// createSecret writes the secret, but only if it does not exists
func (c *VFSSecretStore) createSecret(s *Secret, p vfs.Path) error {
data, err := json.Marshal(s)
if err != nil {
return fmt.Errorf("error serializing secret: %v", err)
}
return p.CreateFile(data)
}
func (c *VFSCAStore) storePrivateKey(privateKey *PrivateKey, p vfs.Path) error {
var data bytes.Buffer
_, err := privateKey.WriteTo(&data)
if err != nil {
return err
}
return p.WriteFile(data.Bytes())
}
func (c *VFSCAStore) storeCertificate(cert *Certificate, p vfs.Path) error {
// TODO: replace storePrivateKey & storeCertificate with writeFile(io.WriterTo)?
var data bytes.Buffer
_, err := cert.WriteTo(&data)
if err != nil {
return err
}
return p.WriteFile(data.Bytes())
}
func (c *VFSSecretStore) loadSecret(p vfs.Path) (*Secret, error) {
data, err := p.ReadFile()
if err != nil {
if os.IsNotExist(err) {
return nil, nil
}
}
s := &Secret{}
err = json.Unmarshal(data, s)
if err != nil {
return nil, fmt.Errorf("error parsing secret from %q: %v", p, err)
}
return s, nil
}
func (c *VFSCAStore) loadOnePrivateKey(p vfs.Path) (*PrivateKey, error) {
data, err := p.ReadFile()
if err != nil {
if os.IsNotExist(err) {
return nil, nil
}
return nil, err
}
k, err := ParsePEMPrivateKey(data)
if err != nil {
return nil, fmt.Errorf("error parsing private key from %q: %v", p, err)
}
return k, err
}
func NewVFSStateStore(base vfs.Path, clusterName string, dryrun bool) (*VFSStateStore, error) {
location := base.Join(clusterName)
s := &VFSStateStore{
location: location,
}
var err error
s.ca, err = NewVFSCAStore(location.Join("pki"), dryrun)
if err != nil {
return nil, fmt.Errorf("error building CA store: %v", err)
}
s.secrets, err = NewVFSSecretStore(location.Join("secrets"))
if err != nil {
return nil, fmt.Errorf("error building secret store: %v", err)
}
return s, nil
}
func (c *VFSCAStore) loadOneCertificate(p vfs.Path) (*Certificate, error) {
data, err := p.ReadFile()
if err != nil {
if os.IsNotExist(err) {
return nil, nil
}
return nil, err
}
cert, err := LoadPEMCertificate(data)
if err != nil {
return nil, err
}
if cert == nil {
return nil, nil
}
return cert, nil
}
func (c *VFSCAStore) loadPrivateKeys(p vfs.Path) (*privateKeys, error) {
files, err := p.ReadDir()
if err != nil {
if os.IsNotExist(err) {
return nil, nil
}
return nil, err
}
keys := &privateKeys{
keys: make(map[string]*PrivateKey),
}
for _, f := range files {
key, err := c.loadOnePrivateKey(f)
if err != nil {
return nil, fmt.Errorf("error loading private key %q: %v", f, err)
}
name := f.Base()
name = strings.TrimSuffix(name, ".key")
keys.keys[name] = key
}
if len(keys.keys) == 0 {
return nil, nil
}
var primaryVersion *big.Int
for k := range keys.keys {
version, ok := big.NewInt(0).SetString(k, 10)
if !ok {
glog.Warningf("Ignoring private key with non-integer version: %q", k)
continue
}
if primaryVersion == nil || version.Cmp(primaryVersion) > 0 {
keys.primary = k
primaryVersion = version
}
}
return keys, nil
}
func (c *VFSCAStore) loadCertificates(p vfs.Path) (*certificates, error) {
files, err := p.ReadDir()
if err != nil {
if os.IsNotExist(err) {
return nil, nil
}
return nil, err
}
certs := &certificates{
certificates: make(map[string]*Certificate),
}
for _, f := range files {
cert, err := c.loadOneCertificate(f)
if err != nil {
return nil, fmt.Errorf("error loading certificate %q: %v", f, err)
}
name := f.Base()
name = strings.TrimSuffix(name, ".crt")
certs.certificates[name] = cert
}
if len(certs.certificates) == 0 {
return nil, nil
}
var primaryVersion *big.Int
for k := range certs.certificates {
version, ok := big.NewInt(0).SetString(k, 10)
if !ok {
glog.Warningf("Ignoring certificate with non-integer version: %q", k)
continue
}
if primaryVersion == nil || version.Cmp(primaryVersion) > 0 {
certs.primary = k
primaryVersion = version
}
}
return certs, nil
}