os/cmd/control/tlsconf.go

package control

import (
	"io/ioutil"
	"os"
	"path/filepath"

	log "github.com/Sirupsen/logrus"

	"github.com/codegangsta/cli"
	machineUtil "github.com/docker/machine/utils"
	"github.com/rancherio/os/config"
)

const (
	NAME string = "rancher"
	BITS int    = 2048
)

func tlsConfCommands() []cli.Command {
	return []cli.Command{
		{
			Name:   "generate",
			Usage:  "generates new set of TLS configuration certs",
			Action: tlsConfCreate,
			Flags: []cli.Flag{
				cli.StringSliceFlag{
					Name:  "hostname",
					Usage: "the hostname for which you want to generate the certificate",
					Value: &cli.StringSlice{"localhost"},
				},
				cli.BoolFlag{
					Name:  "server, s",
					Usage: "generate the server keys instead of client keys",
				},
				cli.StringFlag{
					Name:  "dir, d",
					Usage: "the directory to save/read the certs to/from",
					Value: "${HOME}/.docker",
				},
			},
		},
	}
}

func writeCerts(generateServer bool, hostname []string, cfg *config.Config, certPath, keyPath, caCertPath, caKeyPath string) error {
	if !generateServer {
		return machineUtil.GenerateCert([]string{""}, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)
	}

	if cfg.UserDocker.ServerKey == "" || cfg.UserDocker.ServerCert == "" {
		err := machineUtil.GenerateCert(hostname, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)
		if err != nil {
			return err
		}

		cert, err := ioutil.ReadFile(certPath)
		if err != nil {
			return err
		}

		key, err := ioutil.ReadFile(keyPath)
		if err != nil {
			return err
		}

		return cfg.SetConfig(&config.Config{
			UserDocker: config.DockerConfig{
				CAKey:      cfg.UserDocker.CAKey,
				CACert:     cfg.UserDocker.CACert,
				ServerCert: string(cert),
				ServerKey:  string(key),
			},
		})
	}

	if err := ioutil.WriteFile(certPath, []byte(cfg.UserDocker.ServerCert), 0400); err != nil {
		return err
	}

	return ioutil.WriteFile(keyPath, []byte(cfg.UserDocker.ServerKey), 0400)

}

func writeCaCerts(cfg *config.Config, caCertPath, caKeyPath string) error {
	if cfg.UserDocker.CACert == "" {
		if err := machineUtil.GenerateCACertificate(caCertPath, caKeyPath, NAME, BITS); err != nil {
			return err
		}

		caCert, err := ioutil.ReadFile(caCertPath)
		if err != nil {
			return err
		}

		caKey, err := ioutil.ReadFile(caKeyPath)
		if err != nil {
			return err
		}

		err = cfg.SetConfig(&config.Config{
			UserDocker: config.DockerConfig{
				CAKey:  string(caKey),
				CACert: string(caCert),
			},
		})
		if err != nil {
			return err
		}

		return nil
	}

	if err := ioutil.WriteFile(caCertPath, []byte(cfg.UserDocker.CACert), 0400); err != nil {
		return err
	}

	return ioutil.WriteFile(caKeyPath, []byte(cfg.UserDocker.CAKey), 0400)
}

func tlsConfCreate(c *cli.Context) {
	err := generate(c)
	if err != nil {
		log.Fatal(err)
	}
}

func generate(c *cli.Context) error {
	cfg, err := config.LoadConfig()
	if err != nil {
		return err
	}

	generateServer := c.Bool("server")
	outDir := os.ExpandEnv(c.String("dir"))
	caCertPath := filepath.Join(outDir, "ca.pem")
	caKeyPath := filepath.Join(outDir, "ca-key.pem")
	certPath := filepath.Join(outDir, "cert.pem")
	keyPath := filepath.Join(outDir, "key.pem")

	if generateServer {
		certPath = filepath.Join(outDir, "server-cert.pem")
		keyPath = filepath.Join(outDir, "server-key.pem")
	}

	if _, err := os.Stat(outDir); os.IsNotExist(err) {
		if err := os.MkdirAll(outDir, 0700); err != nil {
			return err
		}
	}

	if err := writeCaCerts(cfg, caCertPath, caKeyPath); err != nil {
		return err
	}

	hostnames := c.StringSlice("hostname")
	return writeCerts(generateServer, hostnames, cfg, certPath, keyPath, caCertPath, caKeyPath)
}
gofmt 2015-02-23 19:00:33 +00:00			`package control`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
			`import (`
Refactor tls command 2015-03-16 20:50:30 +00:00			`"io/ioutil"`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`"os"`
			`"path/filepath"`

Refactor tls command 2015-03-16 20:50:30 +00:00			`log "github.com/Sirupsen/logrus"`

move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`"github.com/codegangsta/cli"`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`machineUtil "github.com/docker/machine/utils"`
Refactor tls command 2015-03-16 20:50:30 +00:00			`"github.com/rancherio/os/config"`
			`)`

			`const (`
			`NAME string = "rancher"`
			`BITS int = 2048`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`)`

move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`func tlsConfCommands() []cli.Command {`
gofmt 2015-02-23 19:00:33 +00:00			`return []cli.Command{`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`{`
Refactor tls command 2015-03-16 20:50:30 +00:00			`Name: "generate",`
			`Usage: "generates new set of TLS configuration certs",`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`Action: tlsConfCreate,`
gofmt 2015-02-23 19:00:33 +00:00			`Flags: []cli.Flag{`
Refactor tls command 2015-03-16 20:50:30 +00:00			`cli.StringSliceFlag{`
			`Name: "hostname",`
			`Usage: "the hostname for which you want to generate the certificate",`
			`Value: &cli.StringSlice{"localhost"},`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`},`
gofmt 2015-02-23 19:00:33 +00:00			`cli.BoolFlag{`
Refactor tls command 2015-03-16 20:50:30 +00:00			`Name: "server, s",`
			`Usage: "generate the server keys instead of client keys",`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`},`
gofmt 2015-02-23 19:00:33 +00:00			`cli.StringFlag{`
Refactor tls command 2015-03-16 20:50:30 +00:00			`Name: "dir, d",`
			`Usage: "the directory to save/read the certs to/from",`
			`Value: "${HOME}/.docker",`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`},`
			`},`
			`},`
			`}`
gofmt 2015-02-23 19:00:33 +00:00			`}`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`func writeCerts(generateServer bool, hostname []string, cfg *config.Config, certPath, keyPath, caCertPath, caKeyPath string) error {`
			`if !generateServer {`
			`return machineUtil.GenerateCert([]string{""}, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)`
			`}`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`if cfg.UserDocker.ServerKey == "" \|\| cfg.UserDocker.ServerCert == "" {`
			`err := machineUtil.GenerateCert(hostname, certPath, keyPath, caCertPath, caKeyPath, NAME, BITS)`
			`if err != nil {`
			`return err`
			`}`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`cert, err := ioutil.ReadFile(certPath)`
			`if err != nil {`
			`return err`
			`}`
gofmt 2015-02-23 19:00:33 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`key, err := ioutil.ReadFile(keyPath)`
			`if err != nil {`
			`return err`
			`}`
gofmt 2015-02-23 19:00:33 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`return cfg.SetConfig(&config.Config{`
			`UserDocker: config.DockerConfig{`
			`CAKey: cfg.UserDocker.CAKey,`
			`CACert: cfg.UserDocker.CACert,`
			`ServerCert: string(cert),`
			`ServerKey: string(key),`
			`},`
			`})`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00			`}`

Refactor tls command 2015-03-16 20:50:30 +00:00			`if err := ioutil.WriteFile(certPath, []byte(cfg.UserDocker.ServerCert), 0400); err != nil {`
			`return err`
gofmt 2015-02-23 19:00:33 +00:00			`}`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`return ioutil.WriteFile(keyPath, []byte(cfg.UserDocker.ServerKey), 0400)`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`}`
move tlsconf to rancherctl 2015-02-21 21:31:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`func writeCaCerts(cfg *config.Config, caCertPath, caKeyPath string) error {`
			`if cfg.UserDocker.CACert == "" {`
			`if err := machineUtil.GenerateCACertificate(caCertPath, caKeyPath, NAME, BITS); err != nil {`
			`return err`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`

Refactor tls command 2015-03-16 20:50:30 +00:00			`caCert, err := ioutil.ReadFile(caCertPath)`
			`if err != nil {`
			`return err`
			`}`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`caKey, err := ioutil.ReadFile(caKeyPath)`
			`if err != nil {`
			`return err`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`

Refactor tls command 2015-03-16 20:50:30 +00:00			`err = cfg.SetConfig(&config.Config{`
			`UserDocker: config.DockerConfig{`
			`CAKey: string(caKey),`
			`CACert: string(caCert),`
			`},`
			`})`
			`if err != nil {`
			`return err`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`
Refactor tls command 2015-03-16 20:50:30 +00:00
			`return nil`
			`}`

			`if err := ioutil.WriteFile(caCertPath, []byte(cfg.UserDocker.CACert), 0400); err != nil {`
			`return err`
			`}`

			`return ioutil.WriteFile(caKeyPath, []byte(cfg.UserDocker.CAKey), 0400)`
			`}`

			`func tlsConfCreate(c *cli.Context) {`
			`err := generate(c)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`}`

			`func generate(c *cli.Context) error {`
			`cfg, err := config.LoadConfig()`
			`if err != nil {`
			`return err`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`

Refactor tls command 2015-03-16 20:50:30 +00:00			`generateServer := c.Bool("server")`
			`outDir := os.ExpandEnv(c.String("dir"))`
			`caCertPath := filepath.Join(outDir, "ca.pem")`
			`caKeyPath := filepath.Join(outDir, "ca-key.pem")`
			`certPath := filepath.Join(outDir, "cert.pem")`
			`keyPath := filepath.Join(outDir, "key.pem")`
Refactor tlsconf 2015-02-19 20:48:10 +00:00
Refactor tls command 2015-03-16 20:50:30 +00:00			`if generateServer {`
			`certPath = filepath.Join(outDir, "server-cert.pem")`
			`keyPath = filepath.Join(outDir, "server-key.pem")`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`
Refactor tls command 2015-03-16 20:50:30 +00:00
			`if _, err := os.Stat(outDir); os.IsNotExist(err) {`
			`if err := os.MkdirAll(outDir, 0700); err != nil {`
			`return err`
			`}`
			`}`

			`if err := writeCaCerts(cfg, caCertPath, caKeyPath); err != nil {`
			`return err`
			`}`

			`hostnames := c.StringSlice("hostname")`
			`return writeCerts(generateServer, hostnames, cfg, certPath, keyPath, caCertPath, caKeyPath)`
Refactor tlsconf 2015-02-19 20:48:10 +00:00			`}`