From 31872fcb25f0abaf488af74381789e2d3b858de3 Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Wed, 15 May 2024 17:00:19 -0600 Subject: [PATCH 1/4] fix(cloud-provisioning): Adds function to retrieve cloud keystore by name and provider ID --- pkg/venafi/cloud/cloudproviders.go | 18 +++++++++ .../cloudproviders/cloudproviders.go | 37 +++++++++++++------ 2 files changed, 44 insertions(+), 11 deletions(-) diff --git a/pkg/venafi/cloud/cloudproviders.go b/pkg/venafi/cloud/cloudproviders.go index d84fdf3e..1d7dcf97 100644 --- a/pkg/venafi/cloud/cloudproviders.go +++ b/pkg/venafi/cloud/cloudproviders.go @@ -215,6 +215,24 @@ func (c *Connector) GetCloudProviderByName(name string) (*domain.CloudProvider, return cloudProvider, nil } +func (c *Connector) GetCloudKeystoreByName(cloudProviderID string, cloudKeystoreName string) (*domain.CloudKeystore, error) { + if cloudProviderID == "" { + return nil, fmt.Errorf("cloud provider ID cannot be empty") + } + if cloudKeystoreName == "" { + return nil, fmt.Errorf("cloud keystore name cannot be empty") + } + + cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(context.Background(), &cloudProviderID, nil, nil, &cloudKeystoreName) + if err != nil { + return nil, fmt.Errorf("failed to retrieve Cloud Keystore with name %s from Cloud Provider with ID %s: %w", cloudKeystoreName, cloudProviderID, err) + } + if cloudKeystore == nil { + return nil, fmt.Errorf("could not find Cloud Keystore with name %s in Cloud Provider with ID %s", cloudKeystoreName, cloudProviderID) + } + return cloudKeystore, nil +} + func getCloudMetadataFromWebsocketResponse(respMap interface{}, keystoreType string, keystoreId string) (*CloudProvisioningMetadata, error) { val := CloudKeystoreProvisioningResult{} diff --git a/pkg/webclient/cloudproviders/cloudproviders.go b/pkg/webclient/cloudproviders/cloudproviders.go index 6ffd036f..dfc88b3e 100644 --- a/pkg/webclient/cloudproviders/cloudproviders.go +++ b/pkg/webclient/cloudproviders/cloudproviders.go @@ -8,7 +8,6 @@ import ( "github.com/Khan/genqlient/graphql" "github.com/Venafi/vcert/v5/pkg/domain" - "github.com/Venafi/vcert/v5/pkg/util" ) //go:generate go run -mod=mod github.com/Khan/genqlient genqlient.yaml @@ -52,28 +51,26 @@ func (c *CloudProvidersClient) GetCloudProviderByName(ctx context.Context, name }, nil } -func (c *CloudProvidersClient) GetCloudKeystore(ctx context.Context, cloudKeystoreID *string, cloudKeystoreName *string, cloudProviderName *string) (*domain.CloudKeystore, error) { +func (c *CloudProvidersClient) GetCloudKeystore(ctx context.Context, cloudProviderID *string, cloudKeystoreID *string, cloudProviderName *string, cloudKeystoreName *string) (*domain.CloudKeystore, error) { if cloudKeystoreID == nil { - if cloudKeystoreName == nil || cloudProviderName == nil { - return nil, fmt.Errorf("following are accepted for provisioning: keystore ID, or both keystore Name and provider Name") + if cloudKeystoreName == nil || (cloudProviderID == nil && cloudProviderName == nil) { + return nil, fmt.Errorf("following combinations are accepted for provisioning: keystore ID, or both provider Name and keystore Name, or both provider ID and keystore Name") } } - keystoreIDInput := util.StringPointerToString(cloudKeystoreID) - keystoreNameInput := util.StringPointerToString(cloudKeystoreName) - providerNameInput := util.StringPointerToString(cloudProviderName) - resp, err := GetCloudKeystores(ctx, c.graphqlClient, cloudKeystoreID, cloudKeystoreName, nil, cloudProviderName) + resp, err := GetCloudKeystores(ctx, c.graphqlClient, cloudKeystoreID, cloudKeystoreName, cloudProviderID, cloudProviderName) + msg := getKeystoreOptionsString(cloudProviderID, cloudKeystoreID, cloudProviderName, cloudKeystoreName) if err != nil { - return nil, fmt.Errorf("failed to retrieve Cloud Keystore with KeystoreID: %s, KeystoreName: %s, ProviderName: %s: %w", keystoreIDInput, keystoreNameInput, providerNameInput, err) + return nil, fmt.Errorf("failed to retrieve Cloud Keystore with %s: %w", msg, err) } if resp == nil || resp.CloudKeystores == nil { - return nil, fmt.Errorf("could not find keystore with KeystoreID: %s, KeystoreName: %s, ProviderName: %s", keystoreIDInput, keystoreNameInput, providerNameInput) + return nil, fmt.Errorf("could not find keystore with %s", msg) } if len(resp.CloudKeystores.Nodes) != 1 { - return nil, fmt.Errorf("could not find keystore with with KeystoreID: %s, KeystoreName: %s, ProviderName: %s", keystoreIDInput, keystoreNameInput, providerNameInput) + return nil, fmt.Errorf("could not find keystore with with %s", msg) } ck := resp.CloudKeystores.Nodes[0] @@ -85,6 +82,24 @@ func (c *CloudProvidersClient) GetCloudKeystore(ctx context.Context, cloudKeysto }, nil } +func getKeystoreOptionsString(cloudProviderID *string, cloudKeystoreID *string, cloudProviderName *string, cloudKeystoreName *string) string { + msg := "" + if cloudProviderID != nil { + msg += fmt.Sprintf("Cloud Provider ID: %s, ", *cloudProviderID) + } + if cloudKeystoreID != nil { + msg += fmt.Sprintf("Cloud Keystore ID: %s, ", *cloudKeystoreID) + } + if cloudProviderName != nil { + msg += fmt.Sprintf("Cloud Provider Name: %s, ", *cloudProviderName) + } + if cloudKeystoreName != nil { + msg += fmt.Sprintf("Cloud Keystore Name: %s", *cloudKeystoreName) + } + + return msg +} + func (c *CloudProvidersClient) ProvisionCertificate(ctx context.Context, certificateID string, cloudKeystoreID string, wsClientID string, options *CertificateProvisioningOptionsInput) (*domain.ProvisioningResponse, error) { if certificateID == "" { return nil, fmt.Errorf("certificateID cannot be empty") From 55203efd5e07681a05806e7dc7a96a0b0e4660fe Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Wed, 15 May 2024 17:05:00 -0600 Subject: [PATCH 2/4] fix(cloud-provisioning): Adds machineIdentitiesCount to Cloud Keystore object --- pkg/domain/cloudproviders.go | 7 ++++--- pkg/webclient/cloudproviders/cloudproviders.gen.go | 11 +++++++++-- pkg/webclient/cloudproviders/cloudproviders.go | 7 ++++--- pkg/webclient/cloudproviders/genqlient.graphql | 1 + 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/pkg/domain/cloudproviders.go b/pkg/domain/cloudproviders.go index c1163bb2..21859f96 100644 --- a/pkg/domain/cloudproviders.go +++ b/pkg/domain/cloudproviders.go @@ -10,9 +10,10 @@ type CloudProvider struct { } type CloudKeystore struct { - ID string - Name string - Type string + ID string + Name string + Type string + MachineIdentitiesCount int } type ProvisioningResponse struct { diff --git a/pkg/webclient/cloudproviders/cloudproviders.gen.go b/pkg/webclient/cloudproviders/cloudproviders.gen.go index f335085d..31dd6ed3 100644 --- a/pkg/webclient/cloudproviders/cloudproviders.gen.go +++ b/pkg/webclient/cloudproviders/cloudproviders.gen.go @@ -167,8 +167,9 @@ type GetCloudKeystoresCloudKeystoresCloudKeystoreConnectionNodesCloudKeystore st // Cloud Keystore name // // A string between 3 and 250 characters - Name string `json:"name"` - Type CloudKeystoreType `json:"type"` + Name string `json:"name"` + Type CloudKeystoreType `json:"type"` + MachineIdentitiesCount int `json:"machineIdentitiesCount"` } // GetId returns GetCloudKeystoresCloudKeystoresCloudKeystoreConnectionNodesCloudKeystore.Id, and is useful for accessing the field via an interface. @@ -186,6 +187,11 @@ func (v *GetCloudKeystoresCloudKeystoresCloudKeystoreConnectionNodesCloudKeystor return v.Type } +// GetMachineIdentitiesCount returns GetCloudKeystoresCloudKeystoresCloudKeystoreConnectionNodesCloudKeystore.MachineIdentitiesCount, and is useful for accessing the field via an interface. +func (v *GetCloudKeystoresCloudKeystoresCloudKeystoreConnectionNodesCloudKeystore) GetMachineIdentitiesCount() int { + return v.MachineIdentitiesCount +} + // GetCloudKeystoresResponse is returned by GetCloudKeystores on success. type GetCloudKeystoresResponse struct { // Retrieves Cloud Keystores. @@ -373,6 +379,7 @@ query GetCloudKeystores ($cloudKeystoreId: UUID, $cloudKeystoreName: String, $cl id name type + machineIdentitiesCount } } } diff --git a/pkg/webclient/cloudproviders/cloudproviders.go b/pkg/webclient/cloudproviders/cloudproviders.go index dfc88b3e..6cb4555d 100644 --- a/pkg/webclient/cloudproviders/cloudproviders.go +++ b/pkg/webclient/cloudproviders/cloudproviders.go @@ -76,9 +76,10 @@ func (c *CloudProvidersClient) GetCloudKeystore(ctx context.Context, cloudProvid ck := resp.CloudKeystores.Nodes[0] return &domain.CloudKeystore{ - ID: ck.GetId(), - Name: ck.GetName(), - Type: string(ck.GetType()), + ID: ck.GetId(), + Name: ck.GetName(), + Type: string(ck.GetType()), + MachineIdentitiesCount: ck.MachineIdentitiesCount, }, nil } diff --git a/pkg/webclient/cloudproviders/genqlient.graphql b/pkg/webclient/cloudproviders/genqlient.graphql index e789f567..13aff8eb 100644 --- a/pkg/webclient/cloudproviders/genqlient.graphql +++ b/pkg/webclient/cloudproviders/genqlient.graphql @@ -16,6 +16,7 @@ query GetCloudKeystores($cloudKeystoreId: UUID, $cloudKeystoreName: String, $clo id name type + machineIdentitiesCount } } } From 4d134fbf9fd96fdedbdc6c37421b4d0adbf0fa20 Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Wed, 15 May 2024 17:31:43 -0600 Subject: [PATCH 3/4] fix(cloud-provisioning): Updates GetKeystore function in cloud connector --- pkg/venafi/cloud/connector.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/venafi/cloud/connector.go b/pkg/venafi/cloud/connector.go index beb7acb2..3f6c199c 100644 --- a/pkg/venafi/cloud/connector.go +++ b/pkg/venafi/cloud/connector.go @@ -794,7 +794,7 @@ func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, opti log.Printf("fetching keystore information for provided keystore information. KeystoreID: %s, KeystoreName: %s, ProviderName: %s", keystoreIDInput, keystoreNameInput, providerNameInput) ctx := context.Background() - cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(ctx, req.KeystoreID, reqData.KeystoreName, reqData.ProviderName) + cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(ctx, nil, req.KeystoreID, reqData.ProviderName, reqData.KeystoreName) if err != nil { return nil, err } From 24ada96fae15828aa4c793ca0059e50bfc96c75e Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Wed, 15 May 2024 17:46:39 -0600 Subject: [PATCH 4/4] fix(cloud-provisioning): Adds request object to GetKeystore function --- pkg/domain/cloudproviders.go | 7 +++++++ pkg/venafi/cloud/cloudproviders.go | 9 ++++++++- pkg/venafi/cloud/connector.go | 9 ++++++++- pkg/webclient/cloudproviders/cloudproviders.go | 10 +++++----- 4 files changed, 28 insertions(+), 7 deletions(-) diff --git a/pkg/domain/cloudproviders.go b/pkg/domain/cloudproviders.go index 21859f96..178668c6 100644 --- a/pkg/domain/cloudproviders.go +++ b/pkg/domain/cloudproviders.go @@ -20,3 +20,10 @@ type ProvisioningResponse struct { WorkflowId string WorkflowName string } + +type GetCloudKeystoreRequest struct { + CloudProviderID *string + CloudProviderName *string + CloudKeystoreID *string + CloudKeystoreName *string +} diff --git a/pkg/venafi/cloud/cloudproviders.go b/pkg/venafi/cloud/cloudproviders.go index 1d7dcf97..0df3dcb2 100644 --- a/pkg/venafi/cloud/cloudproviders.go +++ b/pkg/venafi/cloud/cloudproviders.go @@ -223,7 +223,14 @@ func (c *Connector) GetCloudKeystoreByName(cloudProviderID string, cloudKeystore return nil, fmt.Errorf("cloud keystore name cannot be empty") } - cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(context.Background(), &cloudProviderID, nil, nil, &cloudKeystoreName) + request := domain.GetCloudKeystoreRequest{ + CloudProviderID: &cloudProviderID, + CloudProviderName: nil, + CloudKeystoreID: nil, + CloudKeystoreName: &cloudKeystoreName, + } + + cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(context.Background(), request) if err != nil { return nil, fmt.Errorf("failed to retrieve Cloud Keystore with name %s from Cloud Provider with ID %s: %w", cloudKeystoreName, cloudProviderID, err) } diff --git a/pkg/venafi/cloud/connector.go b/pkg/venafi/cloud/connector.go index 3f6c199c..9bc4de79 100644 --- a/pkg/venafi/cloud/connector.go +++ b/pkg/venafi/cloud/connector.go @@ -38,6 +38,7 @@ import ( "golang.org/x/net/context" "github.com/Venafi/vcert/v5/pkg/certificate" + "github.com/Venafi/vcert/v5/pkg/domain" "github.com/Venafi/vcert/v5/pkg/endpoint" "github.com/Venafi/vcert/v5/pkg/policy" "github.com/Venafi/vcert/v5/pkg/util" @@ -794,7 +795,13 @@ func (c *Connector) ProvisionCertificate(req *endpoint.ProvisioningRequest, opti log.Printf("fetching keystore information for provided keystore information. KeystoreID: %s, KeystoreName: %s, ProviderName: %s", keystoreIDInput, keystoreNameInput, providerNameInput) ctx := context.Background() - cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(ctx, nil, req.KeystoreID, reqData.ProviderName, reqData.KeystoreName) + request := domain.GetCloudKeystoreRequest{ + CloudProviderID: nil, + CloudProviderName: req.ProviderName, + CloudKeystoreID: req.KeystoreID, + CloudKeystoreName: req.KeystoreName, + } + cloudKeystore, err := c.cloudProvidersClient.GetCloudKeystore(ctx, request) if err != nil { return nil, err } diff --git a/pkg/webclient/cloudproviders/cloudproviders.go b/pkg/webclient/cloudproviders/cloudproviders.go index 6cb4555d..07a499e4 100644 --- a/pkg/webclient/cloudproviders/cloudproviders.go +++ b/pkg/webclient/cloudproviders/cloudproviders.go @@ -51,16 +51,16 @@ func (c *CloudProvidersClient) GetCloudProviderByName(ctx context.Context, name }, nil } -func (c *CloudProvidersClient) GetCloudKeystore(ctx context.Context, cloudProviderID *string, cloudKeystoreID *string, cloudProviderName *string, cloudKeystoreName *string) (*domain.CloudKeystore, error) { +func (c *CloudProvidersClient) GetCloudKeystore(ctx context.Context, request domain.GetCloudKeystoreRequest) (*domain.CloudKeystore, error) { - if cloudKeystoreID == nil { - if cloudKeystoreName == nil || (cloudProviderID == nil && cloudProviderName == nil) { + if request.CloudKeystoreID == nil { + if request.CloudKeystoreName == nil || (request.CloudProviderID == nil && request.CloudProviderName == nil) { return nil, fmt.Errorf("following combinations are accepted for provisioning: keystore ID, or both provider Name and keystore Name, or both provider ID and keystore Name") } } - resp, err := GetCloudKeystores(ctx, c.graphqlClient, cloudKeystoreID, cloudKeystoreName, cloudProviderID, cloudProviderName) - msg := getKeystoreOptionsString(cloudProviderID, cloudKeystoreID, cloudProviderName, cloudKeystoreName) + resp, err := GetCloudKeystores(ctx, c.graphqlClient, request.CloudKeystoreID, request.CloudKeystoreName, request.CloudProviderID, request.CloudProviderName) + msg := getKeystoreOptionsString(request.CloudProviderID, request.CloudKeystoreID, request.CloudProviderName, request.CloudKeystoreName) if err != nil { return nil, fmt.Errorf("failed to retrieve Cloud Keystore with %s: %w", msg, err) }