Merge pull request #479 from Venafi/cloud-keystore-query-fix

Cloud keystore query fix
Venafi · May 16, 2024 · 1ae8810 · 1ae8810
2 parents 55e78bc + 24ada96
commit 1ae8810
Show file tree

Hide file tree

Showing 6 changed files with 85 additions and 21 deletions.
diff --git a/pkg/domain/cloudproviders.go b/pkg/domain/cloudproviders.go
@@ -10,12 +10,20 @@ type CloudProvider struct {
 }
 
 type CloudKeystore struct {
-	ID   string
-	Name string
-	Type string
+	ID                     string
+	Name                   string
+	Type                   string
+	MachineIdentitiesCount int
 }
 
 type ProvisioningResponse struct {
 	WorkflowId   string
 	WorkflowName string
 }
+
+type GetCloudKeystoreRequest struct {
+	CloudProviderID   *string
+	CloudProviderName *string
+	CloudKeystoreID   *string
+	CloudKeystoreName *string
+}
diff --git a/pkg/venafi/cloud/cloudproviders.go b/pkg/venafi/cloud/cloudproviders.go
@@ -215,6 +215,31 @@ func (c *Connector) GetCloudProviderByName(name string) (*domain.CloudProvider,
 	return cloudProvider, nil
 }
 
+func (c *Connector) GetCloudKeystoreByName(cloudProviderID string, cloudKeystoreName string) (*domain.CloudKeystore, error) {
+	if cloudProviderID == "" {
+		return nil, fmt.Errorf("cloud provider ID cannot be empty")
+	}
+	if cloudKeystoreName == "" {
+		return nil, fmt.Errorf("cloud keystore name cannot be empty")
+	}
+
+	request := domain.GetCloudKeystoreRequest{
+		CloudProviderID:   &cloudProviderID,
+		CloudProviderName: nil,
+		CloudKeystoreID:   nil,
+		CloudKeystoreName: &cloudKeystoreName,
+	}
+
+	cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(context.Background(), request)
+	if err != nil {
+		return nil, fmt.Errorf("failed to retrieve Cloud Keystore with name %s from Cloud Provider with ID %s: %w", cloudKeystoreName, cloudProviderID, err)
+	}
+	if cloudKeystore == nil {
+		return nil, fmt.Errorf("could not find Cloud Keystore with name %s in Cloud Provider with ID %s", cloudKeystoreName, cloudProviderID)
+	}
+	return cloudKeystore, nil
+}
+
 func getCloudMetadataFromWebsocketResponse(respMap interface{}, keystoreType string, keystoreId string) (*CloudProvisioningMetadata, error) {
 
 	val := CloudKeystoreProvisioningResult{}

diff --git a/pkg/venafi/cloud/connector.go b/pkg/venafi/cloud/connector.go
@@ -38,6 +38,7 @@ import (
 	"golang.org/x/net/context"
 
 	"github.com/Venafi/vcert/v5/pkg/certificate"
+	"github.com/Venafi/vcert/v5/pkg/domain"
 	"github.com/Venafi/vcert/v5/pkg/endpoint"
 	"github.com/Venafi/vcert/v5/pkg/policy"
 	"github.com/Venafi/vcert/v5/pkg/util"
@@ -794,7 +795,13 @@ func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, opti
 
 	log.Printf("fetching keystore information for provided keystore information. KeystoreID: %s, KeystoreName: %s, ProviderName: %s", keystoreIDInput, keystoreNameInput, providerNameInput)
 	ctx := context.Background()
-	cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(ctx, req.KeystoreID, reqData.KeystoreName, reqData.ProviderName)
+	request := domain.GetCloudKeystoreRequest{
+		CloudProviderID:   nil,
+		CloudProviderName: req.ProviderName,
+		CloudKeystoreID:   req.KeystoreID,
+		CloudKeystoreName: req.KeystoreName,
+	}
+	cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(ctx, request)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/webclient/cloudproviders/cloudproviders.gen.go b/pkg/webclient/cloudproviders/cloudproviders.gen.go
diff --git a/pkg/webclient/cloudproviders/cloudproviders.go b/pkg/webclient/cloudproviders/cloudproviders.go
@@ -8,7 +8,6 @@ import (
 	"github.com/Khan/genqlient/graphql"
 
 	"github.com/Venafi/vcert/v5/pkg/domain"
-	"github.com/Venafi/vcert/v5/pkg/util"
 )
 
 //go:generate go run -mod=mod github.com/Khan/genqlient genqlient.yaml
@@ -52,39 +51,56 @@ func (c *CloudProvidersClient) GetCloudProviderByName(ctx context.Context, name
 	}, nil
 }
 
-func (c *CloudProvidersClient) GetCloudKeystore(ctx context.Context, cloudKeystoreID *string, cloudKeystoreName *string, cloudProviderName *string) (*domain.CloudKeystore, error) {
+func (c *CloudProvidersClient) GetCloudKeystore(ctx context.Context, request domain.GetCloudKeystoreRequest) (*domain.CloudKeystore, error) {
 
-	if cloudKeystoreID == nil {
-		if cloudKeystoreName == nil || cloudProviderName == nil {
-			return nil, fmt.Errorf("following are accepted for provisioning: keystore ID, or both keystore Name and provider Name")
+	if request.CloudKeystoreID == nil {
+		if request.CloudKeystoreName == nil || (request.CloudProviderID == nil && request.CloudProviderName == nil) {
+			return nil, fmt.Errorf("following combinations are accepted for provisioning: keystore ID, or both provider Name and keystore Name, or both provider ID and keystore Name")
 		}
 	}
 
-	keystoreIDInput := util.StringPointerToString(cloudKeystoreID)
-	keystoreNameInput := util.StringPointerToString(cloudKeystoreName)
-	providerNameInput := util.StringPointerToString(cloudProviderName)
-	resp, err := GetCloudKeystores(ctx, c.graphqlClient, cloudKeystoreID, cloudKeystoreName, nil, cloudProviderName)
+	resp, err := GetCloudKeystores(ctx, c.graphqlClient, request.CloudKeystoreID, request.CloudKeystoreName, request.CloudProviderID, request.CloudProviderName)
+	msg := getKeystoreOptionsString(request.CloudProviderID, request.CloudKeystoreID, request.CloudProviderName, request.CloudKeystoreName)
 	if err != nil {
-		return nil, fmt.Errorf("failed to retrieve Cloud Keystore with KeystoreID: %s, KeystoreName: %s, ProviderName: %s: %w", keystoreIDInput, keystoreNameInput, providerNameInput, err)
+		return nil, fmt.Errorf("failed to retrieve Cloud Keystore with %s: %w", msg, err)
 	}
 
 	if resp == nil || resp.CloudKeystores == nil {
-		return nil, fmt.Errorf("could not find keystore with KeystoreID: %s, KeystoreName: %s, ProviderName: %s", keystoreIDInput, keystoreNameInput, providerNameInput)
+		return nil, fmt.Errorf("could not find keystore with %s", msg)
 	}
 
 	if len(resp.CloudKeystores.Nodes) != 1 {
-		return nil, fmt.Errorf("could not find keystore with with KeystoreID: %s, KeystoreName: %s, ProviderName: %s", keystoreIDInput, keystoreNameInput, providerNameInput)
+		return nil, fmt.Errorf("could not find keystore with with %s", msg)
 	}
 
 	ck := resp.CloudKeystores.Nodes[0]
 
 	return &domain.CloudKeystore{
-		ID:   ck.GetId(),
-		Name: ck.GetName(),
-		Type: string(ck.GetType()),
+		ID:                     ck.GetId(),
+		Name:                   ck.GetName(),
+		Type:                   string(ck.GetType()),
+		MachineIdentitiesCount: ck.MachineIdentitiesCount,
 	}, nil
 }
 
+func getKeystoreOptionsString(cloudProviderID *string, cloudKeystoreID *string, cloudProviderName *string, cloudKeystoreName *string) string {
+	msg := ""
+	if cloudProviderID != nil {
+		msg += fmt.Sprintf("Cloud Provider ID: %s, ", *cloudProviderID)
+	}
+	if cloudKeystoreID != nil {
+		msg += fmt.Sprintf("Cloud Keystore ID: %s, ", *cloudKeystoreID)
+	}
+	if cloudProviderName != nil {
+		msg += fmt.Sprintf("Cloud Provider Name: %s, ", *cloudProviderName)
+	}
+	if cloudKeystoreName != nil {
+		msg += fmt.Sprintf("Cloud Keystore Name: %s", *cloudKeystoreName)
+	}
+
+	return msg
+}
+
 func (c *CloudProvidersClient) ProvisionCertificate(ctx context.Context, certificateID string, cloudKeystoreID string, wsClientID string, options *CertificateProvisioningOptionsInput) (*domain.ProvisioningResponse, error) {
 	if certificateID == "" {
 		return nil, fmt.Errorf("certificateID cannot be empty")

diff --git a/pkg/webclient/cloudproviders/genqlient.graphql b/pkg/webclient/cloudproviders/genqlient.graphql
@@ -16,6 +16,7 @@ query GetCloudKeystores($cloudKeystoreId: UUID, $cloudKeystoreName: String, $clo
             id
             name
             type
+            machineIdentitiesCount
         }
     }
 }
-Original file line number
+Diff line change
@@ Expand Up @@
                 id
                 name
                 type
+                machineIdentitiesCount
             }
         }
     }
@@ Expand Down @@