github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/worker/apiservercertwatcher/authorityworker.go (about) 1 // Copyright 2020 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package apiservercertwatcher 5 6 import ( 7 "github.com/juju/errors" 8 "github.com/juju/worker/v3/catacomb" 9 10 "github.com/juju/juju/agent" 11 "github.com/juju/juju/pki" 12 ) 13 14 // OperatorWatcher is responsible for creating a new PKI certificate chain to 15 // use in operators that need to start their own HTTPS servers. 16 // TODO this watcher should be replaced in the future to use an intermediate CA 17 // from the controller 18 type PKIAuthorityWorker struct { 19 authority pki.Authority 20 catacomb catacomb.Catacomb 21 } 22 23 func NewAuthorityWorker(_ agent.Agent) (AuthorityWorker, error) { 24 return newPKIAuthorityWorker() 25 } 26 27 func newPKIAuthorityWorker() (*PKIAuthorityWorker, error) { 28 signer, err := pki.DefaultKeyProfile() 29 if err != nil { 30 return nil, errors.Annotate(err, "creating agent watcher signer") 31 } 32 33 cert, err := pki.NewCA("juju agent", signer) 34 if err != nil { 35 return nil, errors.Annotate(err, "creating agent ca certificate") 36 } 37 38 authority, err := pki.NewDefaultAuthority(cert, signer) 39 if err != nil { 40 return nil, errors.Annotate(err, "creating authority for agent ca and signer") 41 } 42 43 agentWatcher := &PKIAuthorityWorker{ 44 authority: authority, 45 } 46 47 if err := catacomb.Invoke(catacomb.Plan{ 48 Site: &agentWatcher.catacomb, 49 Work: agentWatcher.loop, 50 }); err != nil { 51 return agentWatcher, errors.Trace(err) 52 } 53 return agentWatcher, nil 54 } 55 56 func (a *PKIAuthorityWorker) Authority() pki.Authority { 57 return a.authority 58 } 59 60 func (a *PKIAuthorityWorker) Kill() { 61 a.catacomb.Kill(nil) 62 } 63 64 func (a *PKIAuthorityWorker) Wait() error { 65 return a.catacomb.Wait() 66 } 67 68 func (a *PKIAuthorityWorker) loop() error { 69 select { 70 case <-a.catacomb.Dying(): 71 return a.catacomb.ErrDying() 72 } 73 }