//Remove a user certificate from the trusted subtree (so, rejecting this user accesses)
func (ck *CertKit) Delete(tree, id string) error {
var err error
var srcpath string
srcpath = ck.Etcdkey + "/" + tree + "/" + id
err = etcdconfig.DeleteConfig(ck.Etcdcli, srcpath)
if err != nil {
Goose.Auth.Logf(1, "Error deleting pending user certificate for %s: %s", id, err)
return err
}
return nil
}
//Transfer a user certificate from the pending subtree to the trusted subtree (so, enabling this user accesses)
func (ck *CertKit) Trust(id string) error {
var err error
var srcpath string
var tgtpath string
var etcdData interface{}
srcpath = ck.Etcdkey + "/pending/" + id
tgtpath = ck.Etcdkey + "/trusted/" + id
_, etcdData, err = etcdconfig.GetConfig(ck.Etcdcli, srcpath+"/cert")
if err != nil {
Goose.Auth.Logf(1, "Error retrieving pending user certificate for %s: %s", id, err)
return err
}
Goose.Auth.Logf(6, "etcddata %s: %#v", id, etcdData)
_, err = etcd.NewKeysAPI(ck.Etcdcli).Set(context.Background(), tgtpath, "", &etcd.SetOptions{Dir: true})
if err != nil {
Goose.Auth.Logf(1, "Error setting configuration, creating diretory (%s): %s", tgtpath, err)
return err
}
err = etcdconfig.SetKey(ck.Etcdcli, tgtpath+"/cert", etcdData.(string))
if err != nil {
Goose.Auth.Logf(1, "Error saving pending user certificate on trusted subtree for %s: %s", id, err)
return err
}
err = etcdconfig.DeleteConfig(ck.Etcdcli, srcpath)
if err != nil {
Goose.Auth.Logf(1, "Error deleting pending user certificate for %s: %s", id, err)
return err
}
return nil
}
