[CI-SKIP] Upload current
This commit is contained in:
@@ -1,161 +1,84 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"git.nevets.tech/Steven/certman/app"
|
||||
"git.nevets.tech/Steven/certman/client"
|
||||
"git.nevets.tech/Steven/certman/common"
|
||||
"github.com/go-git/go-billy/v5/memfs"
|
||||
"github.com/go-git/go-git/v5/storage/memory"
|
||||
)
|
||||
|
||||
type Daemon struct{}
|
||||
|
||||
func (d *Daemon) Init() {
|
||||
fmt.Println("Starting CertManager in client mode...")
|
||||
err := app.LoadDomainConfigs()
|
||||
if err != nil {
|
||||
if err := app.LoadDomainConfigs(); err != nil {
|
||||
log.Fatalf("Error loading domain configs: %v", err)
|
||||
}
|
||||
|
||||
d.Tick()
|
||||
}
|
||||
|
||||
func (d *Daemon) Tick() {
|
||||
fmt.Println("tick!")
|
||||
|
||||
// Get local copy of configs
|
||||
config := app.Config()
|
||||
localDomainConfigs := app.DomainStore().Snapshot()
|
||||
|
||||
// Loop over all domain configs (domains)
|
||||
for domainStr, domainConfig := range localDomainConfigs {
|
||||
// Skip non-enabled domains
|
||||
if !domainConfig.Domain.Enabled {
|
||||
continue
|
||||
}
|
||||
|
||||
// Skip domains with up-to-date commit hashes
|
||||
// If the repo doesn't exist, we can't check for a remote commit, so stop the rest of the check
|
||||
repoExists := domainConfig.Internal.RepoExists
|
||||
if repoExists {
|
||||
dataRoot := common.EffectiveDataRoot(config, domainConfig)
|
||||
localHash, err := client.LocalCommitHash(domainStr, dataRoot)
|
||||
certsDir := common.CertsDir(config, domainConfig, domainStr)
|
||||
|
||||
// Short-circuit when the local copy already matches the remote HEAD.
|
||||
// Only useful once the server has provisioned the repo; otherwise
|
||||
// the RemoteCommitHash call returns ErrRepoNotFound and we skip
|
||||
// this tick entirely (nothing to pull yet).
|
||||
if domainConfig.Internal.RepoExists {
|
||||
localHash, err := client.LocalCommitHash(certsDir)
|
||||
if err != nil {
|
||||
fmt.Printf("No local commit hash found for domain %s\n", domainStr)
|
||||
fmt.Printf("Error reading local hash for %s: %v\n", domainStr, err)
|
||||
}
|
||||
gitSource, err := common.StrToGitSource(app.Config().Git.Host)
|
||||
remoteHash, err := client.RemoteCommitHash(config, domainConfig, domainStr)
|
||||
if err != nil {
|
||||
fmt.Printf("Error getting git source for domain %s: %v\n", domainStr, err)
|
||||
if errors.Is(err, common.ErrRepoNotFound) {
|
||||
fmt.Printf("Remote repo not yet provisioned for %s; skipping\n", domainStr)
|
||||
continue
|
||||
}
|
||||
fmt.Printf("Error getting remote hash for %s: %v\n", domainStr, err)
|
||||
continue
|
||||
}
|
||||
remoteHash, err := client.RemoteCommitHash(domainStr, gitSource, config, domainConfig)
|
||||
if err != nil {
|
||||
fmt.Printf("Error getting remote commit hash for domain %s: %v\n", domainStr, err)
|
||||
}
|
||||
// If both hashes are blank (errored), break
|
||||
// If localHash equals remoteHash (local is up-to-date), skip
|
||||
if !(localHash == "" && remoteHash == "") && localHash == remoteHash {
|
||||
if localHash != "" && localHash == remoteHash {
|
||||
fmt.Printf("Domain %s is up to date. Skipping...\n", domainStr)
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
gitWorkspace := &common.GitWorkspace{
|
||||
Storage: memory.NewStorage(),
|
||||
FS: memfs.New(),
|
||||
}
|
||||
// Ex: https://git.example.com/Org/Repo-suffix.git
|
||||
// Clones repo and stores in gitWorkspace, skip if clone fails (doesn't exist?)
|
||||
repoUrl := app.Config().Git.Server + "/" + config.Git.OrgName + "/" + domainStr + domainConfig.Repo.RepoSuffix + ".git"
|
||||
err := common.CloneRepo(repoUrl, gitWorkspace, common.Client, config)
|
||||
if err != nil {
|
||||
url := common.RepoURL(config, domainConfig, domainStr)
|
||||
ws := common.NewGitWorkspace(domainStr, url)
|
||||
if err := common.CloneRepo(ws, config); err != nil {
|
||||
fmt.Printf("Error cloning domain repo %s: %v\n", domainStr, err)
|
||||
continue
|
||||
}
|
||||
|
||||
effectiveDataRoot := common.EffectiveDataRoot(config, domainConfig)
|
||||
certsDir := filepath.Join(effectiveDataRoot, "certificates", domainStr)
|
||||
|
||||
// Get files in repo
|
||||
fileInfos, err := gitWorkspace.FS.ReadDir("/")
|
||||
if err != nil {
|
||||
fmt.Printf("Error reading directory in memFS on domain %s: %v\n", domainStr, err)
|
||||
if err := client.DecryptAndWriteCertificates(certsDir, domainConfig, ws); err != nil {
|
||||
fmt.Printf("Error decrypting certificates for %s: %v\n", domainStr, err)
|
||||
continue
|
||||
}
|
||||
// Iterate over files, filtering by .crpt (encrypted) files in case other files were accidentally added
|
||||
for _, fileInfo := range fileInfos {
|
||||
if strings.HasSuffix(fileInfo.Name(), ".crpt") {
|
||||
filename, _ := strings.CutSuffix(fileInfo.Name(), ".crpt")
|
||||
file, err := gitWorkspace.FS.Open(fileInfo.Name())
|
||||
if err != nil {
|
||||
fmt.Printf("Error opening file in memFS on domain %s: %v\n", domainStr, err)
|
||||
continue
|
||||
}
|
||||
fileBytes, err := io.ReadAll(file)
|
||||
if err != nil {
|
||||
fmt.Printf("Error reading file in memFS on domain %s: %v\n", domainStr, err)
|
||||
file.Close()
|
||||
continue
|
||||
}
|
||||
err = file.Close()
|
||||
if err != nil {
|
||||
fmt.Printf("Error closing file on domain %s: %v\n", domainStr, err)
|
||||
continue
|
||||
}
|
||||
|
||||
err = common.DecryptFileFromBytes(domainConfig.Certificates.CryptoKey, fileBytes, filepath.Join(certsDir, filename), nil)
|
||||
if err != nil {
|
||||
fmt.Printf("Error decrypting file %s in domain %s: %v\n", filename, domainStr, err)
|
||||
continue
|
||||
}
|
||||
|
||||
headRef, err := gitWorkspace.Repo.Head()
|
||||
if err != nil {
|
||||
fmt.Printf("Error getting head reference for domain %s: %v\n", domainStr, err)
|
||||
continue
|
||||
}
|
||||
|
||||
err = common.WriteCommitHash(headRef.Hash().String(), config, domainConfig)
|
||||
if err != nil {
|
||||
fmt.Printf("Error writing commit hash: %v\n", err)
|
||||
continue
|
||||
}
|
||||
|
||||
certLinks := domainConfig.Certificates.CertSymlinks
|
||||
for _, certLink := range certLinks {
|
||||
err = common.LinkFile(filepath.Join(certsDir, domainStr+".crt"), certLink, domainStr, ".crt")
|
||||
if err != nil {
|
||||
fmt.Printf("Error linking cert %s to %s: %v\n", certLink, domainStr, err)
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
keyLinks := domainConfig.Certificates.KeySymlinks
|
||||
for _, keyLink := range keyLinks {
|
||||
err = common.LinkFile(filepath.Join(certsDir, domainStr+".key"), keyLink, domainStr, ".key")
|
||||
if err != nil {
|
||||
fmt.Printf("Error linking cert %s to %s: %v\n", keyLink, domainStr, err)
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
if err := client.UpdateSymlinks(domainStr, domainConfig, certsDir); err != nil {
|
||||
fmt.Printf("Error updating symlinks for %s: %v\n", domainStr, err)
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (d *Daemon) Reload() {
|
||||
fmt.Println("Reloading configs...")
|
||||
|
||||
err := app.LoadDomainConfigs()
|
||||
if err != nil {
|
||||
if err := app.LoadDomainConfigs(); err != nil {
|
||||
fmt.Printf("Error loading domain configs: %v\n", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user