internal/rhsm: add consumer secrets to Subscriptions
The consumer key/cert is used to uniquely identify a system against a candlepin instances. They're useful for any Red Hat (ostree) content which requires (cert) authentication.
This commit is contained in:
Sanne Raymaekers
parent
500341a25f
commit
632f272573
1 changed files with 33 additions and 1 deletions
|
|
@ -7,6 +7,7 @@ import (
|
|||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
"gopkg.in/ini.v1"
|
||||
)
|
||||
|
||||
|
|
@ -23,6 +24,8 @@ type subscription struct {
|
|||
type Subscriptions struct {
|
||||
available []subscription
|
||||
secrets *RHSMSecrets // secrets are used in there is no matching subscription
|
||||
|
||||
Consumer *ConsumerSecrets
|
||||
}
|
||||
|
||||
// RHSMSecrets represents a set of CA certificate, client key, and
|
||||
|
|
@ -33,6 +36,13 @@ type RHSMSecrets struct {
|
|||
SSLClientCert string
|
||||
}
|
||||
|
||||
// These secrets are present on any subscribed system and uniquely identify the host
|
||||
type ConsumerSecrets struct {
|
||||
CACert string
|
||||
ConsumerKey string
|
||||
ConsumerCert string
|
||||
}
|
||||
|
||||
func getRHSMSecrets() (*RHSMSecrets, error) {
|
||||
keys, err := filepath.Glob("/etc/pki/entitlement/*-key.pem")
|
||||
if err != nil {
|
||||
|
|
@ -74,11 +84,31 @@ func getListOfSubscriptions() ([]subscription, error) {
|
|||
return subscriptions, nil
|
||||
}
|
||||
|
||||
func getConsumerSecrets() (*ConsumerSecrets, error) {
|
||||
res := ConsumerSecrets{
|
||||
CACert: "/etc/rhsm/ca/redhat-uep.pem",
|
||||
ConsumerKey: "/etc/pki/consumer/key.pem",
|
||||
ConsumerCert: "/etc/pki/consumer/cert.pem",
|
||||
}
|
||||
|
||||
if _, err := os.Stat(res.ConsumerKey); err != nil {
|
||||
return nil, fmt.Errorf("no consumer key found")
|
||||
}
|
||||
if _, err := os.Stat(res.ConsumerCert); err != nil {
|
||||
return nil, fmt.Errorf("no consumer cert found")
|
||||
}
|
||||
return &res, nil
|
||||
}
|
||||
|
||||
// LoadSystemSubscriptions loads all the available subscriptions.
|
||||
func LoadSystemSubscriptions() (*Subscriptions, error) {
|
||||
consumerSecrets, err := getConsumerSecrets()
|
||||
if err != nil {
|
||||
logrus.Warnf("Failed to load consumer certs: %v", err)
|
||||
}
|
||||
|
||||
subscriptions, err1 := getListOfSubscriptions()
|
||||
secrets, err2 := getRHSMSecrets()
|
||||
|
||||
if subscriptions == nil && secrets == nil {
|
||||
// Neither works, return an error because at least one has to be available
|
||||
if err1 != nil {
|
||||
|
|
@ -93,6 +123,8 @@ func LoadSystemSubscriptions() (*Subscriptions, error) {
|
|||
return &Subscriptions{
|
||||
available: subscriptions,
|
||||
secrets: secrets,
|
||||
|
||||
Consumer: consumerSecrets,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue