github.com/IBM-Blockchain/fabric-operator@v1.0.4/pkg/action/enroll.go

github.com/IBM-Blockchain/fabric-operator@v1.0.4/pkg/action/enroll.go (about)

     1  /*
     2   * Copyright contributors to the Hyperledger Fabric Operator project
     3   *
     4   * SPDX-License-Identifier: Apache-2.0
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at:
     9   *
    10   * 	  http://www.apache.org/licenses/LICENSE-2.0
    11   *
    12   * Unless required by applicable law or agreed to in writing, software
    13   * distributed under the License is distributed on an "AS IS" BASIS,
    14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15   * See the License for the specific language governing permissions and
    16   * limitations under the License.
    17   */
    18  
    19  package action
    20  
    21  import (
    22  	"fmt"
    23  	"os"
    24  
    25  	"github.com/pkg/errors"
    26  
    27  	current "github.com/IBM-Blockchain/fabric-operator/api/v1beta1"
    28  	"github.com/IBM-Blockchain/fabric-operator/pkg/initializer/common/config"
    29  	"github.com/IBM-Blockchain/fabric-operator/pkg/initializer/common/enroller"
    30  	k8sclient "github.com/IBM-Blockchain/fabric-operator/pkg/k8s/controllerclient"
    31  
    32  	corev1 "k8s.io/api/core/v1"
    33  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    34  	"k8s.io/apimachinery/pkg/runtime"
    35  )
    36  
    37  //go:generate counterfeiter -o mocks/enrollinstance.go -fake-name EnrollInstance . EnrollInstance
    38  
    39  type EnrollInstance interface {
    40  	runtime.Object
    41  	metav1.Object
    42  	IsHSMEnabled() bool
    43  	UsingHSMProxy() bool
    44  	GetConfigOverride() (interface{}, error)
    45  	EnrollerImage() string
    46  	GetPullSecrets() []corev1.LocalObjectReference
    47  	PVCName() string
    48  	GetResource(current.Component) corev1.ResourceRequirements
    49  }
    50  
    51  func Enroll(instance EnrollInstance, enrollment *current.Enrollment, storagePath string, client k8sclient.Client, scheme *runtime.Scheme, ecert bool, timeouts enroller.HSMEnrollJobTimeouts) (*config.Response, error) {
    52  	log.Info(fmt.Sprintf("Enroll action performing enrollment for identity: %s", enrollment.EnrollID))
    53  
    54  	var err error
    55  	defer os.RemoveAll(storagePath)
    56  
    57  	bytes, err := enrollment.GetCATLSBytes()
    58  	if err != nil {
    59  		return nil, err
    60  	}
    61  
    62  	caClient := enroller.NewFabCAClient(enrollment, storagePath, nil, bytes)
    63  	certEnroller := enroller.New(enroller.NewSWEnroller(caClient))
    64  
    65  	// Only check if HSM enroller is needed if the request is for an ecert, TLS cert enrollment is not supported
    66  	// via HSM
    67  	if ecert {
    68  		certEnroller, err = enroller.Factory(enrollment, client, instance, storagePath, scheme, bytes, timeouts)
    69  		if err != nil {
    70  			return nil, err
    71  		}
    72  	}
    73  
    74  	crypto, err := config.GenerateCrypto(certEnroller)
    75  	if err != nil {
    76  		return nil, errors.Wrap(err, "failed to generate crypto")
    77  	}
    78  
    79  	return crypto, nil
    80  }