// TODO: make this testable?
func VerifyOUs(validOUs []string) martini.Handler {
return func(res nethttp.ResponseWriter, req *nethttp.Request, c martini.Context) {
log.Debug("Verifying client OU")
if err := Verify(req, validOUs); err != nil {
nethttp.Error(res, err.Error(), nethttp.StatusUnauthorized)
}
}
}
// initOrchestratorDB attempts to create/upgrade the orchestrator backend database. It is created once in the
// application's lifetime.
func initOrchestratorDB(db *sql.DB) error {
log.Debug("Initializing orchestrator")
baseDeployments, patchDeployments, _ := readInternalDeployments()
deployIfNotAlreadyDeployed(db, generateSQLBase, baseDeployments, "base", true)
deployIfNotAlreadyDeployed(db, generateSQLPatches, patchDeployments, "patch", false)
return nil
}
// Verify that the OU of the presented client certificate matches the list
// of Valid OUs
func Verify(r *nethttp.Request, validOUs []string) error {
if r.TLS == nil {
return errors.New("no TLS")
}
for _, chain := range r.TLS.VerifiedChains {
s := chain[0].Subject.OrganizationalUnit
log.Debug("All OUs:", strings.Join(s, " "))
for _, ou := range s {
log.Debug("Client presented OU:", ou)
if HasString(ou, validOUs) {
log.Debug("Found valid OU:", ou)
return nil
}
}
}
log.Error("No valid OUs found")
return errors.New("Invalid OU")
}
func AbortSeed(seedId string) error {
if cmd, ok := activeCommands[seedId]; ok {
log.Debugf("Killing process %d", cmd.Process.Pid)
return cmd.Process.Kill()
} else {
log.Debug("Not killing: Process not found")
}
return nil
}
// initOrchestratorDB attempts to create/upgrade the orchestrator backend database. It is created once in the
// application's lifetime.
func initOrchestratorDB(db *sql.DB) error {
log.Debug("Initializing orchestrator")
for _, query := range generateSQL {
_, err := execInternal(db, query)
if err != nil {
return log.Fatalf("Cannot initiate orchestrator: %+v", err)
}
}
for _, query := range generateSQLPatches {
// Patches are allowed to fail.
_, _ = execInternalSilently(db, query)
}
return nil
}
// initOrchestratorDB attempts to create/upgrade the orchestrator backend database. It is created once in the
// application's lifetime.
func initOrchestratorDB(db *sql.DB) error {
log.Debug("Initializing orchestrator")
versionAlreadyDeployed, err := versionIsDeployed(db)
if versionAlreadyDeployed && config.RuntimeCLIFlags.ConfiguredVersion != "" && err == nil {
// Already deployed with this version
return nil
}
log.Debugf("Migrating database schema")
deployStatements(db, generateSQLBase, true)
deployStatements(db, generateSQLPatches, false)
registerOrchestratorDeployment(db)
return nil
}
func SendMySQLSeedData(targetHostname string, directory string, seedId string) error {
if directory == "" {
return log.Error("Empty directory in SendMySQLSeedData")
}
err := commandRun(fmt.Sprintf("%s %s %s %d", config.Config.SendSeedDataCommand, directory, targetHostname, SeedTransferPort),
func(cmd *exec.Cmd) {
activeCommands[seedId] = cmd
log.Debug("SendMySQLSeedData command completed")
})
if err != nil {
return log.Errore(err)
}
return err
}
func ReceiveMySQLSeedData(seedId string) error {
directory, err := GetMySQLDataDir()
if err != nil {
return log.Errore(err)
}
err = commandRun(
fmt.Sprintf("%s %s %d", config.Config.ReceiveSeedDataCommand, directory, SeedTransferPort),
func(cmd *exec.Cmd) {
activeCommands[seedId] = cmd
log.Debug("ReceiveMySQLSeedData command completed")
})
if err != nil {
return log.Errore(err)
}
return err
}
func SetAuth(scheme string, auth []byte) {
log.Debug("Setting Auth ")
authScheme = scheme
authExpression = auth
}