initial commit: certmanager
migrate from python to golang
This commit is contained in:
@@ -0,0 +1,52 @@
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"git.unkin.net/unkin/certmanager/internal/vault"
|
||||
)
|
||||
|
||||
// SignedCertResponse is the JSON-serialisable output returned to callers.
|
||||
type SignedCertResponse struct {
|
||||
SignedKey string `json:"signed_key"`
|
||||
}
|
||||
|
||||
type signRequest struct {
|
||||
CertType string `json:"cert_type"`
|
||||
PublicKey string `json:"public_key"`
|
||||
ValidPrincipals string `json:"valid_principals"`
|
||||
TTL string `json:"ttl"`
|
||||
}
|
||||
|
||||
type signResponse struct {
|
||||
Data struct {
|
||||
SignedKey string `json:"signed_key"`
|
||||
} `json:"data"`
|
||||
}
|
||||
|
||||
// SignHostCert signs an SSH host public key via the Vault SSH secrets engine.
|
||||
func SignHostCert(client *vault.Client, mountPoint, roleName, publicKey string, principals []string, ttl string) (*SignedCertResponse, error) {
|
||||
if ttl == "" {
|
||||
ttl = "87600h"
|
||||
}
|
||||
|
||||
req := signRequest{
|
||||
CertType: "host",
|
||||
PublicKey: publicKey,
|
||||
ValidPrincipals: strings.Join(principals, ","),
|
||||
TTL: ttl,
|
||||
}
|
||||
|
||||
var resp signResponse
|
||||
path := fmt.Sprintf("%s/sign/%s", mountPoint, roleName)
|
||||
if err := client.Post(path, req, &resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if resp.Data.SignedKey == "" {
|
||||
return nil, fmt.Errorf("vault returned empty signed_key")
|
||||
}
|
||||
|
||||
return &SignedCertResponse{SignedKey: resp.Data.SignedKey}, nil
|
||||
}
|
||||
Reference in New Issue
Block a user