ad916a82 |
package admin |
30380339 |
import (
"errors" |
28e73694 |
"io" |
30380339 |
"github.com/golang/glog"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
|
83c702b4 |
kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" |
e8ccd07b |
|
30380339 |
"github.com/openshift/origin/pkg/cmd/server/crypto" |
6267dded |
"github.com/openshift/origin/pkg/cmd/templates" |
30380339 |
)
|
28e73694 |
const CreateSignerCertCommandName = "create-signer-cert"
|
30380339 |
type CreateSignerCertOptions struct {
CertFile string
KeyFile string
SerialFile string
Name string |
7b23556d |
Output io.Writer |
30380339 |
Overwrite bool
}
|
5e824277 |
func BindCreateSignerCertOptions(options *CreateSignerCertOptions, flags *pflag.FlagSet, prefix string) { |
40be29be |
flags.StringVar(&options.CertFile, prefix+"cert", "openshift.local.config/master/ca.crt", "The certificate file.")
flags.StringVar(&options.KeyFile, prefix+"key", "openshift.local.config/master/ca.key", "The key file.")
flags.StringVar(&options.SerialFile, prefix+"serial", "openshift.local.config/master/ca.serial.txt", "The serial file that keeps track of how many certs have been signed.") |
30380339 |
flags.StringVar(&options.Name, prefix+"name", DefaultSignerName(), "The name of the signer.")
flags.BoolVar(&options.Overwrite, prefix+"overwrite", options.Overwrite, "Overwrite existing cert files if found. If false, any existing file will be left as-is.") |
ea725ace |
|
4fa337a1 |
// set dynamic value annotation - allows man pages to be generated and verified
flags.SetAnnotation(prefix+"name", "manpage-def-value", []string{"openshift-signer@<current_timestamp>"})
|
ea725ace |
// autocompletion hints
cobra.MarkFlagFilename(flags, prefix+"cert")
cobra.MarkFlagFilename(flags, prefix+"key")
cobra.MarkFlagFilename(flags, prefix+"serial") |
30380339 |
}
|
6267dded |
var createSignerLong = templates.LongDesc(`
Create a self-signed CA key/cert for signing certificates used by server components.`) |
2c54e8e7 |
|
28e73694 |
func NewCommandCreateSignerCert(commandName string, fullName string, out io.Writer) *cobra.Command { |
7b23556d |
options := &CreateSignerCertOptions{Overwrite: true, Output: out} |
30380339 |
cmd := &cobra.Command{ |
28e73694 |
Use: commandName, |
bee9edab |
Short: "Create a signer (certificate authority/CA) certificate and key", |
5f3f5b85 |
Long: createSignerLong, |
e8ccd07b |
Run: func(cmd *cobra.Command, args []string) { |
30380339 |
if err := options.Validate(args); err != nil { |
e8ccd07b |
kcmdutil.CheckErr(kcmdutil.UsageError(cmd, err.Error())) |
30380339 |
}
if _, err := options.CreateSignerCert(); err != nil { |
e8ccd07b |
kcmdutil.CheckErr(err) |
30380339 |
}
},
}
|
5e824277 |
BindCreateSignerCertOptions(options, cmd.Flags(), "") |
30380339 |
return cmd
}
func (o CreateSignerCertOptions) Validate(args []string) error {
if len(args) != 0 {
return errors.New("no arguments are supported")
}
if len(o.CertFile) == 0 {
return errors.New("cert must be provided")
}
if len(o.KeyFile) == 0 {
return errors.New("key must be provided")
}
if len(o.Name) == 0 {
return errors.New("name must be provided")
}
return nil
}
func (o CreateSignerCertOptions) CreateSignerCert() (*crypto.CA, error) { |
7b23556d |
glog.V(4).Infof("Creating a signer cert with: %#v", o) |
94085a36 |
var ca *crypto.CA
var err error
written := true |
30380339 |
if o.Overwrite { |
94085a36 |
ca, err = crypto.MakeCA(o.CertFile, o.KeyFile, o.SerialFile, o.Name)
} else {
ca, written, err = crypto.EnsureCA(o.CertFile, o.KeyFile, o.SerialFile, o.Name)
}
if written { |
7b23556d |
glog.V(3).Infof("Generated new CA for %s: cert in %s and key in %s\n", o.Name, o.CertFile, o.KeyFile) |
30380339 |
} else { |
7b23556d |
glog.V(3).Infof("Keeping existing CA cert at %s and key at %s\n", o.CertFile, o.KeyFile) |
30380339 |
} |
94085a36 |
return ca, err |
30380339 |
} |