7999d24f81
this commit updates our monkit dependency to the v3 version where it outputs in an influx style. this makes discovery much easier as many tools are built to look at it this way. graphite and rothko will suffer some due to no longer being a tree based on dots. hopefully time will exist to update rothko to index based on the new metric format. it adds an influx output for the statreceiver so that we can write to influxdb v1 or v2 directly. Change-Id: Iae9f9494a6d29cfbd1f932a5e71a891b490415ff
96 lines
2.3 KiB
Go
96 lines
2.3 KiB
Go
// Copyright (C) 2019 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package certificateclient
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/spacemonkeygo/monkit/v3"
|
|
"github.com/zeebo/errs"
|
|
|
|
"storj.io/common/identity"
|
|
"storj.io/common/pb"
|
|
"storj.io/common/peertls/tlsopts"
|
|
"storj.io/common/rpc"
|
|
)
|
|
|
|
var mon = monkit.Package()
|
|
|
|
// Config is a config struct for use with a certificate signing service client.
|
|
type Config struct {
|
|
Address string `help:"address of the certificate signing rpc service"`
|
|
TLS tlsopts.Config
|
|
}
|
|
|
|
// Client implements pb.DRPCCertificatesClient
|
|
type Client struct {
|
|
conn *rpc.Conn
|
|
client pb.DRPCCertificatesClient
|
|
}
|
|
|
|
// New creates a new certificate signing rpc client.
|
|
func New(ctx context.Context, dialer rpc.Dialer, address string) (_ *Client, err error) {
|
|
defer mon.Task()(&ctx, address)(&err)
|
|
|
|
conn, err := dialer.DialAddressInsecure(ctx, address)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &Client{
|
|
conn: conn,
|
|
client: pb.NewDRPCCertificatesClient(conn.Raw()),
|
|
}, nil
|
|
}
|
|
|
|
// NewClientFrom creates a new certificate signing gRPC client from an existing
|
|
// grpc cert signing client.
|
|
func NewClientFrom(client pb.DRPCCertificatesClient) *Client {
|
|
return &Client{
|
|
client: client,
|
|
}
|
|
}
|
|
|
|
// Sign submits a certificate signing request given the config.
|
|
func (config Config) Sign(ctx context.Context, ident *identity.FullIdentity, authToken string) (_ [][]byte, err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
tlsOptions, err := tlsopts.NewOptions(ident, config.TLS, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
client, err := New(ctx, rpc.NewDefaultDialer(tlsOptions), config.Address)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer func() { err = errs.Combine(err, client.Close()) }()
|
|
|
|
return client.Sign(ctx, authToken)
|
|
}
|
|
|
|
// Sign claims an authorization using the token string and returns a signed
|
|
// copy of the client's CA certificate.
|
|
func (client *Client) Sign(ctx context.Context, tokenStr string) (_ [][]byte, err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
res, err := client.client.Sign(ctx, &pb.SigningRequest{
|
|
AuthToken: tokenStr,
|
|
Timestamp: time.Now().Unix(),
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return res.Chain, nil
|
|
}
|
|
|
|
// Close closes the client.
|
|
func (client *Client) Close() error {
|
|
if client.conn != nil {
|
|
return client.conn.Close()
|
|
}
|
|
return nil
|
|
}
|