From 632f272573b6a9f2fb1f7faf0c35f700c0a438d8 Mon Sep 17 00:00:00 2001 From: Sanne Raymaekers Date: Thu, 20 Oct 2022 12:21:53 +0200 Subject: [PATCH] internal/rhsm: add consumer secrets to Subscriptions The consumer key/cert is used to uniquely identify a system against a candlepin instances. They're useful for any Red Hat (ostree) content which requires (cert) authentication. --- internal/rhsm/secrets.go | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/internal/rhsm/secrets.go b/internal/rhsm/secrets.go index ae7902e26..1b6fc6fb7 100644 --- a/internal/rhsm/secrets.go +++ b/internal/rhsm/secrets.go @@ -7,6 +7,7 @@ import ( "path/filepath" "strings" + "github.com/sirupsen/logrus" "gopkg.in/ini.v1" ) @@ -23,6 +24,8 @@ type subscription struct { type Subscriptions struct { available []subscription secrets *RHSMSecrets // secrets are used in there is no matching subscription + + Consumer *ConsumerSecrets } // RHSMSecrets represents a set of CA certificate, client key, and @@ -33,6 +36,13 @@ type RHSMSecrets struct { SSLClientCert string } +// These secrets are present on any subscribed system and uniquely identify the host +type ConsumerSecrets struct { + CACert string + ConsumerKey string + ConsumerCert string +} + func getRHSMSecrets() (*RHSMSecrets, error) { keys, err := filepath.Glob("/etc/pki/entitlement/*-key.pem") if err != nil { @@ -74,11 +84,31 @@ func getListOfSubscriptions() ([]subscription, error) { return subscriptions, nil } +func getConsumerSecrets() (*ConsumerSecrets, error) { + res := ConsumerSecrets{ + CACert: "/etc/rhsm/ca/redhat-uep.pem", + ConsumerKey: "/etc/pki/consumer/key.pem", + ConsumerCert: "/etc/pki/consumer/cert.pem", + } + + if _, err := os.Stat(res.ConsumerKey); err != nil { + return nil, fmt.Errorf("no consumer key found") + } + if _, err := os.Stat(res.ConsumerCert); err != nil { + return nil, fmt.Errorf("no consumer cert found") + } + return &res, nil +} + // LoadSystemSubscriptions loads all the available subscriptions. func LoadSystemSubscriptions() (*Subscriptions, error) { + consumerSecrets, err := getConsumerSecrets() + if err != nil { + logrus.Warnf("Failed to load consumer certs: %v", err) + } + subscriptions, err1 := getListOfSubscriptions() secrets, err2 := getRHSMSecrets() - if subscriptions == nil && secrets == nil { // Neither works, return an error because at least one has to be available if err1 != nil { @@ -93,6 +123,8 @@ func LoadSystemSubscriptions() (*Subscriptions, error) { return &Subscriptions{ available: subscriptions, secrets: secrets, + + Consumer: consumerSecrets, }, nil }