID(*(reqData.CertificateID)) if err != nil { return nil, err } log.Println("Certificate is valid for provisioning (VCP generated)") - // setting options for provisioning - var provisioningOptions *cloudproviders.CertificateProvisioningOptionsInput - if options != nil { - log.Println("setting provisioning options") - provisioningOptions, err = setProvisioningOptions(options) - if err != nil { - return nil, err - } - log.Println("provisioning options successfully set") - } + cloudKeystore := reqData.Keystore - ctx := context.Background() - - var keystoreIDString string - - if reqData.Keystore == nil { + if cloudKeystore == nil { if reqData.KeystoreID == nil { if reqData.ProviderName == nil || reqData.KeystoreName == nil { return nil, fmt.Errorf("any of keystore object, keystore ID or both Provider Name and Keystore Name must be provided for provisioning") @@ -292,9 +89,8 @@ func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, opti keystoreNameInput := util.StringPointerToString(reqData.KeystoreName) providerNameInput := util.StringPointerToString(reqData.ProviderName) - log.Printf("fetching keystore information for provided keystore information. KeystoreID: %s, KeystoreName: %s, ProviderName: %s", keystoreIDInput, keystoreNameInput, providerNameInput) - cloudKeystore, err := c.GetCloudKeystore(domain.GetCloudKeystoreRequest{ - CloudProviderID: nil, + log.Printf("fetching keystore with KeystoreID: %s, KeystoreName: %s, ProviderName: %s", keystoreIDInput, keystoreNameInput, providerNameInput) + cloudKeystore, err = c.GetCloudKeystore(domain.GetCloudKeystoreRequest{ CloudProviderName: req.ProviderName, CloudKeystoreID: req.KeystoreID, CloudKeystoreName: req.KeystoreName, @@ -303,45 +99,51 @@ func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, opti return nil, err } - keystoreIDString = cloudKeystore.ID + log.Printf("successfully fetched keystore information") + } + log.Printf("Keystore ID for provisioning: %s", cloudKeystore.ID) - log.Printf("successfully fetched keystore information for KeystoreID: %s", keystoreIDString) - } else { - log.Printf("Keystore was provided") - keystoreIDString = reqData.Keystore.ID + // setting options for provisioning + var provisioningOptions *cloudproviders.CertificateProvisioningOptionsInput + if options != nil { + log.Println("setting provisioning options") + provisioningOptions, err = setProvisioningOptions(*options, cloudKeystore.Type) + if err != nil { + return nil, err + } + log.Println("provisioning options successfully set") } - log.Printf("Keystore ID for provisioning: %s", keystoreIDString) - wsClientID := uuid.New().String() + wsClientID := uuid.New().String() wsConn, err := c.notificationSvcClient.Subscribe(wsClientID) if err != nil { return nil, err } - log.Printf("Provisioning Certificate ID %s for Keystore %s", certificateIDString, keystoreIDString) - _, err = c.cloudProvidersClient.ProvisionCertificate(ctx, certificateIDString, keystoreIDString, wsClientID, provisioningOptions) + log.Printf("Provisioning Certificate ID %s for Keystore %s", certificateIDString, cloudKeystore.ID) + _, err = c.cloudProvidersClient.ProvisionCertificate(context.Background(), certificateIDString, cloudKeystore.ID, wsClientID, provisioningOptions) if err != nil { return nil, err } - ar, err := c.notificationSvcClient.ReadResponse(wsConn) + workflowResponse, err := c.notificationSvcClient.ReadResponse(wsConn) if err != nil { return nil, err } // parsing metadata from websocket response - log.Printf("Getting Cloud Metadata of Certificate ID %s and Keystore ID: %s", certificateIDString, keystoreIDString) - cloudMetadata, err := getCloudMetadataFromWebsocketResponse(ar.Data.Result) + log.Printf("Getting Cloud Metadata of Certificate ID %s and Keystore ID: %s", certificateIDString, cloudKeystore.ID) + cloudMetadata, err := getCloudMetadataFromWebsocketResponse(workflowResponse.Data.Result) if err != nil { return nil, err } - log.Printf("Successfully got Cloud Metadata for Certificate ID %s and Keystore ID: %s", certificateIDString, keystoreIDString) + log.Printf("Successfully got Cloud Metadata for Certificate ID %s and Keystore ID: %s", certificateIDString, cloudKeystore.ID) - log.Printf("Successfully finished Provisioning Flow for Certificate ID %s and Keystore ID %s", certificateIDString, keystoreIDString) + log.Printf("Successfully finished Provisioning Flow for Certificate ID %s and Keystore ID %s", certificateIDString, cloudKeystore.ID) return cloudMetadata, nil } -func (c *Connector) ProvisionCertificateToMachineIdentity(req endpoint.ProvisioningRequest) (endpoint.ProvisioningMetadata, error) { +func (c *Connector) ProvisionCertificateToMachineIdentity(req domain.ProvisioningRequest) (*domain.ProvisioningMetadata, error) { log.Printf("Starting Provisioning to Machine Identity Flow") if req.MachineIdentityID == nil { @@ -460,7 +262,74 @@ func (c *Connector) DeleteMachineIdentity(id uuid.UUID) (bool, error) { return deleted, nil } -func getCloudMetadataFromWebsocketResponse(resultMap interface{}) (*CloudProvisioningMetadata, error) { +func setProvisioningOptions(options domain.ProvisioningOptions, keystoreType domain.CloudKeystoreType) (*cloudproviders.CertificateProvisioningOptionsInput, error) { + azureOptions := &cloudproviders.CertificateProvisioningAzureOptionsInput{} + gcpOptions := &cloudproviders.CertificateProvisioningGCPOptionsInput{} + + switch keystoreType { + case domain.CloudKeystoreTypeACM: + // nothing + case domain.CloudKeystoreTypeAKV: + azureOptions.Name = &options.CloudCertificateName + case domain.CloudKeystoreTypeGCM: + gcpOptions.Id = &options.CloudCertificateName + default: + return nil, fmt.Errorf("unknown cloud keystore type: %s", keystoreType) + } + + provisioningOptions := &cloudproviders.CertificateProvisioningOptionsInput{ + AwsOptions: nil, + AzureOptions: azureOptions, + GcpOptions: gcpOptions, + } + return provisioningOptions, nil +} + +func (c *Connector) validateIfCertIsVCPGeneratedByID(certificateId string) error { + cert, err := c.getCertificates(certificateId) + if err != nil { + return fmt.Errorf("error trying to get certificate details for cert with ID: %s, error: %s", certificateId, err.Error()) + } + if cert.DekHash == "" { + return fmt.Errorf("error trying to provisioning certificate with ID: %s. Provided certificate is not VCP generated", certificateId) + } + return nil +} + +func (c *Connector) getGraphqlClient() graphql.Client { + graphqlURL := c.getURL(urlGraphql) + + // We provide every type of auth here. + // The logic to decide which auth is inside struct's function: RoundTrip + httpclient := &http.Client{ + Transport: &httputils.AuthedTransportApi{ + ApiKey: c.apiKey, + AccessToken: c.accessToken, + Wrapped: http.DefaultTransport, + }, + Timeout: 30 * time.Second, + } + + client := graphql.NewClient(graphqlURL, httpclient) + return client +} + +func (c *Connector) getGraphqlHTTPClient() *http.Client { + // We provide every type of auth here. + // The logic to decide which auth to use is inside struct's function: RoundTrip + httpclient := &http.Client{ + Transport: &httputils.AuthedTransportApi{ + ApiKey: c.apiKey, + AccessToken: c.accessToken, + Wrapped: http.DefaultTransport, + UserAgent: util.DefaultUserAgent, + }, + Timeout: 30 * time.Second, + } + return httpclient +} + +func getCloudMetadataFromWebsocketResponse(resultMap interface{}) (*domain.ProvisioningMetadata, error) { result := CloudKeystoreProvisioningResult{} resultBytes, err := json.Marshal(resultMap) @@ -478,21 +347,25 @@ func getCloudMetadataFromWebsocketResponse(resultMap interface{}) (*CloudProvisi return nil, fmt.Errorf("provisioning failed, certificate ID from response is empty") } - cloudMetadata := &CloudProvisioningMetadata{ - machineMetadata: MachineIdentityMetadata{ - result: result, - }, + cloudMetadata := &domain.ProvisioningMetadata{ + CloudKeystoreType: domain.CloudKeystoreTypeUnknown, + ARN: result.Arn, + CertificateID: result.CloudProviderCertificateID, + CertificateName: result.CloudCertificateName, + CertificateVersion: result.CloudCertificateVersion, + MachineIdentityID: result.MachineIdentityId, + MachineIdentityActionType: result.MachineIdentityActionType, } // Only ACM returns an ARN value if result.Arn != "" { - cloudMetadata.awsMetadata.result = result + cloudMetadata.CloudKeystoreType = domain.CloudKeystoreTypeACM } else if result.CloudCertificateVersion != "" { // Only Azure returns a certificate version value - cloudMetadata.azureMetadata.result = result + cloudMetadata.CloudKeystoreType = domain.CloudKeystoreTypeAKV } else { // No ARN and no certificate version, default to GCM - cloudMetadata.gcpMetadata.result = result + cloudMetadata.CloudKeystoreType = domain.CloudKeystoreTypeGCM } return cloudMetadata, err diff --git a/pkg/venafi/fake/connector.go b/pkg/venafi/fake/connector.go index 623df7c0..f6f7262f 100644 --- a/pkg/venafi/fake/connector.go +++ b/pkg/venafi/fake/connector.go @@ -30,6 +30,7 @@ import ( "time" "github.com/Venafi/vcert/v5/pkg/certificate" + "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/endpoint" "github.com/Venafi/vcert/v5/pkg/policy" ) @@ -38,7 +39,7 @@ type Connector struct { verbose bool } -func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, options *endpoint.ProvisioningOptions) (provisioningMetadata endpoint.ProvisioningMetadata, err error) { +func (c *Connector) ProvisionCertificate(req *domain.ProvisioningRequest, options *domain.ProvisioningOptions) (provisioningMetadata domain.ProvisioningMetadata, err error) { panic("operation is not supported yet") } diff --git a/pkg/venafi/firefly/connector.go b/pkg/venafi/firefly/connector.go index d3d36486..115d09ed 100644 --- a/pkg/venafi/firefly/connector.go +++ b/pkg/venafi/firefly/connector.go @@ -31,6 +31,7 @@ import ( "golang.org/x/oauth2/clientcredentials" "github.com/Venafi/vcert/v5/pkg/certificate" + "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/endpoint" "github.com/Venafi/vcert/v5/pkg/policy" "github.com/Venafi/vcert/v5/pkg/util" @@ -454,7 +455,7 @@ func (c *Connector) RetrieveSSHCertificate(_ *certificate.SshCertRequest) (respo panic("operation is not supported yet") } -func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, options *endpoint.ProvisioningOptions) (provisioningMetadata endpoint.ProvisioningMetadata, err error) { +func (c *Connector) ProvisionCertificate(req *domain.ProvisioningRequest, options *domain.ProvisioningOptions) (provisioningMetadata domain.ProvisioningMetadata, err error) { panic("operation is not supported yet") } diff --git a/pkg/venafi/tpp/connector.go b/pkg/venafi/tpp/connector.go index c042d57b..6ee05874 100644 --- a/pkg/venafi/tpp/connector.go +++ b/pkg/venafi/tpp/connector.go @@ -32,6 +32,7 @@ import ( "time" "github.com/Venafi/vcert/v5/pkg/certificate" + "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/endpoint" "github.com/Venafi/vcert/v5/pkg/policy" "github.com/Venafi/vcert/v5/pkg/util" @@ -2174,7 +2175,7 @@ func (c *Connector) RetrieveSSHCertificate(req *certificate.SshCertRequest) (res return RetrieveSshCertificate(c, req) } -func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, options *endpoint.ProvisioningOptions) (provisioningMetadata endpoint.ProvisioningMetadata, err error) { +func (c *Connector) ProvisionCertificate(req *domain.ProvisioningRequest, options *domain.ProvisioningOptions) (provisioningMetadata domain.ProvisioningMetadata, err error) { panic("operation is not supported yet") } diff --git a/pkg/webclient/cloudproviders/cloudproviders.go b/pkg/webclient/cloudproviders/cloudproviders.go index d1c72faf..3749fe2e 100644 --- a/pkg/webclient/cloudproviders/cloudproviders.go +++ b/pkg/webclient/cloudproviders/cloudproviders.go @@ -54,8 +54,8 @@ func (c *CloudProvidersClient) GetCloudProvider(ctx context.Context, request dom return &domain.CloudProvider{ ID: cp.GetId(), Name: cp.GetName(), - Type: string(cp.GetType()), - Status: string(cp.GetStatus()), + Type: cp.GetType().toDomain(), + Status: cp.GetStatus().toDomain(), StatusDetails: statusDetails, KeystoresCount: cp.GetKeystoresCount(), }, nil @@ -87,7 +87,7 @@ func (c *CloudProvidersClient) GetCloudKeystore(ctx context.Context, request dom return &domain.CloudKeystore{ ID: ck.GetId(), Name: ck.GetName(), - Type: string(ck.GetType()), + Type: ck.GetType().toDomain(), MachineIdentitiesCount: ck.GetMachineIdentitiesCount(), }, nil } @@ -268,6 +268,17 @@ func (v *GetMachineIdentitiesCloudMachineIdentitiesMachineIdentityConnectionNode return &certMetadata, nil } +func (v CloudProviderStatus) toDomain() domain.CloudProviderStatus { + switch v { + case CloudProviderStatusValidated: + return domain.CloudProviderStatusValidated + case CloudProviderStatusNotValidated: + return domain.CloudProviderStatusNotValidated + default: + return domain.CloudProviderStatusUnknown + } +} + func cloudProviderStatusFromDomain(status domain.CloudProviderStatus) CloudProviderStatus { switch status { case domain.CloudProviderStatusValidated: @@ -279,6 +290,19 @@ func cloudProviderStatusFromDomain(status domain.CloudProviderStatus) CloudProvi } } +func (v CloudProviderType) toDomain() domain.CloudProviderType { + switch v { + case CloudProviderTypeAws: + return domain.CloudProviderTypeAWS + case CloudProviderTypeAzure: + return domain.CloudProviderTypeAzure + case CloudProviderTypeGcp: + return domain.CloudProviderTypeGCP + default: + return domain.CloudProviderTypeUnknown + } +} + func cloudProviderTypeFromDomain(providerType domain.CloudProviderType) (CloudProviderType, error) { switch providerType { case domain.CloudProviderTypeAWS: @@ -291,3 +315,16 @@ func cloudProviderTypeFromDomain(providerType domain.CloudProviderType) (CloudPr return "UNKNOWN", fmt.Errorf("failed to determine cloud provider type for %s", providerType) } } + +func (v CloudKeystoreType) toDomain() domain.CloudKeystoreType { + switch v { + case CloudKeystoreTypeAcm: + return domain.CloudKeystoreTypeACM + case CloudKeystoreTypeAkv: + return domain.CloudKeystoreTypeAKV + case CloudKeystoreTypeGcm: + return domain.CloudKeystoreTypeGCM + default: + return domain.CloudKeystoreTypeUnknown + } +} From bb03b7753f8e1a50b8552f54131c8c64ae5a5ac9 Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Fri, 24 May 2024 17:16:45 -0600 Subject: [PATCH 2/6] feat(cloud-provisioning): Updates ProvisionCertificate function to match Connector interface --- pkg/venafi/fake/connector.go | 2 +- pkg/venafi/firefly/connector.go | 2 +- pkg/venafi/tpp/connector.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/venafi/fake/connector.go b/pkg/venafi/fake/connector.go index f6f7262f..00ca2e28 100644 --- a/pkg/venafi/fake/connector.go +++ b/pkg/venafi/fake/connector.go @@ -39,7 +39,7 @@ type Connector struct { verbose bool } -func (c *Connector) ProvisionCertificate(req *domain.ProvisioningRequest, options *domain.ProvisioningOptions) (provisioningMetadata domain.ProvisioningMetadata, err error) { +func (c *Connector) ProvisionCertificate(_ *domain.ProvisioningRequest, _ *domain.ProvisioningOptions) (*domain.ProvisioningMetadata, error) { panic("operation is not supported yet") } diff --git a/pkg/venafi/firefly/connector.go b/pkg/venafi/firefly/connector.go index 115d09ed..146e6109 100644 --- a/pkg/venafi/firefly/connector.go +++ b/pkg/venafi/firefly/connector.go @@ -455,7 +455,7 @@ func (c *Connector) RetrieveSSHCertificate(_ *certificate.SshCertRequest) (respo panic("operation is not supported yet") } -func (c *Connector) ProvisionCertificate(req *domain.ProvisioningRequest, options *domain.ProvisioningOptions) (provisioningMetadata domain.ProvisioningMetadata, err error) { +func (c *Connector) ProvisionCertificate(_ *domain.ProvisioningRequest, _ *domain.ProvisioningOptions) (*domain.ProvisioningMetadata, error) { panic("operation is not supported yet") } diff --git a/pkg/venafi/tpp/connector.go b/pkg/venafi/tpp/connector.go index 6ee05874..b5aac4be 100644 --- a/pkg/venafi/tpp/connector.go +++ b/pkg/venafi/tpp/connector.go @@ -2175,7 +2175,7 @@ func (c *Connector) RetrieveSSHCertificate(req *certificate.SshCertRequest) (res return RetrieveSshCertificate(c, req) } -func (c *Connector) ProvisionCertificate(req *domain.ProvisioningRequest, options *domain.ProvisioningOptions) (provisioningMetadata domain.ProvisioningMetadata, err error) { +func (c *Connector) ProvisionCertificate(_ *domain.ProvisioningRequest, _ *domain.ProvisioningOptions) (*domain.ProvisioningMetadata, error) { panic("operation is not supported yet") } From 9a6c6b02a54532e3fe9d9d28088601675180b878 Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Fri, 24 May 2024 22:02:28 -0600 Subject: [PATCH 3/6] feat(cloud-provisioning): Adds back missing parameter in result.Flush invocation --- cmd/vcert/cmdCloudKeystores.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/vcert/cmdCloudKeystores.go b/cmd/vcert/cmdCloudKeystores.go index 95b9010d..bdab2503 100644 --- a/cmd/vcert/cmdCloudKeystores.go +++ b/cmd/vcert/cmdCloudKeystores.go @@ -93,7 +93,7 @@ func doCommandProvisionCloudKeystore(c *cli.Context) error { return fmt.Errorf("unknown keystore metadata type: %s", metadata.CloudKeystoreType) } - err = result.Flush(flags.provisionFormat) + err = result.Flush(flags.provisionFormat, flags.provisionOutputFile) if err != nil { return fmt.Errorf("failed to output the results: %s", err) } From 983d909b41cada45f7719efbe358089d6128faf7 Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Fri, 31 May 2024 00:52:44 -0600 Subject: [PATCH 4/6] feat(cloud-provisioning): Fixes issue with CloudProviderType unknown Fixes an issue whereby not passing a cloud provider type to GetCloudProvider request struct, results in an error due to unknown CloudProviderType. If CloudProviderType is unknown, parameter should be set to nil instead --- .../cloudproviders/cloudproviders.go | 30 ++++++++++--------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/pkg/webclient/cloudproviders/cloudproviders.go b/pkg/webclient/cloudproviders/cloudproviders.go index 3749fe2e..29f57115 100644 --- a/pkg/webclient/cloudproviders/cloudproviders.go +++ b/pkg/webclient/cloudproviders/cloudproviders.go @@ -31,12 +31,9 @@ func (c *CloudProvidersClient) GetCloudProvider(ctx context.Context, request dom } status := cloudProviderStatusFromDomain(request.Status) - providerType, err := cloudProviderTypeFromDomain(request.Type) - if err != nil { - return nil, err - } + providerType := cloudProviderTypeFromDomain(request.Type) - resp, err := GetCloudProviders(ctx, c.graphqlClient, &status, &providerType, request.Name) + resp, err := GetCloudProviders(ctx, c.graphqlClient, status, providerType, request.Name) if err != nil { return nil, fmt.Errorf("failed to retrieve Cloud Provider with name %s: %w", request.Name, err) } @@ -279,14 +276,16 @@ func (v CloudProviderStatus) toDomain() domain.CloudProviderStatus { } } -func cloudProviderStatusFromDomain(status domain.CloudProviderStatus) CloudProviderStatus { +func cloudProviderStatusFromDomain(status domain.CloudProviderStatus) *CloudProviderStatus { switch status { case domain.CloudProviderStatusValidated: - return CloudProviderStatusValidated + cpStatus := CloudProviderStatusValidated + return &cpStatus case domain.CloudProviderStatusNotValidated: - return CloudProviderStatusNotValidated + cpStatus := CloudProviderStatusNotValidated + return &cpStatus default: - return CloudProviderStatusNotValidated + return nil } } @@ -303,16 +302,19 @@ func (v CloudProviderType) toDomain() domain.CloudProviderType { } } -func cloudProviderTypeFromDomain(providerType domain.CloudProviderType) (CloudProviderType, error) { +func cloudProviderTypeFromDomain(providerType domain.CloudProviderType) *CloudProviderType { switch providerType { case domain.CloudProviderTypeAWS: - return CloudProviderTypeAws, nil + cpType := CloudProviderTypeAws + return &cpType case domain.CloudProviderTypeAzure: - return CloudProviderTypeAzure, nil + cpType := CloudProviderTypeAzure + return &cpType case domain.CloudProviderTypeGCP: - return CloudProviderTypeGcp, nil + cpType := CloudProviderTypeGcp + return &cpType default: - return "UNKNOWN", fmt.Errorf("failed to determine cloud provider type for %s", providerType) + return nil } } From 5f41ec7eee5d94c839ba2543688181acd3324b93 Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Fri, 31 May 2024 03:34:00 -0600 Subject: [PATCH 5/6] feat(cloud-provisioning): Machine Identity struct changes Changes type of Machine Identity IDs from UUID to string for ease of use --- pkg/domain/cloudproviders.go | 10 +++---- .../cloudproviders/cloudproviders.go | 29 ++++--------------- 2 files changed, 9 insertions(+), 30 deletions(-) diff --git a/pkg/domain/cloudproviders.go b/pkg/domain/cloudproviders.go index d5c096fc..d6e33b41 100644 --- a/pkg/domain/cloudproviders.go +++ b/pkg/domain/cloudproviders.go @@ -2,8 +2,6 @@ package domain import ( "strings" - - "github.com/google/uuid" ) type CloudProviderStatus int @@ -221,12 +219,12 @@ func (ccm *CertificateCloudMetadata) GetValue(key string) interface{} { } type CloudMachineIdentity struct { - ID uuid.UUID - CloudKeystoreID uuid.UUID + ID string + CloudKeystoreID string CloudKeystoreName string - CloudProviderID uuid.UUID + CloudProviderID string CloudProviderName string - CertificateID uuid.UUID + CertificateID string Metadata *CertificateCloudMetadata Status MachineIdentityStatus StatusDetails string diff --git a/pkg/webclient/cloudproviders/cloudproviders.go b/pkg/webclient/cloudproviders/cloudproviders.go index 29f57115..94d8a471 100644 --- a/pkg/webclient/cloudproviders/cloudproviders.go +++ b/pkg/webclient/cloudproviders/cloudproviders.go @@ -7,8 +7,6 @@ import ( "net/http" "github.com/Khan/genqlient/graphql" - "github.com/google/uuid" - "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/util" ) @@ -172,27 +170,10 @@ func (c *CloudProvidersClient) ProvisionCertificateToMachineIdentity(ctx context } func (v *GetMachineIdentitiesCloudMachineIdentitiesMachineIdentityConnectionNodesMachineIdentity) toDomain() (*domain.CloudMachineIdentity, error) { - id, err := uuid.Parse(v.Id) - if err != nil { - return nil, fmt.Errorf("failed to parse cloud machine identity id %s: %w", v.Id, err) - } - keystoreID, err := uuid.Parse(v.CloudKeystoreId) - if err != nil { - return nil, fmt.Errorf("failed to parse cloud key store id %s: %w", v.CloudKeystoreId, err) - } - certificateID, err := uuid.Parse(v.CertificateId) - if err != nil { - return nil, fmt.Errorf("failed to parse cloud certificate id %s: %w", v.CertificateId, err) - } - providerIDStr := "" + providerID := "" if v.CloudProviderId != nil { - providerIDStr = *v.CloudProviderId + providerID = *v.CloudProviderId } - providerID, err := uuid.Parse(providerIDStr) - if err != nil { - return nil, fmt.Errorf("failed to parse cloud provider id %s: %w", providerIDStr, err) - } - keystoreName := "" if v.CloudKeystoreName != nil { keystoreName = *v.CloudKeystoreName @@ -211,12 +192,12 @@ func (v *GetMachineIdentitiesCloudMachineIdentitiesMachineIdentityConnectionNode } return &domain.CloudMachineIdentity{ - ID: id, - CloudKeystoreID: keystoreID, + ID: v.Id, + CloudKeystoreID: v.CloudKeystoreId, CloudKeystoreName: keystoreName, CloudProviderID: providerID, CloudProviderName: providerName, - CertificateID: certificateID, + CertificateID: v.CertificateId, Metadata: metadata, Status: v.Status.toDomain(), StatusDetails: statusDetails, From 9e254e9906c7b7a9c26a307ced043fd2e024e3ae Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Fri, 31 May 2024 10:15:56 -0600 Subject: [PATCH 6/6] feat(cloud-provisioning): Updates DeleteMachineIdentity function Updated DeleteMachineIdentity function to use string as parameter instead of UUID --- pkg/venafi/cloud/cloudproviders.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/venafi/cloud/cloudproviders.go b/pkg/venafi/cloud/cloudproviders.go index d6bc3015..9b3690c7 100644 --- a/pkg/venafi/cloud/cloudproviders.go +++ b/pkg/venafi/cloud/cloudproviders.go @@ -251,13 +251,13 @@ func (c *Connector) GetMachineIdentity(request domain.GetCloudMachineIdentityReq return machineIdentity, nil } -func (c *Connector) DeleteMachineIdentity(id uuid.UUID) (bool, error) { - if id == uuid.Nil { - return false, fmt.Errorf("invalid machine identity ID: %s", id) +func (c *Connector) DeleteMachineIdentity(machineIdentityID string) (bool, error) { + if machineIdentityID == "" { + return false, fmt.Errorf("machine identity ID cannot be nil") } - deleted, err := c.cloudProvidersClient.DeleteMachineIdentity(context.Background(), id.String()) + deleted, err := c.cloudProvidersClient.DeleteMachineIdentity(context.Background(), machineIdentityID) if err != nil { - return false, fmt.Errorf("failed to delete machine identity with ID %s: %w", id, err) + return false, fmt.Errorf("failed to delete machine identity with ID %s: %w", machineIdentityID, err) } return deleted, nil }