// ensureCertificate generates a new CA certificate and
// attaches it to the given environment configuration,
// unless the configuration already has one.
func ensureCertificate(cfg *config.Config) (*config.Config, error) {
_, hasCACert := cfg.CACert()
_, hasCAKey := cfg.CAPrivateKey()
if hasCACert && hasCAKey {
return cfg, nil
}
if hasCACert && !hasCAKey {
return nil, fmt.Errorf("environment configuration with a certificate but no CA private key")
}
caCert, caKey, err := cert.NewCA(cfg.Name(), time.Now().UTC().AddDate(10, 0, 0))
if err != nil {
return nil, err
}
return cfg.Apply(map[string]interface{}{
"ca-cert": string(caCert),
"ca-private-key": string(caKey),
})
}
// getStateInfo puts together the state.Info and api.Info for the given
// config, with the given state-server host names.
// The given config absolutely must have a CACert.
func getStateInfo(config *config.Config, hostnames []string) (*state.Info, *api.Info) {
cert, hasCert := config.CACert()
if !hasCert {
panic(errors.New("getStateInfo: config has no CACert"))
}
return &state.Info{
Addrs: composeAddresses(hostnames, config.StatePort()),
CACert: cert,
}, &api.Info{
Addrs: composeAddresses(hostnames, config.APIPort()),
CACert: cert,
}
}